Security architecture

US 8,656,467 B1
Filed: 06/06/2000
Issued: 02/18/2014
Est. Priority Date: 06/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus comprising:

at least a first application;

an authentication component configured to authenticate a communicating device;

an access control component accessible in response to a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication component, and arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein the access control component is configured to instruct the authentication component to authenticate the communicating device if the access control component determines, based on at least one of stored application security level data and stored device security level data, that authentication is required, wherein the access control component is configured to receive indications originating from the communicating device identifying the communicating device and the application requested; and

wherein the authentication component is configured to authenticate the communicating device by verifying an identity of the communicating device or by verifying a personal identification number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.

16 Citations

View as Search Results

27 Claims

1. An apparatus comprising:
- at least a first application;
  
  an authentication component configured to authenticate a communicating device;
  
  an access control component accessible in response to a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication component, and arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein the access control component is configured to instruct the authentication component to authenticate the communicating device if the access control component determines, based on at least one of stored application security level data and stored device security level data, that authentication is required, wherein the access control component is configured to receive indications originating from the communicating device identifying the communicating device and the application requested; and
  
  wherein the authentication component is configured to authenticate the communicating device by verifying an identity of the communicating device or by verifying a personal identification number.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus as claimed in claim 1 wherein the access control component is arranged to store security indications in association with accessible applications, wherein a stored security indication associated with the first application is indicative of whether authentication of the communicating device is or is not required during arbitration.
  - 3. The apparatus as claimed in claim 2 wherein the stored security indication associated with the first application is indicative of whether authentication of the communicating device is or is not required during arbitration, in independence of the identity of the communicating device.
  - 4. The apparatus as claimed in claim 1 further comprising a user interface configured to authorize access to an application during arbitration, the access control component being arranged to store security indications in association with accessible applications, wherein a stored security indication associated with the first application is indicative of whether user authorization of the communicating device is or is not required during arbitration.
  - 5. The apparatus as claimed in claim 4 wherein the access control component is further arranged to store trust indications in association with devices, and wherein the stored security indication associated with the first application is indicative of whether user authorization of the communicating device is or is not required during arbitration in dependence upon any stored trust indication associated with the communicating device.
  - 6. The apparatus as claimed in claim 1 wherein authentication comprises secret key exchange between the apparatus and the communicating device.
  - 7. The apparatus of claim 1, wherein the apparatus is configured to receive a personal identification number (PIN) and calculate a temporary initial authentication link key using the received personal identification number (PIN).

8. An apparatus comprising:
- at least first and second applications;
  
  an authentication component configured to authenticate a communicating device; and
  
  an access control component, whereinthe access control component is configured to exchange signals with a first multiplexing protocol layer,the first multiplexing protocol layer is accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication component,the access control component is configured to arbitrate whether access of the communicating device to the first application is granted or refused,the access control component is configured to instruct the authentication component to authenticate the communicating device after determining, based on at least one of stored application security level data and stored device security level data, that authentication is required, the access control component is configured to exchange signals with a second multiplexing protocol layer,the second multiplexing protocol layer is accessible by a communicating device requesting access to the second application without that communicating device having been authenticated by the authentication component,the access control component is configured to arbitrate whether access to the second application, by the communicating device requesting access to the second application, is granted or refused,the access control component is configured to instruct the authentication component to authenticate the communicating device requesting access to the second application after determining, based on at least one of stored application security level data and stored device security level data, that authentication is required,the first multiplexing protocol layer is accessible by the communicating device requesting access to the second application without that communicating device having been authenticated by the authentication component, and is arranged to provide that communicating device access to the second multiplexing protocol layer, andthe authentication component is configured to authenticate the communicating device requesting access to the second application by verifying an identity of that communicating device or by verifying a personal identification number.
- View Dependent Claims (9, 10, 11)
- - 9. The apparatus as claimed in claim 8, wherein the access control component is arranged to store security indications in association with accessible applications, wherein a first stored security indication associated with the first application is indicative of whether authentication of the communicating device is or is not required during arbitration and wherein a second stored security indication associated with the second application and indicative of whether authentication of the communicating device is or is not required during arbitration.
  - 10. The apparatus of claim 8, wherein the authentication component is configured to authenticate the communicating device by verifying an identity of the communicating device or by verifying a personal identification number.
  - 11. The apparatus of claim 8, wherein the apparatus is configured to receive a personal identification number (PIN) and calculate a temporary initial authentication link key using the received personal identification number (PIN).

12. An apparatus comprising:
- a processor; and
  
  a memory having stored therein machine executable instructions, that when executed, cause the apparatus to;
  
  receive, from a requesting device, a request at the apparatus and passing it, without authenticating the requesting device, to an arbitration component;
  
  arbitrate, in the arbitration component, whether to grant or refuse access to a first application to the requesting device, the arbitration including a determination, on the basis of at least one of the identity of first application and the identity of the requesting device, of whether an authentication of the requesting device is required,if authentication is required, perform the authentication during the arbitration, wherein theauthentication includes verifying an identity of the requesting device or verifying a personal identification number.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus as claimed in claim 12 wherein the instructions further cause the apparatus to:
    - store security indications in association with accessible applications, wherein a stored security indication associated with the first application is indicative of whether authentication of the requesting device is or is not required during arbitration.
  - 14. The apparatus as claimed in claim 13 wherein the stored security indication associated with the first application is indicative of whether authentication of the requesting device is or is not required during arbitration, in independence of the identity of the requesting device.
  - 15. The apparatus as claimed in claim 12 wherein the instructions further cause the apparatus to:
    - authorize access to an application during arbitration via a user interface, and store security indications in association with accessible applications, wherein a stored security indication associated with the first application is indicative of whether user authorization of the communicating device is or is not required during arbitration.
  - 16. The apparatus as claimed in claim 15 wherein the instructions further cause the apparatus to:
    - store trust indications in association with devices, and wherein the stored security indication associated with the first application is indicative of whether user authorization of the requesting device is or is not required during arbitration in dependence upon any stored trust indication associated with the requesting device.
  - 17. The apparatus as claimed in claim 12 wherein authentication comprises secret key exchange between the providing device and the requesting device.

18. A method comprising:
- receiving, by a providing device, a request to access an application and passing it, without authenticating a requesting device, to an arbitration component interfacing with the application;
  
  determining, by the providing device, in the arbitration component, whether to grant or refuse access to the application, said determining including an authentication of the requesting device, said authentication performed during the determination, wherein the determination is made on the basis of the identity of the application requested; and
  
  wherein authentication includes verifying an identity of the requesting device or verifying a personal identification number.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The method of claim 18 wherein the determination is made on the basis of the identity of the requesting device.
  - 20. The method as claimed in claim 18, comprising storing security indications in association with accessible applications, wherein a stored security indication associated with the application is indicative of whether authentication of the requesting device is or is not required during the determination.
  - 21. The method as claimed in claim 20 wherein the stored security indication associated with the application is indicative of whether authentication of the requesting device is or is not required during the determination, in independence of the identity of the requesting device.
  - 22. The method as claimed in claim 18 further comprising authorizing access to the application during the determination via a user interface, and storing security indications in association with accessible applications, wherein a stored security indication associated with the application is indicative of whether user authorization of the requesting device is or is not required during the determination.
  - 23. The method as claimed in claim 22 comprising storing trust indications in association with devices, and wherein the stored security indication associated with the application is indicative of whether user authorization of the requesting device is or is not required during the determination in dependence upon any stored trust indication associated with the requesting device.
  - 24. The method as claimed in claim 18 wherein authentication comprises secret key exchange between the providing device and the requesting device.
  - 25. The method of claim 18, further comprising receiving a personal identification number (PIN) and calculating a temporary initial authentication link key using the received personal identification number (PIN).

26. A non-transitory machine accessible and computer readable storage medium encoded with instructions that, when executed by a processor, cause the processor to perform:
- receiving a request to access an application and passing it, without authenticating a requesting device, to an arbitration component interfacing with the application;
  
  determining, in the arbitration component, whether to grant or refuse access to the application, said determining including an authentication of the requesting device, said authentication performed during the determination, wherein the determination is made on the basis of the identity of the application requested; and
  
  wherein authentication includes verifying an identity of the requesting device or verifying a personal identification number.
- View Dependent Claims (27)
- - 27. The non-transitory machine accessible and computer readable storage medium as claimed in claim 26, encoded with instructions that, when executed by the processor, further cause the processor to perform:
    - storing security indications in association with accessible applications, wherein a stored security indication associated with the application is indicative of whether authentication of the requesting device is or is not required during the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Roter, Martin, Mller, Thomas
Primary Examiner(s)
Vaughan, Michael R

Application Number

US09/588,003
Time in Patent Office

5,005 Days
Field of Search

713/161, 713/152, 713/151, 380/270, 455/411
US Class Current

726/7
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/162   at the data link layer

H04W 12/068   using credential vaults, e....

H04W 88/18   Service support devices; Ne...

Security architecture

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Security architecture

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links