System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device

US 8,806,616 B2
Filed: 09/14/2012
Issued: 08/12/2014
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. An access device, comprising:

a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from a proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal;

a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and

an interface configured to send the cryptographically signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system,wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user'"'"'s credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.

Citations

30 Claims

1. An access device, comprising:
- a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from a proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal;
  
  a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and
  
  an interface configured to send the cryptographically signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system,wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The access device of claim 1, wherein the proximity reader is a radio frequency identification (RFID) reader.
  - 3. The access device of claim 1, wherein the proximate device is a cellular device.
  - 4. The access device of claim 1, wherein the access device is a cellular device.
  - 5. The access device of claim 1, further comprising a keyboard configured to receive a password.
  - 6. The access device of claim 5, wherein the access device is further configured to send the password to the service provider system to gain access to the secured service.
  - 7. The access device of claim 1, further comprising a biometric reader configured to read a biometric identifying characteristic.
  - 8. The access device of claim 7, wherein the access device is further configured to send the biometric identifying characteristic to the service provider system to gain access to the secured service.
  - 9. The access device of claim 1, further comprising a database configured to store a default service provider associated with the proximate device.
  - 10. The access device of claim 1, wherein the credential is encrypted and the secure processor is further configured to decrypt the credential.
  - 22. The access device of claim 1, wherein the proximate device is a mobile device.
  - 23. The access device of claim 1, wherein the proximate device is a credit card or a smart card.
  - 24. The access device of claim 1, wherein the access device is a part of a point-of-sale device.
  - 25. The access device of claim 1, wherein the secured service is for performing a sales transaction.
  - 26. The access device of claim 1, wherein the credential is associated with an authorized user of the proximate device.
  - 27. The access device of claim 1, wherein the credential includes credit card information.
  - 28. The access device of claim 1, wherein at least a portion of the security boundary comprises a cryptographic boundary.
  - 29. The access device of claim 1, wherein at least a portion of the security boundary comprises one or more integrated circuits.

11. A method, comprising:
- wirelessly receiving, using a proximity reader within a security boundary, a signal including a credential from a proximate device, wherein the credential is provided directly into the security boundary from the proximate device via the signal;
  
  extracting the credential from the signal within the security boundary;
  
  cryptographically signing or encrypting the credential, using a secure processor within the security boundary, to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the proximate device; and
  
  communicating the signed or encrypted credential to the service provider system to gain access to a secured service provided by the service provider system,wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the signal.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising receiving a password from a keyboard.
  - 13. The method of claim 12, further comprising sending the password to the service provider system to gain access to a secured service.
  - 14. The method of claim 11, further comprising reading a biometric identifying characteristic.
  - 15. The method of claim 14, further comprising sending the biometric identifying characteristic to the service provider system to gain access to a secured service.
  - 16. The method of claim 11, further comprising determining the service provider system by looking up in a database a default service provider system associated with the proximate device.

17. A system, comprising:
- a proximate device; and
  
  an access device comprising;
  
  a proximity reader within a security boundary, the proximity reader configured to wirelessly receive a signal from the proximate device and extract a credential from the wirelessly received signal, wherein the credential is provided directly into the security boundary from the proximate device via the signal;
  
  a secure processor within the security boundary, the secure processor configured to cryptographically sign or encrypt the credential to provide an indication to a service provider system external to the security boundary that the credential is from the proximate device and allow the service provider system to authenticate that the credential is from the device; and
  
  an interface configured to send the cryptographically signed or encrypted credential to the service provider system,wherein the security boundary physically encapsulates both the proximity reader and the secure processor and is configured to prevent software that is executing external to the security boundary from accessing the credential extracted from the wirelessly received signal by the proximity reader.
- View Dependent Claims (18, 19, 20, 21, 30)
- - 18. The system of claim 17, wherein the proximity reader is a radio frequency identification (RFID) reader.
  - 19. The system of claim 17, wherein the proximate device is a cellular device.
  - 20. The system of claim 17, wherein the service provider system is configured to provide access to data or a data processing service.
  - 21. The system of claim 17, wherein the access device is a cellular device.
  - 30. The system of claim 17, wherein the proximity device is configured to store a plurality of credentials for accessing different services from one or more service providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Frank, Ed, Seshadri, Nambi
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US13/617,818
Publication Number

US 20130010962A1
Time in Patent Office

697 Days
Field of Search

380/270
US Class Current

726/20
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/327   Short range or proximity pa...

G07C 9/20   involving the use of a pass

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/32   including means for verifyi...

H04W 4/021   Services related to particu...

H04W 4/80   Services using short range ...

System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links