User authentication system

US 20060085844A1
Filed: 08/05/2005
Published: 04/20/2006
Est. Priority Date: 10/20/2004
Status: Active Grant

First Claim

Patent Images

1. A communication method comprising:

authenticating at least one user to a plurality of access devices; and

building at least one network comprising the access devices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

130 Citations

58 Claims

1. A communication method comprising:
- authenticating at least one user to a plurality of access devices; and
  
  building at least one network comprising the access devices.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein authenticating comprises providing at least one credential to the access devices.
  - 3. The method of claim 2 comprising cryptographically signing the at least one credential.
  - 4. The method of claim 3 comprising using a digital certificate to authenticate the at least one signed credential.
  - 5. The method of claim 1 comprising using a digital certificate to verify security associated with at least one of the access devices.
  - 6. The method of claim 1 comprising using a digital certificate to verify proximity of the at least one user to at least one of the access devices.
  - 8. The method of claim 2 comprising verifying that the at least one credential is associated with an authorized user.
  - 9. The method of claim 8 comprising providing at least one key to the access devices in response to verifying that the at least one credential is associated with an authorized user.
  - 10. The method of claim 8 wherein verifying comprises comparing the at least one credential with at least one enrolled credential.
  - 11. The method of claim 1 wherein building the at least one network comprises providing at least one key to the access devices.
  - 12. The method of claim 11 wherein building the at least one network comprises using the at least one key to connect the access devices to the network.
  - 13. The method of claim 1 comprising automatically binding at least a portion of the access devices in accordance with authentication of one of the at least one user to the at least a portion of the access devices.

14. A communication method comprising:
- authenticating a plurality of users to a plurality of access devices; and
  
  building a plurality of networks comprising the access devices.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of claim 14 wherein the networks are cryptographically separate.
  - 16. The method of claim 14 comprising enrolling credentials for the users.
  - 17. The method of claim 16 wherein authenticating comprises providing at least one of the credentials to the access devices.
  - 18. The method of claim 17 comprising cryptographically signing the at least one credential.
  - 19. The method of claim 18 comprising using a digital certificate to authenticate the at least one signed credential.
  - 20. The method of claim 14 wherein building the networks comprises providing a plurality of keys to the access devices.
  - 21. The method of claim 20 wherein each of the keys is associated with one of the users.
  - 22. The method of claim 20 wherein building the networks comprises using the keys to connect the access devices to the network.
  - 23. The method of claim 14 wherein each of the networks is associated with one of the users.
  - 24. The method of claim 14 comprising automatically binding a portion of the access devices in accordance with authentication of one of the users to the portion of the access devices.

25. A method of authenticating a user to a device comprising:
- defining a security boundary associated with an access device; and
  
  providing at least one credential directly into the security boundary to authenticate a user to the access device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 26. The method of claim 25 wherein the security boundary comprises a key management boundary.
  - 27. The method of claim 25 wherein providing comprises receiving at least one RFID signal comprising the at least one credential into the security boundary.
  - 28. The method of claim 25 wherein the at least one credential comprises biometric information.
  - 29. The method of claim 25 wherein providing comprises receiving at least one signal comprising biometric information into the security boundary.
  - 30. The method of claim 25 wherein providing comprises receiving at least one signal comprising fingerprint information into the security boundary.
  - 31. The method of claim 25 wherein providing comprises generating at least one signal by a sensor in the security boundary.
  - 32. The method of claim 25 wherein providing comprises generating at least one signal by a fingerprint reader in the security boundary.
  - 33. The method of claim 25 wherein the security boundary is defined by an integrated circuit.
  - 34. The method of claim 25 wherein the security boundary is enforced by encrypting data.

35. A method of accessing a service comprising:
- receiving a credential associated with a user;
  
  authenticating the credential;
  
  providing the authenticated credential to a service provider;
  
  receiving at least one key from the service provider in response to the authenticated credential; and
  
  using the at least one key to access a service.
- View Dependent Claims (36, 37, 38, 39)
- - 36. The method of claim 35 comprising establishing a security boundary for receiving the credential.
  - 37. The method of claim 35 comprising establishing a security boundary for authenticating the credential.
  - 38. The method of claim 35 wherein authenticating comprises cryptographically signing the credential.
  - 39. The method of claim 35 wherein authenticating comprises encrypting the credential.

40. A communication system comprising:
- a plurality of access devices coupled to receive authentication information, each access device comprising at least one cryptographic processor for signing the authentication information;
  
  an access server coupled to receive the signed authentication information, the access server comprising at least one cryptographic processor for generating at least one key for the access devices, the access server configured to provide the at least one key to the access devices in accordance with the signed authentication information.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. The system of claim 40 wherein the authentication information comprises at least one credential.
  - 42. The system of claim 40 wherein the at least one cryptographic processor of the access server receives a digital certificate to authenticate the authentication information.
  - 43. The system of claim 40 wherein the access server is configured to verify that the authentication information is associated with an authorized user.
  - 44. The system of claim 43 wherein the access server provided the at least one key to the access devices in response to verifying that the authentication information is associated with an authorized user.
  - 45. The system of claim 43 wherein verifying comprises comparing the authentication information with at least one enrolled credential.
  - 46. The system of claim 40 wherein each access device comprises a security boundary.
  - 47. The system of claim 40 wherein the access server comprises a security boundary.
  - 48. The system of claim 40 wherein the at least one cryptographic processor of the access server generates a plurality of keys for the access devices and the access server is configured to provide the keys to select one of the access devices in accordance with signed authentication information associated with a plurality of users.

49. An access device comprising:
- at least one cryptographic processor within a security boundary; and
  
  at least one input device configured to provide authentication signals directly into the security boundary.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58)
- - 50. The access device of claim 49 wherein the at least one input device comprises an RFID reader.
  - 51. The access device of claim 49 wherein the at least one input device comprises a sensor.
  - 52. The access device of claim 49 wherein the at least one input device comprises a biometric sensor.
  - 53. The access device of claim 49 wherein the at least one input device comprises a fingerprint reader.
  - 54. The access device of claim 49 wherein the at least one input device comprises a keyboard.
  - 55. The access device of claim 49 wherein the at least one input device and the at least one cryptographic processor reside in a common integrated circuit.
  - 56. The access device of claim 55 wherein the at least one input device comprises a sensor.
  - 57. The access device of claim 55 wherein the at least one input device comprises a fingerprint reader.
  - 58. The access device of claim 55 wherein the at least one input device comprises an RFID reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Seshadri, Nambi, Buer, Mark, Frank, Ed

Granted Patent

US 8,166,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0861   using biometrical features,...

H04L 63/0884   by delegation of authentica...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

User authentication system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links