Securing access to an application service based on a proximity token

US 20040250074A1
Filed: 06/05/2003
Published: 12/09/2004
Est. Priority Date: 06/05/2003
Status: Active Grant

First Claim

Patent Images

1. A system for providing secured access to an application service, the system comprising:

a security token configured to communicate with the application service and to perform a first element of a cryptographic technique; and

a proximity token associated with the security token and configured to perform a second element of the cryptographic technique to validate a communication between the application service and the security token, the proximity token being operable to validate the communication only when the proximity token is located within a predetermined validation distance from the security token or the application service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing secured access to an application service includes a security token that couples to the application service. The security token performs a first element of a cryptographic technique, such as, for example, encryption or decryption. A proximity token is provided that is associated with the security token. The proximity token performs a second element of the cryptographic technique to validate a communication between the application service and the security token. The proximity token is operable to validate the communication only when the proximity token is located within a predetermined validation distance from the security token or the application service. The security token may perform the first element of the cryptographic technique to verify that the proximity token has validated the communication between the application service and the security token. The system may be configured to provide secured access to the application service when the proximity token validates the communication and to prevent secured access to the application service when the proximity token does not validate the communication.

110 Citations

47 Claims

1. A system for providing secured access to an application service, the system comprising:
- a security token configured to communicate with the application service and to perform a first element of a cryptographic technique; and
  
  a proximity token associated with the security token and configured to perform a second element of the cryptographic technique to validate a communication between the application service and the security token, the proximity token being operable to validate the communication only when the proximity token is located within a predetermined validation distance from the security token or the application service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The system of claim 1 wherein the application service comprises a mobile telephone.
  - 3. The system of claim 1 wherein the first and second elements of the cryptographic technique are complementary.
  - 4. The system of claim 1 wherein the system is configured to provide secured access to the application service when the proximity token validates the communication and to prevent secured access to the application service when the proximity token does not validate the communication.
  - 5. The system of claim 1 wherein the security token comprises a verification circuit configured to verify that the proximity token has validated the communication between the application service and the security token.
  - 6. The system of claim 1 wherein the proximity token comprises a message generating circuit configured to generate a proximity message using the second element of the cryptographic technique and to broadcast the proximity message within the predetermined validation distance to validate the communication between the application service and the security token within the predetermined validation distance.
  - 7. The system of claim 1 wherein the proximity token comprises a communication circuit configured to engage the proximity token as a conduit to the communication between the application service and the security token within the predetermined validation distance to validate the communication between the application service and the security token within the predetermined validation distance.
  - 8. The system of claim 7 wherein:
    - the first element of the cryptographic technique comprises an encryption technique and the second element of the encryption technique comprises an associated decryption technique;
      
      the security token comprises a secured output circuit configured to produce a secured output using the encryption technique; and
      
      the communication circuit comprises a recovery circuit configured to perform the decryption technique to recover a validated output from the secured output and to communicate both the secured output and the validated output only within the predetermined validation distance.
  - 9. The system of claim 7 wherein:
    - the first element of the cryptographic technique comprises a decryption technique and the second element of the cryptographic technique comprises an associated encryption technique;
      
      the communication circuit comprises a validated command circuit configured to use the encryption technique to produce a validated command based on a command of the application service to the security token;
      
      the communication circuit is further configured to communicate both the command and the validated command only within the predetermined validation distance; and
      
      the security token comprises a verification circuit configured to verify the validated command by performing the decryption technique to recover the command from the validated command.
  - 10. The system of claim 1 wherein the security token comprises a secure storage circuit and a secure execution circuit.
  - 11. The system of claim 10 wherein the security token further comprises a smart card.
  - 12. The system of claim 10 wherein the secure execution circuit is configured to perform the first element of the cryptographic technique.
  - 13. The system of claim 12 wherein the secure storage circuit is configured to store a cryptographic key of the first element of the cryptographic technique.
  - 14. The system of claim 1 wherein the proximity token comprises a second security token.
  - 15. The system of claim 14 wherein the second security token comprises a smart card.
  - 16. The system of claim 1 wherein the proximity token comprises a mobile device.
  - 17. The system of claim 1 wherein the proximity token comprises a fixed device.
  - 18. The system of claim 1 wherein the proximity token comprises a wireless communication circuit configured to communicate with the application service using a short-range wireless technology.
  - 19. The system of claim 18 wherein the short-range wireless technology provides an effective communication range of about ten meters.
  - 20. The system of claim 18 wherein the short-range wireless technology provides an effective communication range of about one-hundred meters.
  - 21. The system of claim 1 wherein the cryptographic technique comprises a digital signature technique.
  - 22. The system of claim 1 wherein the cryptographic technique comprises a digital envelope technique.
  - 23. The system of claim 1 wherein the cryptographic technique comprises a symmetric cryptographic technique.
  - 24. The system of claim 1 wherein the cryptographic technique comprises an asymmetric cryptographic technique.
  - 25. The system of claim 1 wherein the application service comprises a bearer device and an external service.

26. A computer program for providing secured access to an application service, the computer program comprising:
- a security token code segment configured to cause a security computer to communicate with the application service, and to cause the security computer to perform a first element of a cryptographic technique; and
  
  a proximity token code segment associated with the security token code segment and configured to cause a proximity computer to perform a second element of the cryptographic technique to validate a communication between the security computer and the application service, the proximity token code segment being operable to cause the proximity computer to validate the communication only when the proximity computer is located within a predetermined validation distance from the security computer or the application service.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The computer program of claim 26 wherein the application service comprises a mobile telephone.
  - 28. The computer program of claim 26 wherein the first and second elements of the cryptographic technique are complementary.
  - 29. The computer program of claim 26 wherein the computer program is configured to provide secured access to the application service when the proximity computer validates the communication and to prevent secured access to the application service when the proximity computer does not validate the communication.
  - 30. The computer program of claim 26 wherein the security token code segment comprises a verification code segment configured to cause the security computer to verify that the proximity token has validated the communication between the application service and the security token.
  - 31. The computer program of claim 26 wherein the proximity token code segment comprises a message generating code segment configured to cause the proximity computer to generate a proximity message using the second element of the cryptographic technique and to broadcast the proximity message within the predetermined validation distance to validate the communication between the application service and the security computer within the predetermined validation distance.
  - 32. The computer program of claim 26 wherein the proximity token code segment comprises a communication code segment configured to cause the proximity computer to engage as a conduit to the communication between the application service and the security computer within the predetermined validation distance to validate the communication between the application service and the security computer within the predetermined validation distance.
  - 33. The computer program of claim 32 wherein:
    - the first element of the cryptographic technique comprises an encryption technique and the second element of the cryptographic technique comprises an associated decryption technique;
      
      the security token code segment comprises a secure code segment configured to cause the security computer to generate a secured output using the encryption technique; and
      
      the communication code segment comprises a recovery code segment configured to cause the proximity computer to use the decryption technique to recover a validated output from the secured output and to communicate both the secured output and the validated output only within the predetermined validation distance.
  - 34. The computer program of claim 32 wherein:
    - the first element of the cryptographic technique comprises a decryption technique and the second element of the cryptographic technique comprises an associated encryption technique;
      
      the communication code segment comprises a validated command code segment configured to cause the proximity computer to use the encryption technique to produce a validated command based on a command of the application service to the security computer, and to communicate both the command and the validated command only within the predetermined validation distance; and
      
      the security token code segment comprises a verification code segment configured to cause the security computer to verify the validated command by using the decryption technique to recover the command from the validated command.
  - 35. The computer program of claim 26 wherein the security token code segment comprises a secure storage code segment configured to cause the security computer to provide secure storage and a secure execution code segment configured to cause the security computer to provide secure execution.
  - 36. The computer program of claim 35 wherein the secure execution code segment is configured to cause the security computer to perform the first element of the cryptographic technique.
  - 37. The computer program of claim 36 wherein the secure storage code segment is configured to cause the security computer to store a cryptographic key of the first element of the cryptographic technique.

38. A method for providing secured access to an application service, the method comprising:
- configuring a security token to communicate with the application service, and to perform a first element of a cryptographic technique; and
  
  configuring a proximity token associated with the security token to perform a second element of the cryptographic technique to validate a communication between the security token and the application service, including configuring the proximity token to validate the communication only when the proximity token is located within a predetermined validation distance from the security token or the application service.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 39. The method of claim 38 wherein the application service comprises a mobile telephone.
  - 40. The method of claim 38 wherein the first and second elements of the cryptographic technique are complementary.
  - 41. The method of claim 38, the method further comprising configuring the security token to verify that the proximity token has validated the communication between the application service and the security token.
  - 42. The method of claim 38, the method further comprising configuring the proximity token to generate a proximity message using the second element of the cryptographic technique and to broadcast the proximity message within the predetermined validation distance to validate the communication between the application service and the security token within the predetermined validation distance.
  - 43. The method of claim 38, the method further comprising configuring the proximity token to engage as a conduit to the communication between the application service and the security token within the predetermined validation distance to validate the communication between the application service and the security token within the predetermined validation distance.
  - 44. The method of claim 43 wherein the first element of the cryptographic technique comprises an encryption technique and the second element of the cryptographic technique comprises an associated decryption technique, the method further comprising:
    - configuring the security token to generate a secured output using the encryption technique; and
      
      configuring the proximity token to use the decryption technique to recover a validated output from the secured output and to communicate both the secured output and the validated output only within the predetermined validation distance.
  - 45. The method of claim 43 wherein the first element of the cryptographic technique comprises a decryption technique and the second element of the cryptographic technique comprises an associated encryption technique, the method further comprising:
    - configuring the proximity token to use the encryption technique to produce a validated command based on a command of the application service to the security token, and to communicate both the command and the validated command only within the predetermined validation distance; and
      
      configuring the security token to verify the validated command by using the decryption technique to recover the command from the validated command.
  - 46. The method of claim 38, the method further comprising configuring the security token to provide a secure storage function and a secure execution function.
  - 47. The method of claim 46, the method further comprising configuring the security token to use the secure execution function to perform the first element of the cryptographic technique and to use the secure storage function to store a cryptographic key of the first element of the cryptographic technique.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Kilian-Kehr, Roger

Granted Patent

US 7,269,732 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/35   communicating wirelessly

G07C 9/22   in combination with an iden...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/64   using geofenced areas

H04W 88/02   Terminal devices

Securing access to an application service based on a proximity token

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Securing access to an application service based on a proximity token

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links