Portable computerized device adapted for ad hoc security associations
First Claim
1. A substantially portable computerized device adapted to permit ad hoc security associations to exist with other computerized devices that may or may not have communicated previously with said portable computerized device, comprising:
- a processing apparatus in communication with a memory;
a first computer program operative to run on said portable device adapted to establish an ad hoc security association between said portable device and another remote device, said first computer program comprising a cryptographic data exchange algorithm adapted to cause said portable device to transmit cryptographic data generated substantially under control of said portable device to said another remote device while establishing said association;
a second computer program operative to run on said portable device and adapted to encrypt data sent to said another device using at least one cryptographic key; and
a third computer program operative to run on said portable device and adapted to append said data with an appended message element, said appended message element utilized by said another device for at least data integrity.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable communications device adapted to provide communication security in, for example, an ad hoc or temporary networked environment. In one embodiment, the network comprises an untrusted medium, and the device includes network security apparatus adapted to create security associations between devices on the network, including mutual authentication. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the device. The device may be untrusted (e.g., have an untrusted operating system). User identification or validation may also be provided, for example via inputs received via a user interface.
101 Citations
60 Claims
-
1. A substantially portable computerized device adapted to permit ad hoc security associations to exist with other computerized devices that may or may not have communicated previously with said portable computerized device, comprising:
-
a processing apparatus in communication with a memory; a first computer program operative to run on said portable device adapted to establish an ad hoc security association between said portable device and another remote device, said first computer program comprising a cryptographic data exchange algorithm adapted to cause said portable device to transmit cryptographic data generated substantially under control of said portable device to said another remote device while establishing said association; a second computer program operative to run on said portable device and adapted to encrypt data sent to said another device using at least one cryptographic key; and a third computer program operative to run on said portable device and adapted to append said data with an appended message element, said appended message element utilized by said another device for at least data integrity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computerized device, comprising:
-
a processor with an untrusted operating system running thereon; a first routine operative to run on said computerized device and adapted to obtain at least one address for said computerized device after said computerized device is placed in data communication with at least one another via an untrusted medium; a second routine operative to run on said computerized device and adapted to establish a security association between said computerized device and a second device, said second computer program comprising an authentication algorithm adapted to cause said computerized device and said second device to exchange cryptographic data over an unsecure network, said data being substantially unique to said association and comprising at least one random number; a third routine operative to run on said computerized device and adapted to seal or encrypt data sent from said computerized device using at least one cryptographic key; and a fourth routine operative to run on said computerized device and adapted to evaluate data sent from said second device for at least data integrity. - View Dependent Claims (20, 21)
-
-
22. A computerized device, comprising:
-
a processor; a first computer program operative to run on said device and adapted to obtain at least one temporary address for said device; a second computer program operative to run on said device and adapted to establish a non-permanent security association between said device and a second device, said second computer program comprising a cryptographic data exchange algorithm adapted to cause said device and said second device to exchange cryptographic data, said data being substantially unique to said security association; a third computer program operative to run on said device and adapted to seal or encrypt data sent from said device using at least one cryptographic key; a fourth computer program adapted to identify or validate a user via one or more inputs received via said used interface before said association can be established; a fifth computer program adapted to authenticate said second device and further adapted to facilitate an authentication of itself to said second device; and a sixth computer program adapted to dynamically generate at least one encryption key for each security association, said act of generating not requiring intervention by a network administrator; wherein said device can establish said association with said second device without accessing any entity other than said second device for cryptographic information.
-
-
23. A portable computerized device, comprising:
-
a processing apparatus; a user interface adapted to receive user inputs; a first computer program operative to run on said portable device and adapted to obtain at least one temporary address for said portable device; a second computer program operative to run on said portable device and adapted to establish a non-permanent security association between said portable device and a second device, said second computer program comprising a cryptographic data exchange algorithm in which said portable device and said second device exchange cryptographic data via a physically non-secure network, said data being substantially unique to said security association; a third computer program operative to run on said portable device and adapted to seal or encrypt data sent from said portable device using at least one cryptographic key; and a fourth computer program adapted to identify or validate a user via inputs received via said used interface before said association can be established, said fourth computer program adapted to identify a user based at least in part on a cryptographic element associated with said portable device. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A portable computerized device, comprising:
-
processing means; a user interface adapted to receive user inputs; a first software means operative to run on said portable device for obtaining at least one temporary address for said portable device; a second software means operative to run on said portable device for establishing a non-permanent security association between said portable device and a second device, said portable device also comprising cryptographic data exchange means in which said portable device and said second device exchange cryptographic data via a physically non-secure network, said data being substantially unique to said security association; a third software means operative to run on said portable device for sealing or encrypting data sent from said portable device using at least one cryptographic key; and a fourth software means adapted to identify or validate a user via inputs received via said used interface before said association can be established, said fourth means adapted to identify a user based at least in part on a cryptographic element associated with said portable device. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification