Method and system for secure peer-to-peer mobile communications
First Claim
1. A method for secure mobile communications between a first user having a first mobile communications device and a first secure token and a second user having a second mobile communications device and a second secure token, wherein said first and second mobile devices each has a near-field communications reader, a user interface and a display, said first secure token has a first secure processor, a first secure non-volatile memory having decryption key information stored therein, a first display, a first power near-field communications antenna and a first data near-field communications antenna and said second secure token has a second secure processor, a second secure non-volatile memory having decryption key information stored therein, a second display, a second power near-field communications antenna and a second data near-field communications antenna, comprising the steps of:
- performing verification of a first user comprising the steps of;
powering said first secure token with energy received through said first power near-field communications antenna from said near-field communications reader in said first mobile device;
enabling said first secure token as a master device relative to said first mobile communications device;
enabling said first mobile communications device as a servant device relative to said first mobile communications device;
executing a cryptographic mutual challenge response algorithm between said first secure token and said first mobile communications device;
unlocking first authentication data of said first user in said first secure token in response to successful execution of said cryptographic mutual challenge response algorithm;
prompting a first user to enter authentication data through said interface in said first mobile device;
transmitting authentication data entered by said first user through said interface in said first mobile device to said first secure token through said first data near-field communications antenna;
comparing in said first secure processor authentication data received from said first mobile device with said unlocked authentication data;
generating on said first display an indication of a result of said comparing;
unlocking a first private decryption key associated in said first secure memory with said first user;
transmitting said first private unlock key from said first secure token to said first mobile device through said data near-field communications antenna;
decrypting an encrypted application stored on said first mobile communications device using said first private unlock key received from said first secure token;
transmitting a verification request from said first mobile communications device to said second mobile communications device using said decrypted application on said first mobile communications device;
performing verification of a second user comprising the steps of;
powering said second secure token with energy received through said second power near-field communications antenna from said near-field communications reader in said second mobile device;
enabling said second secure token as a master device relative to said second mobile communications device;
enabling said second mobile communications device as a servant device relative to said second mobile communications device;
executing a cryptographic mutual challenge response algorithm between said second secure token and said second mobile communications device;
unlocking a user'"'"'s authentication data in said second secure token in response to successful execution of said cryptographic mutual challenge response algorithm;
prompting a second user to enter authentication data through said interface in said second mobile device;
transmitting authentication data entered by said second user through said interface in said second mobile device to said second secure token through said second data near-field communications antenna;
comparing in said second secure processor authentication data received from said second mobile device with said unlocked authentication data;
generating on said second display an indication of a result of said comparing;
unlocking a second private decryption key associated in said second secure memory with said second user;
transmitting said second private unlock key from said second secure token to said second mobile device through said data near-field communications antenna; and
decrypting an encrypted application stored on said second mobile communications device using said second private unlock key received from said second secure token;
generating in said second secure token an encrypted verification reply;
transmitting said encrypted verification reply from said second mobile communications device to said first mobile communications device using said decrypted application on said first mobile communications device;
decrypting said encrypted verification reply in said first secure token;
verifying in said first security processor an identify of said second user from said decrypted verification reply;
displaying on said first display a result of said verification of an identity of said second user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for secure peer-to-peer mobile communications using cryptographic mobile unlock tokens (“CK tokens”) in conjunction with mobile devices. Each CK token integrates an entire cryptosystem. Executing these cryptographic based functions entirely in the token have significant operational advantages over the typically memory-only tokens. A more secure, scalable, and lower overall system cost are just a few advantages of the CK token over executing these functions within the smartphone. Of the many uses discussed for the CK token, mobile phone enabling, stored value and medical applications, most have centered on the use of the card in conjunction with a smartphone as the touch point in the transaction.
159 Citations
7 Claims
-
1. A method for secure mobile communications between a first user having a first mobile communications device and a first secure token and a second user having a second mobile communications device and a second secure token, wherein said first and second mobile devices each has a near-field communications reader, a user interface and a display, said first secure token has a first secure processor, a first secure non-volatile memory having decryption key information stored therein, a first display, a first power near-field communications antenna and a first data near-field communications antenna and said second secure token has a second secure processor, a second secure non-volatile memory having decryption key information stored therein, a second display, a second power near-field communications antenna and a second data near-field communications antenna, comprising the steps of:
-
performing verification of a first user comprising the steps of; powering said first secure token with energy received through said first power near-field communications antenna from said near-field communications reader in said first mobile device; enabling said first secure token as a master device relative to said first mobile communications device; enabling said first mobile communications device as a servant device relative to said first mobile communications device; executing a cryptographic mutual challenge response algorithm between said first secure token and said first mobile communications device; unlocking first authentication data of said first user in said first secure token in response to successful execution of said cryptographic mutual challenge response algorithm; prompting a first user to enter authentication data through said interface in said first mobile device; transmitting authentication data entered by said first user through said interface in said first mobile device to said first secure token through said first data near-field communications antenna; comparing in said first secure processor authentication data received from said first mobile device with said unlocked authentication data; generating on said first display an indication of a result of said comparing; unlocking a first private decryption key associated in said first secure memory with said first user; transmitting said first private unlock key from said first secure token to said first mobile device through said data near-field communications antenna; decrypting an encrypted application stored on said first mobile communications device using said first private unlock key received from said first secure token; transmitting a verification request from said first mobile communications device to said second mobile communications device using said decrypted application on said first mobile communications device; performing verification of a second user comprising the steps of; powering said second secure token with energy received through said second power near-field communications antenna from said near-field communications reader in said second mobile device; enabling said second secure token as a master device relative to said second mobile communications device; enabling said second mobile communications device as a servant device relative to said second mobile communications device; executing a cryptographic mutual challenge response algorithm between said second secure token and said second mobile communications device; unlocking a user'"'"'s authentication data in said second secure token in response to successful execution of said cryptographic mutual challenge response algorithm; prompting a second user to enter authentication data through said interface in said second mobile device; transmitting authentication data entered by said second user through said interface in said second mobile device to said second secure token through said second data near-field communications antenna; comparing in said second secure processor authentication data received from said second mobile device with said unlocked authentication data; generating on said second display an indication of a result of said comparing; unlocking a second private decryption key associated in said second secure memory with said second user; transmitting said second private unlock key from said second secure token to said second mobile device through said data near-field communications antenna; and decrypting an encrypted application stored on said second mobile communications device using said second private unlock key received from said second secure token; generating in said second secure token an encrypted verification reply; transmitting said encrypted verification reply from said second mobile communications device to said first mobile communications device using said decrypted application on said first mobile communications device; decrypting said encrypted verification reply in said first secure token; verifying in said first security processor an identify of said second user from said decrypted verification reply; displaying on said first display a result of said verification of an identity of said second user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification