Wireless device authentication and security key management
First Claim
1. An authentication method for authenticating one or more functions at a wireless device based on a proximity of the wireless device to a corresponding authentication module, the method comprising:
- the wireless device determining that a particular function has been requested;
the wireless device determining whether the particular function requires authentication of the wireless device via a wireless authentication module that is physically separate from the wireless device prior to execution of the requested particular function as a proxy for determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location;
responsive to the wireless device determining that the particular requested function requires authentication of the wireless device, the wireless device;
determining, via a short-range transceiver circuit of the wireless device, whether an authentication module is available within a short-range wireless communication range of the wireless device, and is thus proximate the wireless device, for use in authenticating the wireless device and thus determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location;
responsive to determining that a particular authentication module is within the short-range wireless communication range of the wireless device, the wireless device sending an authentication challenge to the authentication module and determining whether the wireless device is able to authenticate itself via the particular authentication module by comparing a locally produced authentication result and a remotely produced authentication result calculated at the authentication module responsive to the authentication challenge and transmitted back to the wireless device via the short-range transceiver circuit;
if the wireless device is not able to authenticate itself via the authentication module, by comparing and not finding a match between the locally produced authentication result and the remotely produced authentication result, the wireless device determining that it is not allowed to execute the particular function at the wireless device'"'"'s current location and the wireless device refraining from executing the particular requested function;
if the wireless device is able to authenticate itself via the authentication module, by comparing and finding a match between the locally produced authentication result and the remotely produced authentication result, the wireless device determining that it is allowed to execute the particular function at the wireless device'"'"'s current location and the wireless device executing the particular requested function.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and wireless device for updating at least one cryptographic security key (116) associated with a wireless device (104) and an authentication module (108). An over-the-air programming message comprising security key update information is received (804) from an information processing system (118). The security key update information is processed (808). At least one new security key is extracted from the security key update information in response to the processing (806). At least one existing security key (116) is updated with the at least one new security key (124) that has been extracted.
14 Citations
20 Claims
-
1. An authentication method for authenticating one or more functions at a wireless device based on a proximity of the wireless device to a corresponding authentication module, the method comprising:
-
the wireless device determining that a particular function has been requested; the wireless device determining whether the particular function requires authentication of the wireless device via a wireless authentication module that is physically separate from the wireless device prior to execution of the requested particular function as a proxy for determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location; responsive to the wireless device determining that the particular requested function requires authentication of the wireless device, the wireless device; determining, via a short-range transceiver circuit of the wireless device, whether an authentication module is available within a short-range wireless communication range of the wireless device, and is thus proximate the wireless device, for use in authenticating the wireless device and thus determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location; responsive to determining that a particular authentication module is within the short-range wireless communication range of the wireless device, the wireless device sending an authentication challenge to the authentication module and determining whether the wireless device is able to authenticate itself via the particular authentication module by comparing a locally produced authentication result and a remotely produced authentication result calculated at the authentication module responsive to the authentication challenge and transmitted back to the wireless device via the short-range transceiver circuit; if the wireless device is not able to authenticate itself via the authentication module, by comparing and not finding a match between the locally produced authentication result and the remotely produced authentication result, the wireless device determining that it is not allowed to execute the particular function at the wireless device'"'"'s current location and the wireless device refraining from executing the particular requested function; if the wireless device is able to authenticate itself via the authentication module, by comparing and finding a match between the locally produced authentication result and the remotely produced authentication result, the wireless device determining that it is allowed to execute the particular function at the wireless device'"'"'s current location and the wireless device executing the particular requested function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A wireless device adapted to authenticate one or more functions at the wireless device based on a proximity of the wireless device to a corresponding authentication module, the wireless device comprising:
-
a memory; a processor communicatively coupled to the memory; a short-range transceiver; and a security key updating module communicatively coupled to the memory and the processor, wherein the security key updating module is adapted, responsive to detecting that a particular function has been requested and that the particular function requested requires authentication of the wireless device via a wireless authentication module that is physically separate from the wireless device prior to execution of the requested particular function as a proxy for determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location, to; determine, via the short-range transceiver, whether a particular authentication module is within a short-range wireless communication range of the wireless device, and is thus proximate the wireless device, for use in authenticating the wireless device and thus determining whether the wireless device is allowed to execute the particular function at the wireless device'"'"'s current location; responsive to determining that a particular authentication module is within the short-range wireless communication range of the short-range transceiver, send an authentication challenge to the authentication module and determine whether the wireless device is able to authenticate itself via the particular authentication module by comparing a locally produced authentication result and a remotely produced authentication result calculated at the authentication module responsive to the authentication challenge and transmitted back to the wireless device via the short-range transceiver circuit; if the wireless device is not able to authenticate itself via the authentication module, by comparing and not finding a match between the locally produced authentication result and the remotely produced authentication result, cause the processor to determine that it is not allowed to execute the particular function at the wireless device'"'"'s current location and to subsequently refrain from executing the particular requested function; if the wireless device is able to authenticate itself via the authentication module, by comparing and finding a match between the locally produced authentication result and the remotely produced authentication result, cause the processor to determine that it is allowed to execute the particular function at the wireless device'"'"'s current location and to subsequently permit the processor to execute the particular requested function. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method for updating authentication information at a wireless device and a particular local authentication module for use in authenticating the wireless device via the particular local authentication module when the particular local authentication module is within a short-range wireless communication range of the wireless device as a proxy for determining whether the wireless device is allowed to execute a function at the wireless device'"'"'s current location, the method comprising:
-
receiving, at the wireless device, a key modification communication from a key manager device having multiple encryptions; decrypting an outer encryption of the key modification communication at the wireless device to produce an encrypted key modification message; determining, via a short-range transceiver circuit of the wireless device, if a local authentication module is available that is associated with the wireless device and is available for use in authenticating the wireless device as a proxy for determining whether the wireless device is allowed to execute particular functions at the wireless device'"'"'s current location; responsive to determining that a particular local authentication module is available that is associated with the wireless device and is available for use in authenticating the wireless device, updating the particular local authentication module, the updating comprising; transmitting the encrypted key modification message from the wireless device to the particular local authentication module via the short-range transceiver circuit of the wireless device; decrypting an encryption of the key modification message at the particular local authentication module to produce decrypted key modification instructions to update or invalidate a key associated with the wireless device and the particular local authentication module; encrypting a key modification response at the particular local authentication module; transmitting the encrypted key modification response from the particular local authentication module to the wireless device; further encrypting the encrypted key modification response at the wireless device; and transmitting the further encrypted key modification response from the wireless device to the key manager device; decrypting the encrypted key modification message at the wireless device to produce the decrypted key modification instructions to update or invalidate a key associated with the wireless device and the particular local authentication module; servicing the decrypted key modification instructions at the particular local authentication module and at the wireless device; and if, as a result of the servicing, the particular local authentication module is no longer associated with the wireless device such that the wireless device cannot authenticate itself via the particular local authentication module as a proxy for determining whether the wireless device is allowed to execute particular functions at the wireless device'"'"'s current location, disallowing at least one previously allowed function of the wireless device associated with the particular local authentication module.
-
Specification