CA2553081C - A method for binding a security element to a mobile device - Google Patents
A method for binding a security element to a mobile device Download PDFInfo
- Publication number
- CA2553081C CA2553081C CA2553081A CA2553081A CA2553081C CA 2553081 C CA2553081 C CA 2553081C CA 2553081 A CA2553081 A CA 2553081A CA 2553081 A CA2553081 A CA 2553081A CA 2553081 C CA2553081 C CA 2553081C
- Authority
- CA
- Canada
- Prior art keywords
- security element
- software application
- user
- passkey
- attributes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 150000003839 salts Chemical class 0.000 claims abstract description 12
- 238000013478 data encryption standard Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/081—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself
Abstract
According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device. Preferably, the device is a mobile device. The combination of attributes may include the following: a) a build secret, the build secret consisting of a string which is generated when the software application is created; b) a salt, the salt consisting of a random string; wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.
Description
A METHOD FOR BINDING A SECURITY ELEMENT
TO A MOBILE DEVICE
Field of the Invention [0001]
The present invention relates to the field of security and encryption. In particular, it relates to methods of binding security elements, such as passwords, to mobile devices, such as mobile phones.
Background of the Invention
TO A MOBILE DEVICE
Field of the Invention [0001]
The present invention relates to the field of security and encryption. In particular, it relates to methods of binding security elements, such as passwords, to mobile devices, such as mobile phones.
Background of the Invention
[0002]
The rapid increase in the use of online services for shopping, banking and other financial transactions has brought with it an increase in identity theft and fraud.
The most common existing security techniques rely on the user having a password associated with an online identity (user name). However, schemes such as keystroke logging, phishing and similar techniques are used to improperly record or intercept passwords and the associated user names. Thus, the username/password data can be taken and used in fraudulent transactions, leading to loss of money, loss of time and loss of reputation, not only for the user whose identity was taken, but also for those parties who were fraudulently induced into believing they were transacting with the user.
The rapid increase in the use of online services for shopping, banking and other financial transactions has brought with it an increase in identity theft and fraud.
The most common existing security techniques rely on the user having a password associated with an online identity (user name). However, schemes such as keystroke logging, phishing and similar techniques are used to improperly record or intercept passwords and the associated user names. Thus, the username/password data can be taken and used in fraudulent transactions, leading to loss of money, loss of time and loss of reputation, not only for the user whose identity was taken, but also for those parties who were fraudulently induced into believing they were transacting with the user.
[0003]
The flaws in the username/password system have lead to the development of two-factor (also known as "strong") authentication systems. Two-factor authentication is based on two elements: 1) something the user knows (i.e. a password or PIN);
and 2) something the user has (an authenticator, often a physical device referred to as a "fob").
The fob and the password are used together to provide an additional level of security, as either one, individually, is of no use without the other.
The flaws in the username/password system have lead to the development of two-factor (also known as "strong") authentication systems. Two-factor authentication is based on two elements: 1) something the user knows (i.e. a password or PIN);
and 2) something the user has (an authenticator, often a physical device referred to as a "fob").
The fob and the password are used together to provide an additional level of security, as either one, individually, is of no use without the other.
[0004]
Despite the improved security, two-factor authentication is still of limited use due to the requirement of the hardware fob. Furthermore, each secure system requires its own fob, creating a problem for the user who then needs to keep track of the multiple fobs necessary for access to multiple services.
Despite the improved security, two-factor authentication is still of limited use due to the requirement of the hardware fob. Furthermore, each secure system requires its own fob, creating a problem for the user who then needs to keep track of the multiple fobs necessary for access to multiple services.
[0005]
One method of two-factor authentication is the use of One-Time Password (OTP) authentication. Using OTP authentication, a new OTP value (OTP token) is 57522-2[CA-121(KB) generated for use on a per-event basis (e.g. each remote logon attempt) or on a time-window basis (e.g. once per minute). The user is typically required to use a fob, either to generate the OTP, or to contact the system and receive the OTP.
One method of two-factor authentication is the use of One-Time Password (OTP) authentication. Using OTP authentication, a new OTP value (OTP token) is 57522-2[CA-121(KB) generated for use on a per-event basis (e.g. each remote logon attempt) or on a time-window basis (e.g. once per minute). The user is typically required to use a fob, either to generate the OTP, or to contact the system and receive the OTP.
[0006]
Ideally, the fob can be replaced by another device already carried by the user, such as a mobile phone or PDA, which stores a set of OTP credentials for use when access the secure system. However, this creates a new problem that must be addressed, namely, the requirement that the OTP credentials be properly encrypted and bound to the device.
Summary of the Invention
Ideally, the fob can be replaced by another device already carried by the user, such as a mobile phone or PDA, which stores a set of OTP credentials for use when access the secure system. However, this creates a new problem that must be addressed, namely, the requirement that the OTP credentials be properly encrypted and bound to the device.
Summary of the Invention
[0007]
According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device, encrypting the security element on the device using the passkey, and retrieving the Device ID from the device to decrypt the security element.
According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device, encrypting the security element on the device using the passkey, and retrieving the Device ID from the device to decrypt the security element.
[0008]
Preferably, the device is a mobile device. Also preferably, the combination of attributes includes the following: a) a build secret, the build secret consisting of a random alphanumeric string; b) a salt, the salt consisting of a random alphanumeric string; and wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.
Preferably, the device is a mobile device. Also preferably, the combination of attributes includes the following: a) a build secret, the build secret consisting of a random alphanumeric string; b) a salt, the salt consisting of a random alphanumeric string; and wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.
[0009]
Preferably, the security element is an OTP credential for use with a secure server.
Preferably, the security element is an OTP credential for use with a secure server.
[0010]
Other preferable attributes used include a user passphrase, a software application ID associated with a software program used by said device and/or a network ID associated with a network service provider used by said mobile device.
Other preferable attributes used include a user passphrase, a software application ID associated with a software program used by said device and/or a network ID associated with a network service provider used by said mobile device.
[0011]
Other and further advantages and features of the invention will be apparent to those skilled in the art from the following detailed description thereof, taken in conjunction with the accompanying drawings.
57522-2[CA-12](KB) Brief Description of the Drawings
Other and further advantages and features of the invention will be apparent to those skilled in the art from the following detailed description thereof, taken in conjunction with the accompanying drawings.
57522-2[CA-12](KB) Brief Description of the Drawings
[0012]
The invention will now be described in more detail, by way of example only, with reference to the accompanying drawings, in which like numbers refer to like elements, wherein:
Figure 1 is a block diagram of the passkey creation and credential encryption method.
Detailed Description of the Preferred Embodiments
The invention will now be described in more detail, by way of example only, with reference to the accompanying drawings, in which like numbers refer to like elements, wherein:
Figure 1 is a block diagram of the passkey creation and credential encryption method.
Detailed Description of the Preferred Embodiments
[0013]
The inventive method presented herein consists of binding a chosen security element to a specific mobile device used by a user at the time the security element is being supplied to the user. The method is of particular application when the security element needs to be generated by the secure server at the time of the first request by the user for access to the secure server. The security element is then used by the user for future access to the secure server from the mobile device.
The inventive method presented herein consists of binding a chosen security element to a specific mobile device used by a user at the time the security element is being supplied to the user. The method is of particular application when the security element needs to be generated by the secure server at the time of the first request by the user for access to the secure server. The security element is then used by the user for future access to the secure server from the mobile device.
[0014] The security element can be of any known type and is typically application and sever dependent. A preferred embodiment of security element is an OTP (One Time Password) credential which is stored on the mobile device to enable access to a secure server. The OTP credential is then used by the user during future transactions with the secure server as part of a two-factor authentication process.
[0015] With reference to Figure 1, a combination of attributes 100 is used to create an encryption key, herein referred to as a passkey 130, is used to encrypt the security element. The attributes used to create the passkey can include one or more of:
a user passphrase (i.e. a password or PIN) 102 (not the same password/PIN used in the two-factor authentication), an application (software) ID 104, a network ID 106, a device ID
108, and other randomly-generated strings 110, 112. Of these, the device ID
provides the strongest binding of the passkey 130 to the specific device.
a user passphrase (i.e. a password or PIN) 102 (not the same password/PIN used in the two-factor authentication), an application (software) ID 104, a network ID 106, a device ID
108, and other randomly-generated strings 110, 112. Of these, the device ID
provides the strongest binding of the passkey 130 to the specific device.
[0016] An example of a passkey 130 meeting requirements for a Triple DES (Data Encryption Standard) key as generated by the inventive method is shown using four separate attributes combined to generate the passkey 130:
57522-2[CA-12](KB) 1) The Device ID 108. This is number, alphanumeric string or code that identifies the device being used by the user to connect to the server. Device IDs can be unique, such as the device's serial number or IMEI (International Mobile Equipment Identity) number. Alternatively, this can be a SHA-1 hash or other hash or digest of the phone number or email address associated with the device. In any case, the Device ID is read from the device every time the protected security element is accessed.
[0018]
2) The build secret 110. A build secret is a randomly generated string (e.g.
characters) which is generated during the build of the application. The build secret is stored in the encryption code as a non-printable (non-accessible) string. For additional security, the build secret 110 may be stored as a set of segmented non-printable strings in different parts of the code to make it more difficult to discover.
[0019]
3) The salt 112. A salt is a random number generated during the build process. The salt is stored in the encryption code as a non-printable (non-accessible) string. As with the build secret 110, the salt 112 may be stored as a set of segmented non-printable strings in different parts of the code.
[0020]
4) The user passphrase 102. This is a string of characters input by the user during the first access attempt. The passphrase can be changed by the user on their device at a later time. The user passphrase 102 is only known by the user and is not sent over the connection to the server.
100211 The attributes are combined using a derivation algorithm 120 to create the passkey 130. Once the passkey 130 is created, it is used to encrypt 140 the security element (i.e. OTP credential) 132 stored on the device. The result is an encrypted, protected security element 150. When the user needs to decrypt the security element, they input the user passphrase 102, the Device ID 108 is read off the device, and the security element 150 is decrypted for use.
Thus, a form of two-factor authentication is now provided for the stored security element 150. If the device falls into the hands of an unauthorized user, the security element 150 is inaccessible without the user passphrase 102.
Conversely, if the security element 150 is somehow removed from the device and the passphrase 102 obtained, it remains inaccessible as the proper Device ID 108 cannot be read.
57522-2[CA-12](KB) [0023]
This method can be modified or further expanded by using an application (software) ID 104 as an additional attribute of the passkey generation method or as a replacement for one of the existing attributes. An application ID 104 is a unique identifier associated with the software application instance used by the user, either to decrypt the security element, or to access the secure system. The application ID 104 is similar to the Device ID 108 in that it is a number, alphanumeric string or code that identifies the software application instance. The application ID 104 is created at the time the software is downloaded or installed on the device.
[0024]
Another potential attribute is a network ID 106 associated with the network service provider used by the mobile device. Given that it is generally desirable to allow users to have the ability to switch service providers of their own volition, use of this attribute is likely to be limited. However, the network ID 106 could be used to restrict access to certain providers or certain geographic areas.
[0025]
While the above method contemplates binding and protecting the security elements on the device, it is equally applicable for use in protecting the security element during the provisioning or transportation to the device. The binding process can be applied by repackaging or recompiling the software application for a specific user and device at the time of download.
[0026]
While the above method has been presented in the context of mobile devices, such as mobile phones, the method is equally applicable to fixed devices, such as laptop or desktop PCs, as well. While fixed devices generally have superior integrated security measures than mobiles devices, the simplicity and device-branding capabilities of the method presented herein provide these same security benefits to fixed devices as well.
[0027]
This concludes the description of a presently preferred embodiment of the invention. The foregoing description has been presented for the purpose of illustration and is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations are possible in light of the above teaching and will be apparent to those skilled in the art. It is intended the scope of the invention be limited not by this description but by the claims that follow.
57522-2[CA-121(KB)
57522-2[CA-12](KB) 1) The Device ID 108. This is number, alphanumeric string or code that identifies the device being used by the user to connect to the server. Device IDs can be unique, such as the device's serial number or IMEI (International Mobile Equipment Identity) number. Alternatively, this can be a SHA-1 hash or other hash or digest of the phone number or email address associated with the device. In any case, the Device ID is read from the device every time the protected security element is accessed.
[0018]
2) The build secret 110. A build secret is a randomly generated string (e.g.
characters) which is generated during the build of the application. The build secret is stored in the encryption code as a non-printable (non-accessible) string. For additional security, the build secret 110 may be stored as a set of segmented non-printable strings in different parts of the code to make it more difficult to discover.
[0019]
3) The salt 112. A salt is a random number generated during the build process. The salt is stored in the encryption code as a non-printable (non-accessible) string. As with the build secret 110, the salt 112 may be stored as a set of segmented non-printable strings in different parts of the code.
[0020]
4) The user passphrase 102. This is a string of characters input by the user during the first access attempt. The passphrase can be changed by the user on their device at a later time. The user passphrase 102 is only known by the user and is not sent over the connection to the server.
100211 The attributes are combined using a derivation algorithm 120 to create the passkey 130. Once the passkey 130 is created, it is used to encrypt 140 the security element (i.e. OTP credential) 132 stored on the device. The result is an encrypted, protected security element 150. When the user needs to decrypt the security element, they input the user passphrase 102, the Device ID 108 is read off the device, and the security element 150 is decrypted for use.
Thus, a form of two-factor authentication is now provided for the stored security element 150. If the device falls into the hands of an unauthorized user, the security element 150 is inaccessible without the user passphrase 102.
Conversely, if the security element 150 is somehow removed from the device and the passphrase 102 obtained, it remains inaccessible as the proper Device ID 108 cannot be read.
57522-2[CA-12](KB) [0023]
This method can be modified or further expanded by using an application (software) ID 104 as an additional attribute of the passkey generation method or as a replacement for one of the existing attributes. An application ID 104 is a unique identifier associated with the software application instance used by the user, either to decrypt the security element, or to access the secure system. The application ID 104 is similar to the Device ID 108 in that it is a number, alphanumeric string or code that identifies the software application instance. The application ID 104 is created at the time the software is downloaded or installed on the device.
[0024]
Another potential attribute is a network ID 106 associated with the network service provider used by the mobile device. Given that it is generally desirable to allow users to have the ability to switch service providers of their own volition, use of this attribute is likely to be limited. However, the network ID 106 could be used to restrict access to certain providers or certain geographic areas.
[0025]
While the above method contemplates binding and protecting the security elements on the device, it is equally applicable for use in protecting the security element during the provisioning or transportation to the device. The binding process can be applied by repackaging or recompiling the software application for a specific user and device at the time of download.
[0026]
While the above method has been presented in the context of mobile devices, such as mobile phones, the method is equally applicable to fixed devices, such as laptop or desktop PCs, as well. While fixed devices generally have superior integrated security measures than mobiles devices, the simplicity and device-branding capabilities of the method presented herein provide these same security benefits to fixed devices as well.
[0027]
This concludes the description of a presently preferred embodiment of the invention. The foregoing description has been presented for the purpose of illustration and is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations are possible in light of the above teaching and will be apparent to those skilled in the art. It is intended the scope of the invention be limited not by this description but by the claims that follow.
57522-2[CA-121(KB)
Claims (8)
1. A method of binding a security element to a device, comprising:
a) generating a build secret comprising a random string that is generated when a software application is created and stored as at least one non-printable string within code of said software application;
b) generating a passkey to encrypt said security element on said device, said passkey being a combination of attributes associated with said device, wherein said attributes include a Device ID and said build secret;
c) encrypting said security element on said device using said passkey; and d) retrieving said Device ID from said device as part of decrypting said security element.
a) generating a build secret comprising a random string that is generated when a software application is created and stored as at least one non-printable string within code of said software application;
b) generating a passkey to encrypt said security element on said device, said passkey being a combination of attributes associated with said device, wherein said attributes include a Device ID and said build secret;
c) encrypting said security element on said device using said passkey; and d) retrieving said Device ID from said device as part of decrypting said security element.
2. The method of claim 1, wherein said device is a mobile device.
3. The method of claim 1, wherein said combination of attributes additionally includes one or more of the following attributes:
a) a salt, said salt consisting of a random string;
b) a user passphrase, said user passphrase consisting of a string input by the user;
c) an application ID associated with a program used by said device;
d) a network ID associated with a network service provider used by said mobile device.
a) a salt, said salt consisting of a random string;
b) a user passphrase, said user passphrase consisting of a string input by the user;
c) an application ID associated with a program used by said device;
d) a network ID associated with a network service provider used by said mobile device.
4. The method of claim 1, wherein said security element is an OTP (One Time Password) credential for use with a secure server.
5. The method of claim 3, wherein said user passphrase is used as an attribute and decryption of said security element requires input of said user passphrase.
6. The method of claim 1, wherein said non-printable strings are stored as segmented non-printable strings and stored in different parts of said code of said software application.
7. A method of supplying said software application for encrypting a security element using the method in claim 1-6 comprising at least one of:
downloading said software application to said device;
installing said software application to said device; and recompiling said software application for said device.
downloading said software application to said device;
installing said software application to said device; and recompiling said software application for said device.
8. The method of any one of claims 1-7, wherein said Device ID is one of:
a serial number; an IMEI (International Mobile Equipment Identity) number;
a digest or hash value derived from a phone number; or a digest or hash value derived from an email address.
a serial number; an IMEI (International Mobile Equipment Identity) number;
a digest or hash value derived from a phone number; or a digest or hash value derived from an email address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2553081A CA2553081C (en) | 2006-07-24 | 2006-07-24 | A method for binding a security element to a mobile device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2553081A CA2553081C (en) | 2006-07-24 | 2006-07-24 | A method for binding a security element to a mobile device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2553081A1 CA2553081A1 (en) | 2008-01-24 |
| CA2553081C true CA2553081C (en) | 2015-08-25 |
Family
ID=38973671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2553081A Active CA2553081C (en) | 2006-07-24 | 2006-07-24 | A method for binding a security element to a mobile device |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2553081C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2151795A1 (en) | 2008-08-08 | 2010-02-10 | France Telecom | Secure electronic coupon delivery to mobile device |
| US8397281B2 (en) | 2009-12-30 | 2013-03-12 | Symantec Corporation | Service assisted secret provisioning |
| US8799646B1 (en) * | 2011-12-23 | 2014-08-05 | Symantec Corporation | Methods and systems for authenticating devices |
| EP2820792B1 (en) | 2012-02-29 | 2019-06-12 | BlackBerry Limited | Method of operating a computing device, computing device and computer program |
| EP2820585B1 (en) * | 2012-02-29 | 2019-04-10 | BlackBerry Limited | Method of operating a computing device, computing device and computer program |
| WO2013130568A2 (en) | 2012-02-29 | 2013-09-06 | Good Technology Corporation | Method of operating a computing device, computing device and computer program |
-
2006
- 2006-07-24 CA CA2553081A patent/CA2553081C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CA2553081A1 (en) | 2008-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8051297B2 (en) | Method for binding a security element to a mobile device | |
| US9866376B2 (en) | Method, system, and device of provisioning cryptographic data to electronic devices | |
| US20190089527A1 (en) | System and method of enforcing a computer policy | |
| CN101507233B (en) | Method and apparatus for providing trusted single sign-on access to applications and internet-based services | |
| US10454674B1 (en) | System, method, and device of authenticated encryption of messages | |
| US8639915B2 (en) | Apparatus and method for distributing private keys to an entity with minimal secret, unique information | |
| US8904180B2 (en) | Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys | |
| EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
| CN111512608B (en) | Trusted execution environment based authentication protocol | |
| US20190238334A1 (en) | Communication system, communication client, communication server, communication method, and program | |
| US20070240226A1 (en) | Method and apparatus for user centric private data management | |
| MXPA04007547A (en) | System and method for providing key management protocol with client verification of authorization. | |
| CN101297534A (en) | Method and apparatus for secure network authentication | |
| US20110162053A1 (en) | Service assisted secret provisioning | |
| US7620187B1 (en) | Method and apparatus for ad hoc cryptographic key transfer | |
| KR20090084545A (en) | Ce device management server, method for issuing drm key using ce device management server, and computer readable medium | |
| CA2553081C (en) | A method for binding a security element to a mobile device | |
| WO2018030289A1 (en) | Ssl communication system, client, server, ssl communication method, and computer program | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
| US20090239500A1 (en) | Maintaining secure communication of a network device | |
| KR100681005B1 (en) | Key roaming method, and method for the same | |
| JP6165044B2 (en) | User authentication apparatus, system, method and program | |
| Gupta | Security characteristics of cryptographic mobility solutions | |
| CN109981678B (en) | Information synchronization method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |