Wireless key management for authentication

US 9,600,949 B2
Filed: 08/27/2014
Issued: 03/21/2017
Est. Priority Date: 07/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a mobile device, a lock identifier from a locking device comprising a physical locking component and circuitry configured to control locking and unlocking of the physical locking component, the lock identifier associated with the locking device;

determining, by the mobile device, that the lock identifier is associated with a user profile on the mobile device by comparing the lock identifier to a set of lock identifiers on the mobile device, wherein the user profile is associated with a lock identifier and is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key;

transmitting, by the mobile device, the user profile associated with the lock identifier to the locking device;

decrypting, by the locking device, the user profile to generate a decrypted user profile, wherein the user profile is decrypted and verified using the lock key;

transmitting, by the locking device, a security code to the mobile device;

generating, by the mobile device, an encrypted command, the encrypted command comprising the security code and encrypted using the user key of the user profile;

transmitting, by the mobile device, the encrypted command to the locking device;

validating, by the locking device, the encrypted command from the mobile device, wherein validating the encrypted command comprises;

decrypting the encrypted command using the user key obtained from the decrypted user profile to generate a decrypted command;

determining whether the security code is valid; and

authenticating the decrypted command using the user key; and

initiating, by the locking device in response to validating the command, an action of the locking device as specified by the command.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods, and devices for wireless key management for authentication. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile, wherein a user profile is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key; transmitting the user profile; decrypting the user profile using the lock key; transmitting a security code; generating an encrypted command comprising the security code and encrypted using the user key; transmitting the command; validating the command. Validating the command can include decrypting using the user key; determining whether the security code is valid; and authenticating using the user key; and initiating, in response to validating, an action of the locking device as specified by the command.

74 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a mobile device, a lock identifier from a locking device comprising a physical locking component and circuitry configured to control locking and unlocking of the physical locking component, the lock identifier associated with the locking device;
  
  determining, by the mobile device, that the lock identifier is associated with a user profile on the mobile device by comparing the lock identifier to a set of lock identifiers on the mobile device, wherein the user profile is associated with a lock identifier and is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key;
  
  transmitting, by the mobile device, the user profile associated with the lock identifier to the locking device;
  
  decrypting, by the locking device, the user profile to generate a decrypted user profile, wherein the user profile is decrypted and verified using the lock key;
  
  transmitting, by the locking device, a security code to the mobile device;
  
  generating, by the mobile device, an encrypted command, the encrypted command comprising the security code and encrypted using the user key of the user profile;
  
  transmitting, by the mobile device, the encrypted command to the locking device;
  
  validating, by the locking device, the encrypted command from the mobile device, wherein validating the encrypted command comprises;
  
  decrypting the encrypted command using the user key obtained from the decrypted user profile to generate a decrypted command;
  
  determining whether the security code is valid; and
  
  authenticating the decrypted command using the user key; and
  
  initiating, by the locking device in response to validating the command, an action of the locking device as specified by the command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - waking the locking device from a sleep function; and
      
      broadcasting, by the locking device, the lock identifier, wherein the lock identifier is broadcasted in responding to waking the locking device from the sleep function.
  - 3. The method of claim 1, further comprising transmitting, by the mobile device, a timestamp of the mobile device, wherein validating the encrypted command from the mobile device further comprises verifying the timestamp by comparing the timestamp to a time maintained by the locking device.
  - 4. The method of claim 3, wherein verifying the user profile further comprises comparing, using the time maintained by the locking device, an access schedule of the user profile, wherein the access schedule specifies a time when the mobile device may access the locking device.
  - 5. The method of claim 3, further comprising determining, by the locking device, whether the mobile device is a trusted device by comparing the timestamp to the time maintained by the locking device.
  - 6. The method of claim 1, wherein the security code is a sequence number.
  - 7. The method of claim 1, wherein the security code is valid for at least one of a predetermined amount of time after a first use of the security code, a predetermined number of commands involving the security code, a predetermined number of transactions involving the security code, or a predetermined number of communication sessions involving the security code.
  - 8. The method of claim 1, wherein validating the encrypted command further comprises determining whether the command is allowed per user profile permissions.
  - 9. The method of claim 1, wherein the action of the locking device initiated in response to validating the command comprises activating the physical locking component of the locking device.
  - 10. The method of claim 9, further comprising:
    - broadcasting, by the locking device, the lock identifier after activating the physical locking component of the locking device;
      
      transmitting, by the mobile device, the user profile to the locking device;
      
      transmitting, by the locking device, a new security code to the mobile device; and
      
      transmitting, by the mobile device, an encrypted command including the new security code.
  - 11. The method of claim 1, further comprising:
    - receiving, by the server, a selection of a specific mobile device of the user containing a first set of one or more user profiles from a trusted device of the user;
      
      removing, by the server, all user profiles of the user on the specific mobile device;
      
      notifying, by the server, the user whether the removing of all user profiles is successful;
      
      in response to removing of all user profiles being unsuccessful, generating and transmitting, by the server, a key change command for each user profile on the specific mobile device of the user not successfully removed to all trusted devices containing those lock identifiers, wherein the key change command comprises a new lock key to be associated with the locking device encrypted using the original lock key, and wherein the action of the locking device initiated in response to validating the key change command comprises decrypting and storing the new lock key in the locking device;
      
      confirming, by the server, a successful storing of the new lock key in the locking device; and
      
      transmitting, by the server, to trusted devices updated user profile, wherein the updated user profile is authenticated and encrypted by the server using the new lock key and wherein the updated user profile comprises a new user key.
  - 12. The method of claim 1, further comprising:
    - receiving, by the server, a selection of one or more specific user profiles of a guest user to revoke from the mobile device of the user;
      
      removing, by the server, the one or more specific user profiles from a mobile device of the guest user;
      
      notifying, by the server, the user whether the removing of all specific user profiles is successful;
      
      in response to removing of all specific user profiles being unsuccessful, generating and transmitting, by the server, a key change command for each specific user profile on the mobile device of the guest user not successfully removed to all trusted devices containing those user profiles, wherein the key change command comprises a new lock key to be associated with the locking device encrypted using the original lock key, and wherein the action of the locking device initiated in response to validating the key change command comprises decrypting and storing the new lock key in the locking device;
      
      confirming, by the server, a successful storing of the new lock key in the locking device; and
      
      transmitting, by the server, to trusted devices updated user profile, wherein the updated user profile is authenticated and encrypted by the server using the new lock key and wherein the updated user profile comprises a new user key.

13. An electronic locking device, comprising:
- a wireless transceiver;
  
  a memory;
  
  an electronically controllable locking mechanism; and
  
  a processor configured to;
  
  store a lock identifier and a lock key in the memory, wherein the lock identifier and the lock key are associated with the electronic locking device;
  
  broadcast, via the transceiver, the lock identifier;
  
  receive, via the transceiver, an encrypted user profile from a mobile device;
  
  authenticate and decrypt the encrypted user profile, wherein the encrypted user profile is authenticated and decrypted using the lock key, and wherein the user profile is encrypted by a server with a copy of the lock key stored by the server and comprises a user key;
  
  transmit, via the transceiver, a security code to the mobile device;
  
  receive, via the transceiver, an encrypted command from the mobile device;
  
  validate the encrypted command, wherein validating the encrypted command comprises;
  
  decrypting the encrypted command using the user key from the decrypted user profile to generate a decrypted command;
  
  determining whether the security code is valid; and
  
  authenticating the decrypted command using the user key; and
  
  initiate, in response to validating the command, an action of the electronic locking device as specified by the command.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The electronic locking device of claim 13, wherein the command comprises activating a physical locking component of the locking device.
  - 15. The electronic locking device of claim 13, wherein validating the data further comprises verifying a timestamp of the mobile device by comparing the timestamp to a time maintained by the electronic locking device.
  - 16. The electronic locking device of claim 15, wherein verifying the user profile further comprises comparing, using the time maintained by the electronic locking device, an access schedule of the user profile, wherein the access schedule specifies a time when the mobile device may access the electronic locking device.
  - 17. The electronic locking device of claim 13, wherein the security code is a sequence number.
  - 18. The electronic locking device of claim 13, wherein the security code is valid for at least one of a limited time frame or a limited number of uses.
  - 19. The electronic locking device of claim 13, wherein the processor is further configured to:
    - wake from a sleep function of the electronic locking device;
      
      broadcast, via the transceiver, the lock identifier, in response to waking from the sleep function.
  - 20. The electronic locking device of claim 13, further comprising a GPS device configured to provide location information based on a location of the electronic locking device, and wherein the processor is further configured to transmit, via the transceiver, the location information to the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Original Assignee
Master Lock Company LLC (Fortune Brands Innovations, Inc.)
Inventors
Conrad, Nathan, Zhang, Yi, Stefanovic, Nemanja
Primary Examiner(s)
Mehrmanesh, Amir
Assistant Examiner(s)
TAYLOR, SAKINAH W

Application Number

US14/470,590
Publication Number

US 20160036788A1
Time in Patent Office

937 Days
Field of Search

713/185
US Class Current

1/1
CPC Class Codes

G07C 2009/00404   starting with prompting the...

G07C 2009/00412   the transmitted data signal...

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

Wireless key management for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless key management for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links