MANAGEMENT OF MULTIPLE CONNECTIONS TO A SECURITY TOKEN ACCESS DEVICE

US 20080016537A1
Filed: 07/17/2006
Published: 01/17/2008
Est. Priority Date: 07/17/2006
Status: Active Grant

First Claim

Patent Images

1. A user device adapted to communicate with a security token access device over a wireless link, the access device being adapted to communicate over a wireless link with a plurality of user devices and to be paired with at least one of the plurality of user devices, and further being adapted to maintain connection information relating to each of the plurality of user devices paired with the access device, the user device comprising:

a receiver for receiving a signal from an access device comprising a notification that an other user device has been paired with the access device, such that the access device comprises a store comprising connection information, a portion of the connection information comprising security information associated with the further user device;

an input for receiving an instruction from a user to terminate the pairing between the other user device and the access device;

a processor and a transmitter for transmitting a signal to the access device to instruct the access device to terminate the pairing with the other user device, such that the access device terminates the pairing by overwriting at least the portion of the connection information relating to the other user device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security token access device, a user device such as a computing device or communications device, and a method for managing multiple connections between multiple user devices and the access device. The access device maintains connection information, including security information, for each user device securely paired with the access device. Each time a new user device is paired with the access device, the access device transmits a notification to the user devices already paired to the user device. A user may provide instructions to the access device to terminate a pairing with one of the user devices by overwriting at least a portion of the connection information associated with the designated user device. A user device may further request a listing of all user devices currently paired with the access device.

210 Citations

23 Claims

1. A user device adapted to communicate with a security token access device over a wireless link, the access device being adapted to communicate over a wireless link with a plurality of user devices and to be paired with at least one of the plurality of user devices, and further being adapted to maintain connection information relating to each of the plurality of user devices paired with the access device, the user device comprising:
- a receiver for receiving a signal from an access device comprising a notification that an other user device has been paired with the access device, such that the access device comprises a store comprising connection information, a portion of the connection information comprising security information associated with the further user device;
  
  an input for receiving an instruction from a user to terminate the pairing between the other user device and the access device;
  
  a processor and a transmitter for transmitting a signal to the access device to instruct the access device to terminate the pairing with the other user device, such that the access device terminates the pairing by overwriting at least the portion of the connection information relating to the other user device.
- View Dependent Claims (2, 3, 4, 20)
- - 2. The user device of claim 1, wherein the transmitter is further adapted to transmit a signal to the access device comprising a request for a listing of user devices currently paired with the access device, and the receiver is further adapted to receive a signal from the access device comprising a listing of user devices currently paired with the access device, and the processor is further adapted to display the listing of user devices to a user.
  - 3. The user device of claim 2, further comprising:
    - an interface to allow a user to select a user device listed in the listing of user devices for the purpose of issuing an instruction to the user device to terminate the pairing between the selected user device and the access device;
      
      and wherein the transmitted is further adapted to transmit a signal to the access device to instruct the access device to terminate the pairing with the selected access device, such that the access device terminates the pairing by overwriting at least a portion of the connection information relating to the selected user device.
  - 4. The user device of claim 3, wherein the wireless link over which the user device is adapted to communicate with the access device comprises a wireless link secured with a secure pairing key associated with the user device, and wherein the access device is adapted to be paired with at least one of the plurality of user devices using a secure pairing key associated with the at least one of the plurality of user devices, such that the portion of connection information comprises any secure pairing key associated with at least one of the plurality of user devices.
  - 20. The user device of claim 1, wherein the user device is a mobile communication device.

5. A security token access device adapted to wirelessly communicate with a plurality of user devices, comprising:
- a transceiver, a processor and a memory for entering into a pairing with each of a plurality of user devices, the processor and memory further being configured to store and maintain connection information relating to each of the plurality of user devices thus paired, and wherein the transceiver is configured to receive, from one of the plurality of user devices thus paired, an instruction to terminate a pairing with one of the plurality of user devices;
  
  wherein the processor and memory is further configured to terminate a pairing with one of the plurality of user devices upon receipt of an instruction to terminate the pairing, by overwriting at least a portion of the connection information relating to the one of the plurality of user devices for which the pairing is to be terminated.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 21, 22)
- - 6. The access device of claim 5, further configured to receive a request from a requesting user device for a listing of all user devices currently paired with the access device, and to transmit to the requesting user device in response to the request a listing of all user devices currently paired with the access device.
  - 7. The access device of claim 6, further configured to transmit a signal to at least one user device paired with the access device, the signal comprising a notification that a further user device has entered into a pairing with the access device.
  - 8. The access device of claim 7, wherein the pairing with each of a plurality of user devices is a secure pairing associated with security information, and the portion of connection information comprises the security information.
  - 9. The access device of claim 8, wherein the security information for each of the plurality of user devices comprises at least a secure pairing key.
  - 10. The access device of claim 9, wherein the security information for each of the plurality of user devices further comprises a master connection key.
  - 11. The access device of claim 8, wherein the connection information further comprises a connection pairing key and an address associated with each of the plurality of user devices thus paired.
  - 12. The access device of claim 11, further adapted to overwrite the secure pairing key associated with the one of the plurality of user devices.
  - 13. The access device of claim 12, further adapted to overwrite the connection pairing key associated with the one of the plurality of user devices.
  - 21. A computing device comprising the access device of claim 5.
  - 22. A mobile communication device comprising the access device of claim 5.

14. A method for managing a plurality of user devices adapted to communicate over a wireless link with a security token access device, the method being implemented by the access device and comprising the steps of:
- receiving a request for a connection from a first user device, the request comprising a first identifier for the first user device;
  
  generating and transmitting a first secure pairing value to the first user device for establishing a secure pairing with the first user device;
  
  storing connection information comprising the first identifier and a first key derived from the first secure pairing value;
  
  receiving a request for a connection from a second user device, the request comprising a second identifier for the second user device;
  
  generating and transmitting a second secure pairing value to the second user device for establishing a secure pairing with the second user device;
  
  storing connection information comprising the second identifier and a second key derived from the second secure pairing value;
  
  transmitting a notification to the first user device that the second user device has been paired with the access device;
  
  receiving an instruction from a user device paired with the access device to terminate a pairing between the access device and a designated user device; and
  
  in response to an instruction to terminate a pairing between the access device and the designated user device, overwriting the key associated with the designated user device.
- View Dependent Claims (15, 16, 17, 18, 19, 23)
- - 15. The method of claim 14, wherein the steps of storing connection information are characterized in that the connection information further comprises an associated connection pairing value and an associated user device address.
  - 16. The method of claim 15, further comprising the step in response to an instruction to terminate a pairing between the access device and the designated user device, overwriting the connection pairing value associated with the designated user device.
  - 17. The method of claim 14, further comprising the steps of:
    - after the step of generating and transmitting a first secure pairing value,establishing at the access device first master connection key data for generating a first master connection key;
      
      generating a first master connection key from the first master connection key data,wherein the first user device is configured to generate the first master connection key from the first master connection key data, the first master connection key being used to secure data transmitted between the access device and the first user device, and wherein data transmitted to the first user device by the access device comprises the first identifier;
      
      after the step of generating and transmitting a second secure pairing value,establishing at the access device second master connection key data for generating a second master connection key;
      
      generating a second master connection key from the second master connection key data,wherein the second user device is configured to generate the second master connection key from the second master connection key data, the second master connection key being used to secure data transmitted between the access device and the second user device, and wherein data transmitted to the second user device by the access device comprises the second identifier;
      
      and wherein the steps of storing connection information are characterized in that the connection information further comprises the master connection key associated with the user device,and further comprising the step in response to an instruction to terminate a pairing between the access device and the designated user device, overwriting the master connection key associated with the designated user device.
  - 18. The method of claim 14, further comprising the steps of:
    - receiving a request from a requesting user device for a listing of all user devices currently paired with the access device; and
      
      transmitting to the requesting user device in response to the request a listing of all user devices currently paired with the access device.
  - 19. A computer-readable medium comprising code executable by a computing device for carrying out the method of claim 14.
  - 23. A smart card reader adapted to communicate with a plurality of user devices and to be securely paired with at least one of the plurality of user devices for implementing the method recited in claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Little, Herbert A.

Granted Patent

US 8,112,794 B2
Time in Patent Office

Days
Field of Search
US Class Current

725/81
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

H04L 63/18   using different networks or...

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 12/50   Secure pairing of devices

MANAGEMENT OF MULTIPLE CONNECTIONS TO A SECURITY TOKEN ACCESS DEVICE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

210 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

MANAGEMENT OF MULTIPLE CONNECTIONS TO A SECURITY TOKEN ACCESS DEVICE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

210 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others