Wireless key management for authentication

US 9,455,839 B2
Filed: 07/30/2014
Issued: 09/27/2016
Est. Priority Date: 07/30/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authentication, comprising:

waking a locking device from a sleep function;

broadcasting, by the locking device, a unique identifier corresponding to the locking device in response to waking the locking device from the sleep function;

receiving, at a mobile device, the unique identifier;

transmitting, by the mobile device, a request to the locking device, wherein transmitting the request to the locking device is based on determining that the unique identifier is associated with a user profile;

transmitting, by the locking device, a security challenge to the mobile device;

transmitting, by the mobile device, a response to the challenge and an encrypted user profile for the locking device, wherein the response comprises data generated with an access key that is stored by both the mobile device and the locking device, and wherein the user profile is encrypted by a server using a secret key that is stored by the server and the locking device;

verifying, by the locking device, the response to the challenge, wherein the response is verified using the access key;

validating, by the locking device in response to verifying the response, data from the mobile device, wherein validating the data comprises;

decrypting the encrypted user profile, wherein the user profile is decrypted using the secret key; and

verifying the decrypted user profile; and

initiating, by the locking device in response to validating the data, an action of the locking device as specified by the request, wherein the action comprises activating a physical locking component of the locking device to unlock the locking device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods, systems, and computer-readable media for wireless key management for authentication. Authentication includes transmitting a request to a locking device, transmitting a security challenge to the mobile device, and transmitting a response to the challenge and an encrypted user profile for the locking device. The response includes data generated with an access key that is stored by both the mobile device and the locking device, and the user profile is encrypted by a server using a secret key that is stored by the server and the locking device. Authentication further includes verifying the response to the challenge, where the response is verified using the access key, and validating additional data from the mobile device. An action of the locking device may be initiated as specified by the request.

59 Citations

View as Search Results

21 Claims

1. A method of authentication, comprising:
- waking a locking device from a sleep function;
  
  broadcasting, by the locking device, a unique identifier corresponding to the locking device in response to waking the locking device from the sleep function;
  
  receiving, at a mobile device, the unique identifier;
  
  transmitting, by the mobile device, a request to the locking device, wherein transmitting the request to the locking device is based on determining that the unique identifier is associated with a user profile;
  
  transmitting, by the locking device, a security challenge to the mobile device;
  
  transmitting, by the mobile device, a response to the challenge and an encrypted user profile for the locking device, wherein the response comprises data generated with an access key that is stored by both the mobile device and the locking device, and wherein the user profile is encrypted by a server using a secret key that is stored by the server and the locking device;
  
  verifying, by the locking device, the response to the challenge, wherein the response is verified using the access key;
  
  validating, by the locking device in response to verifying the response, data from the mobile device, wherein validating the data comprises;
  
  decrypting the encrypted user profile, wherein the user profile is decrypted using the secret key; and
  
  verifying the decrypted user profile; and
  
  initiating, by the locking device in response to validating the data, an action of the locking device as specified by the request, wherein the action comprises activating a physical locking component of the locking device to unlock the locking device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein verifying the decrypted user profile comprises validating a message authentication code (MAC) based on the secret key and the user profile.
  - 3. The method of claim 1, further comprising transmitting, by the mobile device, a timestamp of the mobile device, wherein validating the data from the mobile device further comprises verifying the timestamp by comparing the timestamp to a time maintained by the locking device.
  - 4. The method of claim 3, wherein verifying the decrypted user profile further comprises comparing, using the time maintained by the locking device, an access schedule of the user profile, wherein the access schedule specifies a time when the mobile device may access the locking device.
  - 5. The method of claim 3, further comprising determining, by the locking device, whether the mobile device is a trusted device by comparing the timestamp to the time maintained by the locking device.
  - 6. The method of claim 1, wherein the challenge comprises a unique session identifier corresponding to a communication session between the mobile device and the locking device.
  - 7. The method of claim 1, wherein the user profile is encrypted by the server based on a CCM mode encryption algorithm, and wherein the secret key has a length of 128 bits.
  - 8. The method of claim 1, wherein determining that the unique identifier is associated with the user profile comprises:
    - comparing the unique identifier to a list of user profiles on the mobile device, wherein the list of user profiles comprises the user profile, and wherein user profiles of the list are each associated with at least one locking device; and
      
      determining that the unique identifier matches identifier information of the user profile.
  - 9. The method of claim 1, wherein the mobile device receives the encrypted user profile and access key from the server during a user profile generation process.
  - 10. The method of claim 1, wherein the locking device and mobile device are each configured to wirelessly transmit data using at least one of a Bluetooth protocol, a near field communications protocol, a ZigBee protocol, and a radio frequency identification (RFID) protocol.

11. An electronic locking device, comprising:
- a wireless transceiver;
  
  a memory;
  
  an electronically controllable locking mechanism; and
  
  a processor configured to;
  
  store a secret key in the memory, wherein the secret key is associated with a first code for the electronic locking device;
  
  store an access key in the memory, wherein the access key is associated with a second code for the electronic locking device;
  
  receive, via the transceiver, a request from a mobile device;
  
  wake from a sleep function of the electronic locking device;
  
  broadcast, via the wireless transceiver, a unique identifier corresponding to the electronic locking device in response to waking from the sleep function;
  
  transmit, via the transceiver, a security challenge to the mobile device;
  
  verify, using the access key, a response to the challenge, wherein the response is received from the mobile device, and wherein the response comprises data generated with a copy of the access key stored by the mobile device;
  
  validate, in response to verifying the response, data from the mobile device, wherein validating the data comprises;
  
  decrypting an encrypted user profile, wherein the user profile is decrypted using the secret key, and wherein the user profile is encrypted by a server with a copy of the secret key stored by the server; and
  
  verifying the decrypted user profile; and
  
  initiate, in response to validating the data, an action of the electronic locking device as specified by the request.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The electronic locking device of claim 11, wherein initiating the action comprises providing access to secured data storage of the locking device.
  - 13. The electronic locking device of claim 12, wherein providing access to the secured data storage of the locking device comprises:
    - decrypting, by the locking device using the secret key, data of the secured data storage and transmitting the decrypted secured data storage data to the mobile device;
      
      orencrypting, by the locking device using the secret key, additional data received from the mobile device and storing the encrypted additional data in the secured data storage.
  - 14. The electronic locking device of claim 11, wherein the action comprises activating a physical locking component of the locking device.
  - 15. The electronic locking device of claim 11, wherein verifying the decrypted user profile comprises validating a message authentication code (MAC) based on the secret key and the user profile.
  - 16. The electronic locking device of claim 11, wherein validating the data further comprises verifying a timestamp of the mobile device by comparing the timestamp to a time maintained by the electronic locking device.
  - 17. The electronic locking device of claim 16, wherein verifying the decrypted user profile further comprises comparing, using the time maintained by the locking device, an access schedule of the user profile, wherein the access schedule specifies a time when the mobile device may access the locking device.
  - 18. The electronic locking device of claim 11, wherein the wireless transceiver comprises at least one of a Bluetooth transceiver, a near field communication transceiver, a ZigBee transceiver, and a radio frequency identification (RFID) transceiver.
  - 19. The electronic locking device of claim 11, wherein the first code and the second code are a same code that is unique to the electronic locking device.
  - 20. The electronic locking device of claim 11, further comprising a battery configured to supply power to the electronic locking device.
  - 21. The electronic locking device of claim 11, further comprising a GPS device configured to provide location information based on a location of the electronic locking device, and wherein the processor is further configured to transmit, via the transceiver, the location information to the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Original Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Inventors
Conrad, Nathan, Zhang, Yi, Stefanovic, Nemanja, Bartucci, John, Kalous, Scott
Primary Examiner(s)
Vaughan, Michael R

Application Number

US14/447,514
Publication Number

US 20160036594A1
Time in Patent Office

790 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/445   by mutual authentication, e...

G06F 2221/2115   Third party

G06F 2221/2137   Time limited access, e.g. t...

G07C 2009/00388   code verification carried o...

G07C 9/00571   operated by interacting wit...

H04L 2209/80   Wireless network architectu...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

Wireless key management for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless key management for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links