Cryptographic key management via a computer server

US 9,870,659 B2
Filed: 09/26/2014
Issued: 01/16/2018
Est. Priority Date: 05/04/2009
Status: Active Grant

First Claim

Patent Images

1. A computer server comprising:

a processor configured to;

add a security system associated with a user account;

provision a NFC-enabled communication device associated with the security system comprising an electronic lock, wherein the NFC-enabled communication device is a mobile user device remotely powering the electronic lock to actuate a locking member;

configure a cryptographic key to associate the NFC-enabled communication device, from amongst a plurality of NFC-enabled communication devices, with the security system;

configure an access control file that is cryptographically signed by the computer server and encrypted with the cryptographic key associated with the security system, wherein the access control file contains permissions of the NFC-enabled communication device to the security system; and

send a data payload including the access control file to the NFC-enabled communication device, and, in response to determining that the NFC-enabled communication device is not previously associated with the security system, the security system receiving the access control file from the NFC-enabled communication device, to establish a new relationship between the NFC-enabled communication device and the security system, the security system validating the access control file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments include a computer server. The computer server can be configured to: add a security system associated with a user account; provision one or more communication devices associated with the security system; configure a cryptographic key to associate at least a communication device amongst the communication devices with the security system; configure an access control file that is cryptographically signed by the computer server and encrypted with the cryptographic key associated with the security system, wherein the access control file contains permissions of the communication devices to the security system; and provide a data payload including the access control file to a first communication device of the communication devices.

Citations

17 Claims

1. A computer server comprising:
- a processor configured to;
  
  add a security system associated with a user account;
  
  provision a NFC-enabled communication device associated with the security system comprising an electronic lock, wherein the NFC-enabled communication device is a mobile user device remotely powering the electronic lock to actuate a locking member;
  
  configure a cryptographic key to associate the NFC-enabled communication device, from amongst a plurality of NFC-enabled communication devices, with the security system;
  
  configure an access control file that is cryptographically signed by the computer server and encrypted with the cryptographic key associated with the security system, wherein the access control file contains permissions of the NFC-enabled communication device to the security system; and
  
  send a data payload including the access control file to the NFC-enabled communication device, and, in response to determining that the NFC-enabled communication device is not previously associated with the security system, the security system receiving the access control file from the NFC-enabled communication device, to establish a new relationship between the NFC-enabled communication device and the security system, the security system validating the access control file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer server of claim 1, wherein the processor is configured to provide the data payload by sending a text message to the NFC-enabled communication device.
  - 3. The computer server of claim 1, wherein the processor is configured to provide the data payload by causing the NFC-enabled communication device to download the data payload.
  - 4. The computer server of claim 1, wherein the processor is configured to provide the data payload is by an over-the-air update to the NFC-enabled communication device.
  - 5. The computer server of claim 1, wherein the permissions are associated with specific user groups including the user account.
  - 6. The computer server of claim 1, wherein the processor is configured to:
    - update the access control file to revoke a permission setting of the NFC-enabled communication device, the NFC-enabled communication device comprising a first communication device; and
      
      provide the updated access control file to a second communication device to propagate to the security system.
  - 7. The computer server of claim 6, wherein the updated access control file includes a time stamp.
  - 8. The computer server of claim 1, wherein the processor is configured to provision one or more security systems to a group of user accounts, each user account with one or more communication devices.
  - 9. The computer server of claim 1, wherein the data payload includes a software update to the security system.
  - 10. The computer server of claim 1, wherein the permissions include a restriction on time of day.

11. A processor-implemented method of operating a computing device to implement a security system, comprising:
- provisioning the computing device with an authentication certificate capable of uniquely identifying the computing device and capable of being updated, wherein the authentication certificate is a mutual public key infrastructure (PKI) authentication certificate;
  
  sending identifying information, based on the authentication certificate, associated with the computing device to a NFC-enabled customer communication device to validate the security system implemented by the computing device, wherein the NFC-enabled customer communication device is a mobile user device remotely powering an electronic lock to actuate a locking member;
  
  receiving, in response to determining that the NFC-enabled customer communication device is not previously associated with the computing device, an access control list from the NFC-enabled customer communication device, to establish a new relationship between the NFC-enabled customer communication device and the computing device;
  
  validating the access control list against the authentication certificate;
  
  receiving an access request and a customer signature from the NFC-enabled customer communication device in response to the NFC-enabled customer communication device validating the computing device; and
  
  validating the access request based on the authentication certificate in response to receiving the customer signature.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The processor-implemented method of claim 11, further comprising:
    - determining whether a memory device of the computing device has the latest of the access control list; and
      
      in response to determining that the latest version is unavailable, validating the access control list against a cryptographic validator.
  - 13. The processor-implemented method of claim 11, further comprising:
    - receiving a public key of the NFC-enabled customer communication device that is signed by a trusted device signature; and
      
      validating the trusted device signature against a cryptographic validator.
  - 14. The processor-implemented method of claim 13, further comprising:
    - preparing a symmetric encryption key and a unique identifying number for the NFC-enabled customer communication device; and
      
      encrypting the symmetric encryption key and the unique identifying number with the public key of the NFC-enabled customer communication device.
  - 15. The processor-implemented method of claim 14, further comprising:
    - receiving a one time password from the NFC-enabled customer communication device; and
      
      validating the one time password against the symmetric encryption key and the access control list.
  - 16. The processor-implemented method of claim 15, wherein receiving the one time password includes receiving an identification number, wherein validating the one time password includes matching the identification number against the unique identifying number prepared for the NFC-enabled customer communication device.
  - 17. The processor-implemented method of claim 11, further comprising:
    - storing an audit trail of access information; and
      
      transmitting the audit trail to the NFC-enabled customer communication device upon validating the access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infinity Software Services LLC
Original Assignee
Nexkey, Inc.
Inventors
Hart, Jason, Herscovitch, Matthew Patrick, Hagh, Sotoudeh Hamedi
Primary Examiner(s)
BROWN, VERNAL U

Application Number

US14/498,490
Publication Number

US 20150015364A1
Time in Patent Office

1,208 Days
Field of Search

340 51
US Class Current
CPC Class Codes

E05B 2047/0057   Feeding

E05B 2047/0094   Mechanical aspects of remot...

G07C 9/21   having a variable access code

G08C 17/02   using a radio link

H04B 5/22   Capacitive coupling

H04B 5/79   for data transfer in combin...

Y10T 70/7068   Actuated after correct comb...

Y10T 70/7113   Projected and retracted ele...

Cryptographic key management via a computer server

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic key management via a computer server

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links