Apparatus and method for sharing a hardware security module interface in a collaborative network
First Claim
1. A method, comprising:
- establishing a collaborative network, at a first communication device having a secure access to a security module, by forming a collaborative security association between the first communication device and a second communication device, wherein the first communication device and the second communication device are associated with a user;
at least one of;
sending, by the first communication device to the second communication device, an advertisement of services associated with the security module and receiving an advertisement response from the second communication device, andreceiving, by the first communication device from the second communication device, a solicitation request for services associated with the security module;
responsive to receiving one of the advertisement response and the solicitation request determining, by the first communication device, whether the second communication device is authorized to access the security module;
establishing, by the first communication device, a session with the security module to provide security services offered by the security module to the second communication device according to one of the advertisement response and the solicitation request, wherein the session is established by providing activation data;
using, by the first communication device, activation data policy provided by the security module to one of store and discard the activation data; and
forwarding, by the first communication device, security service messages between the second communication device and the security module, responsive to determining that the second communication device is authorized to access the security module.
1 Assignment
0 Petitions
Accused Products
Abstract
A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module.
40 Citations
23 Claims
-
1. A method, comprising:
-
establishing a collaborative network, at a first communication device having a secure access to a security module, by forming a collaborative security association between the first communication device and a second communication device, wherein the first communication device and the second communication device are associated with a user; at least one of; sending, by the first communication device to the second communication device, an advertisement of services associated with the security module and receiving an advertisement response from the second communication device, and receiving, by the first communication device from the second communication device, a solicitation request for services associated with the security module; responsive to receiving one of the advertisement response and the solicitation request determining, by the first communication device, whether the second communication device is authorized to access the security module; establishing, by the first communication device, a session with the security module to provide security services offered by the security module to the second communication device according to one of the advertisement response and the solicitation request, wherein the session is established by providing activation data; using, by the first communication device, activation data policy provided by the security module to one of store and discard the activation data; and forwarding, by the first communication device, security service messages between the second communication device and the security module, responsive to determining that the second communication device is authorized to access the security module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
establishing a collaborative network, at a first communication device having a secure access to a security module, by forming a collaborative security association between the first communication device and a second communication device, wherein the first communication device and the second communication device are associated with a user; at least one of; sending, by the first communication device to the second communication device, an advertisement of services associated with the security module and receiving an advertisement response from the second communication device, and receiving, by the first communication device from the second communication device, a solicitation request for services associated with the security module; responsive to receiving one of the advertisement response and the solicitation request determining, by the first communication device, whether the second communication device is authorized to access the security module; establishing, by the first communication device, a session with the security module to provide security services offered by the security module to the second communication device according to one of the advertisement response and the solicitation request, wherein the session is established by providing activation data; verifying, by the first communication device, that session attributes for an existing session are suitable for fulfilling one of the advertisement response and the solicitation request and modifying the session attributes if the session attributes are determined to be unsuitable; and forwarding, by the first communication device, security service messages between the second communication device and the security module, responsive to determining that the second communication device is authorized to access the security module. - View Dependent Claims (14, 15, 16)
-
-
17. An apparatus capable of operating in a collaborative network formed between at least two communication devices associated with a user, the apparatus comprising:
a first communication device comprising; one or more memory devices; a transceiver; and a processor configured to; form a connection with a security module; form at least one security association with a second communication device in the collaborative network; one or more of; transmit, via the transceiver, an advertisement of services offered by the security module to the second communication device and receive a response to the advertisement from the second communication device, and receive, via the transceiver, a solicitation request for services offered by the security module from the second communication device; responsive to receiving one of the advertisement response and the solicitation request, determine whether the second communication device is authorized to access the security module; process and forward security service messages between the second communication device and the security module, responsive to determining that the second communication device is authorized to access the security module; and wherein the processor further is configured to; establish a session with the security module to provide security services offered by the security module to the second communication device according to one of the advertisement response and the solicitation request; provide activation data associated with required credentials in the security module when establishing the session; and use activation data policy provided by the security module to one of store and discard the activation data. - View Dependent Claims (18, 19, 20, 21, 22, 23)
Specification