System, method and security device for authorizing use of a software tool

US 8,646,105 B2
Filed: 08/29/2008
Issued: 02/04/2014
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. A system for authorizing use of a software tool, the system comprising:

a security device comprising;

a processor,at least one communication subsystem responsive to the processor, anda first memory accessible to the processor, the first memory storing a private key for authorizing use of the software tool and storing program instructions which, when executed by the processor, cause the processor to execute a security application;

a computing device comprising;

a second memory storing the software tool, the computing device being capable of communication with the security device via the at least one communication subsystem; and

a target device in communication with the computing device, wherein the target device is configured to generate a session value that is transmittable to the computing device;

wherein the computing device is configured to;

transmit, to the target device, an authorization request to use the software tool in relation to the target device,receive, from the target device, an encrypted request comprising the session value that is generated at the target device, andin response to the receiving of the encrypted request, transmit, to the security device, the received encrypted request to use the software tool, andwherein the security device is configured to;

execute the security application to generate a signed response in response to the encrypted request, andsend the signed response to the computing device, the signed response being;

signed using the private key andcomprising the session value in a decrypted form and authorization information to enable the computing device to prove authorization to the target device for use of the software tool in relation to the target device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The described embodiments relate generally to methods, systems and security devices for authorizing use of a software tool. Certain embodiments of the invention relate to a security device. The security device comprises at least one communication subsystem for enabling communication between the security device and a first external device, wherein the first external device has a software tool executable on the first external device. The security device further comprises a memory and processor coupled to the at least one communication subsystem and configured to control the at least one communication subsystem. The memory is accessible to the processor and stores a key for authorizing use of the software tool. The memory further stores program instructions which, when executed by the processor, cause the processor to execute a security application.

13 Citations

13 Claims

1. A system for authorizing use of a software tool, the system comprising:
- a security device comprising;
  
  a processor,at least one communication subsystem responsive to the processor, anda first memory accessible to the processor, the first memory storing a private key for authorizing use of the software tool and storing program instructions which, when executed by the processor, cause the processor to execute a security application;
  
  a computing device comprising;
  
  a second memory storing the software tool, the computing device being capable of communication with the security device via the at least one communication subsystem; and
  
  a target device in communication with the computing device, wherein the target device is configured to generate a session value that is transmittable to the computing device;
  
  wherein the computing device is configured to;
  
  transmit, to the target device, an authorization request to use the software tool in relation to the target device,receive, from the target device, an encrypted request comprising the session value that is generated at the target device, andin response to the receiving of the encrypted request, transmit, to the security device, the received encrypted request to use the software tool, andwherein the security device is configured to;
  
  execute the security application to generate a signed response in response to the encrypted request, andsend the signed response to the computing device, the signed response being;
  
  signed using the private key andcomprising the session value in a decrypted form and authorization information to enable the computing device to prove authorization to the target device for use of the software tool in relation to the target device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 3. The system of claim 1, wherein the encrypted request is decryptable by the processor using the private key.
  - 4. The system of claim 1, wherein the security application is further configured to determine the software tool from among a plurality of possible software tools based on the encrypted request and to determine the private key from among a plurality of keys stored in the memory based on the determined software tool.
  - 5. The system of claim 1, wherein the security application is further configured to determine a validity of the encrypted request and to only generate the signed response if the encrypted request is determined to be valid.
  - 6. The system of claim 5, wherein the security device comprises a position location subsystem for locating a geographical position of the security device.
  - 7. The system of claim 6, wherein the security application is further configured to use the position location subsystem to determine a location of the security device and wherein the security application is further configured to compare the location to one or more permissible geographical areas stored in the first memory and to determine that the encrypted request is invalid if the location is outside of the one or more permissible geographical areas.
  - 8. The system of claim 1, wherein the security device comprises a mobile device capable of communicating over at least one wireless area network.

9. In a system comprising a computer system, a security device and a target device, wherein the security device and the target device are each in communication with the computer system, a method of authorizing use of a software tool stored in the computer system, the method comprising:
- transmitting from the computer system to the target device an authorization request to use the software tool;
  
  generating at the target device a session value in response to the authorization request;
  
  encrypting the session value with a public key associated with the software tool;
  
  transmitting, from the target device to the computer system, an encrypted request comprising the encrypted session value generated at the target device;
  
  receiving, at the computer system, the encrypted request;
  
  in response to the receiving of the encrypted request at the computer system, transmitting the received encrypted request to the security device from the computer system;
  
  generating at the security device a signed response in response to the encrypted request, the signed response being signed using a private key stored in the security device, the private key being associated with the software tool, wherein the signed response comprises the session value in decrypted form and authorization information to enable the computer system to prove authorization to the target device for use of the software tool by the computer system in relation to the target device; and
  
  transmitting the signed response from the security device to the computer system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the authorization information comprises one or more restrictions regarding use of the software tool.
  - 11. The method of claim 9, further comprising generating, at the computer system, a tool use request comprising the signed response, and transmitting the tool use request to the target device.
  - 12. The method of claim 11, further comprising determining at the target device whether to allow use of the software tool based on the tool use request.
  - 13. The method of claim 11, wherein the tool use request comprises an open channel request for establishing secure communication between the target device and the computer system, wherein the open channel request comprises the decrypted session value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Wood, Robert H., van der Veen, Sye, Nagy, Thomas, Asthana, Atul
Primary Examiner(s)
Davis, Zachary A

Application Number

US12/200,990
Publication Number

US 20100058053A1
Time in Patent Office

1,985 Days
Field of Search

726/29, 726/30, 726/27, 726/26, 726/20, 726/17, 713/185, 713/176, 713/168, 705/51
US Class Current

726/30
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/80   Wireless network architectu...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

System, method and security device for authorizing use of a software tool

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and security device for authorizing use of a software tool

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links