Method and apparatus for secured access

US 8,204,480 B1
Filed: 10/01/2010
Issued: 06/19/2012
Est. Priority Date: 10/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method for validating integrity of a mobile communication device, the method comprising:

provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;

installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;

running the integrity verification application to validate the data based on the expected signatures;

establishing a first pass phrase and a second pass phrase, wherein the establishing comprises;

receiving a first instance of the first pass phrase;

performing a first hash function calculation on non-volatile memory of the mobile communication device using the first instance of the first pass phrase as a seed value to provide a first hash result;

receiving the second pass phrase;

splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and

storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;

thereafter, receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase;

performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation;

determining the second pass phrase based on the split of the second pass phrase and the second hash value; and

displaying the second pass phrase as an indication of the integrity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A commercial off-the-shelf smartphone is adapted, through software modifications only, to provide multiple operating domains or domains that provide differing levels of security and reliability. Each operating domain is isolated from the others. Detection of unauthorized modification is provided. Cross domain activity notification is provided.

93 Citations

View as Search Results

12 Claims

1. A method for validating integrity of a mobile communication device, the method comprising:
- provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;
  
  running the integrity verification application to validate the data based on the expected signatures;
  
  establishing a first pass phrase and a second pass phrase, wherein the establishing comprises;
  
  receiving a first instance of the first pass phrase;
  
  performing a first hash function calculation on non-volatile memory of the mobile communication device using the first instance of the first pass phrase as a seed value to provide a first hash result;
  
  receiving the second pass phrase;
  
  splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and
  
  storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;
  
  thereafter, receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase;
  
  performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation;
  
  determining the second pass phrase based on the split of the second pass phrase and the second hash value; and
  
  displaying the second pass phrase as an indication of the integrity.
- View Dependent Claims (2, 3, 4, 9)
- - 2. The method of claim 1, wherein the second pass phrase is displayed in response to receiving the second instance of the first pass phrase at power up of the mobile communication device.
  - 3. The method of claim 1, wherein the provisioning is performed in a location shielded from WiFi or any other remote or local access other than the provisioning.
  - 4. The method of claim 1, wherein the list of expected signatures comprises binary executables.
  - 9. The method of claim 1, wherein establishing the first pass phrase and the second pass phrase further comprises:
    - receiving a private certificate and a public certificate;
      
      encrypting the public certificate using a hash of the first pass phrase to provide an encrypted public certificate;
      
      storing the encrypted public certificate in the non-volatile memory of the mobile communication device; and
      
      encrypting the split of the second pass phrase using the private certificate before storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;
      
      and wherein determining the second pass phrase based on the split of the second pass phrase and the second hash value comprises;
      
      decrypting the encrypted public certificate using a hash of the second instance of the first pass phrase; and
      
      decrypting the split of the second pass phrase using the public certificate.

5. A mobile communication device comprising:
- a provisioning module configured to provision the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  a first integrity verification application comprising a list of expected signatures for data on the mobile communication device;
  
  an initialization module configured to establish a first pass phrase and a second pass phrase, the initialization module comprising;
  
  an input module configured to receive the first pass phrase and the second pass phrase;
  
  a first hash function calculation module configured to calculate a first hash function on non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a first hash result;
  
  a splitting module configured to split a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and
  
  a storing module configured to store the split of the second pass phrase in the non-volatile memory of the mobile communication device;
  
  a second integrity verification module configured to receive the first pass phrase as a challenge for verification, the second integrity verification module comprising;
  
  a second hash function calculation module configured to calculate a second hash function on the non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a second hash result;
  
  a determining module configured to determine the second pass phrase based on the split of the second pass phrase and the second hash value; and
  
  a display module configured to display the second pass phrase as an indication of integrity.
- View Dependent Claims (6, 7, 8, 10)
- - 6. The mobile communication device of claim 5, wherein the display module displays the second pass phrase in response to receiving the first pass phrase at power up of the mobile communication device.
  - 7. The mobile communication device of claim 5, wherein the provisioning module operates in a location shielded from WiFi or any other remote or local access other than provisioning.
  - 8. The mobile communication device of claim 5, wherein the list of expected signatures comprises binary executables.
  - 10. The mobile communication device of claim 5, further comprising:
    - a second input module configured to receive a private certificate and a public certificate;
      
      a first encrypting module configured to encrypt the public certificate using a hash of the first pass phrase to provide an encrypted public certificate;
      
      a second storing module configured to store the encrypted public certificate in the non-volatile memory of the mobile communication device;
      
      a second encrypting module configured to encrypt the split of the second pass phrase using the private certificate before storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;
      
      a first decrypting module configured to decrypt the encrypted public certificate using a hash of the second instance of the first pass phrase; and
      
      a second decrypting module configured to decrypt the split of the second pass phrase using the public certificate.

11. A method for provisioning a mobile communication device, the method comprising:
- deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;
  
  establishing a first pass phrase and a second pass phrase, wherein establishing the first pass phrase and the second pass phrase comprises;
  
  receiving the first pass phrase;
  
  performing a first hash function calculation on non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a first hash result;
  
  receiving the second pass phrase;
  
  splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and
  
  storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;
  
  receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase;
  
  performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation;
  
  determining the second pass phrase based on the split of the second pass phrase and the second hash value; and
  
  displaying the second pass phrase as an indication of integrity.
- View Dependent Claims (12)
- - 12. The method of claim 11, wherein establishing the first pass phrase and the second pass phrase further comprises:
    - receiving a private certificate and a public certificate;
      
      encrypting the public certificate using a hash of the first pass phrase to provide an encrypted public certificate;
      
      storing the encrypted public certificate in the non-volatile memory of the mobile communication device; and
      
      encrypting the split of the second pass phrase using the private certificate before storing the split of the second pass phrase in the non-volatile memory of the mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Lindteigen, Ty, Van Voorhees, Franklin David
Primary Examiner(s)
Corsaro, Nick
Assistant Examiner(s)
Patel, Mahendra

Application Number

US12/896,782
Time in Patent Office

627 Days
Field of Search

365/80, 365/189.14, 365/158, 709/224, 717/109, 717/113, 717/104, 717/105, 717/106, 375/219, 375/240.2, 375/324, 455/411
US Class Current

455/411
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

H04M 1/67   by electronic means

Method and apparatus for secured access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for secured access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others