Apparatus and method for secure authentication of a communication device

US 9,208,300 B2
Filed: 10/23/2013
Issued: 12/08/2015
Est. Priority Date: 10/23/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A communication device comprising:

a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;

receiving a baseline credential and an external credential, wherein the receiving of the baseline credential is from a remote management server that is remote from the communication device;

storing the baseline credential and the external credential in the secure element memory; and

mapping the external credential to the baseline credential in the secure element memory;

a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure element and the secure device processor are mutually authenticated with the remote management server using a remote management keyset, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;

receiving an application registration request, wherein the receiving of the external credential by the secure element is responsive to the application registration request;

receiving user input including a user credential;

providing a request for an authentication to the secure element, wherein the request for the authentication includes the user credential and enables the secure element to compare the user credential with the baseline credential to verify the authentication;

receiving the authentication and the external credential from the secure element without receiving the baseline credential; and

providing the external credential to an external entity device that is remote from the communication device; and

a device processor that is separate from the secure device processor and in communication with the secure device processor, wherein the device processor facilitates wireless communications between the communication device and the remote management server, and wherein the device processor facilitates wireless communications between the communication device and the external entity device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed.

107 Citations

20 Claims

1. A communication device comprising:
- a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;
  
  receiving a baseline credential and an external credential, wherein the receiving of the baseline credential is from a remote management server that is remote from the communication device;
  
  storing the baseline credential and the external credential in the secure element memory; and
  
  mapping the external credential to the baseline credential in the secure element memory;
  
  a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure element and the secure device processor are mutually authenticated with the remote management server using a remote management keyset, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;
  
  receiving an application registration request, wherein the receiving of the external credential by the secure element is responsive to the application registration request;
  
  receiving user input including a user credential;
  
  providing a request for an authentication to the secure element, wherein the request for the authentication includes the user credential and enables the secure element to compare the user credential with the baseline credential to verify the authentication;
  
  receiving the authentication and the external credential from the secure element without receiving the baseline credential; and
  
  providing the external credential to an external entity device that is remote from the communication device; and
  
  a device processor that is separate from the secure device processor and in communication with the secure device processor, wherein the device processor facilitates wireless communications between the communication device and the remote management server, and wherein the device processor facilitates wireless communications between the communication device and the external entity device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The communication device of claim 1, wherein the secure element comprises a universal integrated circuit card.
  - 3. The communication device of claim 2, wherein the receiving of the application registration request is from an application being executed by the device processor, and wherein the receiving of the user input is in response to a prompt that is presented by the communication device responsive to the application being executed by the device processor.
  - 4. The communication device of claim 1, comprising a user interface and wherein the receiving of the baseline credential comprises:
    - receiving, by the secure device processor, biometric input captured at the user interface;
      
      converting, by the secure device processor, the biometric input into a binary biometric credential; and
      
      providing the binary biometric credential from the secure device processor to the secure element.
  - 5. The communication device of claim 1, wherein the baseline credential includes a password, a pin number, a digital signature, a finger print, a voice print, a face print, or combinations thereof.
  - 6. The communication device of claim 1, wherein the external credential includes at least one of a server login, a digital signature, or a response to a challenge.
  - 7. The communication device of claim 1, wherein the receiving of the application registration request is at least one of based on other user input or received from an application being executed by the communication device.
  - 8. The communication device of claim 1, wherein the receiving of the application registration request is from the external entity device, and wherein the receiving of the user input is in response to a prompt that is presented by the communication device responsive to the application registration request.
  - 9. The communication device of claim 1, comprising a user interface and wherein the receiving of the baseline credential comprises:
    - receiving, by the secure device processor, user data inputted at the user interface;
      
      converting, by the secure device processor, the user data into a binary credential; and
      
      providing the binary credential from the secure device processor to the secure element.
  - 10. The communication device of claim 1, wherein the device processor enables at least one of voice, video or data communication services to be provided by the communication device, wherein the first executable instructions are received by the secure element from the remote management server, and wherein the second executable instructions are received by the secure device processor from the remote management server.

11. A method comprising:
- receiving, by a secure element of a communication device, a baseline credential and an external credential, wherein the receiving of the baseline credential is from a remote management server that is remote from the communication device;
  
  storing the baseline credential and the external credential in a secure element memory of the secure element;
  
  mapping, by the secure element, the external credential to the baseline credential in the secure element memory;
  
  receiving, by a secure device processor of the communication device, an application registration request, wherein the receiving of the external credential by the secure element is responsive to the application registration request, wherein the secure device processor is separate from the secure element and in communication with the secure element;
  
  receiving, by the secure device processor, user input including a user credential;
  
  providing a request for an authentication from the secure device processor to the secure element, wherein the request for the authentication includes the user credential and enables the secure element to compare the user credential with the baseline credential to verify the authentication;
  
  receiving, by the secure device processor, the authentication from the secure element without receiving the baseline credential, wherein the secure element and the secure device processor are mutually authenticated with the remote management server using a remote management keyset; and
  
  facilitating, by a device processor of the communication device, wireless communications between the communication device and the remote management server, wherein the device processor is separate from the secure device processor and in communication with the secure device processor.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, comprising:
    - receiving, by the secure device processor, the external credential from the secure element without receiving the baseline credential; and
      
      providing, by the secure device processor, the external credential to an external entity device that is remote from the communication device.
  - 13. The method of claim 11, comprising:
    - enabling at least one of voice or data communication services at the communication device utilizing the device processor; and
      
      providing, by the secure device processor, the external credential to an application being executed by the communication device, wherein the application is associated with the application registration request.
  - 14. The method of claim 11, wherein the receiving of the baseline credential comprises:
    - receiving, by the secure device processor, biometric input captured at a user interface of the communication device;
      
      converting, by the secure device processor, the biometric input into a binary biometric credential; and
      
      providing the binary biometric credential from the secure device processor to the secure element.
  - 15. The method of claim 11, wherein the baseline credential includes a password, a pin number, a digital signature, a finger print, a voice print, a face print or combinations thereof, wherein the receiving of the user input including the user credential is from one of another communication device or inputted at the communication device.
  - 16. The method of claim 11, wherein the receiving of the application registration request is based on user input.
  - 17. The method of claim 12, wherein the receiving of the application registration request is from the external entity device, and wherein the receiving of the user input is in response to a prompt that is presented by the communication device responsive to the application registration request.

18. A computer readable storage device comprising instructions which, responsive to being executed by a secure element of a communication device, cause the secure element to perform operations comprising:
- receiving a baseline credential and an external credential, wherein the receiving of the baseline credential is from a remote management server that is remote from the communication device, wherein the receiving of the external credential by the secure element is responsive to a secure device processor of the communication device receiving an application registration request;
  
  storing the baseline credential and the external credential in a secure element memory of the secure element;
  
  mapping the external credential to the baseline credential in the secure element memory;
  
  receiving a request for an authentication from the secure device processor of the communication device, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the request for the authentication includes a user credential inputted into the communication device, wherein the secure element and the secure device processor are mutually authenticated with the remote management server using a remote management keyset;
  
  comparing the user credential with the baseline credential to verify the authentication; and
  
  providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device,wherein a device processor of the communication device facilitates wireless communications between the communication device and the remote management server and between the communication device and the external entity device, wherein the device processor is separate from the secure device processor and in communication with the secure device processor.
- View Dependent Claims (19, 20)
- - 19. The computer readable storage device of claim 18, wherein the receiving of the baseline credential comprises:
    - receiving a binary biometric credential from the secure device processor, wherein the binary biometric credential is generated by the secure device processor by converting biometric input captured at a user interface of the communication device into the binary biometric credential.
  - 20. The computer readable storage device of claim 18, wherein the device processor enables at least one of voice, video or data communication services at the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emille
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US14/061,380
Publication Number

US 20150113617A1
Time in Patent Office

776 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/45   Structures or tools for the...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0869   for achieving mutual authen...

Apparatus and method for secure authentication of a communication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for secure authentication of a communication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others