Wireless token device

US 9,547,761 B2
Filed: 04/09/2012
Issued: 01/17/2017
Est. Priority Date: 04/09/2012
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

detect a first computing device as substantially collocated with a wireless token device, using a short-range wireless communication network;

establish a connection between the first computing device and the token device over the short-range wireless network;

generate, at the token device, authentication data from a globally unique user identifier (GUUID) stored in secure memory of the token device, wherein the GUUID is assigned to a particular user; and

send the authentication data to the first computing device from the token device over the short-range wireless network, wherein the authentication data comprises first authentication data based on the GUUID to authenticate the particular user at the first computing device and further comprises second authentication data based on the GUUID to authenticate the first computing device to a storage device remote from the first computing device and token device,wherein full access to the second authentication data by the first computing device is restricted and is to be forwarded by the first computing device to authenticate the first computing device to the storage device, authentication of the particular user permits data stored on the storage device to be accessed through the first computing device and presented on a user interface of the first computing device, and access to the data is restricted to a subset of users including the particular user.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first computing device is detected as substantially collocated with a wireless token device, using a short-range wireless communication network and a connection is established between the first computing device and the token device over the short-range wireless network. Authentication data is sent to the first computing device from the token device over the short-range wireless network to authenticate the token device at the first computing device. Authentication of the token device permits data accessible through the first computing device to be made available to a holder of the token device and to be presented on a user interface of the first computing device. In some instances, the wireless token device may otherwise lack user interfaces for presenting the data itself.

126 Citations

20 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- detect a first computing device as substantially collocated with a wireless token device, using a short-range wireless communication network;
  
  establish a connection between the first computing device and the token device over the short-range wireless network;
  
  generate, at the token device, authentication data from a globally unique user identifier (GUUID) stored in secure memory of the token device, wherein the GUUID is assigned to a particular user; and
  
  send the authentication data to the first computing device from the token device over the short-range wireless network, wherein the authentication data comprises first authentication data based on the GUUID to authenticate the particular user at the first computing device and further comprises second authentication data based on the GUUID to authenticate the first computing device to a storage device remote from the first computing device and token device,wherein full access to the second authentication data by the first computing device is restricted and is to be forwarded by the first computing device to authenticate the first computing device to the storage device, authentication of the particular user permits data stored on the storage device to be accessed through the first computing device and presented on a user interface of the first computing device, and access to the data is restricted to a subset of users including the particular user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The storage medium of claim 1, wherein the second data is retrieved by the first computing device from a data store remote from the token device and first computing device wherein the full access to the second authentication data is restricted by encrypting the second authentication data.
  - 3. The storage medium of claim 1, wherein the authentication data is encrypted by a first public key paired to a private key of the first computing device.
  - 4. The storage medium of claim 1, wherein the instructions when executed on a machine, further cause the machine to:
    - detect a second computing device as substantially collocated with the token device, using a short-range wireless communication network;
      
      establish a connection between the second computing device and the token device over a short-range wireless network;
      
      send second authentication data to the second computing device from the token device over the short-range wireless network to authenticate the token device at the second computing device, wherein the second authentication data is to be generated from the globally unique user identifier stored in secure memory of the token device.
  - 5. The storage medium of claim 4, wherein the authentication data sent to the first computing device comprises first authentication data and the second authentication data is different from the first authentication data.
  - 6. The storage medium of claim 1, wherein the instructions when executed on a machine, further cause the machine to receive from the first computing device over the short-range wireless network second authentication data authenticating access to at least a portion of stored data on the wireless token device.
  - 7. The storage medium of claim 1, wherein a pairing relationship exists between the wireless token device and first computing device.
  - 8. The storage medium of claim 7, wherein the instructions when executed on a machine, further cause the machine to:
    - send a first digital certificate from the wireless token device to the first computing device verifying the identity of the wireless token device;
      
      receive a second digital certificate at the wireless token device from the first computing device verifying the identity of the first computing device; and
      
      establish parameters for subsequent communication between the wireless storage device and first computing device.
  - 9. The storage medium of claim 1, wherein the wireless token device lacks user interfaces for the presentation of the data.

10. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- detect a wireless token device as substantially collocated with a particular computing device, using a short-range wireless communication network;
  
  establish a connection between the particular computing device and the token device over the short-range wireless network;
  
  receive authentication data at the first computing device from the token device over the short-range wireless network, wherein the authentication data is associated with a particular user and generated at the wireless token device from a globally unique user identifier assigned to the particular user and stored securely at the wireless token device;
  
  authenticate the particular user based on the received authentication data; and
  
  present particular data on a user interface of the particular computing device based on the authentication to the token device, wherein the particular data is restricted to a subset of users including the particular user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The storage medium of claim 10, wherein the instructions when executed on a machine, further cause the machine to receive the particular data from a remote data store based on the authentication of the token device to the particular computing device.
  - 12. The storage medium of claim 11, wherein the remote data store is a cloud-based data store.
  - 13. The storage medium of claim 10, wherein at least a portion of the particular data is stored locally on the particular computing device.
  - 14. The storage medium of claim 10, wherein the particular data is presented on a graphical display of the particular computing device.
  - 15. The storage medium of claim 10, wherein the particular data is presented using audio speakers of the particular computing device.
  - 16. The storage medium of claim 10, wherein the instructions when executed on a machine, further cause the machine to receive authentication inputs from a user on one or more user interfaces of the particular computing device, wherein authentication of the token device is further based on the received authentication inputs.
  - 17. The storage medium of claim 10, wherein the instructions when executed on a machine, further cause the machine to identify an association of a particular one of a plurality of user profiles maintained on the particular computing device with the token device, wherein the holder of the token device is provided access to the particular user profile.

18. A method comprising:
- detecting a first computing device as substantially collocated with a wireless token device, using a short-range wireless communication network;
  
  establishing a connection between the first computing device and the token device over the short-range wireless network;
  
  generating, at the token device, authentication data from a globally unique user identifier (GUUID) stored in secure memory of the token device, wherein the GUUID is assigned to a particular user; and
  
  sending the authentication data to the first computing device from the token device over the short-range wireless network, wherein the authentication data comprises first authentication data based on the GUUID to authenticate the particular user at the first computing device and further comprises second authentication data based on the GUUID to authenticate the first computing device to a storage device remote from the first computing device and token device,wherein full access to the second authentication data by the first computing device is restricted and is to be forwarded by the first computing device to authenticate the first computing device to the storage device, authentication of the particular user permits data stored on the storage device to be accessed through the first computing device and presented on a user interface of the first computing device, and access to the data is restricted to a subset of users including the particular user.

19. A wireless token apparatus comprising:
- a processor device;
  
  a memory element comprising secure memory;
  
  a short-range wireless network adapter adapted to;
  
  detect a first computing device as substantially collocated with the apparatus, using a short-range wireless communication network;
  
  establish a connection between the first computing device and the apparatus over the short-range wireless network; and
  
  an authentication broker adapted to;
  
  identify a globally unique user identifier assigned to a particular user, wherein the globally unique user identifier is stored in the secure memory of the wireless token apparatus;
  
  generate authentication data from the globally unique user identifier, wherein the authentication data comprises first and second authentication data and the second authentication data is obscured to restrict full access to the second authentication data to a remote data store; and
  
  send the authentication data to the first computing device over the short-range wireless network, wherein the first authentication data is to be used to authenticate the particular user at the first computing device and the second authentication data is to be used to authenticate the first computing device to the data store,wherein full access to the second authentication data by the first computing device is restricted and is to be forwarded by the first computing device to authenticate the first computing device to the storage device, authentication of the particular user permits data stored on the storage device to be accessed through the first computing device and presented on a user interface of the first computing device, and access to the data is restricted to a subset of users including the particular user.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the apparatus lacks user interfaces for the presentation of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Schrecker, Sven
Primary Examiner(s)
Cervetti, David Garcia
Assistant Examiner(s)
Johnson, Carlton

Application Number

US13/442,743
Publication Number

US 20130268766A1
Time in Patent Office

1,744 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04W 12/068   using credential vaults, e....

H04W 12/33   using wearable devices, e.g...

H04W 4/80   Services using short range ...

Wireless token device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless token device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links