Methods and apparatus for use in sharing credentials amongst a plurality of mobile communication devices
First Claim
1. A method in a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the method comprising:
- producing, by the target mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier;
signing, by the target mobile device, the request message with a digital signature;
sending, by the target mobile device, the signed request message to the source mobile device;
when the request message is positively verified, receiving, by the target mobile device, a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key;
decrypting, by the target mobile device, the encrypted form of the credential key;
retrieving, by the target mobile device, a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token;
decrypting, by the target mobile device, the plurality of encrypted credential objects using the credential key; and
,using, by the target mobile device, resulting authentication tokens to access respective data applications.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.
-
Citations
16 Claims
-
1. A method in a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the method comprising:
-
producing, by the target mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier; signing, by the target mobile device, the request message with a digital signature; sending, by the target mobile device, the signed request message to the source mobile device; when the request message is positively verified, receiving, by the target mobile device, a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key; decrypting, by the target mobile device, the encrypted form of the credential key; retrieving, by the target mobile device, a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token; decrypting, by the target mobile device, the plurality of encrypted credential objects using the credential key; and
,using, by the target mobile device, resulting authentication tokens to access respective data applications. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable storage medium, comprising:
-
a computer readable medium; computer instructions stored in the computer readable medium; the computer instructions being executable by one or more processors of a target mobile device for obtaining a credential key associated with a user account from a source mobile device, the source mobile device being identified by a source identifier, the computer instructions being further executable for; producing a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account; signing the request message with a digital signature; sending the signed request message to the source mobile device; and when the request message is positively verified, receiving a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key decrypting the encrypted form of the credential key; retrieving a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token; decrypting the plurality of encrypted credential objects using the credential key; and
,using resulting authentication tokens to access respective data applications. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A target mobile device configured to obtain a credential key associated with a user account from a source mobile device, the target mobile device comprising:
-
one or more hardware processors; a radio frequency (RF) transceiver coupled to the one or more hardware processors; the one or more hardware processors being configured for; producing a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier; signing the request message with a digital signature; sending the signed request message to the source mobile device; and when the request message is positively verified, receiving a response message from the source mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key decrypting the encrypted form of the credential key; retrieving a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token; decrypting the plurality of encrypted credential objects using the credential key; and
,using resulting authentication tokens to access respective data applications.
-
-
12. A method in a source mobile device for communicating a credential key associated with a user account to a target mobile device, the method comprising:
-
receiving, by the source mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier; verifying, by the source mobile device, a digital signature of the request message; when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications. - View Dependent Claims (13, 14)
-
-
15. A source mobile device configured for communicating a credential key associated with a user account to a target mobile device, the source mobile device comprising:
-
one or more hardware processors; a radio frequency (RF) transceiver (RF) coupled to the one or more hardware processors; the one or more hardware processors being configured for; receive a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account, the source mobile device being identified by a source identifier; verifying a digital signature of the request message; when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications.
-
-
16. A non-transitory computer readable storage medium, comprising:
-
a computer readable medium; computer instructions stored in the computer readable medium; the computer instructions being executable by one or more processors of a source mobile device configured for communicating a credential key associated with a user account to a target mobile device, the source mobile device being identified by a source identifier, the computer instructions being further executable for; receiving, by the source mobile device, a request message for a key exchange, the request message including a target identifier and a target device key of the target mobile device, the target mobile device and the source mobile device each associated with the user account; verifying, by the source mobile device, a digital signature of the request message; when the request message is positively verified, sending, from the source mobile device a response message to the target mobile device, the response message including the target identifier and an encrypted form of the credential key, the encrypted form of the credential key being encrypted with the target device key so that the target mobile device;
decrypts the encrypted form of the credential key, retrieves a plurality of encrypted credential objects from a network infrastructure, each of the plurality of encrypted credential objects comprising a respective authentication token, decrypts the plurality of encrypted credential objects using the credential key, and uses resulting authentication tokens to access respective data applications.
-
Specification