Assignment and distribution of access credentials to mobile communication devices

US 8,819,792 B2
Filed: 04/26/2011
Issued: 08/26/2014
Est. Priority Date: 04/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

selecting an access credential from a pool of unassigned access credentials;

assigning the access credential to a specific individual;

transmitting the access credential over a secure and authenticated channel to a mobile communication device that is associated with the specific individual, such that the access credential is receivable by the mobile communication device; and

receiving from the mobile communication device an indication that a secondary device is accessible by the mobile communication device and an indication of the proximity technology or technologies supported by the secondary device, wherein the access credential is intended for use by the secondary device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node.

80 Citations

View as Search Results

22 Claims

1. A method comprising:
- selecting an access credential from a pool of unassigned access credentials;
  
  assigning the access credential to a specific individual;
  
  transmitting the access credential over a secure and authenticated channel to a mobile communication device that is associated with the specific individual, such that the access credential is receivable by the mobile communication device; and
  
  receiving from the mobile communication device an indication that a secondary device is accessible by the mobile communication device and an indication of the proximity technology or technologies supported by the secondary device, wherein the access credential is intended for use by the secondary device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1, further comprising:
    - importing one or more of the unassigned access credentials into the pool from an external source of unassigned access credentials.
  - 3. The method as claimed in claim 1, further comprising:
    - informing an access system of the assignment of the access credential to the specific individual.
  - 4. The method as claimed in claim 1, wherein transmitting the access credential to the mobile communication device over the secure and authenticated channel comprises pushing the access credential to the mobile communication device over the secure and authenticated channel.
  - 5. The method as claimed in claim 1, further comprising:
    - receiving from the mobile communication device an indication of the proximity technology or technologies supported by the mobile communication device.
  - 6. The method as claimed in claim 1, further comprising:
    - identifying the mobile communication device.
  - 7. The method as claimed in claim 1, further comprising:
    - receiving a request to participate in access control from the mobile communication device; and
      
      identifying the specific individual that is associated with the mobile communication device;
      
      wherein transmitting the access credential to the mobile communication device over the secure and authenticated channel occurs in response to receiving the request.
  - 8. The method as claimed in claim 1, wherein the access credential is a physical access credential.
  - 9. The method as claimed in claim 1, wherein the access credential is a logical access credential.
  - 10. The method as claimed in claim 2, wherein the external source comprises a smart card and importing the one or more unassigned access credentials comprises accessing the smart card via a smart card reader.

11. A method for a mobile communication device that supports a proximity technology, the method comprising:
- receiving from a server over a secure and authenticated channel an access credential assigned to an individual with which the mobile communication device is associated;
  
  when the mobile communication device is proximate to an access node that supports the proximity technology, employing the proximity technology to present the access credential to the access node; and
  
  requiring successful user authentication in order to permit employing the proximity technology to present the access credential to the access node, wherein the successful user authentication involves a biometric of an authorized user of the mobile communication device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method as claimed in claim 11, further comprising:
    - prior to receiving the access credential, transmitting to the server an indication of the proximity technology or technologies supported by the mobile communication device.
  - 13. The method as claimed in claim 11, wherein the successful user authentication involves a secret known to an authorized user of the mobile communication device.
  - 14. The method as claimed in claim 11, wherein the proximity technology comprises radio frequency identification.
  - 15. The method as claimed in claim 11, wherein the proximity technology comprises near field communication.

16. A method for a mobile communication device, the method comprising:
- transmitting to a server an indication that a secondary device is accessible by the mobile communication device and an indication of the proximity technology or technologies supported by the secondary device;
  
  receiving from the server over a secure and authenticated channel an access credential assigned to an individual with which the mobile communication device is associated, wherein the access credential is intended for use by the secondary device; and
  
  transmitting the access credential in a manner receivable by the secondary device.
- View Dependent Claims (17, 18)
- - 17. The method as claimed in claim 16, wherein transmitting the access credential comprises transmitting the access credential via a wireless personal area network interface of the mobile communication device.
  - 18. The method as claimed in claim 16, further comprising:
    - prior to receiving the access credential, transmitting to the server an indication of the proximity technology or technologies supported by the secondary device.

19. A server comprising:
- a network interface;
  
  a processor; and
  
  a memory storing code which, when executed by the processor, causes the server;
  
  to select an access credential from a pool of unassigned access credentials stored in the memory;
  
  to assign the access credential to a specific individual;
  
  to transmit, via the network interface, the access credential over a secure and authenticated channel to a mobile communication device that is associated with the specific individual, such that the access credential is receivable by the mobile communication device; and
  
  to receive from the mobile communication device, via the network interface, an indication that a secondary device is accessible by the mobile communication device and an indication of the proximity technology or technologies supported by the secondary device, wherein the access credential is intended for use by the secondary device.

20. A mobile communication device that supports a proximity technology, the mobile communication device comprising:
- a network interface to receive from a server over a secure and authenticated channel an access credential assigned to an individual with whom the mobile communication device is associated;
  
  a processor; and
  
  a memory storing code which, when executed by the processor, causes the mobile communication device, when the mobile communication device is proximate to an access node that supports the proximity technology, to employ the proximity technology to present the access credential to the access node, and requires successful user authentication in order to permit employing the proximity technology to present the access credential to the access node, wherein the successful user authentication involves a biometric of an authorized user of the mobile communication device.

21. A mobile communication device comprising:
- a network interface to receive from a server over a secure and authenticated channel an access credential assigned to an individual with whom the mobile communication device is associated and to transmit to the server an indication that a secondary device is accessible by the mobile communication device and an indication of the proximity technology or technologies supported by the secondary device, wherein the access credential is intended for use by the secondary device;
  
  a processor; and
  
  a memory storing code which, when executed by the processor, causes the mobile communication to transmit the access credential in a manner receivable by the secondary device.

22. A system comprising:
- a server arranged to store a pool of unassigned access credentials, the server coupled to a network;
  
  a mobile communication device that is able to communicate over a secure and authenticated channel with the server via the network;
  
  an access system comprising an access node that supports a proximity technology and controls access to a controlled element; and
  
  a secondary device that supports the proximity technology and that is accessible by the mobile communication device,wherein the mobile communication device is arranged to transfer the access credential to the secondary device, andwherein the secondary device is arranged to employ the proximity technology to present the access credential to the access node when the secondary device is proximate to the access node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil Patrick
Primary Examiner(s)
Parthasarathy, Pramila
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US13/093,898
Publication Number

US 20110271331A1
Time in Patent Office

1,218 Days
Field of Search

455/415, 455/41.1, 455/456.6, 726/4, 235/492, 713/171, 713/168, 709/229
US Class Current

726/6
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/32   including means for verifyi...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 88/04   adapted for relaying to or ...

H04W 92/18   between terminal devices

Assignment and distribution of access credentials to mobile communication devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Assignment and distribution of access credentials to mobile communication devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links