Redundant credentialed access to a secured network

US 8,326,266 B2
Filed: 05/25/2010
Issued: 12/04/2012
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a mobile communication device for redundant credentialed access to one or more secured wireless communication networks, the method comprising:

obtaining credentialed access to one of said secured networks by remotely using credentials stored in a locally available credentialed communication device that is otherwise configured to itself obtain credentialed access to that secured network using said credentials;

detecting one or more access compromise conditions indicating the actual, or potential, compromise of the mobile device'"'"'s credentialed access to the secured network via remote use of said credentials; and

responsive to said detection, automatically switching to other credentials stored in a different locally available credentialed communication device and obtaining credentialed access to one of said secured networks by remotely using said other credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile communication device is configured to provide redundant credentialed access to one or more secured wireless communication networks. The mobile device obtains credentialed access to one of the secured networks by remotely using credentials stored in a credentialed communication device that is locally available (i.e., in the vicinity of the mobile device). Responsive to detecting the actual, or potential, compromise of the mobile device'"'"'s credentialed access to that secured network, the mobile device switches to other credentials stored in a different credentialed device and obtains credentialed access to one of the secured networks by remotely using those other credentials. This switching occurs dynamically upon detecting the compromise of credentialed access, as well as automatically without requiring the mobile device'"'"'s user to manually enter commands into the device'"'"'s user interface.

18 Citations

View as Search Results

22 Claims

1. A method implemented by a mobile communication device for redundant credentialed access to one or more secured wireless communication networks, the method comprising:
- obtaining credentialed access to one of said secured networks by remotely using credentials stored in a locally available credentialed communication device that is otherwise configured to itself obtain credentialed access to that secured network using said credentials;
  
  detecting one or more access compromise conditions indicating the actual, or potential, compromise of the mobile device'"'"'s credentialed access to the secured network via remote use of said credentials; and
  
  responsive to said detection, automatically switching to other credentials stored in a different locally available credentialed communication device and obtaining credentialed access to one of said secured networks by remotely using said other credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising concurrently maintaining local communication links with a plurality of locally available credentialed communication devices, each of which is configured to itself obtain credentialed access to one of said secured networks using credentials stored therein, and coordinating amongst the plurality of credentialed devices, via said local communication links, which credentials the mobile device automatically switches to responsive to said detection.
  - 3. The method of claim 1, wherein automatically switching to other credentials comprises selecting said other credentials from amongst a plurality of credentials stored in a plurality of different locally available credentialed communication devices, based on pre-determined selection criteria.
  - 4. The method of claim 3, wherein selecting said other credentials comprises selecting said other credentials from amongst the plurality of credentials based on one or more of:
    - which of the plurality of credentials are stored in a credentialed device that has the best quality of service;
      
      which of the plurality of credentials are stored in a credentialed device that has the longest remaining battery life;
      
      which of the plurality of credentials provide access to a preferred one of said secured networks; and
      
      which of the plurality of credentials provide access to a secured network that offers one or more given services.
  - 5. The method of claim 1, wherein detecting one or more access compromise conditions comprises detecting that access to the secured network via remote use of said credentials has been lost, or a quality of service of that access has fallen below a pre-determined threshold.
  - 6. The method of claim 1, wherein detecting one or more access compromise conditions comprises detecting that physical impact has been imparted to the mobile device, or to the credentialed device storing the credentials being remotely used to access the secured network.
  - 7. The method of claim 1, wherein detecting one or more access compromise conditions comprises detecting that a remaining battery life of the credentialed device storing the credentials being remotely used to access the secured network has fallen below a respective threshold level.
  - 8. The method of claim 1, further comprising storing, for each of one or more locally available credentialed communication devices, use authorization information permitting the mobile device to acquire authorization from that credentialed device to remotely use the credentials stored therein, and wherein automatically switching to other credentials stored in a different credentialed device comprises acquiring authorization from that credentialed device to remotely use the credentials stored therein, based on the use authorization information stored for that device.
  - 9. The method of claim 8, wherein storing use authorization information comprises storing one or more different personal identification numbers, PINs, for the one or more credentialed devices, and wherein acquiring authorization from said different credentialed device comprises sending to the device the PIN stored for that device.
  - 10. The method of claim 8, wherein storing, for each of one or more credentialed devices, use authorization information comprises sealing the use authorization information in a trusted module of the mobile device, the sealing of use authorization information stored for a given credentialed device being conditioned on the present involvement of the mobile device in establishing a local communication link with that device, and wherein acquiring authorization from said different credentialed device comprises unsealing the use authorization information stored for that device, said unsealing being conditioned on the detection of said one or more access compromise conditions, and sending the unsealed use authorization information to that device.
  - 11. The method of claim 1, wherein one or more locally available credentialed communication devices are each configured to store use authorization information permitting other devices to acquire authorization to remotely use the credentials stored therein, and wherein the method further comprises deriving one or more different encryption keys for sealing use authorization information in respective trusted modules of the one or more credentialed devices storing the use authorization information, the derivation of an encryption key for a given credentialed device being conditioned on the present involvement of the mobile device in establishing a local communication link with that device, and wherein acquiring authorization from said different credentialed device comprises deriving a decryption key for unsealing the use authorization information stored in said different credentialed device, said derivation of a decryption key being conditioned on the detection of said one or more access compromise conditions, and sending the derived decryption key to that device.

12. A mobile communication device configured to provide redundant credentialed access to one or more secured wireless communication networks, the mobile communication device comprising:
- a local communication interface communicatively coupling the mobile device to one or more locally available credentialed communication devices; and
  
  one or more processing circuits configured to;
  
  obtain credentialed access to one of said secured networks by remotely using credentials stored in a locally available credentialed communication device that is otherwise configured to itself obtain credentialed access to that secured network using said credentials;
  
  detect one or more access compromise conditions indicating the actual, or potential, compromise of the mobile device'"'"'s credentialed access to the secured network via remote use of said credentials; and
  
  responsive to said detection, automatically switch to other credentials stored in a different locally available credentialed communication device and obtain credentialed access to one of said secured networks by remotely using said other credentials.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The mobile device of claim 12, wherein the local communication interface is configured to concurrently maintain local communication links with a plurality of locally available credentialed communication devices, each of which is configured to itself obtain credentialed access to one of said secured networks using credentials stored therein, and wherein the one or more processing circuits are configured to coordinate amongst the plurality of credentialed devices, via said local communication links, which credentials the mobile device automatically switches to responsive to said detection.
  - 14. The mobile device of claim 12, wherein the one or more processing circuits are configured to automatically switch to other credentials by selecting said other credentials from amongst a plurality of credentials stored in a plurality of different locally available credentialed communication devices based on pre-determined selection criteria.
  - 15. The mobile device of claim 14, wherein the one or more processing circuits are configured to select said other credentials by selecting said other credentials from amongst the plurality of credentials based on one or more of:
    - which of the plurality of credentials are stored in a credentialed device that has the best quality of service;
      
      which of the plurality of credentials are stored in a credentialed device that has the longest remaining battery life;
      
      which of the plurality of credentials provide access to a preferred one of said secured networks; and
      
      which of the plurality of credentials provide access to a secured network that offers one or more given services.
  - 16. The mobile device of claim 12, wherein the one or more processing circuits are configured to detect one or more access compromise conditions by detecting that access to the secured network via remote use of said credentials has been lost, or the quality of service of that access has fallen below a pre-determined threshold.
  - 17. The mobile device of claim 12, wherein the one or more processing circuits are configured to detect one or more access compromise conditions by detecting physical impact imparted to the mobile device or to the credentialed device storing the credentials being remotely used to access the secured network.
  - 18. The mobile device of claim 12, wherein the one or more processing circuits are configured to detect one or more access compromise conditions by detecting that the remaining battery life of the credentialed device storing the credentials being remotely used to access the secured network has fallen below a respective threshold level.
  - 19. The mobile device of claim 12, further comprising a memory configured to store, for each of one or more locally available credentialed communication devices, use authorization information permitting the mobile device to acquire authorization from the credentialed device to remotely use the credentials stored therein, and wherein the one or more processing circuits are configured to automatically switch to other credentials stored in a different credentialed device by acquiring authorization from that credentialed device to remotely use the credentials stored therein, based on the use authorization information stored in said memory for that device.
  - 20. The mobile device of claim 19, wherein the memory is configured to store one or more different personal identification numbers, PINs, for the one or more credentialed devices, and wherein the one or more processing circuits are configured to acquire authorization from said different credentialed device by sending to the device the PIN stored for that device.
  - 21. The mobile device of claim 19, further comprising a trusted module that includes said memory, and wherein the one or more processing circuits are configured to:
    - seal use authorization information in said trusted module, the sealing of use authorization information stored for a given credentialed device being conditioned on the present involvement of the mobile device in establishing a local communication link with that device; and
      
      acquire authorization from said different credentialed device by;
      
      unsealing the use authorization information stored for that device, said unsealing being conditioned on the detection of said one or more access compromise conditions; and
      
      sending the unsealed use authorization information to that device.
  - 22. The mobile device of claim 12, wherein one or more locally available credentialed communication devices are each configured to store use authorization information permitting other devices to acquire authorization to remotely use the credentials stored therein, and wherein the one or more processing circuits are configured to:
    - derive one or more different encryption keys for sealing use authorization information in respective trusted modules of the one or more credentialed devices storing the use authorization information, the derivation of an encryption key for a given credentialed device being conditioned on the present involvement of the mobile device in establishing a local communication link with that device; and
      
      acquire authorization from said different credentialed device by;
      
      deriving a decryption key for unsealing the use authorization information stored in said different credentialed device, said derivation of a decryption key being conditioned on the detection of said one or more access compromise conditions; and
      
      sending the derived decryption key to that device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Smeets, Bernard
Primary Examiner(s)
Le, Danh

Application Number

US12/786,602
Publication Number

US 20110296495A1
Time in Patent Office

924 Days
Field of Search

455/410, 455/411, 455/550.1, 726/5, 713/168
US Class Current

455/410
CPC Class Codes

H04W 12/068   using credential vaults, e....

H04W 12/12   Detection or prevention of ...

H04W 12/125   Protection against power ex...

H04W 12/30   Security of mobile devices;...

H04W 12/43   using shared identity modul...

H04W 12/63   Location-dependent; Proximi...

H04W 48/18   Selecting a network or a co...

Redundant credentialed access to a secured network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Redundant credentialed access to a secured network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others