Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices

US 8,977,856 B2
Filed: 08/31/2012
Issued: 03/10/2015
Est. Priority Date: 08/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method in a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the method comprising:

producing, by the target mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;

signing, by the target mobile device, the request message with a digital signature;

sending, by the target mobile device, the signed request message to the source mobile device;

when the request message is positively verified, receiving, by the target mobile device, a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key;

decrypting, by the target mobile device, the encrypted form of the credential key;

retrieving, by the target mobile device, a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token;

decrypting, by the target mobile device, the plurality of encrypted credential objects using the credential key; and

,using, by the target mobile device, resulting authentication tokens to access respective data applications.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.

Citations

16 Claims

1. A method in a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the method comprising:
- producing, by the target mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;
  
  signing, by the target mobile device, the request message with a digital signature;
  
  sending, by the target mobile device, the signed request message to the source mobile device;
  
  when the request message is positively verified, receiving, by the target mobile device, a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key;
  
  decrypting, by the target mobile device, the encrypted form of the credential key;
  
  retrieving, by the target mobile device, a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token;
  
  decrypting, by the target mobile device, the plurality of encrypted credential objects using the credential key; and
  
  ,using, by the target mobile device, resulting authentication tokens to access respective data applications.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - decrypting the encrypted form of the credential key with the target device key, for producing the credential key.
  - 3. The method of claim 1, wherein the target device key comprises an asymmetric encryption key.
  - 4. The method of claim 3, further comprising:
    - refraining from sending a private key of the target device key from the target mobile device.
  - 5. The method of claim 1, wherein the signed request message to the source mobile device is sent via a wireless network or directly via a short range wireless link.

6. A non-transitory computer readable storage medium, comprising:
- a computer readable medium;
  
  computer instructions stored in the computer readable medium;
  
  the computer instructions being executable by one or more processors of a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the source mobile device being identified by a source identifier, the computer instructions being further executable for;
  
  producing a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account;
  
  signing the request message with a digital signature;
  
  sending the signed request message to the source mobile device; and
  
  when the request message is positively verified, receiving a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device keydecrypting the encrypted form of the credential key;
  
  retrieving a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token;
  
  decrypting the plurality of encrypted credential objects using the credential key; and
  
  ,using resulting authentication tokens to access respective data applications.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer readable storage medium of claim 6, wherein the method further comprises:
    - decrypting the encrypted form of the credential key with the target device key, for producing the credential key.
  - 8. The non-transitory computer readable storage medium of claim 6, wherein the target device key comprises an asymmetric encryption key.
  - 9. The non-transitory computer readable storage medium of claim 8, further comprising:
    - refraining from sending a private key of the target device key from the target mobile device.
  - 10. The non-transitory computer readable storage medium of claim 6, wherein the signed request message to the source mobile device is sent via a wireless network or directly via a short range wireless link.

11. A target mobile device configured to obtain a credential key associated with a user account from a source mobile device, the target mobile device comprising:
- one or more hardware processors;
  
  a radio frequency (RF) transceiver coupled to the one or more hardware processors;
  
  the one or more hardware processors being configured for;
  
  producing a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;
  
  signing the request message with a digital signature;
  
  sending the signed request message to the source mobile device; and
  
  when the request message is positively verified, receiving a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device keydecrypting the encrypted form of the credential key;
  
  retrieving a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token;
  
  decrypting the plurality of encrypted credential objects using the credential key; and
  
  ,using resulting authentication tokens to access respective data applications.

12. A method in a source mobile device for communicating a credential key associated with a user account to a target mobile device, the method comprising:
- receiving, by the source mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;
  
  verifying, by the source mobile device, a digital signature of the request message;
  
  when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
  
  decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the target device key comprises an asymmetric encryption key.
  - 14. The method of claim 12, wherein the request message to the source mobile device is received via a wireless network or directly via a short range wireless link.

15. A source mobile device configured for communicating a credential key associated with a user account to a target mobile device, the source mobile device comprising:
- one or more hardware processors;
  
  a radio frequency (RF) transceiver (RF) coupled to the one or more hardware processors;
  
  the one or more hardware processors being configured for;
  
  receive a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;
  
  verifying a digital signature of the request message;
  
  when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
  
  decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications.

16. A non-transitory computer readable storage medium, comprising:
- a computer readable medium;
  
  computer instructions stored in the computer readable medium;
  
  the computer instructions being executable by one or more processors of a source mobile device configured for communicating a credential key associated with a user account to a target mobile device, the source mobile device being identified by a source identifier, the computer instructions being further executable for;
  
  receiving, by the source mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account;
  
  verifying, by the source mobile device, a digital signature of the request message;
  
  when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
  
  decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Malek, Rafal, Gustave, Christophe, Feener, Edwin J., Beak, Kyung Mo
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US13/601,471
Publication Number

US 20140068261A1
Time in Patent Office

921 Days
Field of Search

713/168, 713/171
US Class Current

713/171
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

H04W 12/43   using shared identity modul...

Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links