Proximity authentication system

US 20050105734A1
Filed: 09/30/2004
Published: 05/19/2005
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A communication system comprising:

an wireless proximity reader configured to receive an RF signal from a wireless token located within a defined proximity to the proximity reader and configured to extract information from the received RF signal; and

a wireless network interface coupled to receive the information from the proximity reader and send the information over a wireless network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user'"'"'s credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token so that assurance may be provided to a service provider that the credentials came from a token that was proximate to the computing device. An RFID reader, cryptographic processing components and a wireless network controller may be implemented on a single chip in a mobile device.

250 Citations

91 Claims

1. A communication system comprising:
- an wireless proximity reader configured to receive an RF signal from a wireless token located within a defined proximity to the proximity reader and configured to extract information from the received RF signal; and
  
  a wireless network interface coupled to receive the information from the proximity reader and send the information over a wireless network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1 comprising a security boundary within which the information is extracted and received.
  - 3. The system of claim 1 wherein the wireless proximity reader is an RFID reader.
  - 4. The system of claim 1 comprising an authentication processor configured to authenticate the information sent over the wireless network.
  - 5. The system of claim 1 comprising a cryptographic processor configured to encrypt or authenticate the information sent over the wireless network.
  - 6. The system of claim 5 wherein the cryptographic processor uses a key to cryptographically sign the information that is sent over the wireless network.
  - 7. The system of claim 1 wherein the wireless network interface supports at least one of 802.11 and Bluetooth.
  - 8. The system of claim 1 wherein the wireless network interface comprises at least one of an 802.11 media access controller and a Bluetooth media access controller.
  - 9. The system of claim 1 wherein the wireless network interface comprises an 802.11 media access controller and a Bluetooth media access controller.
  - 10. The system of claim 1 wherein the wireless network interface uses the information to provide authentication to the wireless network.
  - 11. The system of claim 1 comprising a service processor coupled to receive the information sent over the wireless network and configured to provide access to a service in response to the information.
  - 12. The system of claim 1 comprising a wireless access point adapted to receive the information sent over the wireless network and provide the information to a service provider.
  - 13. The system of claim 1 comprising a wireless access point adapted to receive the information sent over the wireless network and provide access to the wireless network in response to the information.
  - 14. The system of claim 1 wherein the information comprises a password or key.
  - 15. The system of claim 1 comprising an RFID token comprising:
    - a data memory for storing the information;
      
      an RF circuit coupled to the data memory for generating a signal according to the information; and
      
      an antenna coupled to receive the signal from the RF circuit and adapted to transmit the signal to the wireless proximity reader.

16. A method of controlling access to a service comprising:
- verifying whether a wireless token is within a defined proximity to a processing device;
  
  authenticating information associated with the wireless token; and
  
  providing the authenticated information to a service provider.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33)
- - 17. The method of claim 16 comprising establishing a security boundary for the verifying, authenticating and providing.
  - 18. The method of claim 16 wherein at least a portion of the security boundary comprises a cryptographic boundary.
  - 19. The method of claim 16 wherein at least a portion of the security boundary comprises an integrated circuit.
  - 20. The method of claim 16 wherein authenticating comprises cryptographically signing the information with a key.
  - 21. The method of claim 16 wherein the authenticated information comprises a response to a challenge from the service provider.
  - 22. The method of claim 16 wherein providing comprises encrypting data sent to the service provider.
  - 23. The method of claim 16 comprising requesting access to a service from a service provider.
  - 24. The method of claim 16 comprising receiving a challenge from the service provider.
  - 25. The method of claim 16 wherein the service provider provides access to a service in response to the authenticated information.
  - 27. The method of claim 16 wherein the service provider provides access to a data network in response to the authenticated information.
  - 28. The method of claim 27 wherein the service provider provides access to at least one of an 802.11 network and a Bluetooth network.
  - 29. The method of claim 27 wherein the service provider provides access to an 802.11 network and a Bluetooth network.
  - 30. The method of claim 16 wherein the service provider provides access to encrypted data in response to the authenticated information.
  - 31. The method of claim 16 wherein the service provider provides a key in response to the authenticated information.
  - 32. The method of claim 16 wherein the information comprises credentials associated with a user of the token.
  - 33. The method of claim 16 wherein an RFID proximity reader verifies whether the wireless token is within the defined proximity to the wireless proximity reader.

34. A method of controlling access to a service comprising:
- receiving an RF signal from a proximate wireless token;
  
  obtaining information from the RF signal;
  
  authenticating the information from the RF signal; and
  
  providing the authenticated information to a service provider.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 35. The method of claim 34 comprising establishing a security boundary for the obtaining, authenticating and providing.
  - 36. The method of claim 34 wherein authenticating comprises cryptographically signing the information with a key.
  - 37. The method of claim 36 wherein providing comprises encrypting the signed information.
  - 38. The method of claim 34 comprising requesting access to a service from a service provider.
  - 39. The method of claim 38 comprising receiving a challenge from the service provider in response to the request.
  - 40. The method of claim 39 wherein the authenticated information comprises a response to the challenge.
  - 41. The method of claim 40 wherein the service provider provides access to a service in response to the authenticated information.
  - 42. The method of claim 34 wherein the RF signal is an RFID signal.
  - 43. The method of claim 42 wherein the information comprises credentials associated with a user of the token.

44. A integrated circuit comprising:
- a wireless proximity reader configured to receive an RF signal from a wireless token located within a defined proximity to the integrated circuit;
  
  at least one lead that is only routed within the integrated circuit for coupling the wireless proximity reader to a wireless network interface; and
  
  a wireless network interface coupled to receive the information from the wireless proximity reader and provide the information to a port on the integrated circuit to send the information over a wireless network.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52)
- - 45. The integrated circuit of claim 44 wherein the integrated circuit comprises a security boundary.
  - 46. The integrated circuit of claim 44 wherein the wireless proximity reader is an RFID reader.
  - 47. The integrated circuit of claim 44 comprising a cryptographic processor configured to encrypt or authenticate the information sent over the wireless network.
  - 48. The integrated circuit of claim 47 wherein the cryptographic processor uses a key to cryptographically sign the information that is sent over the wireless network.
  - 49. The integrated circuit of claim 44 wherein the wireless network interface comprises at least one of an 802.11 media access controller and a Bluetooth media access controller.
  - 50. The integrated circuit of claim 44 wherein the wireless network interface comprises an 802.11 media access controller and a Bluetooth media access controller.
  - 51. The integrated circuit of claim 44 wherein the wireless network interface uses the information to provide authentication to the wireless network.
  - 52. The integrated circuit of claim 44 wherein the information comprises a password or key.

53. A communication system comprising:
- a wireless proximity reader configured to receive an RF signal from a wireless token located within a defined proximity to the wireless proximity reader and configured to extract information from the received RF signal; and
  
  a key management component coupled to receive the information from the wireless proximity reader and send the information to a service provider.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
- - 54. The system of claim 53 comprising a security boundary within which the information is extracted and received.
  - 55. The system of claim 53 wherein the key management component comprises a trusted platform module.
  - 56. The system of claim 55 wherein a user is authenticated to the trusted platform module by moving the wireless token within the defined proximity to the wireless proximity reader.
  - 57. The system of claim 55 wherein the trusted platform module provides access to a protected service after the user is authenticated.
  - 58. The system of claim 55 wherein the trusted platform module provides access to encrypted data after the user is authenticated.
  - 59. The system of claim 55 wherein the trusted platform module enables use of protected keys after the user is authenticated.
  - 60. The system of claim 55 comprising a network interface wherein the trusted platform module provides access to a network via the network interface after the user is authenticated.
  - 61. The system of claim 55 wherein the network interface comprises a wireless interface.
  - 62. The system of claim 55 wherein the network interface comprises at least one of an 802.11 network interface and a Bluetooth network interface.
  - 63. The system of claim 55 wherein the network interface comprises an 802.11 network interface and a Bluetooth network interface.
  - 64. The system of claim 53 comprising a service provider configured to provide access to data and a service.
  - 65. The system of claim 53 comprising a service provider configured to supply cryptographic keys.
  - 66. The system of claim 53 wherein the wireless proximity reader is included within a boundary of the key management component.
  - 67. The system of claim 53 wherein the wireless proximity reader is an RFID reader.

68. A method of providing access to a service comprising:
- receiving an RF signal from a proximate wireless token;
  
  obtaining information from the RF signal;
  
  authenticating the information to a key management component; and
  
  providing, by the key management component, access to a service.
- View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 85, 86, 87, 88, 89, 90, 91)
- - 69. The method of claim 68 comprising establishing a security boundary for the receiving, obtaining, authenticating and providing.
  - 70. The method of claim 69 wherein at least a portion of the security boundary comprises a cryptographic boundary.
  - 71. The method of claim 69 wherein at least a portion of the security boundary comprises an integrated circuit.
  - 72. The method of claim 68 comprising authenticating the information and providing the authenticated information to a service provider.
  - 73. The method of claim 72 wherein authenticating the information comprises cryptographically signing the information with a key.
  - 74. The method of claim 68 wherein the key management component comprises a trusted platform module.
  - 75. The method of claim 74 wherein the trusted platform module enables key usage after the user is authenticated.
  - 76. The method of claim 74 wherein the trusted platform module enables access to processing resources after the user is authenticated.
  - 77. The method of claim 74 wherein the trusted platform module enables access to data network services after the user is authenticated.
  - 78. The method of claim 68 wherein the RF signal is an RFID signal.
  - 79. The method of claim 68 wherein the information comprises credentials associated with a user of the token.
  - 80. The method of claim 68 wherein the service comprises at least one of 802.11 network access and Bluetooth network access.
  - 81. The method of claim 68 wherein the service comprises 802.11 network access and Bluetooth network access.
  - 85. The integrated circuit of claim 81 wherein the wireless proximity reader is included within a boundary of the key management component.
  - 86. The integrated circuit of claim 81 wherein the key management component comprises a trusted platform module.
  - 87. The integrated circuit of claim 86 wherein the wireless proximity reader is included within a boundary of the trusted platform module.
  - 88. The integrated circuit of claim 86 comprising a network interface wherein the trusted platform module provides access to a network via the network interface after the user is authenticated.
  - 89. The integrated circuit of claim 88 wherein the network interface comprises a wireless interface.
  - 90. The integrated circuit of claim 89 wherein the wireless network interface comprises at least one of an 802.11 network interface and a Bluetooth network interface.
  - 91. The integrated circuit of claim 89 wherein the wireless network interface comprises an 802.11 network interface and a Bluetooth network interface.

82. An integrated circuit comprising:
- a wireless proximity reader configured to receive an RF signal from a wireless token located within a defined proximity to the wireless proximity reader and configured to extract information from the received RF signal; and
  
  at least one connection within the integrated circuit for coupling the wireless proximity reader to a wireless network interface; and
  
  a key management component coupled to receive the information from the wireless proximity reader and provide the information to a port on the integrated circuit to send the information to a service provider.
- View Dependent Claims (83, 84)
- - 83. The integrated circuit of claim 82 comprising a security boundary within which the information is extracted and received.
  - 84. The integrated circuit of claim 82 wherein the wireless proximity reader is an RFID reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Seshadri, Nambi, Buer, Mark, Frank, Ed

Granted Patent

US 8,333,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/327   Short range or proximity pa...

G07C 9/20   involving the use of a pass

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/32   including means for verifyi...

H04W 4/021   Services related to particu...

H04W 4/80   Services using short range ...

Proximity authentication system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

250 Citations

91 Claims

Specification

Solutions

Use Cases

Quick Links

Proximity authentication system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

250 Citations

91 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links