US20060136717A1 - System and method for authentication via a proximate device - Google Patents

System and method for authentication via a proximate device Download PDF

Info

Publication number
US20060136717A1
US20060136717A1 US11204596 US20459605A US2006136717A1 US 20060136717 A1 US20060136717 A1 US 20060136717A1 US 11204596 US11204596 US 11204596 US 20459605 A US20459605 A US 20459605A US 2006136717 A1 US2006136717 A1 US 2006136717A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
access
input device
device
key
system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11204596
Inventor
Mark Buer
Ed Frank
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXP BV
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0853Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

Techniques are provided to authenticate components in a system. Users may enter credentials into an input device and the credentials may be authenticated and/or securely transmitted to the components. The components may then provide the credentials to a server in the system. Strong authentication may thus be provided to the effect that credentials associated with specific users have been received from specific components in the system. The server may then enable the components to access selected services.

Description

    CROSS-REFERENCE TO RELATED APPLICATION(S)
  • This application claims the benefit of U.S. Provisional Patent Application No. 60/637,668, filed Dec. 20, 2004, the disclosure of which is hereby incorporated by reference herein.
  • TECHNICAL FIELD
  • This application relates to data processing and, more specifically, to a system and method of authenticating devices via at least one proximate device.
  • BACKGROUND
  • A variety of services may be accessed using computing devices such as personal computers and wireless handsets. For example, a user may access data stored on or applications running on the computing device. In addition, a user may connect to a data network to gain access to data and applications on remote servers.
  • In some cases, access to a service may be limited to authorized users. For example, a service may provide access to sensitive data such as financial information or personal information. In addition, access to a service may require payment of a fee.
  • A variety of techniques are known for securing access to services via a computing device. For example, a user may be required to present some form of credential to a computing device that provides the service (the “service provider”). Here, the credential may indicate that a particular user (or anyone who knows the credential) may access a given service. In some applications a credential may take the form of a user name and password that was provided to the user and the service provider by a system administrator. When the user accesses a service, the user may present the user name and password to the service provider. The service provider then verifies that this credential is assigned to an authorized user of the requested service.
  • In a typical data network, access to the data network is limited to devices that have been properly installed on the network. As part of this installation, cryptographic techniques may be employed to ensure that only authorized devices are connected to the network. In general, cryptographic techniques may include one or more of encryption, decryption, authentication, signing and verification.
  • For example, a network administrator may load one or more cryptographic keys (hereafter “key(s)”) into each device that is authorized to connect to the network. The network administrator also loads corresponding keys into a network access device (e.g., a router) that is connected to, for example, a wide area network (“WAN”). When the device attempts to access the network, the network access device verifies that a proper key has been loaded into that device. Once verified, the network access device enables the requesting device access to the network.
  • In practice, the process of authorizing a user to use a service and installing devices on a network may be relatively cumbersome and time consuming. As described above, these operations tend to be relatively manual in nature. However, distributed computing services are becoming increasingly prevalent and affordable to access. For example, the proliferation of wireless computing networks and handheld devices enables a user to use a variety of devices to access a variety of different networks that may exist throughout a city, etc. Accordingly, a need exists for more efficient techniques for enabling a user to access secured services.
  • Moreover, conventional methods of entering or loading a credential or a cryptographic key into a device may be compromised in some circumstances. For example, when a user uses a computing device to access a secured service, the user may first need to enter the credential into the computing device. Typically, this is accomplished using an input device such as a keyboard. The computing device may then forward these credentials to a service provider that determines whether the user is authorized to use the requested service.
  • In the event the computing device has been comprised by a hacker or a computer virus, an unauthorized person may gain access to these credentials. For example, a personal computer may incorporate a trusted computing module (“TPM”) to control access to certain secured services (e.g., access to an encrypted data file or a secured network). Here, the TPM may require a user to enter a password or other credential before the TPM allows the user to access these services. If the user uses a keyboard to enter this information, the password may be routed through the personal computer from the keyboard to the TPM via an insecure path. For example, the keyboard may connect to a USB port and a software driver may be used to transfer the data from the USB bus to a TPM that, for example, is connected to a South Bridge of the personal computer. However, the hacker or virus may be able to access data that is forwarded and/or stored by the software driver. As a result, an unauthorized person may acquire the password and gain access to the secured service.
  • Similarly, secret key information used in wireless devices may be compromised. For example, to enable secure communication between two Bluetooth devices, complementary keys may need to be loaded into each device. In some applications, a key is transferred from one Bluetooth device to the other Bluetooth device via the Bluetooth network. However, an unauthorized person may be able to intercept the broadcast Bluetooth signal containing the key. As a result an unauthorized person may acquire the key and gain access to secured services.
  • Serious consequences may result when the secured services control and provide access to sensitive information such as financial data or personal information. Accordingly, a need exists for more secure techniques for providing access to secured services.
  • SUMMARY
  • The invention relates to a system and method for authenticating a user or users to use one or more devices in a communication system. For convenience, an embodiment of a system constructed or a method practiced according to the invention may be referred to herein simply as an “embodiment.”
  • In one aspect the invention relates to authenticating a user to access a service provided by or accessible via an access device (e.g., a computing device). For example, the user may access data stored on the access device or on a remote computing device. The user also may access applications running on the access device or on remote servers. In addition the user may gain access to a data network via the access device.
  • In one aspect of the invention, credentials for gaining access to the service are provided to an input device that is proximate the access device. Cryptographic techniques may then be used to authenticate and/or protect the credentials.
  • In some embodiments, a secure communication mechanism may be established between the input device and the access device for transmission of the credentials. For example, a user may initially provide the credentials to the input device in a secure manner. In some embodiments this may include entering the credentials into a security boundary in the input device. A cryptographic processing component in the input device may then cryptographically encrypt and/or sign the credentials within the security boundary. Here, the authenticity of the signing/encrypting may be verified to the access device by a published digital certificate. The input device then provides the signed/encrypted credentials to the access device.
  • The access device may then provide the credentials to a service provider to gain access to a service. In some embodiments, a secure communication mechanism may be established between the access device and the service provider. For example, a cryptographic processing component in the access device may cryptographically encrypt and/or sign the credentials within a security boundary. Here, the authenticity of the signing/encrypting may be verified to third parties (e.g., a service provider) by a published digital certificate. The access device then provides the signed/encrypted credentials to a service provider.
  • The service provider may validate that the credentials originate from a specific access device. For example, a cryptographic processor in the service provider may use the access device's public key to cause the access device to prove that it has the corresponding private key. In addition, since the service provider has access to a certificate for the public key, assurance may be provided that the access device has a mechanism for protecting keys and that the private key of the access device was not exposed outside of the security boundary. Consequently, a high level of assurance that the credentials came from a specific and/or trusted access device that is currently being used by an authorized user (as authenticated by the cryptographic processing in the input device) may be provided to the service provider.
  • In some embodiments authentication may be used to verify that a user is in the proximity of the access device. For example, an authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the input device which in turn is in relative proximity to the access device through which access to the secured service is obtained. In this way, a reasonable assumption may be made that the authorized user is in fact using a specific access device to request the service.
  • In some embodiments an input sensor is implemented within a security boundary on the input device. In this way, the credential may be passed via the input sensor directly to the security boundary of the input device then passed securely to the access device. As a result, the credentials may be passed to the access device without being routed via software messages or applications. As a result, the credentials may not be intercepted by a hacker or computer virus that may have compromised the software executing on the access device.
  • In some embodiments the input device comprises a proximity authentication system such an RFID system. For example, a user's credentials may be stored on an RFID token and the input device may include an RFID reader. In this case, the RFID reader reads the credentials when the RFID token is proximate the input device.
  • In some embodiments the input device may comprise a biometric sensor such as a fingerprint reader. In this case, the credentials may include biometric information (e.g., a scan of a fingerprint).
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • These and other features, aspects and advantages of the present invention will be more fully understood when considered with respect to the following detailed description, appended claims and accompanying drawings, wherein:
  • FIG. 1 is a simplified block diagram of one embodiment of an authentication system constructed in accordance with the invention;
  • FIG. 2 is a flow chart of one embodiment of authentication operations that may be performed in accordance with the invention;
  • FIG. 3 is a simplified block diagram of one embodiment of a user authentication system constructed in accordance with the invention;
  • FIG. 4 is a flow chart of one embodiment of user authentication operations that may be performed in accordance with the invention;
  • FIG. 5 is a simplified block diagram of one embodiment of a user authentication system constructed in accordance with the invention;
  • FIG. 6 is a flow chart of one embodiment of user authentication operations that may be performed in accordance with the invention;
  • FIG. 7 is a simplified block diagram of one embodiment of a proximity-based authentication system constructed in accordance with the invention;
  • FIG. 8 is a flow chart of one embodiment of proximity-based authentication operations that may be performed in accordance with the invention;
  • FIG. 9 is a simplified block diagram of one embodiment of an access device constructed in accordance with the invention;
  • FIG. 10 is a simplified block diagram of one embodiment of a processing system constructed in accordance with the invention;
  • FIG. 11 is a simplified block diagram of one embodiment of a security module constructed in accordance with the invention;
  • FIG. 12 is a flow chart of one embodiment of operations that may be performed in accordance with the invention;
  • FIG. 13 is a simplified block diagram of one embodiment of a security module constructed in accordance with the invention; and
  • FIG. 14 is a flow chart of one embodiment of operations that may be performed in accordance with the invention.
  • In accordance with common practice the various features illustrated in the drawings may not be drawn to scale. Accordingly, the dimensions of the various features may be arbitrarily expanded or reduced for clarity. In addition, some of the drawings may be simplified for clarity. Thus, the drawings may not depict all of the components of a given apparatus or method. Finally, like reference numerals denote like features throughout the specification and figures.
  • DETAILED DESCRIPTION
  • The invention is described below, with reference to detailed illustrative embodiments. It will be apparent that the invention may be embodied in a wide variety of forms, some of which may be quite different from those of the disclosed embodiments. Consequently, the specific structural and functional details disclosed herein are merely representative and do not limit the scope of the invention.
  • In one aspect, the invention relates to systems and methods that provide device and/or user level authentication. For example, various techniques are described for authenticating that a user is using a device. In addition, various techniques are described for authenticating a device to a service such as enabling access to a data network.
  • In a conventional data network device level authentication may be used to ensure that only authorized devices are allowed to connect to the network. Here, cryptographic techniques may be employed to authenticate that a device that is attempting to connect to the network is the device it purports to be and is authorized to use the network. For example, a device typically connects to the network via an access point such as a router. Compatible cryptographic keys are thus provided to the router and to authorized devices to enable these devices to perform cryptographic operations that provide the desired authentication. In such a network, a mechanism must be provided for securely distributing keys to all devices that may connect to the network. Traditionally, this has been accomplished by the user or a network administrator manually loading the keys into the devices (e.g., via a keyboard or a software program).
  • Such device level authentication may have a number of drawbacks. For example, there may not be any verification as to which user is using the device. Moreover, when multiple users use the same device, there may not be an efficient mechanism to determine which verification information (e.g., cryptographic certificate) should be used to authenticate to the system.
  • FIG. 1 illustrates one embodiment of a system 100 constructed in accordance with the invention where one or more users (not shown) may use one or more access devices 102 and 104 to access services (e.g., connect to a data network) via an access server 106. For example, to access a service a user presents authentication information (e.g., credentials such as a password) to an input device 108. For convenience the term “credential(s)” may be used to refer generally to any type of information that a user may present for authentication purposes.
  • The input device 108 may include a security processing component (e.g., a security module 110, a processor with code for cryptographic operations, etc.) that provides cryptographic processing and may incorporate other security mechanisms. For example, the security module 110 may include one or more cryptographic processors that perform cryptographic operations such as encryption, decryption, authentication, verification and signing. Using the security module 110, the input device 108 may authenticate the credentials received from the user. The input device 108 may then securely send the credentials via an interface (e.g., an RF interface 124) to an access device 102 or 104 via signals 118 through a medium (e.g., a wireless medium).
  • The access device 102 or 104 includes an interface (e.g., RF interface 126 or 128) for receiving the signals 118. The access device 102 or 104 includes some form of processing (e.g., access processor 130 or 132) for accessing a service. For example, in some embodiments the access processor may comprise a processor for a cell phone or some other form of wireless device.
  • The access device 102 or 104 also may include a security processing component (e.g., security module 112 or 114) that provides cryptographic processing and may incorporate other security mechanisms. For example, a security module may include one or more cryptographic processors that perform cryptographic operations such as encryption, decryption, authentication, verification and signing. Using the security module, an access device 102 or 104 may authenticate the credentials received from the input device 108. The access device may then securely send the credentials via an interface (e.g., interface 134 or 136) to the access server 106 via signals 120 over a medium (e.g., a wireless medium).
  • The access server 106 includes an interface (e.g., interface 138) for receiving the signals 120. The access server includes some form of processing 140 for providing access to a service. For example, in some embodiments the access processor may comprise a network server for a wired and/or wireless network.
  • The access server 106 also may include a security processing component (e.g., security module 116, a key manager, etc.) that provides cryptographic processing and may incorporate other security mechanisms. Here, the security module 116 may process the received credentials to, for example, authenticate and/or decrypt the credentials. The above architecture may thus provide relatively strong authentication to the access server 106 that the credentials have been presented to a trusted input device 108 that is associated with a trusted access device 102 or 104. As a result, the access server 106 may enable the access device 102 or 104 to access the requested service.
  • Selected operations of the system 100 will be explained in more detail in conjunction with the flowchart of FIG. 2. As represented by block 202, one or more keys may be generated to enable the input device 108 to securely communicate with an access device (e.g., access device 102). In some embodiments, this is accomplished through the use of asymmetric keys.
  • For example, a unique asymmetric identity key may be provided for the input device 108 during manufacture or at some later time. The private key portion of this asymmetric key may be stored within a security boundary (e.g., the security module 110) in the input device 108. For example, a processor (e.g., a multi-purpose processor or a cryptographic processor) may generate the key within this security boundary and the private portion of the key may never be allowed to appear outside of the security boundary in the clear (i.e., unencrypted). Additional details of a security boundary are provided below.
  • The public portion of the key may then be published with a digital certificate. For example, the manufacturer of the input device may publish the public key and the certificate on a publicly accessible server. The certificate may serve to verify that the public key is authentic, that the private key has not been disclosed outside the security boundary and that the input device that holds the private key provides a mechanism to securely receive, use and maintain keys. Thus, the certificate serves to strongly verify the authenticity of any information provided by an input device that has the corresponding private key.
  • In some embodiments, the input device and the access device may use the asymmetric key to negotiate one or more other keys that may be used for cryptographic processing. For example, these other keys may be used to encrypt, decrypt, sign, etc., information send between these components. In this way, an authenticated and/or secure channel may be established between the input device and the access device. That is, each component will have one or more keys that enable it to encrypt, decrypt or authenticate information that it sends to or receives from the other component. In this way, sensitive information (e.g., credentials or keys) may be securely sent over a link 118 (e.g., a wireless link such as Bluetooth, etc.) that may not otherwise be secure.
  • Referring now to block 204, keys also may be generated for the security module in the access device during manufacture or at some later time. Thus, a unique asymmetric identity key may be provided for the access device 102. The private key portion of this asymmetric key may be stored within a security boundary (e.g., the security module 112) in the access device 102. The public portion of the key may then be published with a digital certificate that may serve to verify that the public key is authentic, that the private key has not been disclosed outside the security boundary and that the access device that holds the private key provides a mechanism to securely receive, use and maintain keys. Thus, the certificate serves to strongly verify the trustworthiness of the access device. This asymmetric key pair may then be used to establish an authenticated and/or secure channel between the access device and the access server or some other device.
  • Referring now to block 206, once the devices are installed in the field, the devices and the access server may establish secure channels over media that may otherwise be insecure. In some embodiments this may involve performing asymmetric key exchange operations.
  • At block 208, to enable the access server to recognize the credentials assigned to a given user, the credentials are enrolled (e.g., entered into) the access server. This may be accomplished, for example, using a credential enrollment mechanism. Additional details of various credential enrollment mechanisms are discussed below.
  • The credential enrollment mechanism provides the credential information to the security module 116 which may then generate one or more keys associated with that credential. These keys may comprise, for example, SSL or IPsec keys/security associations that may enable the user to log onto a security network.
  • Referring to block 210, when a user wishes to access a service via the access device 102, the user presents his or her credentials to a data input component 122 on the input device 108. The data input component may comprise a keypad, an RFID reader, a sensor, etc.
  • In some embodiments the input device 108 is a biometric sensor. For example, the sensor may comprise a fingerprint reader. Alternatively, the sensor may comprise a retina/iris scanner, an audio input device (e.g., a microphone) for speech recognition, a camera sensor (e.g., a CCD device) for, e.g., facial feature recognition or a DNA typing device. In addition, appropriate processing may be provided on the sensor integrated circuit to facilitate retrieval and analysis of this information.
  • In some embodiments credentials may be provided to the input device via a direct path into the security boundary of the input device. For example, credentials may be directly entered into a device located within a security boundary. This may be accomplished, for example, using a keyboard, an RFID reader, a biometric sensor, etc., that is physically attached to a component within the security boundary. Additional details of these types of components are discussed below.
  • Referring to block 212, the input device 108 sends the credentials to the access device 102 via the authenticated and/or secure channel discussed above. For example, a cryptographic processor in the input device may use a key obtained from the negotiation with the access device 102 discussed above to sign and/or encrypt the credentials. Typically, the cryptographic processor signs the credentials using such a key or the private key of the input device.
  • Referring to block 214, the access device 102 processes the credentials, as necessary, and sends the credentials to the access server 106 via the authenticated and/or secure channel 120 discussed above. For example, a cryptographic processor in the access device 102 may use a key obtained from the negotiation with the access server 106 discussed above to encrypt the credentials. Typically, the cryptographic processor signs the credentials using such a key or the private key of the access device 102.
  • At block 216, cryptographic processor(s) in the access server 106 process the encrypted/signed credentials. Through this cryptographic process, the access server obtains strong authentication that the credentials are from a user that is using a specific access device 102. Moreover, assurances may be made via the certificate that the input device (e.g., keyboard, sensor, RFID components, etc.) through which a user inputs credentials is proximate to that access device.
  • The access server 106 then checks the credential database to verify that the credentials are associated with an authorized user. If so, the access server 106 generates or retrieves the key (e.g., key A) that corresponds to that credential or otherwise enables access to a requested service. The access server may then, for example, send the key to the access device 102 (block 218). Typically, the cryptographic processor 124 will encrypt the key to protect it during transmission. Here, the cryptographic processor may use a negotiated key or the public key associated with the private key to encrypt key A.
  • Once the access device 102 receives encrypted key A, the cryptographic processor decrypts key A and uses it to, for example, establish a connection with a network (block 220).
  • Referring now to FIG. 3 additional details of the authentication process will be discussed. FIG. 3 illustrates one embodiment of a system 300 constructed in accordance with the invention where one or more users (not shown) may use one or more access devices 302 and 304 to access services 330 (e.g., connect to a data network) via an access server 306. For example, to access a service a user presents authentication information (e.g., credentials 308 such as a password) to the access device 302 via a proximate input device (not shown). For convenience the term “credential(s)” may be used to refer generally to any type of information that a user may present for authentication purposes.
  • The access device 302 may include a security module that provides cryptographic processing and may incorporate other security mechanisms. For example, a security module may include one or more cryptographic processors 328 that perform cryptographic operations such as encryption, decryption, authentication, verification and signing. Using the security module, the access device 302 may authenticate the credentials received from the input device and securely send the credentials to a key manager 310 in the access server 306.
  • The key manager 310 provides a secure environment for generating, assigning and maintaining keys that are used in the system. The key manager includes one or more cryptographic processors 324 for securely performing cryptographic operations including encryption, decryption, authentication, etc. The key manager also includes a secure data memory 322 for storing keys 326 in a manner that prevents the keys from being accessed by unauthorized persons or methods.
  • To provide secure processing and key storage a security boundary is associated with and enforced by the key manager. This security boundary may be established, for example, using hardware and/or cryptographic techniques.
  • Hardware techniques for providing a security boundary may include, for example, placing components within a single integrated circuit. In addition, one or more integrated circuits may be protected by a physical structure using tamper evident and/or tamper resistant techniques such as epoxy encapsulation.
  • Encryption techniques for establishing a security boundary may include, for example, encrypting any sensitive information before it leaves the key manager. For this purpose, the key manager may use one or more of the cryptographic processors 324 and store the associated encryption/decryption keys 326 in an internal secure data memory 322.
  • To maintain the security of the system 300, any keys distributed by the key manager to other components in the system should be adequately protected. For example, provisions may be made to ensure that keys are only delivered to authorized devices. In addition, provisions may be made to protect the keys during distribution and within the recipient devices.
  • In some embodiments the access device 302 includes one or more cryptographic processors 328 and keys (e.g., key 314) to authenticate information that is sent from the access device 302 to the access server 306, to facilitate secure transmission of keys to the access device 302, and to protect the keys used by the access device 302.
  • For example, using digital certificates and other cryptographic processes the access device 302 may provide strong authentication to the access server 306 that the credentials it sends to the access server 306 are from a user that is using that specific access device. In addition, these processes may be used to verify that the access device 302 provides a high level of protection for key material.
  • Once this authentication is provided to the access server 306, the key manager 310 may safely distribute keys to the access device 302 to facilitate access to the desired service. For example, the key manager may distribute keys to the access device to enable the access device to connect to a data network.
  • The embodiment of FIG. 3 provides an efficient mechanism that enables a user to, for example, use a variety of access devices to gain access to a network. Here, the user initially authenticates himself or herself to each device. The access server then automatically builds the network by distributing the necessary keys to each device. As described herein this process may be accomplished with a high level of security. Moreover, since the access server provides the appropriate keys to each device, the key material does not need to be given to the user. In addition, the user may not be required to, for example, provide a digital certificate to each access device he or she uses in the network.
  • Selected operations of the system 300 will be explained in more detail in conjunction with the flowchart of FIG. 4. As represented by block 402, one or more keys may be generated to enable the access device to securely communicate with the access server. In some embodiments, this is accomplished through the use of asymmetric keys.
  • For example, a unique asymmetric identity key 314 may be provided for each access device. The private key portion of this asymmetric key may be stored within a security boundary (represented by dashed line 312) in the access device. For example, a cryptographic processor 328 may generate the key within this security boundary and the private portion of the key may never be allowed to appear outside of the security boundary 312 in the clear (i.e., unencrypted). Additional details of a security boundary are provided below.
  • The public portion of the key may then be published with a digital certificate. For example, the manufacturer of the access device may publish the public key and the certificate on a publicly accessible server. The certificate serves to verify that the public key is authentic, that the private key has not been disclosed outside the security boundary and that the access device that holds the private key provides a mechanism to securely receive, use and maintain keys. Thus, the certificate serves to strongly verify the authenticity of any information provided by an access device that has the corresponding private key.
  • In some embodiments, the access device and the access server may use the asymmetric key to negotiate one or more other keys that may be used for cryptographic processing. For example, these other keys may be used to encrypt, decrypt, sign, etc., information send between these components. In this way, a secure channel (represented by dashed lines 316) may be established between the access device and the access server. That is, each component will have one or more keys that enable it to decrypt encrypted information that it received from the other component. In this way, sensitive information (e.g., keys) may be securely sent over a link 318 that may not otherwise be secure.
  • Referring now to block 404, to enable the access server to recognize the credentials assigned to a given user, the credentials are enrolled (e.g., entered into) the access server. This may be accomplished, for example, using a credential enrollment mechanism 320. In some embodiments the credential enrollment mechanism may comprise a keyboard and monitor console for the server. In some embodiments the credential enrollment mechanism 320 may be inside a security boundary associated with and enforced by the key manager 310. For example, the credential enrollment mechanism 320 may comprise a keyboard that is physically attached to the key manager, an RFID reader, a biometric sensor, etc. Additional details of these types of components are discussed below.
  • The credential enrollment mechanism 320 provides the credential information to the key manager 310 which may then generate one or more keys associated with that credential. These keys may comprise, for example, SSL or IPsec keys/security associations that may enable the user to log onto a security network. The key manager may then maintain a database that associates each authorized user's credential (e.g., credential A) with key(s) and certificate(s) (e.g., key A) that may be generated for that user.
  • The credentials and the associated key(s) may be stored in a secure data memory 322. In some embodiments the data memory 322 may be protected within a physical security boundary of the key manager 310. For example, the database 322 may be located within a secure enclosure and/or within the same integrated circuit as the key manager. In some embodiments the data memory 322 may be located external to the key manager. In this case, however, the key manager may encrypt the keys before they are stored in the data memory.
  • Referring to block 406, when a user wishes to access a service via the access device 302, the user presents his or her credentials 308 to the access device. As discussed above, the credentials 308 are provided to the access device via a proximate input device.
  • In some embodiments credentials may be provided from the input device to the access device via a direct path into the security boundary of the access device. For example, in the access device 304 credentials 332 may be directly entered (as represented by dashed line 334) into a device located within a security boundary 336. This may be accomplished, for example, using a wireless interface that is physically attached to a component within the security boundary.
  • Referring to block 408, the access device 302 sends the credentials 308 to the access server 306 via the secure channel 316 discussed above. For example, a cryptographic processor 328 may use a key obtained from the negotiation with the access server 306 discussed above to encrypt the credentials. Typically, the cryptographic processor(s) 328 sign the credentials using such a key or the private key 314.
  • At block 410, cryptographic processor(s) 324 in the access server 306 process the encrypted/signed credentials. Through this cryptographic process, the access server obtains strong authentication that the credentials are from a user that is using a specific access device 302. Moreover, assurances may be made via the certificate that an input device (e.g., keyboard, sensor, RFID components, etc.) through which a user inputs credentials is proximate to that access device.
  • The access server 306 then checks the credential database to verify that the credentials are associated with an authorized user. For example, the access server may determine whether the credential matches a credential (e.g., credential A) stored in the data memory 322.
  • If so, the access server 306 generates or retrieves the key (e.g., key A) that corresponds to that credential. The access server then sends the key to the access device 302 (block 412). Typically, the cryptographic processor 324 will encrypt the key to protect it during transmission. Here, the cryptographic processor may use a negotiated key or the public key associated with the private key 314 to encrypt key A.
  • Once the access device 302 receives encrypted key A, the cryptographic processor 328 decrypts the key and stores decrypted key A 340 within the security boundary 312. Here, the cryptographic processor 328 may use a negotiated key or the private key 314 to decrypt key A. The access device 302 may then use key A 340 to, for example, establish a connection with a network (block 414).
  • If desired, the user may then use another access device (e.g., access device 304) to access the network. Again, the user presents his or her credentials (e.g., the same credentials referred to above) to access device 3.04 via the input device (not shown). Cryptographic processor(s) 342 may then encrypt/sign the credentials and send them to the access server via a secure channel 346 over a link 348 that may not otherwise be secure. Again, an asymmetric identity key 344 may be used to establish the secure channel 346, form the basis of a digital certificate, sign credentials, etc. The access server 306 then verifies the credentials. Here, since the access server has received the same credentials it may assume that the same user has authenticated to the access device 304. Accordingly, the access server sends the same key (e.g., key A) to the access device 304 via the secure channel 346, thereby binding these access devices together. The cryptographic processor 342 decrypts encrypted key A and stores decrypted key A 350 within the security boundary. Access device 304 may then use key A to connect to a network or access another service.
  • In addition, more than one set of credentials may be presented to a given access device to access a network. For example, multiple users that are assigned different credentials may share an access device. In addition, the same user may have different credentials that provide access to different services such as personal services or employer provided services. Accordingly, another set of credentials may be stored in the access server database and associated with a unique key (e.g., key B). When these other credentials are presented to the access device 304, the key B will be provided to the access device 304 using the secure techniques discussed above. Accordingly, access device may use the key B 350 to establish a separate, cryptographically secure connection to a network.
  • These aspects of the invention will be described in more detail in conjunction with FIGS. 5 and 6. FIG. 5 is a simplified diagram of one embodiment of a network system that may support a variety of communication and data processing devices.
  • In FIG. 5 access devices connect to a wide area network (“WAN”) 502 such as the Internet via an access point (e.g., a router) 504. Here, the access point may serve as the access server discussed herein. Alternatively, the access point 504 may connect to an access server (not shown) such that the credentials and keys pass through the access point as they are sent between the access server and the access devices. In either case, credentials for any users that are authorized to access the system may be enrolled with the access server.
  • The access point 504 may provide connectivity for wired or wireless devices. For example, a network printer 512 may be connected to the access point by a wired connection as represented by line 506. A voice-over-Internet-Protocol (“VoIP”) phone 514 also may connect to the access point via a wired connection as represented by line 508.
  • Other devices may connect to the access point via radio frequency (“RF”) signals as represented, for example, by the curved lines 510. Here, the access point 504 may support wireless standards such as Bluetooth, 802.11, GSM, etc.
  • Examples of access devices include a VoIP phone 514 that supports the Bluetooth protocol; a laptop computer 516 that supports 802.11 and/or Bluetooth; a personal digital assistant (“PDA”) 518 that supports 802.11 and/or Bluetooth and may include a cellular telephone that supports, for example GSM; a personal entertainment device 520; a phone 522 that supports GSM and/or 802.11 and that communicates with peripherals such as a wireless headset 524 via Bluetooth; and a personal computer 526 that supports an 802.11 wireless connection and that communicates with wireless peripherals such as a Bluetooth-enabled keyboard 528 and mouse 530.
  • As discussed herein, each of the devices 512-530 may include a security module (not shown) that enables the device to securely and efficiently receive any keys necessary to connect to the data network 502 and/or to other devices. In the latter case, for example, keys may be securely distributed between devices to enable a peripheral (e.g., keyboard 528) to securely communicate with a base device (e.g., computer 526). Accordingly, users may connect any of these devices to the network or other devices by simply providing their credentials to one or more input devices 536 which then route the credentials to the device(s) as discussed herein. For example, an input device 536 may communicate with a device 512-530 to provide a credential to a device 512-530. In the case of the peripherals (e.g., keyboard 528), the credentials may be passed through the base device (e.g., computer 526), then routed to the access server 504.
  • Additional details of the authentication components and processes that may be incorporated into these devices are described herein. For example, several embodiments for providing credentials to an access device or an access server are discussed below in conjunction with FIGS. 7-10. In addition, several embodiments of security modules are discussed below in conjunction with FIGS. 11-14.
  • Referring to FIG. 6, a simplified flowchart is illustrated relating to operations that may be performed in a network system (e.g., as shown in FIG. 5). For example, such a system may include multiple access devices and support multiple users and multiple levels of credentials. In general, these operations may be performed as discussed herein, for example, in conjunction with FIGS. 3 and 4. For convenience, not all of the operations involved in the process are illustrated in FIG. 6 or discussed below.
  • As represented by block 602, a credential for a user (referred to for convenience as “user A”) is enrolled with the access server. At block 604, user A presents his or her credential to an input device that then sends the credential to an access device (referred to for convenience as “access device 1”). The access device 1 sends the credential to the access server and, after the access server verifies that the credential has been enrolled, the access server sends the associated key(s) to the access device 1 (block 606). Access device 1 may then use the key(s) associated with user A to connect to the network (block 608).
  • Blocks 610-614 illustrate that a network may be automatically built as a user provides his or her credentials to multiple access devices in the system. As represented by block 610, user A may provide his or her credential to another access device (referred to for convenience as “access device 2”) via the input device. The access device 2 sends the credential to the access server and, after the access server verifies that the credential has been enrolled, the access server sends the associated key(s) to the access device 2 (block 612). Access device 2 may then use the key(s) associated with user A to connect to the network (block 614).
  • Blocks 616-622 illustrate that a given device may be used by several users to access the network. Here, each of the users may be assigned different credentials. As represented by block 616, a credential for another user (referred to for convenience as “user B”) may be enrolled with the access server. At block 618, user B also may provide his or her credential to the access device 1 via the input device. The access device 1 sends the credential to the access server and, after the access server verifies that the credential has been enrolled, the access server sends the associated key(s) to the access device 1 (block 620). Access device 1 may then use the key(s) associated with user B to establish an entirely separate and cryptographically secure connection with the network (block 622).
  • In practice, the separate set of credentials identified above as being associated with user B may be a second set of credentials assigned to a given user (e.g., user A). For example, a user may have one set of credentials assigned for one network (e.g., a home network) and another set of credentials assigned for access to another network. Referring to FIG. 5, the devices 514 and 516 may be used to connect to an enterprise LAN at the user's office. In this case, the second set of credentials may be provided to the office network 534 via the WAN 502 and other routing mechanisms 532. Once the appropriate keys are exchanged, an enterprise virtual private network (“VPN”) or other form of connection may be established between the access device and the office network 534. Again, this network may be entirely separate and cryptographically secured from any other network connections for that user or any other user of the system.
  • Blocks 624-628 illustrate that the network may be continued to be automatically built as other users provide his or her credentials to multiple access devices in the system. As represented by block 624, user B may provide his or her credential to another access device (referred to for convenience as “access device 3”). The access device 3 sends the credential to the access server and, after the access server verifies that the credential has been enrolled, the access server sends associated key(s) to the access device 3 (block 626). Access device 3 may then use the key(s) associated with user B to connect to the network (block 628).
  • The system described above may provide several advantages as compared to conventional systems. Traditional networks may only provide device level authentication that is achieved by manually configuring the head end and all devices that may connect to the network. For example, the router may be configured by an administrator physically connected to a LAN port of the router. Here, the administrator may enter in the keys for the router and identify each of the devices that may connect to the router. In addition, the administrator may manually configure each device in the network with the necessary key to enable the device to connect to that specific router.
  • In contrast, a network constructed using the teachings described herein may be automatically built by binding components (e.g., access devices) together as a user authenticates himself or herself to these components. This is facilitated, for example, by the ability to securely authenticate at the system level. For example, the proximity of the user may be verified as well as the ability of a security module to protect keys (e.g., using appropriate hardware).
  • A variety of secure techniques may be used to authenticate a user to a device. For example, a credential may be provided via a direct connection into an input device, credentials may be injected into a security boundary of a device via RFID signals or a sensor may be physically located within a security boundary of a device.
  • Here, the network may be built using digital certificates based on public/private keys pairs. This process may be initiated by using a private key that is protected on each component and may provide a secure environment where the components may dynamically change the keys.
  • In addition, each user does not need access to the keys that identify that user since the user does not need to pre-configure each device with the appropriate key. Instead the user may only present information such as a credential to obtain access to the network via a given device.
  • Moreover, a system may be configured to provide multiple networks. Each of these networks may include a given set of components that are defined for different users and/or for different permission levels for a given user. These networks may be secured from one another by using cryptographic techniques to authenticate access to each network and secure the data flowing though each network.
  • Referring now to FIGS. 7-10, several embodiments of mechanisms for providing credentials to a device will be discussed. In general, the following description describes providing credentials to an access device. However, these mechanisms also may be used to provide credentials to an access server or some other component in a system.
  • FIG. 7 illustrates one embodiment of a system 700 where selected services may be provided to a user via a computing device when a wireless token assigned to a user is proximate to the input device. An input device 716 includes components that may be used to determine whether a wireless token (e.g., an RFID token) 742 assigned to a user or users is proximate to the input device 716. For example, a wireless proximity reader (e.g., an RFID reader 728) may be configured to receive signals 744 (e.g., RF signals) from the wireless proximity token 742. The signals 744 may include information that uniquely identifies the wireless proximity token 742. For example, this information may include one or more credentials (e.g., a password) that may be used to access a secured service through an access server 704.
  • The determination of proximity between the token 742 and the reader 728 may be established using a variety of mechanisms depending on the application. In some embodiments, the token will not generate signals until it is within a given distance of the reader. This may be accomplished, for example, by using a relatively passive token that intercepts signals transmitted by the reader and transmits signals in response to the received signals. Different distances between the token 742 and the reader 728 may be defined as indicative of proximity depending on the requirements of the application and, in some cases, characteristics of the operating environment.
  • RF interfaces (e.g., Bluetooth interfaces) 736 and 706 and associated antennas 734 and 732 may then be used to send the credentials from the input device 716 to the access device 702 via RF signals 730. The RF interfaces also may be used for other communications between the input device 716 and the access device 702.
  • An access device 702 such as a computer may request access to a service from the access server 704 by sending a request over a communication link 726. Depending upon the particular application, the communication link 726 may comprise, for example, electric wires, optical cables or air. Thus, the access device 702 may support wired or wireless communications with the access server 704.
  • Typically, access to the service will be initiated by the user's interaction with the access device 702. For example, the user may use a keyboard or pointing device (e.g., a computer mouse) to access the service. In conjunction with this the user may be required to input a password and/or provide a biometric (e.g., a fingerprint) to a biometric sensor to verify the authenticity of the user. In this way, access to a service may be withheld until the user provides adequate credentials including, for example, what the user knows (e.g., a password), what the user possesses (e.g., a token) and who the user is (e.g., a physical or biometric characteristic).
  • The input device 716 and the access device 702 may incorporate security mechanisms to ensure that the credentials provided by a user may be secured when the credentials are maintained within and sent from these devices. For example, the input device may provide a security boundary within which any sensitive information (e.g., credentials received from the token and keys received from the access device) may be used and maintained in a secure manner. In addition, the access device may provide a security boundary to protect any sensitive information (e.g., keys and credentials)
  • To this end, these devices may include security modules 708 and 746 that provide cryptographic processing to, for example, sign and/or encrypt the credentials. In some embodiments information may only pass between the reader 728 and the security module 746 via a connection within a common integrated circuit. Thus, the input device may be configured so that the credentials never leave the integrated circuit in the clear.
  • In addition, the access device 702 may be in secure communication with the access server 704. For example, a cryptographically secured communication channel 718 may be established between the security module 708 and the access server 704. In this case, the security module 708 may process (e.g., encrypt/sign) the credentials before sending them to the access server 704. Accordingly, the security modules may provide strong authentication that the credentials are from a specific token 742 that is proximate that particular input device 716 that, in turn, is relatively proximate a specific access device 702.
  • After the access server 704 has received authenticated credentials from the access device 702, the access server may provide access to the requested service. As used herein the term service may include, for example, access to data and/or a data processing service. Thus, a service may enable an access device to, for example, read or write data in a data memory, access encrypted data, use cryptographic keys, gain access to cryptographic material such as security associations and keys, access a web page, access a data network or access a processing application.
  • As used herein the term data may include any information that may be accessed by a computing device including, for example, data files, passwords and cryptographic security associations including keys.
  • As used herein the term access may include, for example, acquiring, using, invoking, etc. Thus, data may be accessed by providing a copy of the data to the access device. Data also may be accessed by enabling the access device to manipulate or use the data. As an example of the latter, once a user has been authorized to access a service a trusted platform module may use keys to perform operations for the user. For a data network, access may include, for example, sending and/or receiving data over the network. For a processing application access may include, for example, invoking, interacting with or using the application or loading the application onto the access device.
  • An access server may comprise hardware and/or software that facilitate providing a service. For example, an access server may consist of a processing system that processes requests for service, verifies whether the requester is authorized to access the service and provides or facilitates the requested access.
  • In practice, an access server may be located local or remote with respect to the entity requesting service (e.g., access device 702). For example, a local trusted platform module may control access to passwords in a computing system. In addition, a remote wireless access point may control a computing system's access to a data network connected to the access point.
  • An access device may comprise hardware and/or software that facilitate access to a service. For example, an access device may comprise a computing system such as, without limitation, a personal computer, a server, a cellular phone, a personal data assistant (“PDA”), etc.
  • For convenience, FIG. 7 only depicts one token, input device, access device and access server. It should be understood, however, that a system may include any number of these components. For example, a user may use a token to access one or more services via one or more access devices. Thus, an access device may access services from multiple access servers. Also, multiple access devices may access the services provided by a given access server.
  • Authorization to access a service may depend on the specific token and access device being used. For example, a user may be assigned one token to access certain services through certain access devices. In addition, the user may be assigned another token to access other services through the same or other access devices. Also, multiple sets of information (e.g., credentials) may be included on a single token to enable a user to access different services or to enable multiple users to share a token.
  • A wireless proximity reader and token may be implemented using one or more of a wide variety of wireless proximity techniques. For example, the proximity reader and the token may support, without limitation, one or more of RFID, ISO 14443 and ISO 15693.
  • Tokens may be implemented in various physical forms depending upon the needs of the respective applications. For example, a token may be in a form that is easy to carry, similar to a plastic credit card, a “smart card” or a building access card. Also, a token may take the form of a tag or a label that may be attached to another article.
  • Examples of tokens may include, without limitation, smart cards, credit cards, dongles, badges, biometric devices such as fingerprint readers, mobile devices such as cellular telephones, PDAs, etc. In some embodiments, the token includes circuitry used in a typical smart card. For example, the token may store an encrypted password that may be sent to an authentication system.
  • Referring now to FIG. 8 additional details of operations and configurations in a proximity-based authentication system will be described. As represented by block 802, a security boundary is provided within the input device 716 and the access device 702 to, for example, secure the process of gaining access to a service, including securing the authentication process and information used during the authentication process. This security boundary may be established, for example, using hardware and/or cryptographic techniques.
  • Hardware techniques for providing a security boundary may include, for example, placing components within a single integrated circuit. As shown in FIG. 7 an RF interface 706, a security module 708 and other processing components 710 may be incorporated into a single integrated circuit 712. Thus, any processes performed or information used or stored within the integrated circuit 712 may not be compromised absent physical access to the integrated circuit 712 and the use of an invasive technique for analyzing the internal operations and data of the integrated circuit 712. For many applications, this form of hardware security boundary may provide an acceptably high level of security.
  • Other means may be used to provide a security boundary. For example, one or more integrated circuits (e.g., integrated circuit 712) may be protected by a physical structure using known techniques (e.g., epoxy encapsulation). Also, the access device 702 and/or its internal components may be tamper resistant and/or tamper evident.
  • Cryptographic techniques for providing a security boundary may include encrypting any important information that is sent to or from the integrated circuit via non-secure paths in the system. For example, security associations and keys may only appear in the clear within the integrated circuit 712. In the event keys need to be sent out of the integrated circuit 712 (e.g., to be stored in a data memory 714), the keys may first be encrypted.
  • Similarly, any important information that is sent between the integrated circuit 712 and the access server 704 may be encrypted. For example, information (e.g., credentials) received from the RFID token 742 may be encrypted before being sent over the link 726.
  • In FIG. 7 one cryptographic security boundary is represented by the dashed line 718. The line 718 represents, in part, that encrypted information may be sent between the security module 708, the processing component 710 and the data memory 714. Thus, the information may be sent securely even though the mechanism through which this information is sent (e.g., a data bus 720) may not be secure.
  • Encrypted information also may be sent between the integrated circuit 712 and a cryptographic processor 722 in a key manager 724 in the access server 704 via the communication link 726. In this case, the cryptographic processors may perform key exchange and encryption, decryption and/or authentication operations as necessary to send and receive the encrypted information and provide the information in the clear for internal processing.
  • In general, the form of protection provided within the system may depend on the requirements of a given application. For example, specifications such as FIPS-140-2 define various levels of security that may be implemented within a system
  • The security boundary provided by the integrated circuit 712 and the cryptographic boundary 718 may be used to provide a secure mechanism for authenticating a user to access a service. For example, credentials received from the RFID token 742 may be provided directly into an integrated circuit on the input device 716 via RF signals 744.
  • Once the information is in the integrated circuit on the input device 716 it may be protected by the physical boundary of the integrated circuit and by a cryptographic boundary (not shown). For example, provisions may be made to ensure that the information does not appear in the clear outside of the integrated circuit. The information may then be securely sent to the access device 702 via what may otherwise be an insecure link 730.
  • Credentials received from the input device 716 may be provided directly into the integrated circuit 712 via RF signals 730. Once the information is in the integrated circuit it may be protected by the physical boundary of the integrated circuit and by the cryptographic boundary 718. Thus even if rogue software in the system were to gain access to the information outside of the chip 712, the software would not be able to decrypt it without appropriate key information. However, the key information also may be protected within the integrated circuit 712 and the cryptographic boundary 718. That is, the key information may not appear in the clear outside of the security boundary. As a result, the credentials may be securely routed to the access server 704.
  • Moreover, via this secured mechanism, the access device 702 may reliably authenticate to the access server 704 that a specific RFID token 742 is proximate the input device 716. First, as discussed above, the credentials may be received in a secure manner. Second, the effective “decision” as to whether the token 742 is adjacent may be made within a security boundary. The security module 708 may then cryptographically sign this information using a secure protocol set up between it and the cryptographic processors 722 of the key manager 724. Via this signature the access server 704 may be assured that a given message came from a specific processing system (e.g., access device 702) and that the message has not been compromised. Accordingly, proximity of the token 742 to the input device 716 may be used as a reliable method of authorizing access to a secured service provided by the service provider.
  • Referring again to FIG. 8, an example of operations that may be used to access a service will be described. As represented by block 804, when the RFID token 742 is within an appropriate range of the input device 716, the RFID reader 728 will receive an RFID signal 744 from the RFID token 742. As discussed above, the RFID signal 744 may be received by the input device 716 within a security boundary.
  • As represented by block 806, the system 700 may be configured so that any information contained within the broadcast RFID signal may be extracted only within a security boundary. For example, as shown in FIG. 7, the RFID reader 728 that extracts the credentials from the RFID signal 744 may be located within an integrated circuit that includes other functionality to protect the credentials. For example, the integrated circuit may include a security module 746 that encrypts/signs the credential (block 808) to prevent the information from being sent out of the integrated circuit in the clear. Here, the cryptographic processor in the security module 746 may use a private key to encrypt the information. A public key associated with this private key may be published with a certificate from a trusted entity. This certificate serves to verify that the public key is authentic. Cryptographic processing in the access device 702 may then use the public key to verify the signature of information received from the security module 746.
  • A similar secure process may then be used to send the information to the access server 704. A complementary process may be used to securely send information in the other direction across the link 726.
  • Accordingly, after the credential is signed by the cryptographic processor in the security module 708, the signed credential is sent to the key manager 724 via the link 726 (block 810). In this way, the information is, in effect, sent over a secured channel (as represented by the corresponding portion of the line 718) even though the actual data path may not be secure.
  • The key manager 724 sends the received information to the cryptographic processor 722 for decryption and/or authentication processing as necessary. The key manager 724 then verifies that the received information indicates that the user is authorized to access the network (block 812). In some embodiments the access server 704 may include a wireless proximity device (e.g., an RFID reader) and associated processing to enable the credentials to be easily and directly loaded into the access server when a user presents his or her token to the access server. In other embodiments the information may be acquired using a non-dedicated RFID reader. The acquired information may also be loaded into the access server by other means (e.g., downloaded via a communication medium).
  • Since the key manager 724 has received an indication via the cryptographic signature associated with the credential that the token 742 is proximate the access device 702, once the credentials are verified the key manager 724 may be assured that is safe to provide access to the requested service. As discussed above, providing access to a network may involve sending security associations or keys to the access device 702. These keys may be sent to the access device 702 via the secured channel (cryptographic boundary 718). Accordingly, the cryptographic processor 722 may encrypt the keys before sending them over the link 726 (block 814).
  • The access device 702 may be configured so that these keys, etc., are decrypted and maintained within the security boundary of the access device 702 (block 816). For example, the keys may be stored within the integrated circuit 712 (e.g., keys 740). Alternatively, a cryptographic processor in the security module may use a key (e.g., keys 740) to encrypt the received keys before storing them in the data memory 714.
  • As represented by block 818, the access device may then use the received keys to gain access to the network as discussed herein. Again, in some embodiments these keys may only be used in the clear within the security boundary of the access device 702.
  • Additional details of a proximity authentication device are disclosed, for example in commonly-owned U.S. patent application Ser. No. 10/955,806, filed Sep. 30, 2004, the disclosure of which is hereby incorporated by reference herein.
  • FIG. 9 illustrates another embodiment of an access device that provides a secure mechanism for entering credentials. An access device 900 includes a data interface 904 that is located within a security boundary of the access device 900. For example, the data interface 904 may be located on the same integrated circuit 902 as a security module 906. As a result, credentials may be directly entered into the security boundary.
  • In addition, the security module 906 may use one or more keys (e.g., keys 908) to encrypt credentials within the security boundary so that the credentials are not provided in the clear outside of the security boundary. Thus, the security module effectively extends the security boundary using cryptographic techniques. For example, the security boundary may be effectively extend (as represented by dashed lines 916) to an external data memory 914 by encrypting data before it is stored. In addition, the security boundary may effectively extend (as represented by dashed lines 920) through a communication medium to another cryptographic processing system (not shown).
  • In the embodiment of FIG. 9, the access device incorporates a wireless interface 910 and an antenna 912 (or another form of a wireless transceiver) to communicate with other wireless devices (e.g., a wireless access point and access server, not shown) via wireless signals 918. In some embodiments the data communication interface 910 for the access device may advantageously be located on the same integrated circuit as, for example, the security module 906. The wireless interface may support, for example, 802.11, Bluetooth and/or other wireless communication standards.
  • In some embodiments the access device may forward the input information to, for example, an access server to gain access to a service. The information also may be enrolled with a key manager. Thus, as described above, the key manager may compare information received from an access device with the key manager's database of authorized credentials (e.g., fingerprint data). When a match is received, the key manager may provide the associated key(s) to the requesting access device.
  • In some embodiments the access server may include an input device and associated processing to enable the information to be easily and directly loaded into the access server. In other embodiments the information may be acquired using a non-dedicated input device (e.g., a sensor). The acquired information may then be loaded into the access server by other means (e.g., downloaded via a communication medium).
  • FIG. 10 illustrates one embodiment of a system 1000 that provides a secure mechanism for a user to enter credentials. A processing system 1002 includes a secure processing system such as a trusted platform module (“TPM”) 1004.
  • Typically, the trusted platform module may generate and maintain keys for the processing system. For example, a TPM may provide a set of cryptographic capabilities that enable certain computer functions to be securely executed within the TPM environment (e.g., hardware). To this end the TPM may include one or more cryptographic processors that perform cryptographic operations including, for example, encryption, decryption, authentication and key management. Specifications for a TPM are defined by the Trusted Computing Group organization.
  • Typically, to enable access to services managed by the TPM, a user must first enroll his or her credentials with the TPM. This may involve, for example, providing a password to the TPM. To this end, the TPM may include an input device (not shown) that incorporates some of the secure input mechanisms and techniques disclosed in the previous discussions and the discussions that follow (e.g., direct connection, RFID, biometric sensor, keyboard, etc.).
  • Then, when a user wishes to access the services managed by the TPM, the user must authenticate himself or herself to the TPM. This may involve, for example, providing the original password to the TPM. To this end, the processing system 1002 may include an input device 1006 that is connected to the TPM via a link 1008.
  • In some embodiments, the link may be routed directly from the input device to the TPM to ensure that data may be securely sent over the link. For example, data from this link may not routed using software routines such as operating system calls. In addition, data from the link may not be stored in data memory that is accessible by other components in the system. For example, the data may not be sent through a software stack and may not be stored in a data memory that is accessed via an internal bus such as a PCI bus. Consequently, input information may be passed to the TPM without being compromised by viruses, hackers, etc., that may have compromised the system. In some embodiments an additional degree of protection may be provided by physically embedding or attaching the input device 1006 within/to the processing system.
  • Through the use of physical and cryptographic techniques the TPM securely uses and maintains sensitive information such as these credentials within its security boundary. After verifying the credentials (e.g., comparing the received credentials with previously enrolled credentials) within the security boundary, the TPM 1004 may provide the requested access or may facilitate acquiring access to a service from another processing entity.
  • In some embodiments a user may authenticate himself or herself to the TMP to use keys stored within the security boundary of the TPM. For example, the system of FIG. 10 may be used to access encrypted data (e.g., an encrypted password) stored in a local data memory (e.g., file storage 1012). In this case, the TPM 1004 may store cryptographic information (e.g., keys, security associations, etc.) that enables the TPM to decrypt encrypted data. In a typical case, once the user is authenticated, the TPM will use the key within its security boundary, then provide the results to the user. For example, the TPM may return decrypted data (e.g., media content) or signed data to the user. In this way, the keys may be used without exposing the keys in the clear outside the security boundary of the TPM.
  • In the event there is insufficient storage for the keys in the TPM, the TPM may encrypt the keys and send them to an external data storage component (e.g., file storage 1012). Thus, even if the encrypted data files in the file storage 1012 may be accessed by other components in the system the security of the encrypted data may be maintained because the keys are encrypted. In other words, sensitive information is only used in the clear within the security boundary of the TPM.
  • In some embodiments the TPM 1004 may control access to one or more data networks 1022 that are accessed via a network interface 1010. Here, the TPM 1002 may provide network authentication credentials (e.g., a certificate) to a service provider (e.g., an access point, not shown) connected to a network to authenticate it to the service provider. These network authentication credentials may be securely stored in a data memory (not shown) in the TPM 1004 or stored in encrypted form in the file storage 1012.
  • The network interface 1010 may be used to connect to wired and/or wireless network(s). As discussed herein, cryptographic techniques may be used to ensure the security of data transferred between the TPM 1004 and other devices connected to the network. Accordingly, a network connection may be used, for example, to communicate with a key manager to obtain key information (e.g., security associations) and authorization for key usage.
  • Input device 1014 depicts another embodiment of an input device that may be used to securely provide information (e.g., credentials) to the processing system. The input device 1014 includes a security module 1018 and keys 1020 implemented within a security boundary to provide cryptographic functionality. For example, the security module may be used to encrypt/sign information (e.g., credentials) entered into the input device. In this way, this information may be securely sent (as represented by dashed line 1016) to the TPM 1004.
  • The security module 1018 and the trusted platform module 1004 may include components and perform operations as discussed herein to provide strong authentication and establish a secure channel. For example, a public key and associated certificate may be published for the security module 1018 to enable the TPM to verify the authenticity and the security of the input device using techniques as discussed herein. As a result, a secure channel 1016 may be established between these components such that the security boundary of the TPM may, in effect, be extended to include the input device 1014 and the secure channel.
  • Since information sent between the components may be secured in this manner, the input device 1014 does not need to be securely connected to the processing system. Thus, the input device 1014 may be advantageously used in applications where the input device is remote from the processing system 1002 and connected to the processing via, for example, a wired or wireless interface such as a network. In addition, the input device may be advantageously used in applications where the input device may be connected to the TPM via an insecure link (e.g., a USB link in a computer).
  • In some embodiments, the input mechanism (e.g., a key pad, a sensor, etc.) on the input device 1014 may be connected in a secure manner to the security module 1018. For example, the input mechanism may be located on the same integrated circuit as the security module. In addition, these components may be implemented within a physically protected enclosure. Accordingly, the security boundary of the input device 1014 may include the input mechanism, the security module 1018 and external memory (not shown) that the security module uses to store encrypted information. As a result, the input device 1014 may provide a highly secure mechanism for a user to provide credentials to the TPM 1004
  • Referring now to FIGS. 11-14 selected components and operations of several embodiments of security modules will be discussed in more detail. In some embodiments a security module may provide key protection and management (e.g., enforcing proper usage of keys) required for multiple levels of key material.
  • In addition, a security module may provide cryptographic processing such as encryption, decryption, authentication, verification and signing for a device that uses cryptographic services (e.g., an access device) in which the security module is installed. For example, a security module may be implemented in end-user client devices such as cell phones, laptops, etc., that need some form of data security, authentication, etc. In some embodiments the security module may be integrated into previously existing chips (e.g., a main processor) within these devices.
  • The security module may be configured as part of and to enforce a security boundary. For example, the security module may be configured to never allow clear text keys to exit, for example, the security module or the chip within which the security module is implemented. As a result, the security module may be safely integrated into other devices or systems regardless of whether the system outside of the security boundary is secure.
  • In this way, the security module may provide highly secure and cost effective remote key management for a client device. The security module may provide and/or support any required cryptographic processing. A security boundary is established within the device to securely maintain and use keys and key material. Yet the system may be securely managed by a remote key management system (e.g., a hardware security module, a TPM, etc.) via the security module. Accordingly, a high level of security functionality may be provided for the end-user device using a relatively small security module that has minimal impact on the rest of the device.
  • To support this key usage and management scheme, a security module provides mechanisms for securely loading one or more keys into the module, securely storing the keys and securely using the keys. One embodiment of a stateless hardware security module 1100 that provides such mechanisms is depicted in FIG. 11.
  • The stateless module 1100 includes a master controller 1106 for controlling the overall operation of the module. For example, the controller may control boot operations, key management operations (if applicable) and data and key traffic flow into and out of the module. The controller may comprise, for example, a processor and associated code (e.g., ROM 1108) and/or a state machine or other hardware. The controller and/or any other component in the stateless module may communicate with other components in the stateless module via an internal bus 1130.
  • In some embodiments the master controller 1106 comprises a RISC processor with ROM code to execute the various commands necessary for the operation of the stateless module. The master controller block also may include the address decoder for each of the slave blocks on the internal bus 1130. The RISC engine may use a protected portion of a data buffer 1126 for temporary stack and scratch data space.
  • A bi-directional external interface 1120 provides a mechanism to send keys and/or data to or receive keys and/or data from the module. For example, the external interface may include registers that may be written to or read by the controller and external devices (e.g., a host) that are connected to the stateless module. In this case, the controller may be configured so that it never writes certain data (e.g., unencrypted keys) to the registers.
  • The external data interface 1120 may be used by a local host to read global registers, issue commands and place data into the data buffer 1126 for processing by the stateless module. The external interface may be controlled through a global register block 1122 by the master controller. These global registers may include, for example, command (“CMD”), timer and configuration (“CONFIG.”) resisters. The master controller transfers the data between the global registers block and a data buffer memory 1126.
  • The command interface provides a streaming data interface directly into the data input and data output registers. It allows an external FIFO to be used for data input and data output (separate FIFOs). This interface allows the stateless module to be easily embedded into a packet based system.
  • In some embodiments, data (e.g., data to be processed or key material) to be encrypted or decrypted may be sent to or sent from the stateless module 1100 via one or more data interfaces. For example a data interface 1102 may be used to send encrypted data or keys (e.g., that were decrypted by the module) to a cryptographic accelerator and vice versa. In addition, a data interface may be connected to an input device (e.g., a sensor) that generates data that needs to be encrypted by the stateless module. This encrypted data may then be sent to an external processing component via the external interface 1120.
  • One or more cryptographic processing blocks perform any cryptographic processing that needs to be done to acquire or use keys or to cryptographically process data flowing though the module. For example, separate processing blocks may be used to perform asymmetric key algorithms such as DSA, RSA Diffie-Hellman (block 1114), key exchange protocols or symmetric key algorithms such as 3DES, AES (block 1112) or authentication algorithms such as HMAC-SHA1 (block 1110). The cryptographic processing block may be implemented, for example, in hardware and/or using a processor that executes code stored in a data memory (e.g., ROM).
  • Typically this embodiment includes processing to generate asymmetric keys that are used to establish a secure channel with a remote device and to authenticate information sent from the module to the remote device and vice versa. Here, the private portion of the asymmetric key may be maintained within the security boundary of the chip. In addition, the stateless module also will include a mechanism for exporting the public version of the asymmetric key. For example, the public value may be loaded into the external interface register discussed above so that it may then be read by an external device. The public key value may be read from the stateless module by issuing a public key read command to the stateless module. In response to this command the module returns the public key value and any non-secure configuration information for the device (authorization data, product configuration data, etc.).
  • In some embodiments a root, identity key serves as the basis for the asymmetric key. For example, the root key for the module may comprise an asymmetric key pair (secret or private, public) that is used to uniquely identify the stateless module. In some embodiments this key is only used for digital signatures to securely identify the stateless module.
  • In some embodiments, one or more keys (e.g., the root, identity key for the module) may be injected into the stateless module. This may be performed, for example, when the chip is manufactured, when the chip is tested, during manufacture at an OEM (e.g., circuit board manufacturer), during OEM testing or during installation for the end user. This technique may be used to inject symmetric and/or asymmetric keys.
  • In some embodiments, the stateless module may generate one or more keys (e.g., the root, identity key) internally. For example, the stateless module may include a random number generator (“RNG”) 1118 and other circuitry necessary to generate a key. This embodiment may provide added security in that the generated key may never leave the security boundary of the chip.
  • In some embodiments the device identity key comprises a collection of random bits that are used to generate the key material for the long term fixed keys in the stateless module. For example, the RNG 1118 may generate a random number using the internal random number value as a secret initialization seed. The number of bits in the initialization seed may be determined by the amount of key entropy required for the system.
  • In some embodiments the value from the random number generator 1118 may not be used directly. For example, it may be post processed using the SHA-1 block 1110 by the master controller before internal usage and before exposing the number external to the stateless module as a random value. The master controller may maintain a cache of post processed random bits (for key generation and for signing) in the data buffer 1126.
  • The random number generator 1118 may be a “true” random source. For example, it may utilize free running oscillators to capture thermal noise as the source of randomness.
  • The stateless module also may include a privacy (or confidentiality) asymmetric key pair that may be used for transferring secure content to the stateless module device via an intermediate insecure third party such that the third party does not have access to the key material. In some embodiments the confidentiality key is only used to decrypt key material within the stateless module.
  • The above keys (e.g., the root, identity key, etc.) may be stored in a nonvolatile data memory (“NVM”) 1116. The NVM may comprise, for example, a one-time programmable (“OTP”) memory or battery backed memory (BBMEM) that is located on-chip or off-chip.
  • In some embodiments an on-chip OTP memory (as shown in FIG. 11) may provide certain advantages. For example, in this case the keys may be physically protected within the device so that they cannot be easily altered or observed. In addition, since the use of the keys may be confined within the chip, the keys may not appear in the clear outside of the chip. Moreover, this OTP and stateless module combination may then be implemented using a standard CMOS process. As a result, the stateless module may be readily integrated into a variety of conventional chips that are used in end-user and other devices. Such a combination may provide a very cost effective security solution.
  • Examples of architectures and implementations of OTP memory that may be advantageously implemented in CMOS are described in, for example, U.S. Pat. Nos. 6,525,955, 6,693,819, 6,700,176 and 6,704,236 and U.S. patent application Ser. No. 09/739,952, filed Dec. 20, 2000, the disclosure of each of which is hereby incorporated by reference herein.
  • The OTP may be programmed by the master controller 1106 via a programming interface in conjunction with an external programming signal VPP. The master controller may ensure (via local hardware enforcement) that the device keys, authorization and configuration data can be programmed once and only once.
  • The key-encryption-key (“KEK”) cache 1124 is a separate memory block sized based on the required number of KEKs in the system. Typically, it is large enough to hold the session private key and a single asymmetric group key.
  • The KEK Cache 1124 may be protected in hardware during the execution of any command that does not require a KEK key. For example, a signal from the global registers may be provided to the KEK cache to indicate that the command register is locked, active and contains a command that requires a KEK. Some KEK cache locations are contained in the NVM block that is used to implement the long term keys for the stateless module.
  • The application key cache 1104 may be used by the master controller to provide encryption and decryption storage for the internal acceleration cores (such as the public key core 1114 or the 3DES core 1112). The application key cache may enforce key lifetime expiration when the keys are used by either the stateless module commands or the application key cache interface.
  • In general, the performance, size and function of the blocks discussed above may be scaled to meet the demands of the system. For example, the basic cryptographic functions that implement the secure channel back to the key manager to transfer and process key material (and/or policy) may be provided at minimal processing performance levels.
  • The cryptographic accelerators contained within the stateless module can be used for application data processing when they are not being used for key management functions. For example, a stateless module for an e-commerce application may be used to protect RSA private keys. Here, the public key acceleration required for the secure channel is typically minimal (less than 10 operations/sec). Consequently, any spare processing capacity (e.g., idle cycles of a processor) may be used for other operations.
  • In contrast, public key acceleration required for a typical e-commerce accelerator is relatively high (greater than 500 operations/sec). Applications such as this may require the use of cryptographic accelerators that are specially designed to perform cryptographic operations at a high rate of speed.
  • One or more cryptographic accelerators may be attached directly to the stateless module via the application key cache interface 1102. Typically, the application key cache interface for the add-on cryptographic acceleration processing is maintained within the security boundary. For example, the stateless module and the cryptographic accelerators may be implemented on the same chip. In this manner, the cleartext keys are not allowed to leave the security boundary which also includes the public key accelerator. However, the external application may use the public key accelerator as it normally would by simply referencing the appropriate RSA private key stored in the stateless module.
  • The application key cache 1104 also may store key material that may be used by external cryptographic acceleration processors. For example, the cache 1104 may store decrypted application keys (e.g., the RSA private key for an application executing on the device that contains the stateless module).
  • The stateless module enforces key policy for keys used within the remote client. The key policy may be set by the key manager for all keys that are delivered to the stateless module. The key policy indicates how the key can be used by the stateless module. In addition to usage policy, the stateless module can enforce a lifetime for keys. Typically, a key lifetime is a relative time from the time at which the key is loaded into the stateless module. The key manager can use the multiple levels of key hierarchy and the lifetime policy enforcement to ensure that keys are used properly and are revocable at the stateless module.
  • A security assurance logic block 1128 protects the stateless module from system security attacks. To this end, several system monitors may be coupled with the other components in the stateless module and/or the chip (and/or the system) within which the stateless module resides.
  • In some embodiments, the protection circuits trigger a reset of the stateless module when an attack is detected. This reset may wipe out all transient information in the stateless module. For example, all key cache locations may be cleared. An interrupt may be provided to the local host with information on which protection mechanism triggered the reset.
  • A low frequency protection circuit ensures that the operating frequency of the stateless module does not fall below given threshold. This ensures that the time tick register value can not be compromised within the limit of a reference frequency. In addition to protecting the time tick value, the low frequency protection circuit makes it more difficult to implement successful dynamic attacks that attempt to read values within the stateless module while it is operating. In this case, the higher the threshold value, the better protection that is provided.
  • An operating point protection circuit may be provided to ensure that all logic within the stateless module operates as designed for all process, voltage and temperature conditions (or across all operating points). The protection circuit helps ensure that an attacker cannot change the operating point such that a timing path is violated in the stateless module.
  • A watchdog timer block may be used during processing to ensure that command execution completes within an expected period of time. The timer is set by the master controller whenever a command (or sub-command such as a public key operation) is started. The set time is based on the expected maximum command length. If the watchdog timer reaches zero a reset is issued to the stateless module. The watchdog timer cannot be turned off and must be written periodically by the master controller to avoid clearing the stateless module. The watchdog timer may be frozen when the stateless module is taking command input from the host.
  • A reset monitor provides protection against multiple reset attacks. The reset monitor uses a timer based on the time tick register increment that requires at least one tick before allowing more than, for example, sixteen resets to occur. If more than sixteen resets occur within the time tick, the stateless module will require at least two time ticks before releasing the sixteenth reset. The reset protection is disabled until the NVM has been properly programmed. For example, it may be disabled during manufacturing tests.
  • A hardware protection mechanism may be provided for entering and exiting a secure state while the stateless module transitions between enabling/disabling the external interface. The stateless module boots to a secure state with the external interface disabled. That is, the interface is locked out by hardware. Once reset processing and self-tests have completed, the master controller sequences through a series of commands to exit the secure state and enter a USER state. In some embodiments these commands require execution of a predefined set of sequential instructions be written to non-sequential addresses.
  • The hardware tracks the number of clocks it takes to execute each step of the sequence and ensures that these commands occur in the required order to the required address at exactly the right clock cycle. After the exit logic has completed, the mode is set via hardware to USER mode. In USER mode, the hardware locks out master controller access to all of the internal blocks except the data buffer and the data input/output registers (only blocks that are required to move data into the device).
  • Once the command has been moved into the data buffer, the master controller sequences a series of commands to return to the secure state. This sequence is again tracked and enforced via the hardware block to enter into secure mode. It also ensures via hardware that the master controller enters the secure mode with the proper entry address.
  • The master controller ROM 1108 may be programmed using an extra bit to indicate which instructions are valid code entry and code exit points. The instruction code entry/exit points are enforced in hardware whenever the master controller takes a non-sequential code fetch. This mechanism helps to ensure that it will be difficult for an attacker to get the master controller to bypass certain portions of code. As a result, it may be virtually impossible to successfully attack the module by causing random jumps in the program execution.
  • To reduce cost and die space, the stateless module may not handle processing related to communication protocols. Instead, the requirements of communication protocols may be handled by an associated device driver (or integrated processor).
  • In an alternative embodiment, the stateless module may be assigned long-term keys. In this case, the stateless module may not need to interface with a head-end server (e.g., key manager).
  • Referring now to FIG. 12, an example of operations that may be performed by one embodiment of a stateless module will be discussed. As represented by block 1202, when the stateless module is initialized for the first time after manufacture (e.g., during final test of the chip), the master controller may cause the random number generator 1118 to generate a random number that is provided as a seed to a cryptographic processor that generates a public-private key pair.
  • The master controller stores the private (identity) key in the nonvolatile memory 1116 and never exports this key outside of the security boundary of the module (block 1204). For example, in some embodiments the key never leaves the chip within which the stateless module resides. In some embodiments this key is encrypted before being stored in off-chip non-volatile memory.
  • The stateless module also stores the corresponding public key and, upon request, exports the public key (block 1206) so that the device manufacturer (or some other trusted entity) may publish the public key along with a certificate to a public server.
  • The stateless module may then be deployed in a computing device that can connect to another device (e.g., a key manager) via a network or some other link. As represented by block 1208, the stateless module may use its private key to establish a secure communication channel with, for example, a security module (e.g., a key manager) that has access to the stateless module's public key.
  • As represented by block 1210 the key manager may send keys to the stateless module via the secure communication channel. For example, the key manager and stateless module may negotiate to obtain additional keys that may be used to provide secure communications between the two components. In addition, the key manager may send keys to a remote client via the stateless module. For example, the key manager may generate a private session key (Ka-priv) for a client that incorporates the stateless module. As discussed above, the key manager may encrypt this key using the stateless module's public key (Kdc-pub) or some negotiated key before sending it to the client.
  • As represented by block 1212, the keys are decrypted within the security boundary associated with the stateless module. For example, cryptographic processors in the stateless module may decrypt these keys. Alternatively, another cryptographic processor located on the same chip as he stateless module may decrypt the keys.
  • As represented by block 1214, the stateless module may then use the keys within the security boundary. For example, cryptographic processors in the stateless module may use these keys to decrypt other keys (e.g., session keys). In addition, the stateless module may enforce key policy within the security boundary (block 1216).
  • In some embodiments, as represented by block 1218, the stateless module may provide keys to one or more cryptographic accelerators within the security boundary. For example, the cryptographic accelerators may be located on the same chip as the stateless module.
  • Referring now to FIG. 13, one embodiment of a stateless secure link module 1300 will be discussed in detail. This embodiment includes, in general, a subset of the functionality of the embodiment of FIG. 11. In particular, this embodiment only provides data encryption, decryption, etc. using a symmetric key. One advantage of this configuration is that it may be implemented in other devices with even less impact on the cost and the size of the devices.
  • In a typical application the embodiment of FIG. 13 is used to take data that originates from an input device and securely provide that data to a recipient device that uses the data (e.g., an access device or an access server). This process may involve encrypting the data so it does not appear in clear text and/or signing the data to certify to the recipient device that the data originated from a specific input device.
  • For example, the stateless module may be integrated into a chip for a sensor (e.g., a biometric sensor such as a fingerprint reader). Here, the stateless module may be used to sign and/or encrypt the information generated by the sensor. The stateless module may then securely send the information to a recipient device that uses the information. In this case, the recipient device may use a fingerprint comparison as a means to control access to data or a service.
  • In some embodiments the sensor data is always maintained within a security boundary. First, by incorporating the stateless module into the sensor chip, the information may be encrypted before it leaves the hardware boundary of the chip. Second, the stateless module may establish a secure channel with the recipient device through a symmetric key exchange. In this way, the information may be securely sent to the recipient device. Third, the recipient device may be secured in a conventional manner or using techniques as described herein.
  • As an example of the latter scenario, the recipient device may include a stateless module as described above in conjunction with FIG. 11. In this case, the recipient device may use other keys to, for example, securely send the information to a remote system. One example of such a remote system is a network access device that enables access to a network based on the user's credentials such as the user's fingerprint.
  • In other embodiments, it may only be necessary to establish that the data originated from a specific input device. For example, the system may make other provisions to ensure that a copied fingerprint data stream is not being replayed at a later time. In this case, it may be unnecessary to encrypt the information. All that may be needed here is an assurance that the information is being sent by a specific sensor. In this case, adequate security may be provided by simply signing the data.
  • To provide a solution that is cost effective for a variety of input devices, the stateless module of FIG. 13 has a reduced set of functionality as compared to, for example, the embodiment of FIG. 11. The stateless module includes a master controller 1306 and an external interface 1312 to enable the asymmetric key operations that are performed when the secure link is initially established with, for example, a key manager. Thus, the controller 1306 includes circuitry to generate and verify the validity of its keys. In addition, the module may include assurance logic 1320 similar to that discussed above.
  • However, because the module only uses a single symmetric key, much of the functionality depicted in FIG. 11 is not provided in the embodiment of FIG. 13. For example, the module does not need to provide management capabilities (e.g., enforcement of key policy) and data storage (e.g., application key cache) for extra keys. Also, the non-volatile ROM (“NVROM”) 1310 may be smaller since it may only store, for example, an identity key and a symmetric key.
  • Moreover, as this module only performs symmetric cryptographic processing on data from a data streaming interface, some or all of the dedicated cryptographic processors shown in FIG. 11 (e.g., the public key processing and 3DES) may not be needed. For example, the module only performs the asymmetric key operations once after it boots up. In addition, the stateless module does not need to verify the authenticity of the recipient of the data. Accordingly, the remaining cryptographic processing operations may be performed by the master controller 1306. In this case, the application code for cryptographic algorithms (e.g., DH, DSA, 3DES, AES) may be stored in a ROM 1308.
  • The embodiment shown in FIG. 13 may secure an incoming data stream (DI) by signing it using the SHA-1 algorithm. Accordingly, a separate processing block 1304 may be provided for this operation. The signed output of this processing 30 block provides a data stream (DO) that is sent to the recipient device via a data interface 1302. In an embodiment that also encrypts the data stream, a dedicated processing block (not shown) may be provided to implement, for example, a symmetric encryption algorithm.
  • Referring now to FIG. 14, an example of operations that may be performed by one embodiment of a stateless secure link module will be discussed. As represented by blocks 1402-1408, a stateless secure link module generates a public-private key pair, stores the private (e.g., identity) key in nonvolatile memory within the security boundary, exports the public key and establishes a secure communication channel with, for example, a key manager.
  • As represented by block 1410 the key manager may send symmetric keys to the stateless secure link module via the secure communication channel. For example, the key manager may send symmetric keys that are used to encrypt and/or sign data that the stateless secure link module receives from an input device. The cryptographic processors may then decrypt these keys (block 1412) and store the decrypted keys (block 1414) within the security boundary associated with the stateless secure link module.
  • As represented by block 1416, the stateless module may receive data to be encrypted from an input component. As discussed above the input component may be, for example, a biometric sensor, a sensor for a camera, etc., or any other device that needs data to be authenticated or securely transmitted to another (e.g., remote) device (e.g., the recipient device).
  • As represented by blocks 1418, the stateless module uses the symmetric keys within the security boundary to encrypt the data. Then, as represented by block 1420, the stateless module sends the encrypted data to the remote device.
  • In some embodiments the symmetric key may be injected into the stateless module during manufacture (e.g., during chip test). In this case, all or a portion of the external interface 1312, the RNG 1316 and the asymmetric key processing circuitry may not be needed. Accordingly, in some embodiments a stateless module may simply include a relatively small master controller for injecting the symmetric key and perform other basic operations, a nonvolatile memory, a data buffer memory, a cryptographic processor for the symmetric key operations and optionally, assurance logic.
  • Additional details of security modules are disclosed, for example, in commonly-owned U.S. patent application Ser. No. 10/______ , filed Jun. 21, 2005, entitled STATELESS HARDWARE SECURITY MODULE, Attorney Docket No. 53028/SDB/B600, the disclosure of which is hereby incorporated by reference herein.
  • It should be appreciated that the various components and features described herein may be incorporated in a system independently of the other components and features. For example, a system incorporating the teachings herein may include various combinations of these components and features. Thus, not all of the components and features described herein may be employed in every such system.
  • Different embodiments of the invention may include a variety of hardware and software processing components. In some embodiments of the invention, hardware components such as controllers, state machines and/or logic are used in a system constructed in accordance with the invention. In some embodiments code such as software or firmware executing on one or more processing devices may be used to implement one or more of the described operations.
  • Such components may be implemented on one or more integrated circuits. For example, in some embodiments several of these components may be combined within a single integrated circuit. In some embodiments some of the components may be implemented as a single integrated circuit. In some embodiments some components may be implemented as several integrated circuits.
  • The components and functions described herein may be connected/coupled in many different ways. The manner in which this is done may depend, in part, on whether the components are separated from the other components. In some embodiments some of the connections represented by the lead lines in the drawings may be in an integrated circuit, on a circuit board and/or over a backplane to other circuit boards. In some embodiments some of the connections represented by the lead lines in the drawings may comprise a data network, for example, a local network and/or a wide area network (e.g., the Internet).
  • The signals discussed herein may take several forms. For example, in some embodiments a signal may be an electrical signal transmitted over a wire, light pulses transmitted through air or over an optical fiber or electromagnetic (e.g., RF or infrared) radiation transmitter transmitted through the air.
  • A signal may comprise more than one signal. For example, a signal may consist of a series of signals. Also, a differential signal comprises two complementary signals or some other combination of signals. In addition, a group of signals may be collectively referred to herein as a signal.
  • Signals as discussed herein also may take the form of data. For example, in some embodiments an application program may send a signal to another application program. Such a signal may be stored in a data memory.
  • The components and functions described herein may be connected/coupled directly or indirectly. Thus, in some embodiments there may or may not be intervening devices (e.g., buffers) between connected/coupled components.
  • A wide variety of devices may be used to implement the data memories discussed herein. For example, a data memory may comprise flash memory, one-time-programmable (OTP) memory or other types of data storage devices.
  • In summary, the invention described herein generally relates to an improved authentication system and method. While certain exemplary embodiments have been described above in detail and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive of the broad invention. In particular, it should be recognized that the teachings of the invention apply to a wide variety of systems and processes. It will thus be recognized that various modifications may be made to the illustrated and other embodiments of the invention described above, without departing from the broad inventive scope thereof. In view of the above it will be understood that the invention is not limited to the particular embodiments or arrangements disclosed, but is rather intended to cover any changes, adaptations or modifications which are within the scope and spirit of the invention as defined by the appended claims.

Claims (28)

  1. 1. An authentication method comprising:
    receiving authentication data at an input device;
    cryptographically processing the authentication data at the input device;
    transmitting the cryptographically processed authentication data to an access device;
    processing the transmitted authentication data at the access device;
    transmitting the processed authentication data to a service provider.
  2. 2. The method of claim 1 wherein cryptographically processing includes at least one of authenticating and encrypting.
  3. 3. The method of claim 1 wherein cryptographically processing comprises using a symmetric key provided by the access device.
  4. 4. The method of claim 1 wherein cryptographically processing comprises using a symmetric key injected into the input device during manufacture of the input device.
  5. 5. The method of claim 1 comprising establishing cryptographic link between the input device and the access device.
  6. 6. The method of claim 1 comprising performing asymmetric key operations between the input device and the access device.
  7. 7. The method of claim 1 comprising generating an asymmetric key pair within the input device.
  8. 8. The method of claim 1 comprising generating an asymmetric key pair within a security boundary of the input device.
  9. 9. The method of claim 1 wherein the authentication data is received within a security boundary of the input device.
  10. 10. The method of claim 1 wherein the input device comprises a sensor.
  11. 11. The method of claim 1 wherein the input device comprises a proximity authentication system.
  12. 12. The method of claim 1 wherein processing the transmitted authentication data comprising authenticating the transmitted authentication data.
  13. 13. The method of claim 1 wherein the service provider grants access to at least one service in response to the transmitted processed authentication data.
  14. 14. The method of claim 1 wherein the service provider enables access to a network in response to the transmitted processed authentication data.
  15. 15. A secure data processing system comprising:
    an input device adapted to receive authentication data, cryptographically process the authentication data and transmit the cryptographically processed authentication data over a medium; and
    an access device adapted to receive the transmitted authentication data, process the received authentication data and transmit the processed authentication data to a service provider.
  16. 16. The system of claim 15 wherein cryptographically process includes at least one of authenticating and encrypting.
  17. 17. The system of claim 15 wherein cryptographically process comprises using a symmetric key provided by the access device.
  18. 18. The system of claim 15 wherein cryptographically process comprises using a symmetric key injected into the input device during manufacture of the input device.
  19. 19. The system of claim 15 wherein the input device and the access device are adapted to establish a cryptographic link between the input device and the access device.
  20. 20. The system of claim 15 wherein the input device and the access device are adapted to perform asymmetric key operations between the input device and the access device.
  21. 21. The system of claim 15 wherein the input device is adapted to generate an asymmetric key pair.
  22. 22. The system of claim 15 wherein the input device is adapted to generate an asymmetric key pair within a security boundary of the input device.
  23. 23. The system of claim 15 wherein the authentication data is received within a security boundary of the input device.
  24. 24. The system of claim 15 wherein the input device comprises a sensor.
  25. 25. The system of claim 15 wherein the input device comprises a proximity authentication system.
  26. 26. The system of claim 15 wherein processing the transmitted authentication data comprising authenticating the transmitted authentication data.
  27. 27. The system of claim 15 wherein the service provider grants access to at least one service in response to the transmitted processed authentication data.
  28. 28. The system of claim 15 wherein the service provider enables access to a network in response to the transmitted processed authentication data.
US11204596 2004-12-20 2005-08-15 System and method for authentication via a proximate device Abandoned US20060136717A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US63766804 true 2004-12-20 2004-12-20
US11204596 US20060136717A1 (en) 2004-12-20 2005-08-15 System and method for authentication via a proximate device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11204596 US20060136717A1 (en) 2004-12-20 2005-08-15 System and method for authentication via a proximate device
US13617792 US9264426B2 (en) 2004-12-20 2012-09-14 System and method for authentication via a proximate device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13617792 Continuation US9264426B2 (en) 2004-12-20 2012-09-14 System and method for authentication via a proximate device

Publications (1)

Publication Number Publication Date
US20060136717A1 true true US20060136717A1 (en) 2006-06-22

Family

ID=36597572

Family Applications (2)

Application Number Title Priority Date Filing Date
US11204596 Abandoned US20060136717A1 (en) 2004-12-20 2005-08-15 System and method for authentication via a proximate device
US13617792 Active US9264426B2 (en) 2004-12-20 2012-09-14 System and method for authentication via a proximate device

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13617792 Active US9264426B2 (en) 2004-12-20 2012-09-14 System and method for authentication via a proximate device

Country Status (1)

Country Link
US (2) US20060136717A1 (en)

Cited By (79)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060133604A1 (en) * 2004-12-21 2006-06-22 Mark Buer System and method for securing data from a remote input device
US20060143446A1 (en) * 2004-12-23 2006-06-29 Microsoft Corporation System and method to lock TPM always 'on' using a monitor
US20070006299A1 (en) * 2005-06-30 2007-01-04 Ian Elbury System and method of user credential management
US20070156858A1 (en) * 2005-12-29 2007-07-05 Kapil Sood Method, apparatus and system for platform identity binding in a network node
US20070240197A1 (en) * 2006-03-30 2007-10-11 Uri Blumenthal Platform posture and policy information exchange method and apparatus
US20070241182A1 (en) * 2005-12-31 2007-10-18 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
US20080046898A1 (en) * 2006-08-18 2008-02-21 Fujitsu Limited Method and System for Implementing an External Trusted Platform Module
US20080046733A1 (en) * 2006-05-09 2008-02-21 Stephane Rodgers Method and System For Command Authentication To Achieve a Secure Interface
US20080046581A1 (en) * 2006-08-18 2008-02-21 Fujitsu Limited Method and System for Implementing a Mobile Trusted Platform Module
EP1936905A1 (en) * 2006-12-19 2008-06-25 Siemens Enterprise Communications GmbH & Co. KG Method for operating a VoIP terminal and VoIP terminal
US20080178007A1 (en) * 2007-01-22 2008-07-24 Winston Bumpus Removable hard disk with embedded security card
US20080178283A1 (en) * 2007-01-22 2008-07-24 Pratt Thomas L Removable hard disk with front panel input
US20080307517A1 (en) * 2005-11-24 2008-12-11 Nikolai Grigoriev Method for Securely Associating Data with Http and Https Sessions
US20090037735A1 (en) * 2007-08-01 2009-02-05 O'farrell David Method and system for delivering secure messages to a computer desktop
US7623378B1 (en) * 2006-05-02 2009-11-24 Lattice Semiconductor Corporation Selective programming of non-volatile memory facilitated by security fuses
US20090307482A1 (en) * 2006-06-19 2009-12-10 Mccann Daniel Method and Apparatus for Encryption and Pass-Through Handling of Confidential Information in Software Applications
US20090320118A1 (en) * 2005-12-29 2009-12-24 Axsionics Ag Security Token and Method for Authentication of a User with the Security Token
US20100011211A1 (en) * 2008-07-09 2010-01-14 Theodoros Anemikos Radio Frequency Identification (RFID) Based Authentication System and Methodology
US20100011438A1 (en) * 2008-07-11 2010-01-14 International Business Machines Corporation Role-Based Privilege Management
US7690032B1 (en) 2009-05-22 2010-03-30 Daon Holdings Limited Method and system for confirming the identity of a user
US20100095109A1 (en) * 2008-10-14 2010-04-15 Research In Motion Limited Method for Managing Opaque Presence Indications Within a Presence Access Layer
US20100099387A1 (en) * 2008-10-16 2010-04-22 Research In Motion Limited Controlling and/or Limiting Publication Through the Presence Access Layer
US20100100617A1 (en) * 2008-10-16 2010-04-22 Research In Motion Limited System for Assignment of a Service Identifier as a Mechanism for Establishing a Seamless Profile in a Contextually Aware Presence Access Layer
US20100131754A1 (en) * 2008-11-21 2010-05-27 Research In Motion Limited Apparatus, and an Associated Method, for Providing and Using Opaque Presence Indications in a Presence Service
US20100228977A1 (en) * 2009-03-04 2010-09-09 Jim Sievert Communications Hub for Use in Life Critical Network
CN101834725A (en) * 2009-03-13 2010-09-15 Sap股份公司 Securing communications sent by a first user to a second user
US20100246823A1 (en) * 2009-03-30 2010-09-30 Qualcomm Incorporated Apparatus and method for address privacy protection in receiver oriented channels
WO2010112368A3 (en) * 2009-03-30 2010-11-25 Bundesdruckerei Gmbh Method for reading attributes from an id token via a mobile radio connection
US20100329455A1 (en) * 2009-06-24 2010-12-30 Daniel Nemiroff Cryptographic key generation using a stored input value and a stored count value
US7882340B2 (en) 2007-07-31 2011-02-01 Hewlett-Packard Development Company, L.P. Fingerprint reader remotely resetting system and method
US20110047387A1 (en) * 2007-12-21 2011-02-24 Nokia Corporation Method of Access Control and Corresponding Device
WO2011147661A1 (en) * 2010-05-25 2011-12-01 Telefonaktiebolaget L M Ericsson (Publ) Redundant credentialed access to a secured network
US20120008784A1 (en) * 2010-07-08 2012-01-12 Phillip Martin Hallam-Baker Delegated Key Exchange System and Method of Operation
WO2012056049A1 (en) * 2010-10-31 2012-05-03 Technische Universität Darmstadt Reader as an electronic identification
US20120173885A1 (en) * 2010-12-30 2012-07-05 Microsoft Corporation Key management using trusted platform modules
US20120178419A1 (en) * 2009-06-16 2012-07-12 International Business Machines Corporation System, method, and apparatus for proximity-based authentication for managing personal data
US8312092B2 (en) 2008-10-15 2012-11-13 Research In Motion Limited Use of persistent sessions by a presence access layer
US8321926B1 (en) * 2008-12-02 2012-11-27 Lockheed Martin Corporation System and method of protecting a system that includes unprotected computer devices
US20130173899A1 (en) * 2012-01-03 2013-07-04 International Business Machines Corporation Method for Secure Self-Booting of an Electronic Device
US20130191907A1 (en) * 2010-09-30 2013-07-25 Siemens Aktiengesellschaft Method and System for Secure Data Transmission with a VPN Box
US20130212378A1 (en) * 2010-10-29 2013-08-15 Siemens Aktiengesellschaft Method for managing keys in a manipulation-proof manner
US20130214899A1 (en) * 2012-02-08 2013-08-22 Identive Group, Inc. RFID Access Control Reader with Enhancements
US8548172B2 (en) * 2011-07-08 2013-10-01 Sap Ag Secure dissemination of events in a publish/subscribe network
US8547136B1 (en) * 2011-11-11 2013-10-01 Altera Corporation Logic block protection system
US8560829B2 (en) 2006-05-09 2013-10-15 Broadcom Corporation Method and system for command interface protection to achieve a secure interface
US8566247B1 (en) * 2007-02-19 2013-10-22 Robert H. Nagel System and method for secure communications involving an intermediary
US8587427B2 (en) 2007-08-31 2013-11-19 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network
US8638221B2 (en) 2009-03-04 2014-01-28 Cardiac Pacemakers, Inc. Modular patient communicator for use in life critical network
US20140067689A1 (en) * 2012-08-31 2014-03-06 Ncr Corporation Security module and method of securing payment information
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
US8739264B1 (en) * 2011-12-29 2014-05-27 Sprint Communications Company L.P. Managing access to secured data
US20140286491A1 (en) * 2011-08-08 2014-09-25 Mikoh Corporation Radio frequency identification technology incorporating cryptographics
US20140337921A1 (en) * 2003-11-13 2014-11-13 David A. Hanna, JR. Security and access system based on multi-dimensional location characteristics
US8892868B1 (en) * 2008-09-30 2014-11-18 Amazon Technologies, Inc. Hardening tokenization security and key rotation
US20140351476A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Utilization and configuration of wireless docking environments
US20150007311A1 (en) * 2013-07-01 2015-01-01 International Business Machines Corporation Security Key for a Computing Device
US8978158B2 (en) 2012-04-27 2015-03-10 Google Inc. Privacy management across multiple devices
US9008316B2 (en) 2012-03-29 2015-04-14 Microsoft Technology Licensing, Llc Role-based distributed key management
US9009258B2 (en) 2012-03-06 2015-04-14 Google Inc. Providing content to a user across multiple devices
US9053480B1 (en) 2008-09-30 2015-06-09 Amazon Technologies, Inc. Secure validation using hardware security modules
WO2015136284A1 (en) * 2014-03-11 2015-09-17 Iot Tech Limited Trusted networks
US9147200B2 (en) 2012-04-27 2015-09-29 Google Inc. Frequency capping of content across multiple devices
EP2942995A1 (en) * 2014-05-06 2015-11-11 Apple Inc. Storage of credential service provider data in a security domain of a secure element
US9224168B2 (en) 2004-11-15 2015-12-29 Microsoft Technology Licensing, Llc Tuning product policy using observed evidence of customer behavior
US9258279B1 (en) 2012-04-27 2016-02-09 Google Inc. Bookmarking content for users associated with multiple devices
US9264426B2 (en) 2004-12-20 2016-02-16 Broadcom Corporation System and method for authentication via a proximate device
US20160087794A1 (en) * 2013-10-03 2016-03-24 Whatsapp Inc. Combined authentication and encryption
US9336359B2 (en) 2004-10-18 2016-05-10 Microsoft Technology Licensing, Llc Device certificate individualization
US9438418B1 (en) * 2011-05-06 2016-09-06 Altera Corporation Systems and methods for generating a key difficult to clone
US9514446B1 (en) 2012-04-27 2016-12-06 Google Inc. Remarketing content to a user associated with multiple devices
WO2016195990A1 (en) * 2015-05-29 2016-12-08 Google Inc. Controlling access to resource functions at a control point of the resource via a user device
US9582686B1 (en) * 2007-11-13 2017-02-28 Altera Corporation Unique secure serial ID
US9584489B2 (en) 2015-01-29 2017-02-28 Google Inc. Controlling access to resource functions at a control point of the resource via a user device
US9628875B1 (en) 2011-06-14 2017-04-18 Amazon Technologies, Inc. Provisioning a device to be an authentication device
US9639825B1 (en) * 2011-06-14 2017-05-02 Amazon Technologies, Inc. Securing multifactor authentication
WO2017167519A1 (en) * 2016-03-29 2017-10-05 Siemens Aktiengesellschaft Access control
US9832596B2 (en) 2013-05-24 2017-11-28 Qualcomm Incorporated Wireless docking architecture
US9848058B2 (en) 2007-08-31 2017-12-19 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network employing dynamic communication link mapping
US9881301B2 (en) * 2012-04-27 2018-01-30 Google Llc Conversion tracking of a user across multiple devices

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9557824B2 (en) * 2010-07-30 2017-01-31 Philip J. Bruno Computer keyboard with ultrasonic user proximity sensor
US8949594B2 (en) * 2013-03-12 2015-02-03 Silver Spring Networks, Inc. System and method for enabling a scalable public-key infrastructure on a smart grid network
US9225714B2 (en) 2013-06-04 2015-12-29 Gxm Consulting Llc Spatial and temporal verification of users and/or user devices
GB201403065D0 (en) * 2014-02-21 2014-04-09 Ibm Implementing single sign-on in a transaction processing system
US9332018B2 (en) * 2014-04-03 2016-05-03 Prote. Us Converged Systems Corporation Method and system for secure authentication

Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4491909A (en) * 1981-03-18 1985-01-01 International Business Machines Corporation Data processing system having shared memory
US4625276A (en) * 1983-08-31 1986-11-25 Vericard Corporation Data logging and transfer system using portable and resident units
US4645338A (en) * 1985-04-26 1987-02-24 International Business Machines Corporation Optical system for focus correction for a lithographic tool
US4774706A (en) * 1985-10-29 1988-09-27 British Telecommunications Public Limited Company Packet handling communications network
USRE33189E (en) * 1981-11-19 1990-03-27 Communications Satellite Corporation Security system for SSTV encryption
US5161193A (en) * 1990-06-29 1992-11-03 Digital Equipment Corporation Pipelined cryptography processor and method for its use in communication networks
US5297206A (en) * 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5329623A (en) * 1992-06-17 1994-07-12 The Trustees Of The University Of Pennsylvania Apparatus for providing cryptographic support in a network
US5365589A (en) * 1992-02-07 1994-11-15 Gutowitz Howard A Method and apparatus for encryption, decryption and authentication using dynamical systems
US5471482A (en) * 1994-04-05 1995-11-28 Unisys Corporation VLSI embedded RAM test
US5608778A (en) * 1994-09-22 1997-03-04 Lucent Technologies Inc. Cellular telephone as an authenticated transaction controller
US5631960A (en) * 1995-08-31 1997-05-20 National Semiconductor Corporation Autotest of encryption algorithms in embedded secure encryption devices
US5724423A (en) * 1995-09-18 1998-03-03 Telefonaktiebolaget Lm Ericsson Method and apparatus for user authentication
US20020004902A1 (en) * 2000-07-07 2002-01-10 Eng-Whatt Toh Secure and reliable document delivery
US20020005774A1 (en) * 2000-03-24 2002-01-17 Rudolph Richard F. RFID Tag For Authentication And Identification
US20020023217A1 (en) * 2000-08-04 2002-02-21 Wheeler Lynn Henry Manufacturing unique devices that generate digital signatures
US6393270B1 (en) * 1996-10-11 2002-05-21 Bellsouth Intellectual Property Corp. Network authentication method for over the air activation
US20030051138A1 (en) * 2001-06-25 2003-03-13 Ntt Docomo, Inc. Mobile terminal authentication method and a mobile terminal therefor
US20030132292A1 (en) * 2002-01-11 2003-07-17 Hand Held Products, Inc. Transaction terminal including imaging module
US20030167207A1 (en) * 2001-07-10 2003-09-04 Berardi Michael J. System and method for incenting payment using radio frequency identification in contact and contactless transactions
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
US20050091338A1 (en) * 1997-04-14 2005-04-28 Carlos De La Huerga System and method to authenticate users to computer systems
US20060021041A1 (en) * 2004-07-20 2006-01-26 International Business Machines Corporation Storage conversion for anti-virus speed-up
US20060064391A1 (en) * 2004-09-20 2006-03-23 Andrew Petrov System and method for a secure transaction module
US20060072761A1 (en) * 2004-09-30 2006-04-06 Bruce Johnson Access point that wirelessly provides an encryption key to an authenticated wireless station
US20090085724A1 (en) * 2004-02-25 2009-04-02 Accenture Global Services Gmbh Rfid enabled media system and method that provides dynamic downloadable media content
US20130013925A1 (en) * 2004-12-20 2013-01-10 Broadcom Corporation System and Method for Authentication via a Proximate Device

Family Cites Families (154)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3324647A (en) 1964-08-11 1967-06-13 Parmet Company Proximity detector
US5050207A (en) 1989-11-03 1991-09-17 National Transaction Network, Inc. Portable automated teller machine
EP0564469B1 (en) 1990-12-24 2000-01-05 Motorola, Inc. Electronic wallet
US5237616A (en) 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
JP3427214B2 (en) 1993-01-14 2003-07-14 オムロン株式会社 Card processing system and controller
US5544246A (en) 1993-09-17 1996-08-06 At&T Corp. Smartcard adapted for a plurality of service providers and for remote installation of same
US7770013B2 (en) 1995-07-27 2010-08-03 Digimarc Corporation Digital authentication with digital and analog documents
US5668876A (en) 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5533123A (en) 1994-06-28 1996-07-02 National Semiconductor Corporation Programmable distributed personal security
EP0787391B1 (en) 1994-09-09 2002-01-23 The Titan Corporation Conditional access system
US5936967A (en) 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US6397198B1 (en) 1994-11-28 2002-05-28 Indivos Corporation Tokenless biometric electronic transactions using an audio signature to identify the transaction processor
US5796836A (en) 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
US7937312B1 (en) 1995-04-26 2011-05-03 Ebay Inc. Facilitating electronic commerce transactions through binding offers
JPH0981519A (en) 1995-09-08 1997-03-28 Kiyadeitsukusu:Kk Authentication method on network
WO1998034403A1 (en) 1995-09-29 1998-08-06 Intel Corporation Apparatus and method for securing captured data transmitted between two sources
US5734829A (en) 1995-10-20 1998-03-31 International Business Machines Corporation Method and program for processing a volume of data on a parallel computer system
US5949881A (en) 1995-12-04 1999-09-07 Intel Corporation Apparatus and method for cryptographic companion imprinting
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
GB9601559D0 (en) 1996-01-26 1996-03-27 Ibm Load balancing across the processors of a server computer
US6038551A (en) 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US5933503A (en) 1996-03-15 1999-08-03 Novell, Inc Controlled modular cryptography apparatus and method
US6088450A (en) 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US5878337A (en) 1996-08-08 1999-03-02 Joao; Raymond Anthony Transaction security apparatus and method
US5943338A (en) 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US6745936B1 (en) 1996-08-23 2004-06-08 Orion Systems, Inc. Method and apparatus for generating secure endorsed transactions
US5983350A (en) 1996-09-18 1999-11-09 Secure Computing Corporation Secure firewall supporting different levels of authentication based on address or encryption status
JPH10143439A (en) 1996-11-12 1998-05-29 Fujitsu Ltd Data processor
US6791947B2 (en) 1996-12-16 2004-09-14 Juniper Networks In-line packet processing
US6493347B2 (en) 1996-12-16 2002-12-10 Juniper Networks, Inc. Memory organization in a switching device
US5818939A (en) 1996-12-18 1998-10-06 Intel Corporation Optimized security functionality in an electronic system
US6111858A (en) 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
US6131090A (en) 1997-03-04 2000-10-10 Pitney Bowes Inc. Method and system for providing controlled access to information stored on a portable recording medium
JP3877188B2 (en) 1997-04-10 2007-02-07 株式会社ウェブマネー Electronic currency system
US6101255A (en) 1997-04-30 2000-08-08 Motorola, Inc. Programmable cryptographic processing system and method
US6012048A (en) 1997-05-30 2000-01-04 Capital Security Systems, Inc. Automated banking system for dispensing money orders, wire transfer and bill payment
US6003135A (en) 1997-06-04 1999-12-14 Spyrus, Inc. Modular security device
US5898479A (en) 1997-07-10 1999-04-27 Vlsi Technology, Inc. System for monitoring optical properties of photolithography equipment
US6442276B1 (en) 1997-07-21 2002-08-27 Assure Systems, Inc. Verification of authenticity of goods by use of random numbers
US5796744A (en) 1997-09-12 1998-08-18 Lockheed Martin Corporation Multi-node interconnect topology with nodes containing SCI link controllers and gigabit transceivers
US6704871B1 (en) 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6708273B1 (en) 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
JPH11109856A (en) 1997-09-30 1999-04-23 Matsushita Electric Ind Co Ltd Decoding apparatus
US6037879A (en) 1997-10-02 2000-03-14 Micron Technology, Inc. Wireless identification device, RFID device, and method of manufacturing wireless identification device
US6216167B1 (en) 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US6266647B1 (en) 1997-11-03 2001-07-24 Xtec, Incorporated Methods and apparatus for electronically storing and retrieving value information on a portable card
US6226710B1 (en) 1997-11-14 2001-05-01 Utmc Microelectronic Systems Inc. Content addressable memory (CAM) engine
US6378072B1 (en) 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6321339B1 (en) 1998-05-21 2001-11-20 Equifax Inc. System and method for authentication of network users and issuing a digital certificate
US6263447B1 (en) 1998-05-21 2001-07-17 Equifax Inc. System and method for authentication of network users
EP1095336A1 (en) 1998-05-21 2001-05-02 Equifax Inc. System and method for authentication of network users with preprocessing
US6295604B1 (en) 1998-05-26 2001-09-25 Intel Corporation Cryptographic packet processing unit
US6131811A (en) 1998-05-29 2000-10-17 E-Micro Corporation Wallet consolidator
US7357312B2 (en) 1998-05-29 2008-04-15 Gangi Frank J System for associating identification and personal data for multiple magnetic stripe cards or other sources to facilitate a transaction and related methods
US6157955A (en) 1998-06-15 2000-12-05 Intel Corporation Packet processing system including a policy engine having a classification unit
US6269163B1 (en) 1998-06-15 2001-07-31 Rsa Security Inc. Enhanced block ciphers with data-dependent rotations
US6862278B1 (en) 1998-06-18 2005-03-01 Microsoft Corporation System and method using a packetized encoded bitstream for parallel compression and decompression
US6189100B1 (en) 1998-06-30 2001-02-13 Microsoft Corporation Ensuring the integrity of remote boot client data
US20010021950A1 (en) 1998-07-10 2001-09-13 Michael Hawley Method and apparatus for controlling access to a computer network using tangible media
US6393411B1 (en) 1998-07-21 2002-05-21 Amdahl Corporation Device and method for authorized funds transfer
US6320964B1 (en) 1998-08-26 2001-11-20 Intel Corporation Cryptographic accelerator
JP2000076336A (en) 1998-08-31 2000-03-14 Fujitsu Ltd Electronic settlement authentication system and electronic commerce service provider device
US6738749B1 (en) 1998-09-09 2004-05-18 Ncr Corporation Methods and apparatus for creating and storing secure customer receipts on smart cards
JP2000092236A (en) 1998-09-11 2000-03-31 Ntt Mobil Communication Network Inc Information providing system
US6393026B1 (en) 1998-09-17 2002-05-21 Nortel Networks Limited Data packet processing system and method for a router
US6519636B2 (en) 1998-10-28 2003-02-11 International Business Machines Corporation Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions
CA2257008C (en) 1998-12-24 2007-12-11 Certicom Corp. A method for accelerating cryptographic operations on elliptic curves
US20020057796A1 (en) 1998-12-24 2002-05-16 Lambert Robert J. Method for accelerating cryptographic operations on elliptic curves
US6295602B1 (en) 1998-12-30 2001-09-25 Spyrus, Inc. Event-driven serialization of access to shared resources
US6760444B1 (en) 1999-01-08 2004-07-06 Cisco Technology, Inc. Mobile IP authentication
US7086086B2 (en) 1999-02-27 2006-08-01 Alonzo Ellis System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
US6484257B1 (en) 1999-02-27 2002-11-19 Alonzo Ellis System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
US7305562B1 (en) 1999-03-09 2007-12-04 Citibank, N.A. System, method and computer program product for an authentication management infrastructure
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6701432B1 (en) 1999-04-01 2004-03-02 Netscreen Technologies, Inc. Firewall including local bus
US6349405B1 (en) 1999-05-18 2002-02-19 Solidum Systems Corp. Packet classification state machine
US6751728B1 (en) 1999-06-16 2004-06-15 Microsoft Corporation System and method of transmitting encrypted packets through a network access point
US20030014627A1 (en) 1999-07-08 2003-01-16 Broadcom Corporation Distributed processing in a cryptography acceleration chip
US6477646B1 (en) 1999-07-08 2002-11-05 Broadcom Corporation Security chip architecture and implementations for cryptography acceleration
US7600131B1 (en) 1999-07-08 2009-10-06 Broadcom Corporation Distributed processing in a cryptography acceleration chip
US6609198B1 (en) 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6892307B1 (en) 1999-08-05 2005-05-10 Sun Microsystems, Inc. Single sign-on framework with trust-level mapping to authentication requirements
GB9919444D0 (en) 1999-08-17 1999-10-20 Hewlett Packard Co Robust encryption and decryption of packetized data transferred across communications networks
US6751677B1 (en) 1999-08-24 2004-06-15 Hewlett-Packard Development Company, L.P. Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway
JP2003512649A (en) 1999-10-20 2003-04-02 アクセラレイテッド・エンクリプション・プロセシング・リミテッド Cryptographic accelerator
US6327625B1 (en) 1999-11-30 2001-12-04 3Com Corporation FIFO-based network interface supporting out-of-order processing
US7005733B2 (en) 1999-12-30 2006-02-28 Koemmerling Oliver Anti tamper encapsulation for an integrated circuit
DE60026229T2 (en) 2000-01-27 2006-12-14 International Business Machines Corp. Method and apparatus for classifying data packets
US6983366B1 (en) 2000-02-14 2006-01-03 Safenet, Inc. Packet Processor
US6983374B2 (en) 2000-02-14 2006-01-03 Kabushiki Kaisha Toshiba Tamper resistant microprocessor
US7039641B2 (en) 2000-02-24 2006-05-02 Lucent Technologies Inc. Modular packet classification
US20040255034A1 (en) 2001-06-18 2004-12-16 Choi Jong Hyuk Method and apparatus for obtaining personal access information and delivering information in electronic form using the obtained personal access information
US6971021B1 (en) 2000-03-08 2005-11-29 Rainbow Technologies, Inc. Non-wire contact device application for cryptographic module interfaces
US6999943B1 (en) 2000-03-10 2006-02-14 Doublecredit.Com, Inc. Routing methods and systems for increasing payment transaction volume and profitability
US7086085B1 (en) 2000-04-11 2006-08-01 Bruce E Brown Variable trust levels for authentication
US7177421B2 (en) 2000-04-13 2007-02-13 Broadcom Corporation Authentication engine architecture and method
US7050993B1 (en) 2000-04-27 2006-05-23 Nokia Corporation Advanced service redirector for personal computer
US6804357B1 (en) 2000-04-28 2004-10-12 Nokia Corporation Method and system for providing secure subscriber content data
US6820105B2 (en) 2000-05-11 2004-11-16 Cyberguard Corporation Accelerated montgomery exponentiation using plural multipliers
US7111166B2 (en) 2000-05-15 2006-09-19 Fortress U&T Div. M-Systems Flash Disk Pioneers Ltd. Extending the range of computational fields of integers
US6778495B1 (en) 2000-05-17 2004-08-17 Cisco Technology, Inc. Combining multilink and IP per-destination load balancing over a multilink bundle
US8117444B2 (en) 2000-06-28 2012-02-14 Daita Frontier Fund, Llc Host computer, mobile communication device, program, and recording medium
US8032460B2 (en) 2000-07-27 2011-10-04 Daita Frontier Fund, Llc Authentication managing apparatus, and shop communication terminal
JP3808297B2 (en) 2000-08-11 2006-08-09 株式会社日立製作所 Ic card system and ic card
US7280540B2 (en) 2001-01-09 2007-10-09 Stonesoft Oy Processing of data packets within a network element cluster
US7062657B2 (en) 2000-09-25 2006-06-13 Broadcom Corporation Methods and apparatus for hardware normalization and denormalization
US20020078342A1 (en) 2000-09-25 2002-06-20 Broadcom Corporation E-commerce security processor alignment logic
WO2002032044A3 (en) 2000-10-13 2003-01-09 Eversystems Inc Secret key messaging
US20030058274A1 (en) 2000-11-17 2003-03-27 Jake Hill Interface device
US7003118B1 (en) 2000-11-27 2006-02-21 3Com Corporation High performance IPSEC hardware accelerator for packet classification
WO2002045441A9 (en) 2000-11-28 2003-02-06 Rcd Technology Inc Replacing stored code with user inputting code on the rf id card
US7502463B2 (en) 2000-12-13 2009-03-10 Broadcom Corporation Methods and apparatus for implementing a cryptography engine
US6996842B2 (en) 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
JP2004528655A (en) 2001-05-04 2004-09-16 キュービック コーポレイションCubic Corporation Frequency system
US7266703B2 (en) 2001-06-13 2007-09-04 Itt Manufacturing Enterprises, Inc. Single-pass cryptographic processor and method
US7017042B1 (en) 2001-06-14 2006-03-21 Syrus Ziai Method and circuit to accelerate IPSec processing
US7249112B2 (en) 2002-07-09 2007-07-24 American Express Travel Related Services Company, Inc. System and method for assigning a funding source for a radio frequency identification device
EP1282089B1 (en) 2001-08-03 2009-12-16 Telefonaktiebolaget LM Ericsson (publ) Method and devices for inter-terminal payments
US7861104B2 (en) 2001-08-24 2010-12-28 Broadcom Corporation Methods and apparatus for collapsing interrupts
DE60131534T2 (en) 2001-09-04 2008-10-23 Telefonaktiebolaget Lm Ericsson (Publ) Comprehensive authentication mechanism
US6909713B2 (en) 2001-09-05 2005-06-21 Intel Corporation Hash-based data frame distribution for web switches
WO2003029916A3 (en) 2001-09-28 2003-06-19 Bluesocket Inc Method and system for managing data traffic in wireless networks
JP2005505069A (en) 2001-10-03 2005-02-17 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィKoninklijke Philips Electronics N.V. Memory encryption
US6901491B2 (en) 2001-10-22 2005-05-31 Sun Microsystems, Inc. Method and apparatus for integration of communication links with a remote direct memory access protocol
US7487538B2 (en) 2001-11-19 2009-02-03 Steven Siong Cheak Mok Security system
EP1454291B1 (en) 2001-12-11 2007-08-08 Tagsys SA Secure data tagging systems
US7069444B2 (en) 2002-01-25 2006-06-27 Brent A. Lowensohn Portable wireless access to computer-based systems
US7231657B2 (en) 2002-02-14 2007-06-12 American Management Systems, Inc. User authentication system and methods thereof
US7110987B2 (en) 2002-02-22 2006-09-19 At&T Wireless Services, Inc. Secure online purchasing
US6715085B2 (en) 2002-04-18 2004-03-30 International Business Machines Corporation Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
US8386389B2 (en) 2002-04-30 2013-02-26 Hewlett-Packard Development Company, L.P. Service delivery systems and methods
WO2003094513A1 (en) 2002-04-30 2003-11-13 General Dynamics Advanced Information Systems, Inc. Method and apparatus for in-line serial data encryption
US7194765B2 (en) 2002-06-12 2007-03-20 Telefonaktiebolaget Lm Ericsson (Publ) Challenge-response user authentication
US20040039936A1 (en) 2002-08-21 2004-02-26 Yi-Sern Lai Apparatus and method for high speed IPSec processing
US6842106B2 (en) 2002-10-04 2005-01-11 Battelle Memorial Institute Challenged-based tag authentication model
US7369657B2 (en) 2002-11-14 2008-05-06 Broadcom Corporation Cryptography accelerator application program interface
US7568110B2 (en) 2002-12-18 2009-07-28 Broadcom Corporation Cryptography accelerator interface decoupling from cryptography processing cores
US7191341B2 (en) 2002-12-18 2007-03-13 Broadcom Corporation Methods and apparatus for ordering data in a cryptography accelerator
US20040123120A1 (en) 2002-12-18 2004-06-24 Broadcom Corporation Cryptography accelerator input interface data handling
GB0229553D0 (en) 2002-12-18 2003-01-22 Ncr Int Inc Wireless security module
US7434043B2 (en) 2002-12-18 2008-10-07 Broadcom Corporation Cryptography accelerator data routing unit
US20040123123A1 (en) 2002-12-18 2004-06-24 Buer Mark L. Methods and apparatus for accessing security association information in a cryptography accelerator
US7178034B2 (en) 2002-12-31 2007-02-13 Intel Corporation Method and apparatus for strong authentication and proximity-based access retention
EP1629624B1 (en) 2003-05-30 2013-03-20 Privaris, Inc. An in-curcuit security system and methods for controlling access to and use of sensitive data
US7269732B2 (en) 2003-06-05 2007-09-11 Sap Aktiengesellschaft Securing access to an application service based on a proximity token
US7048183B2 (en) 2003-06-19 2006-05-23 Scriptpro Llc RFID rag and method of user verification
GB0315156D0 (en) 2003-06-28 2003-08-06 Ibm Identification system and method
US7239865B2 (en) 2003-07-25 2007-07-03 Qualcomm Incorporated Proxy authentication for tethered devices
US20050077348A1 (en) 2003-08-11 2005-04-14 Colin Hendrick Intelligent ID card holder
US20050058292A1 (en) 2003-09-11 2005-03-17 Impinj, Inc., A Delaware Corporation Secure two-way RFID communications
EP3023899A1 (en) 2003-09-30 2016-05-25 Broadcom Corporation Proximity authentication system
US20050149738A1 (en) 2004-01-02 2005-07-07 Targosky David G. Biometric authentication system and method for providing access to a KVM system
US8166296B2 (en) 2004-10-20 2012-04-24 Broadcom Corporation User authentication system
US8295484B2 (en) 2004-12-21 2012-10-23 Broadcom Corporation System and method for securing data from a remote input device

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4491909A (en) * 1981-03-18 1985-01-01 International Business Machines Corporation Data processing system having shared memory
USRE33189E (en) * 1981-11-19 1990-03-27 Communications Satellite Corporation Security system for SSTV encryption
US4625276A (en) * 1983-08-31 1986-11-25 Vericard Corporation Data logging and transfer system using portable and resident units
US4645338A (en) * 1985-04-26 1987-02-24 International Business Machines Corporation Optical system for focus correction for a lithographic tool
US4774706A (en) * 1985-10-29 1988-09-27 British Telecommunications Public Limited Company Packet handling communications network
US5161193A (en) * 1990-06-29 1992-11-03 Digital Equipment Corporation Pipelined cryptography processor and method for its use in communication networks
US5365589A (en) * 1992-02-07 1994-11-15 Gutowitz Howard A Method and apparatus for encryption, decryption and authentication using dynamical systems
US5297206A (en) * 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5329623A (en) * 1992-06-17 1994-07-12 The Trustees Of The University Of Pennsylvania Apparatus for providing cryptographic support in a network
US5471482A (en) * 1994-04-05 1995-11-28 Unisys Corporation VLSI embedded RAM test
US5608778A (en) * 1994-09-22 1997-03-04 Lucent Technologies Inc. Cellular telephone as an authenticated transaction controller
US5631960A (en) * 1995-08-31 1997-05-20 National Semiconductor Corporation Autotest of encryption algorithms in embedded secure encryption devices
US5724423A (en) * 1995-09-18 1998-03-03 Telefonaktiebolaget Lm Ericsson Method and apparatus for user authentication
US6393270B1 (en) * 1996-10-11 2002-05-21 Bellsouth Intellectual Property Corp. Network authentication method for over the air activation
US20050091338A1 (en) * 1997-04-14 2005-04-28 Carlos De La Huerga System and method to authenticate users to computer systems
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
US20020005774A1 (en) * 2000-03-24 2002-01-17 Rudolph Richard F. RFID Tag For Authentication And Identification
US20020004902A1 (en) * 2000-07-07 2002-01-10 Eng-Whatt Toh Secure and reliable document delivery
US20020023217A1 (en) * 2000-08-04 2002-02-21 Wheeler Lynn Henry Manufacturing unique devices that generate digital signatures
US20030051138A1 (en) * 2001-06-25 2003-03-13 Ntt Docomo, Inc. Mobile terminal authentication method and a mobile terminal therefor
US20030167207A1 (en) * 2001-07-10 2003-09-04 Berardi Michael J. System and method for incenting payment using radio frequency identification in contact and contactless transactions
US20030132292A1 (en) * 2002-01-11 2003-07-17 Hand Held Products, Inc. Transaction terminal including imaging module
US20090085724A1 (en) * 2004-02-25 2009-04-02 Accenture Global Services Gmbh Rfid enabled media system and method that provides dynamic downloadable media content
US20060021041A1 (en) * 2004-07-20 2006-01-26 International Business Machines Corporation Storage conversion for anti-virus speed-up
US20060064391A1 (en) * 2004-09-20 2006-03-23 Andrew Petrov System and method for a secure transaction module
US20060072761A1 (en) * 2004-09-30 2006-04-06 Bruce Johnson Access point that wirelessly provides an encryption key to an authenticated wireless station
US20130013925A1 (en) * 2004-12-20 2013-01-10 Broadcom Corporation System and Method for Authentication via a Proximate Device

Cited By (133)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140337921A1 (en) * 2003-11-13 2014-11-13 David A. Hanna, JR. Security and access system based on multi-dimensional location characteristics
US9356940B2 (en) * 2003-11-13 2016-05-31 Digital Authentication Technologies, Inc. Security and access system based on multi-dimensional location characteristics
US9336359B2 (en) 2004-10-18 2016-05-10 Microsoft Technology Licensing, Llc Device certificate individualization
US9224168B2 (en) 2004-11-15 2015-12-29 Microsoft Technology Licensing, Llc Tuning product policy using observed evidence of customer behavior
US9264426B2 (en) 2004-12-20 2016-02-16 Broadcom Corporation System and method for authentication via a proximate device
US8295484B2 (en) 2004-12-21 2012-10-23 Broadcom Corporation System and method for securing data from a remote input device
US20060133604A1 (en) * 2004-12-21 2006-06-22 Mark Buer System and method for securing data from a remote input device
US9288192B2 (en) 2004-12-21 2016-03-15 Broadcom Corporation System and method for securing data from a remote input device
US20060143446A1 (en) * 2004-12-23 2006-06-29 Microsoft Corporation System and method to lock TPM always 'on' using a monitor
US7360253B2 (en) * 2004-12-23 2008-04-15 Microsoft Corporation System and method to lock TPM always ‘on’ using a monitor
US20070006299A1 (en) * 2005-06-30 2007-01-04 Ian Elbury System and method of user credential management
US8219814B2 (en) * 2005-06-30 2012-07-10 Psion Teklogix Inc. System and method of user credential management
US9088416B2 (en) * 2005-11-24 2015-07-21 Synchronica Plc Method for securely associating data with HTTP and HTTPS sessions
US20080307517A1 (en) * 2005-11-24 2008-12-11 Nikolai Grigoriev Method for Securely Associating Data with Http and Https Sessions
US8812704B2 (en) 2005-12-29 2014-08-19 Intel Corporation Method, apparatus and system for platform identity binding in a network node
US20070156858A1 (en) * 2005-12-29 2007-07-05 Kapil Sood Method, apparatus and system for platform identity binding in a network node
US8341714B2 (en) * 2005-12-29 2012-12-25 Axsionics Ag Security token and method for authentication of a user with the security token
US8099495B2 (en) * 2005-12-29 2012-01-17 Intel Corporation Method, apparatus and system for platform identity binding in a network node
US20090320118A1 (en) * 2005-12-29 2009-12-24 Axsionics Ag Security Token and Method for Authentication of a User with the Security Token
US20100325438A1 (en) * 2005-12-31 2010-12-23 Broadcom Corporation System and Method for Binding a Smartcard and a Smartcard Reader
US7775427B2 (en) * 2005-12-31 2010-08-17 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
US8132722B2 (en) 2005-12-31 2012-03-13 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
US9117324B2 (en) 2005-12-31 2015-08-25 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
US20070241182A1 (en) * 2005-12-31 2007-10-18 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
US8205238B2 (en) 2006-03-30 2012-06-19 Intel Corporation Platform posture and policy information exchange method and apparatus
US20070240197A1 (en) * 2006-03-30 2007-10-11 Uri Blumenthal Platform posture and policy information exchange method and apparatus
US7623378B1 (en) * 2006-05-02 2009-11-24 Lattice Semiconductor Corporation Selective programming of non-volatile memory facilitated by security fuses
US8762719B2 (en) 2006-05-09 2014-06-24 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US20080046733A1 (en) * 2006-05-09 2008-02-21 Stephane Rodgers Method and System For Command Authentication To Achieve a Secure Interface
US8560829B2 (en) 2006-05-09 2013-10-15 Broadcom Corporation Method and system for command interface protection to achieve a secure interface
US8285988B2 (en) * 2006-05-09 2012-10-09 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US8452955B2 (en) * 2006-06-19 2013-05-28 Netsecure Innovations Inc. Method and apparatus for encryption and pass-through handling of confidential information in software applications
US20090307482A1 (en) * 2006-06-19 2009-12-10 Mccann Daniel Method and Apparatus for Encryption and Pass-Through Handling of Confidential Information in Software Applications
US8272002B2 (en) * 2006-08-18 2012-09-18 Fujitsu Limited Method and system for implementing an external trusted platform module
US20080046581A1 (en) * 2006-08-18 2008-02-21 Fujitsu Limited Method and System for Implementing a Mobile Trusted Platform Module
US20080046898A1 (en) * 2006-08-18 2008-02-21 Fujitsu Limited Method and System for Implementing an External Trusted Platform Module
US8522018B2 (en) 2006-08-18 2013-08-27 Fujitsu Limited Method and system for implementing a mobile trusted platform module
US20080205363A1 (en) * 2006-12-19 2008-08-28 Rainer Falk Method for operating a VoIP terminal device and a VoIP terminal device
EP1936905A1 (en) * 2006-12-19 2008-06-25 Siemens Enterprise Communications GmbH & Co. KG Method for operating a VoIP terminal and VoIP terminal
US8549619B2 (en) * 2007-01-22 2013-10-01 Dell Products L.P. Removable hard disk with embedded security card
US8607359B2 (en) * 2007-01-22 2013-12-10 Dell Products L.P. Removable hard disk with front panel input
US20080178283A1 (en) * 2007-01-22 2008-07-24 Pratt Thomas L Removable hard disk with front panel input
US20080178007A1 (en) * 2007-01-22 2008-07-24 Winston Bumpus Removable hard disk with embedded security card
US8566247B1 (en) * 2007-02-19 2013-10-22 Robert H. Nagel System and method for secure communications involving an intermediary
US7882340B2 (en) 2007-07-31 2011-02-01 Hewlett-Packard Development Company, L.P. Fingerprint reader remotely resetting system and method
US20090037735A1 (en) * 2007-08-01 2009-02-05 O'farrell David Method and system for delivering secure messages to a computer desktop
US9269251B2 (en) 2007-08-31 2016-02-23 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network
US8970392B2 (en) 2007-08-31 2015-03-03 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network
US9848058B2 (en) 2007-08-31 2017-12-19 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network employing dynamic communication link mapping
US8587427B2 (en) 2007-08-31 2013-11-19 Cardiac Pacemakers, Inc. Medical data transport over wireless life critical network
US8818522B2 (en) 2007-08-31 2014-08-26 Cardiac Pacemakers, Inc. Wireless patient communicator for use in a life critical network
US9582686B1 (en) * 2007-11-13 2017-02-28 Altera Corporation Unique secure serial ID
US8850215B2 (en) * 2007-12-21 2014-09-30 Nokia Corporation Method of access control and corresponding device
US20110047387A1 (en) * 2007-12-21 2011-02-24 Nokia Corporation Method of Access Control and Corresponding Device
US20100011211A1 (en) * 2008-07-09 2010-01-14 Theodoros Anemikos Radio Frequency Identification (RFID) Based Authentication System and Methodology
US8214651B2 (en) * 2008-07-09 2012-07-03 International Business Machines Corporation Radio frequency identification (RFID) based authentication system and methodology
US20100011438A1 (en) * 2008-07-11 2010-01-14 International Business Machines Corporation Role-Based Privilege Management
US8196195B2 (en) * 2008-07-11 2012-06-05 International Business Machines Corporation Role-based privilege management
US9053480B1 (en) 2008-09-30 2015-06-09 Amazon Technologies, Inc. Secure validation using hardware security modules
US8892868B1 (en) * 2008-09-30 2014-11-18 Amazon Technologies, Inc. Hardening tokenization security and key rotation
US9628274B1 (en) 2008-09-30 2017-04-18 Amazon Technologies, Inc. Hardening tokenization security and key rotation
US20100095109A1 (en) * 2008-10-14 2010-04-15 Research In Motion Limited Method for Managing Opaque Presence Indications Within a Presence Access Layer
US8473733B2 (en) * 2008-10-14 2013-06-25 Research In Motion Limited Method for managing opaque presence indications within a presence access layer
US8312092B2 (en) 2008-10-15 2012-11-13 Research In Motion Limited Use of persistent sessions by a presence access layer
US20100099387A1 (en) * 2008-10-16 2010-04-22 Research In Motion Limited Controlling and/or Limiting Publication Through the Presence Access Layer
US8751584B2 (en) 2008-10-16 2014-06-10 Blackberry Limited System for assignment of a service identifier as a mechanism for establishing a seamless profile in a contextually aware presence access layer
US20100100617A1 (en) * 2008-10-16 2010-04-22 Research In Motion Limited System for Assignment of a Service Identifier as a Mechanism for Establishing a Seamless Profile in a Contextually Aware Presence Access Layer
US20100131754A1 (en) * 2008-11-21 2010-05-27 Research In Motion Limited Apparatus, and an Associated Method, for Providing and Using Opaque Presence Indications in a Presence Service
US8386769B2 (en) 2008-11-21 2013-02-26 Research In Motion Limited Apparatus, and an associated method, for providing and using opaque presence indications in a presence service
US8321926B1 (en) * 2008-12-02 2012-11-27 Lockheed Martin Corporation System and method of protecting a system that includes unprotected computer devices
US8812841B2 (en) * 2009-03-04 2014-08-19 Cardiac Pacemakers, Inc. Communications hub for use in life critical network
US9552722B2 (en) 2009-03-04 2017-01-24 Cardiac Pacemakers, Inc. Modular communicator for use in life critical network
US8638221B2 (en) 2009-03-04 2014-01-28 Cardiac Pacemakers, Inc. Modular patient communicator for use in life critical network
US9313192B2 (en) 2009-03-04 2016-04-12 Cardiac Pacemakers, Inc. Communications hub for use in life critical network
US20100228977A1 (en) * 2009-03-04 2010-09-09 Jim Sievert Communications Hub for Use in Life Critical Network
CN101834725A (en) * 2009-03-13 2010-09-15 Sap股份公司 Securing communications sent by a first user to a second user
US20100235627A1 (en) * 2009-03-13 2010-09-16 Sap Ag Securing communications sent by a first user to a second user
US8688973B2 (en) * 2009-03-13 2014-04-01 Sap Ag Securing communications sent by a first user to a second user
WO2010112368A3 (en) * 2009-03-30 2010-11-25 Bundesdruckerei Gmbh Method for reading attributes from an id token via a mobile radio connection
US20100246823A1 (en) * 2009-03-30 2010-09-30 Qualcomm Incorporated Apparatus and method for address privacy protection in receiver oriented channels
US9042549B2 (en) * 2009-03-30 2015-05-26 Qualcomm Incorporated Apparatus and method for address privacy protection in receiver oriented channels
US7690032B1 (en) 2009-05-22 2010-03-30 Daon Holdings Limited Method and system for confirming the identity of a user
US8693990B2 (en) * 2009-06-16 2014-04-08 International Business Machines Corporation System, method, and apparatus for proximity-based authentication for managing personal data
US20120178419A1 (en) * 2009-06-16 2012-07-12 International Business Machines Corporation System, method, and apparatus for proximity-based authentication for managing personal data
US8971530B2 (en) * 2009-06-24 2015-03-03 Intel Corporation Cryptographic key generation using a stored input value and a stored count value
US9800409B2 (en) 2009-06-24 2017-10-24 Intel Corporation Cryptographic key generation using a stored input value and a stored count value
US20160197724A1 (en) * 2009-06-24 2016-07-07 Intel Corporation Cryptographic Key Generation Using A Stored Input Value And A Stored Count Value
US20100329455A1 (en) * 2009-06-24 2010-12-30 Daniel Nemiroff Cryptographic key generation using a stored input value and a stored count value
US8326266B2 (en) 2010-05-25 2012-12-04 Telefonaktiebolaget Lm Ericsson (Publ) Redundant credentialed access to a secured network
WO2011147661A1 (en) * 2010-05-25 2011-12-01 Telefonaktiebolaget L M Ericsson (Publ) Redundant credentialed access to a secured network
US20120008784A1 (en) * 2010-07-08 2012-01-12 Phillip Martin Hallam-Baker Delegated Key Exchange System and Method of Operation
US20130191907A1 (en) * 2010-09-30 2013-07-25 Siemens Aktiengesellschaft Method and System for Secure Data Transmission with a VPN Box
US9674164B2 (en) * 2010-10-29 2017-06-06 Siemens Aktiengesellschaft Method for managing keys in a manipulation-proof manner
US20130212378A1 (en) * 2010-10-29 2013-08-15 Siemens Aktiengesellschaft Method for managing keys in a manipulation-proof manner
WO2012056049A1 (en) * 2010-10-31 2012-05-03 Technische Universität Darmstadt Reader as an electronic identification
US9026805B2 (en) * 2010-12-30 2015-05-05 Microsoft Technology Licensing, Llc Key management using trusted platform modules
US20120173885A1 (en) * 2010-12-30 2012-07-05 Microsoft Corporation Key management using trusted platform modules
US9438418B1 (en) * 2011-05-06 2016-09-06 Altera Corporation Systems and methods for generating a key difficult to clone
US9628875B1 (en) 2011-06-14 2017-04-18 Amazon Technologies, Inc. Provisioning a device to be an authentication device
US9639825B1 (en) * 2011-06-14 2017-05-02 Amazon Technologies, Inc. Securing multifactor authentication
US8548172B2 (en) * 2011-07-08 2013-10-01 Sap Ag Secure dissemination of events in a publish/subscribe network
US9867042B2 (en) * 2011-08-08 2018-01-09 Mikoh Corporation Radio frequency identification technology incorporating cryptographics
US20140286491A1 (en) * 2011-08-08 2014-09-25 Mikoh Corporation Radio frequency identification technology incorporating cryptographics
US8547136B1 (en) * 2011-11-11 2013-10-01 Altera Corporation Logic block protection system
US8739264B1 (en) * 2011-12-29 2014-05-27 Sprint Communications Company L.P. Managing access to secured data
US20130173899A1 (en) * 2012-01-03 2013-07-04 International Business Machines Corporation Method for Secure Self-Booting of an Electronic Device
US9202060B2 (en) * 2012-01-03 2015-12-01 International Business Machines Corporation Method for secure self-booting of an electronic device
US9182748B2 (en) * 2012-02-08 2015-11-10 Identive Group, Inc. RFID access control reader with enhancements
US20130214899A1 (en) * 2012-02-08 2013-08-22 Identive Group, Inc. RFID Access Control Reader with Enhancements
US9009258B2 (en) 2012-03-06 2015-04-14 Google Inc. Providing content to a user across multiple devices
US9634831B2 (en) 2012-03-29 2017-04-25 Microsoft Technology Licensing, Llc Role-based distributed key management
US9008316B2 (en) 2012-03-29 2015-04-14 Microsoft Technology Licensing, Llc Role-based distributed key management
US9147200B2 (en) 2012-04-27 2015-09-29 Google Inc. Frequency capping of content across multiple devices
US9258279B1 (en) 2012-04-27 2016-02-09 Google Inc. Bookmarking content for users associated with multiple devices
US9881301B2 (en) * 2012-04-27 2018-01-30 Google Llc Conversion tracking of a user across multiple devices
US9514446B1 (en) 2012-04-27 2016-12-06 Google Inc. Remarketing content to a user associated with multiple devices
US9940481B2 (en) 2012-04-27 2018-04-10 Google Llc Privacy management across multiple devices
US8978158B2 (en) 2012-04-27 2015-03-10 Google Inc. Privacy management across multiple devices
US20140067689A1 (en) * 2012-08-31 2014-03-06 Ncr Corporation Security module and method of securing payment information
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
US9495524B2 (en) * 2012-10-01 2016-11-15 Nxp B.V. Secure user authentication using a master secure element
US9811116B2 (en) * 2013-05-24 2017-11-07 Qualcomm Incorporated Utilization and configuration of wireless docking environments
US20140351476A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Utilization and configuration of wireless docking environments
US9832596B2 (en) 2013-05-24 2017-11-28 Qualcomm Incorporated Wireless docking architecture
US20150007311A1 (en) * 2013-07-01 2015-01-01 International Business Machines Corporation Security Key for a Computing Device
US20160087794A1 (en) * 2013-10-03 2016-03-24 Whatsapp Inc. Combined authentication and encryption
US9813250B2 (en) * 2013-10-03 2017-11-07 Whatsapp Inc. Combined authentication and encryption
WO2015136284A1 (en) * 2014-03-11 2015-09-17 Iot Tech Limited Trusted networks
EP2942995A1 (en) * 2014-05-06 2015-11-11 Apple Inc. Storage of credential service provider data in a security domain of a secure element
US9584489B2 (en) 2015-01-29 2017-02-28 Google Inc. Controlling access to resource functions at a control point of the resource via a user device
WO2016195990A1 (en) * 2015-05-29 2016-12-08 Google Inc. Controlling access to resource functions at a control point of the resource via a user device
GB2553060A (en) * 2015-05-29 2018-02-21 Google Llc Controlling access to resource functions at a control point of the resource via a user device
WO2017167519A1 (en) * 2016-03-29 2017-10-05 Siemens Aktiengesellschaft Access control

Also Published As

Publication number Publication date Type
US9264426B2 (en) 2016-02-16 grant
US20130013925A1 (en) 2013-01-10 application

Similar Documents

Publication Publication Date Title
US7299364B2 (en) Method and system to maintain application data secure and authentication token for use therein
US6138239A (en) Method and system for authenticating and utilizing secure resources in a computer system
US7181016B2 (en) Deriving a symmetric key from an asymmetric key for file encryption or decryption
US6732278B2 (en) Apparatus and method for authenticating access to a network resource
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
US20060129848A1 (en) Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
US20080005577A1 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
US20040177258A1 (en) Secure object for convenient identification
EP1933252A1 (en) Dynamic OTP Token
US20080109903A1 (en) Secure co-processing memory controller integrated into an embedded memory subsystem
US20070061566A1 (en) Tokencode Exchanges for Peripheral Authentication
US6636971B1 (en) Method and an apparatus for secure register access in electronic device
US20060259782A1 (en) Computer security system and method
US20050108171A1 (en) Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform
US20050132186A1 (en) Method and apparatus for a trust processor
US7373509B2 (en) Multi-authentication for a computing device connecting to a network
US20050108534A1 (en) Providing services to an open platform implementing subscriber identity module (SIM) capabilities
US20050166051A1 (en) System and method for certification of a secure platform
US20080155271A1 (en) Solid-state memory-based generation and handling of security authentication tokens
US20050250472A1 (en) User authentication using a wireless device
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
US20060075259A1 (en) Method and system to generate a session key for a trusted channel within a computer system
US20070118745A1 (en) Multi-factor authentication using a smartcard
US20070150736A1 (en) Token-enabled authentication for securing mobile devices

Legal Events

Date Code Title Description
AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BUER, MARK;FRANK, ED;REEL/FRAME:016834/0803;SIGNING DATES FROM 20050624 TO 20050804

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:039646/0092

Effective date: 20160808

AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:039901/0237

Effective date: 20160808

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119