Method and system for secure peer-to-peer mobile communications

US 9,674,705 B2
Filed: 04/22/2016
Issued: 06/06/2017
Est. Priority Date: 04/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method for secure mobile communications between a first user having a first mobile communications device and a first secure token and a second user having a second mobile communications device and a second secure token, wherein said first and second mobile devices each has a near-field communications reader, a user interface and a display, said first secure token has a first secure processor, a first secure non-volatile memory having decryption key information stored therein, a first display, a first power near-field communications antenna and a first data near-field communications antenna and said second secure token has a second secure processor, a second secure non-volatile memory having decryption key information stored therein, a second display, a second power near-field communications antenna and a second data near-field communications antenna, comprising the steps of:

performing verification of a first user comprising the steps of;

powering said first secure token with energy received through said first power near-field communications antenna from said near-field communications reader in said first mobile device;

enabling said first secure token as a master device relative to said first mobile communications device;

enabling said first mobile communications device as a servant device relative to said first mobile communications device;

executing a cryptographic mutual challenge response algorithm between said first secure token and said first mobile communications device;

unlocking first authentication data of said first user in said first secure token in response to successful execution of said cryptographic mutual challenge response algorithm;

prompting a first user to enter authentication data through said interface in said first mobile device;

transmitting authentication data entered by said first user through said interface in said first mobile device to said first secure token through said first data near-field communications antenna;

comparing in said first secure processor authentication data received from said first mobile device with said unlocked authentication data;

generating on said first display an indication of a result of said comparing;

unlocking a first private decryption key associated in said first secure memory with said first user;

transmitting said first private unlock key from said first secure token to said first mobile device through said data near-field communications antenna;

decrypting an encrypted application stored on said first mobile communications device using said first private unlock key received from said first secure token;

transmitting a verification request from said first mobile communications device to said second mobile communications device using said decrypted application on said first mobile communications device;

performing verification of a second user comprising the steps of;

powering said second secure token with energy received through said second power near-field communications antenna from said near-field communications reader in said second mobile device;

enabling said second secure token as a master device relative to said second mobile communications device;

enabling said second mobile communications device as a servant device relative to said second mobile communications device;

executing a cryptographic mutual challenge response algorithm between said second secure token and said second mobile communications device;

unlocking a user'"'"'s authentication data in said second secure token in response to successful execution of said cryptographic mutual challenge response algorithm;

prompting a second user to enter authentication data through said interface in said second mobile device;

transmitting authentication data entered by said second user through said interface in said second mobile device to said second secure token through said second data near-field communications antenna;

comparing in said second secure processor authentication data received from said second mobile device with said unlocked authentication data;

generating on said second display an indication of a result of said comparing;

unlocking a second private decryption key associated in said second secure memory with said second user;

transmitting said second private unlock key from said second secure token to said second mobile device through said data near-field communications antenna; and

decrypting an encrypted application stored on said second mobile communications device using said second private unlock key received from said second secure token;

generating in said second secure token an encrypted verification reply;

transmitting said encrypted verification reply from said second mobile communications device to said first mobile communications device using said decrypted application on said first mobile communications device;

decrypting said encrypted verification reply in said first secure token;

verifying in said first security processor an identify of said second user from said decrypted verification reply;

displaying on said first display a result of said verification of an identity of said second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for secure peer-to-peer mobile communications using cryptographic mobile unlock tokens (“CK tokens”) in conjunction with mobile devices. Each CK token integrates an entire cryptosystem. Executing these cryptographic based functions entirely in the token have significant operational advantages over the typically memory-only tokens. A more secure, scalable, and lower overall system cost are just a few advantages of the CK token over executing these functions within the smartphone. Of the many uses discussed for the CK token, mobile phone enabling, stored value and medical applications, most have centered on the use of the card in conjunction with a smartphone as the touch point in the transaction.

159 Citations

7 Claims

1. A method for secure mobile communications between a first user having a first mobile communications device and a first secure token and a second user having a second mobile communications device and a second secure token, wherein said first and second mobile devices each has a near-field communications reader, a user interface and a display, said first secure token has a first secure processor, a first secure non-volatile memory having decryption key information stored therein, a first display, a first power near-field communications antenna and a first data near-field communications antenna and said second secure token has a second secure processor, a second secure non-volatile memory having decryption key information stored therein, a second display, a second power near-field communications antenna and a second data near-field communications antenna, comprising the steps of:
- performing verification of a first user comprising the steps of;
  
  powering said first secure token with energy received through said first power near-field communications antenna from said near-field communications reader in said first mobile device;
  
  enabling said first secure token as a master device relative to said first mobile communications device;
  
  enabling said first mobile communications device as a servant device relative to said first mobile communications device;
  
  executing a cryptographic mutual challenge response algorithm between said first secure token and said first mobile communications device;
  
  unlocking first authentication data of said first user in said first secure token in response to successful execution of said cryptographic mutual challenge response algorithm;
  
  prompting a first user to enter authentication data through said interface in said first mobile device;
  
  transmitting authentication data entered by said first user through said interface in said first mobile device to said first secure token through said first data near-field communications antenna;
  
  comparing in said first secure processor authentication data received from said first mobile device with said unlocked authentication data;
  
  generating on said first display an indication of a result of said comparing;
  
  unlocking a first private decryption key associated in said first secure memory with said first user;
  
  transmitting said first private unlock key from said first secure token to said first mobile device through said data near-field communications antenna;
  
  decrypting an encrypted application stored on said first mobile communications device using said first private unlock key received from said first secure token;
  
  transmitting a verification request from said first mobile communications device to said second mobile communications device using said decrypted application on said first mobile communications device;
  
  performing verification of a second user comprising the steps of;
  
  powering said second secure token with energy received through said second power near-field communications antenna from said near-field communications reader in said second mobile device;
  
  enabling said second secure token as a master device relative to said second mobile communications device;
  
  enabling said second mobile communications device as a servant device relative to said second mobile communications device;
  
  executing a cryptographic mutual challenge response algorithm between said second secure token and said second mobile communications device;
  
  unlocking a user'"'"'s authentication data in said second secure token in response to successful execution of said cryptographic mutual challenge response algorithm;
  
  prompting a second user to enter authentication data through said interface in said second mobile device;
  
  transmitting authentication data entered by said second user through said interface in said second mobile device to said second secure token through said second data near-field communications antenna;
  
  comparing in said second secure processor authentication data received from said second mobile device with said unlocked authentication data;
  
  generating on said second display an indication of a result of said comparing;
  
  unlocking a second private decryption key associated in said second secure memory with said second user;
  
  transmitting said second private unlock key from said second secure token to said second mobile device through said data near-field communications antenna; and
  
  decrypting an encrypted application stored on said second mobile communications device using said second private unlock key received from said second secure token;
  
  generating in said second secure token an encrypted verification reply;
  
  transmitting said encrypted verification reply from said second mobile communications device to said first mobile communications device using said decrypted application on said first mobile communications device;
  
  decrypting said encrypted verification reply in said first secure token;
  
  verifying in said first security processor an identify of said second user from said decrypted verification reply;
  
  displaying on said first display a result of said verification of an identity of said second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method for secure mobile communications according to claim 1 wherein said authentication data comprises one of a password template and a biometric template.
  - 3. The method for secure mobile communications according to claim 1 further comprising generating and displaying on said first display on said first secure token a status message in response to successful execution of said cryptographic mutual challenge response algorithm between said first secure token and said first mobile communications device.
  - 4. The method for secure mobile communications according to claim 1, further comprising the step of establishing a secure phone call in response to a verification in said first security processor of an identify of said second user from said decrypted verification reply.
  - 5. The method for secure mobile communications according to claim 4, further comprising the step of generating an audit file in said first secure token in response to said establishing of a secure phone call and storing said generated audit file in said first secure memory.
  - 6. The method for secure mobile communications according to claim 5, further comprising the step of generating an audit file in said second secure token in response to said establishing of a secure phone call and storing said generated audit file in said second secure memory.
  - 7. The method for secure mobile communications according to claim 1, further comprising the step of performing a financial transaction between said first secure token and said second secure token in response to a verification in said first security processor of an identify of said second user from said decrypted verification reply.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tocreo Labs LLC
Original Assignee
Tocreo Labs LLC
Inventors
Krawczewicz, Mark Stanley, Rose, Kenneth Hugh
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US15/136,733
Publication Number

US 20160316367A1
Time in Patent Office

410 Days
Field of Search
US Class Current
CPC Class Codes

G09C 1/00   Apparatus or methods whereb...

H04B 5/77   for interrogation

H04B 5/79   for data transfer in combin...

H04L 2209/127   Trusted platform modules [TPM]

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/168   above the transport layer

H04L 67/104   Peer-to-peer [P2P] networks

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3273   for mutual authentication n...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 4/80   Services using short range ...

Method and system for secure peer-to-peer mobile communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure peer-to-peer mobile communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links