Cryptographic protocol for portable devices

US 9,407,634 B2
Filed: 11/23/2015
Issued: 08/02/2016
Est. Priority Date: 08/18/2014
Status: Active Grant

First Claim

Patent Images

1. A method for employing a mobile device to communicate data over a network, wherein the mobile device performs actions, comprising:

employing an authorized authentication device (AAD) to authenticate a user of the mobile device; and

when the user of the mobile device is authenticated, performing further actions, including;

providing one or more advertising information packets based on one or more provisioning keys; and

communicating the one or more advertising information packets to one or more remote access points, wherein each remote access point employs the one or more provisioning keys to provide one or more local versions of the one or more advertising information packets; and

when one or more comparisons performed by the one or more remote access points between its one or more local versions of the advertising information packets to the communicated one or more advertising information packets is a match, providing the user with access to each remote access point having the one or more matching comparisons.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.

49 Citations

View as Search Results

30 Claims

1. A method for employing a mobile device to communicate data over a network, wherein the mobile device performs actions, comprising:
- employing an authorized authentication device (AAD) to authenticate a user of the mobile device; and
  
  when the user of the mobile device is authenticated, performing further actions, including;
  
  providing one or more advertising information packets based on one or more provisioning keys; and
  
  communicating the one or more advertising information packets to one or more remote access points, wherein each remote access point employs the one or more provisioning keys to provide one or more local versions of the one or more advertising information packets; and
  
  when one or more comparisons performed by the one or more remote access points between its one or more local versions of the advertising information packets to the communicated one or more advertising information packets is a match, providing the user with access to each remote access point having the one or more matching comparisons.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the authentication is based on biometric signals of the user.
  - 3. The method of claim 1, wherein the one or more provisioning keys are locally stored on the mobile device and locally stored on the one or more remote access points.
  - 4. The method of claim 1, wherein the providing of the one or more advertising information packets further comprises a synchronized time value.
  - 5. The method of claim 1, wherein the one or more advertising information packets corresponds to one or more of the one or more provisioning keys.
  - 6. The method of claim 1, wherein providing the one or more advertising information packets, further comprises:
    - providing an advertising nonce based on a pseudorandom number generator;
      
      encrypting the advertising nonce based on the one or more provisioning keys; and
      
      providing an encrypted hash value, wherein the encrypted hash value includes the encrypted advertising nonce and a synchronized time value.
  - 7. The method of claim 1, wherein providing the one or more advertising information packets, further comprises, one or more additional values, including at least one of a gesture value, a personal identification number, a password, a touch pattern, or a pass phrase.
  - 8. The method of claim 1, further comprising, when the user disengages the mobile device, unsetting a synchronized time value and encrypting a cryptographic state of the mobile device.

9. A mobile device for communicating data over a network, comprising:
- a transceiver that communicates over a network;
  
  a memory that stores at least instructions; and
  
  a processor device that executes instructions that enable actions, including;
  
  employing an authorized authentication device (AAD) to authenticate a user of the mobile device; and
  
  when the user of the mobile device is authenticated, performing further actions, including;
  
  providing one or more advertising information packets based on one or more provisioning keys; and
  
  communicating the one or more advertising information packets to one or more remote access points, wherein each remote access point employs the one or more provisioning keys to provide one or more local versions of the one or more advertising information packets; and
  
  when one or more comparisons performed by the one or more remote access points between its one or more local versions of the advertising information packets to the communicated one or more advertising information packets is a match, providing the user with access to each remote access point having the one or more matching comparisons.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The mobile device of claim 9, wherein the authentication is based on biometric signals of the user.
  - 11. The mobile device of claim 9, wherein the one or more provisioning keys are locally stored on the mobile device and locally stored on the one or more remote access points.
  - 12. The mobile device of claim 9, wherein the providing of the one or more advertising information packets further comprises a synchronized time value.
  - 13. The mobile device of claim 9, wherein the one or more advertising information packets corresponds to one or more of the one or more provisioning keys.
  - 14. The mobile device of claim 9, wherein providing the one or more advertising information packets, further comprises:
    - providing an advertising nonce based on a pseudorandom number generator;
      
      encrypting the advertising nonce based on the one or more provisioning keys; and
      
      providing an encrypted hash value, wherein the encrypted hash value includes the encrypted advertising nonce and a synchronized time value.
  - 15. The mobile device of claim 9, wherein providing the one or more advertising information packets, further comprises, one or more additional values, including at least one of a gesture value, a personal identification number, a password, a touch pattern, or a pass phrase.
  - 16. The mobile device of claim 9, further comprising, when the user disengages the mobile device, unsetting a synchronized time value and encrypting a cryptographic state of the mobile device.

17. A system for employing a mobile device to communicate data, comprising:
- an authorized authentication device (AAD), comprising;
  
  a transceiver that communicates over a network;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including authenticating a user of the mobile device; and
  
  the mobile device comprising;
  
  a transceiver that communicates over a network;
  
  a memory that stores at least instructions; and
  
  one or more processor devices that execute instructions that perform actions, including;
  
  when the user of the mobile device is authenticated, performing further actions, including;
  
  providing one or more advertising information packets based on one or more provisioning keys; and
  
  communicating the one or more advertising information packets to one or more remote access points, wherein each remote access point employs the one or more provisioning keys to provide one or more local versions of the one or more advertising information packets; and
  
  when one or more comparisons performed by the one or more remote access points between its one or more local versions of the advertising information packets to the communicated one or more advertising information packets is a match, providing the user with access to each remote access point having the one or more matching comparisons.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the authentication is based on biometric signals of the user.
  - 19. The system of claim 17, wherein the one or more provisioning keys are locally stored on the mobile device and locally stored on the one or more remote access points.
  - 20. The system of claim 17, wherein the providing of the one or more advertising information packets further comprises a synchronized time value.
  - 21. The system of claim 17, wherein the one or more advertising information packets corresponds to one or more of the one or more provisioning keys.
  - 22. The system of claim 17, wherein providing the one or more advertising information packets, further comprises:
    - providing an advertising nonce based on a pseudorandom number generator;
      
      encrypting the advertising nonce based on the one or more provisioning keys; and
      
      providing an encrypted hash value, wherein the encrypted hash value includes the encrypted advertising nonce and a synchronized time value.
  - 23. The system of claim 17, wherein providing the one or more advertising information packets, further comprises, one or more additional values, including at least one of a gesture value, a personal identification number, a password, a touch pattern, or a pass phrase.
  - 24. The system of claim 17, further comprising, when the user disengages the mobile device, unsetting a synchronized time value and encrypting a cryptographic state of the mobile device.

25. A processor readable non-transitory storage media that includes instructions for employing a mobile device to communicate data over a network, wherein execution of the instructions by one of more processors performs actions, comprising:
- employing an authorized authentication device (AAD) to authenticate a user of the mobile device; and
  
  when the user of the mobile device is authenticated, performing further actions, including;
  
  providing one or more advertising information packets based on one or more provisioning keys; and
  
  communicating the one or more advertising information packets to one or more remote access points, wherein each remote access point employs the one or more provisioning keys to provide one or more local versions of the one or more advertising information packets; and
  
  when one or more comparisons performed by the one or more remote access points between its one or more local versions of the advertising information packets to the communicated one or more advertising information packets is a match, providing the user with access to each remote access point having the one or more matching comparisons.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The media of claim 25, wherein the authentication is based on biometric signals of the user.
  - 27. The media of claim 25, wherein the one or more provisioning keys are locally stored on the mobile device and locally stored on the one or more remote access points.
  - 28. The media of claim 25, wherein the providing of the one or more advertising information packets further comprises a synchronized time value.
  - 29. The media of claim 25, wherein the one or more advertising information packets corresponds to one or more of the one or more provisioning keys.
  - 30. The media of claim 25, wherein providing the one or more advertising information packets, further comprises, one or more additional values, including at least one of a gesture value, a personal identification number, a password, a touch pattern, or a pass phrase.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nymi Inc.
Original Assignee
Nymi Inc.
Inventors
Martin, Karl, Vahlis, Evgene
Primary Examiner(s)
LEE, JASON T

Application Number

US14/949,509
Publication Number

US 20160080372A1
Time in Patent Office

253 Days
Field of Search

726/10
US Class Current

1/1
CPC Class Codes

G06Q 30/0277   Online advertisement

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/0822   using key encryption key

H04L 9/12   Transmitting and receiving ...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3231   Biological data, e.g. finge...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/50   Secure pairing of devices

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 88/08 : Access point devices

View All

Cryptographic protocol for portable devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Cryptographic protocol for portable devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others