System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device
First Claim
1. An access device, comprising:
- a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from a proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal;
a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and
an interface configured to send the cryptographically signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system,wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader.
5 Assignments
0 Petitions
Accused Products
Abstract
An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user'"'"'s credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.
-
Citations
30 Claims
-
1. An access device, comprising:
-
a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from a proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal; a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and an interface configured to send the cryptographically signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system, wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
11. A method, comprising:
-
wirelessly receiving, using a proximity reader within a security boundary, a signal including a credential from a proximate device, wherein the credential is provided directly into the security boundary from the proximate device via the signal; extracting the credential from the signal within the security boundary; cryptographically signing or encrypting the credential, using a secure processor within the security boundary, to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and communicating the signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system, wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the signal. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a proximate device; and an access device comprising; a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from the proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal; a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the device; and an interface configured to send the cryptographically signed or encrypted credential to the service provider system, wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader. - View Dependent Claims (18, 19, 20, 21, 30)
-
Specification