WO2020214833A1 - Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée - Google Patents

Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée Download PDF

Info

Publication number
WO2020214833A1
WO2020214833A1 PCT/US2020/028549 US2020028549W WO2020214833A1 WO 2020214833 A1 WO2020214833 A1 WO 2020214833A1 US 2020028549 W US2020028549 W US 2020028549W WO 2020214833 A1 WO2020214833 A1 WO 2020214833A1
Authority
WO
WIPO (PCT)
Prior art keywords
substitute
interaction
devices
computing device
user
Prior art date
Application number
PCT/US2020/028549
Other languages
English (en)
Other versions
WO2020214833A9 (fr
Inventor
Alexander R. LEDWITH
Wade Benson
Marc J. Krochmal
John J. IAROCCI
Jerrold V. Hauck
Michael Brouwer
Mitchell D. Adler
Yannick L. Sierra
Libor Sykora
Jiri MARGARITOV
Original Assignee
Apple Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/388,831 external-priority patent/US11250118B2/en
Application filed by Apple Inc. filed Critical Apple Inc.
Priority to CN202080028656.8A priority Critical patent/CN113692584A/zh
Priority to EP20724335.3A priority patent/EP3925254A1/fr
Publication of WO2020214833A1 publication Critical patent/WO2020214833A1/fr
Publication of WO2020214833A9 publication Critical patent/WO2020214833A9/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses

Definitions

  • Figure 23 illustrates an example of a substitute interaction that allows for installing a program on a first device even when the first device is currently being accessed under a user account that does not have privileges for installing the program
  • the first device’s communication layer not only identifies the nearby devices, bur also identifies the account with which each identified device is associated (e.g., that the second device is associated with the first user account).
  • the communication layer passes to the accelerant module an identifier for the first user account, or a value from which the accelerant module can identify the first-user account identifier. Based on this identifier, the accelerant module provides the authentication module the substitute credential for first user account and in some cases the username.
  • the substitute interaction for some operations entails sending a request to the second device to seek authorization for a requested operation, after a UI item is selected on the first device.
  • the second device in some embodiments displays the authorization request with a notification that describes the request and provides controls for accepting or rejecting the request.
  • the accelerant module provides to the authorization module a substitute credential in lieu of a user-supplied credential
  • the authorization module authorizes the requested operation for the first-device module that has to perform the operation (e.g., for the module that has to change the setting on the device, install the program or purchase an item on the first device).
  • the above-described interaction is used in some embodiments to send a request to change a setting, install a program or purchase an item from a computer (e.g., laptop or desktop) to a smartwatch that is associated with an
  • the process 100 establishes (at 1 10) an initial connection between the trusted and target devices.
  • the initial connection uses a secure, standardized wireless protocol (e.g., Bluetooth) to discover the other device and establish the initial connection .
  • the process 100 of some embodiments uses the initial connection to exchange (at 1 15) ranging connection information (e.g., bootstrap information) used to set up a ranging connection (e.g , over WiFi) between the devices
  • ranging connection information e.g., bootstrap information
  • a ranging connection e.g., over WiFi
  • a ranging connection (depicted with a dashed line) has been set up between the trusted and target devices 210 and 220.
  • the second stage 202 also shows that ranging information 255 is exchanged between the devices over the rangi ng connection.
  • the ranging information 255 allows one or both of the devices 210 and 220 to compute the distance between the two devices.
  • the ranging information includes multiple sample distance measurements that are further analyzed to determine the distance between the two devices.
  • Figures 5 and 6 illustrate examples of initiating the ranging connection from the target and trusted devices respectively.
  • Figure 5 illustrates an example of a target device that establishes a connection with a trusted device in two stages 501 and 502.
  • the first stage 501 shows a laptop computer 510 (i.e., target device) and a watch 520 (i.e., trusted device).
  • the watch 520 is shown announcing its availability.
  • the first stage 501 also shows that a user provides input (e.g., tapping a key, opening the lid of the laptop computer 510, etc.) to initiate a ranging process.
  • the second stage 502 shows that the devices have established (through processes such as those described above with reference to Figures 3 and 4) a wireless ranging connection.
  • target device 1020 has received and verified nonce N1 against the nonce N1 derived with key deriver 1025 and stored at memory 1022 of the target device 1020.
  • target device 1020 records timestamps T2 and T3. Timestamp T2 marks the time when N1 is received at target device 1020, while timestamp T3 marks the time when N2 1055 is sent from the target device 1020 to the trusted device 1010.
  • nonce N2 was derived with nonce N1 and the derived key DK1, but in some embodiments, the nonce N2 is not derived until the nonce N1 received from the trusted device 1010 is verified
  • the process 1100 begins by sharing (at 1105) a shared secret.
  • the process 1100 then derives (at 1 110) a derived key for encrypting and exchanging ranging data.
  • the ranging data of some embodiments includes the timestamps for when the different nonces are sent between the devices.
  • the ranging data of some embodiments includes a set of nonces that are sent with ranging signals between the devices to allow a receiving device to confirm the identity of the sender of a ranging signal
  • the process 1100 then derives (at 1115) a nonce for the trusted device.
  • the trusted- device nonce allows a target device to verify that the nonce came from the trusted device (e.g, because it has also generated the same nonce).
  • the process 1100 then sends (at 1120) the trusted-device nonce to the target device and records the sent time (Tl).
  • the shared secret (and any values derived from the shared secret) are only used for a single ranging operation, so when the method of some embodiments determines that the devices are not within the desired proximity (or that the ranging information cannot be verified), the method discards the shared secret and any shared values (e.g , nonces, derived keys, etc.) and generates a new shared secret before beginning the process again.
  • the process 1100 determines (at 1130) that the target nonce is valid, the process 1100 records (at 1 135) the sample distance measurement and ends.
  • Figure 13 illustrates an example of primary and secondary threshold distances from a device, This figure shows a target device 1305 that is to be unlocked. This figure is used to illustrate different distances used for a dual band ranging operation, and is described with reference to Figure 14.
  • Figure 14 conceptually illustrates a process for performing a ranging operation with multiple frequency bands,
  • the ranging operation performed with the lower-frequency band is similar to the operations described above, but in other embodiments, the lower-frequency band uses a different ranging operation from the higher-frequency band.
  • the preliminary ranging operation of some embodiments is available as a part of a wireless protocol standard.
  • the process 1500 exchanges (at 1510) timestamps for when the nonces are sent and received with the other device. For instance, in the examples above, a trusted device sends the time that the first nonce is sent and the time that the second nonce is received, while a target device sends the time that the first nonce is received and the time that the second nonce is sent.
  • the process 1500 determines (at 1535) that the other device is not within the threshold distance, the process 1500 establishes (at 1545) that the devices may not be within the desired range and ends.
  • the accelerant module provides to the authentication module a substitute credential (e.g, a secret) in lieu of the first user account access credential(s) (e.g, the account password, passcode, biometric input, etc.) in order to direct this module to allow the first device to be accessed under the first user account.
  • a substitute credential e.g, a secret
  • the first user account access credential(s) e.g, the account password, passcode, biometric input, etc.
  • the coramiinication layer finds such a device, it determines whether the device is within a prescribed distance and has been enabled for simplifying access to the first device (e.g., whether the second device has been paired with the first device). If the identified device has not been so enabled, or is not within the prescribed distance, the communication layer does not report it to the accelerant module. However, if it has been enabled and is within the prescribed distance, the communication layer reports the identified device to the accelerant module. Below, the identified device is referred to as the second device, and the prescribed distance is referred to as the first distance.
  • the computer 1700 detects that a watch that is associated with one of the user accounts of the computer is nearby (i.e., is within a particular distance) and this watch is wrapped around a person’s hand, the computer’s access-accelerant module (not shown) enables a substitute interaction for allowing John to access more quickly the computer.
  • the substitute interaction is the selection of the John account identifier 1720 in the access-screen presentation 1710.
  • the computer unlocks the displayed presentation to show a desktop page 1760 that is associated with the John’s user account, as depicted in Figure 17 by stage 1706 and the transition from stage 1702 to stage 1706. If this account was not logged into at 1702, the computer 1700 performs a login operation when it transitions from 1702 to 1706.
  • the accelerant module can enable substitute interactions on the first device even when the first device is currently being accessed under a user account that does not have privileges for the requested operation. For instance, while a second user account is logged Into the first device, a user might try to change a setting, install a program or purchase an item on the first device, which cannot be done by providing the login credentials of the second user account.
  • the accelerant module of the first device in some embodiments can send a request to a second device to approve the desired operation (e.g, the change to the setting, the installation of the program, the purchase of the item, etc.) when the second device is within a particular distance of the first device and the second device is associated with the first user account.
  • Figure 24 illustrates an example of enabling two different substitute interactions when a watch is at two different distances from a computer. This example is illustrated in three sections 2405, 2410, and 2415, with each section showing two operational stages of the computer 1700 and the watch 1740.
  • the first stage 2402 of the first section 2405 shows the watch 1740 on John’s wrist as (1) the computer displays an access-display presentation that only identifies John’s user account and (2) John presses the space bar 2422 on the keyboard 2424 of the computer 1700
  • the modules of Figure 25 include an authentication manager 2510, a communication manager 2515, an input manager 2520, a settings manager 2525, a program install manager 2530, a login manager 2535, a lock-screen manager 2540, and a purchasing manager 2545.
  • the communication manager 2515 includes one or more drivers that interface with one or more short-range transceivers (not shown) of tlie first device.
  • a transceiver is the Bluetooth transceiver of the first device.
  • the communication manager 2515 initially determines (at 2705) whether the second device has been enabled for supporting substitute interactions with the first device.
  • the second device would have gone through a pairing process with the first device and would have to he associated with one of the user accounts associated with the first device. In other embodiments, the second device just has to be associated with one of the user accounts associated with the first device.
  • TSie read-only -memory (ROM) 2830 stores static data and instructions that are needed by the processing unit(s) 2810 and other modules of the electronic system.
  • the permanent storage device 2835 is a read-and-write memory device. This device is a non-volatile memory unit that stores instructions and data even when the electronic system 2800 is off.
  • Some embodiments of the subject technology use a mass-storage device (such as a magnetic or optical disk and its corresponding disk drive, integrated flash memory) as the permanent storage device 2835.
  • the computer-readable media may store a computer program that is executable by at least one processing unit and includes sets of instructions for performing various operations. Examples of computer programs or computer code include machine code, such as is produced by a compiler, and files including higher-level code that are executed by a computer, an electronic component, or a microprocessor using an interpreter.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • Social Psychology (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Facsimiles In General (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Dans certains modes de réalisation, un premier dispositif effectue des opérations de télémétrie pour permettre à un utilisateur d'effectuer une ou plusieurs opérations sur le premier dispositif sans fournir de justificatifs d'identité d'accès au dispositif. Par exemple, lorsqu'un second dispositif se trouve à une première distance du premier dispositif, le premier dispositif détermine que le second dispositif est associé à un premier compte d'utilisateur qui est autorisé à effectuer des opérations sur le premier dispositif. En réponse à la détermination, le premier dispositif permet à au moins une interaction de substitution (par exemple, une interaction UI sans mot de passe) en vue d'autoriser que les opérations à réaliser sur le premier dispositif fassent l'objet d'un accès sans recevoir de justificatifs d'accès par l'intermédiaire d'une interface utilisateur. En réponse à la détection d'une occurrence de l'interaction de substitution, l'opération est autorisée sur le premier dispositif.
PCT/US2020/028549 2019-04-18 2020-04-16 Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée WO2020214833A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202080028656.8A CN113692584A (zh) 2019-04-18 2020-04-16 使用安全范围检测与设备进行远程交互
EP20724335.3A EP3925254A1 (fr) 2019-04-18 2020-04-16 Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/388,831 US11250118B2 (en) 2016-06-12 2019-04-18 Remote interaction with a device using secure range detection
US16/388,831 2019-04-18

Publications (2)

Publication Number Publication Date
WO2020214833A1 true WO2020214833A1 (fr) 2020-10-22
WO2020214833A9 WO2020214833A9 (fr) 2020-12-24

Family

ID=70554248

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/028549 WO2020214833A1 (fr) 2019-04-18 2020-04-16 Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée

Country Status (3)

Country Link
EP (1) EP3925254A1 (fr)
CN (1) CN113692584A (fr)
WO (1) WO2020214833A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282877A1 (en) * 2013-03-13 2014-09-18 Lookout, Inc. System and method for changing security behavior of a device based on proximity to another device
US20170357788A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Unlocking a device
US20170359169A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Modifying security state with secured range detection
US20180276367A1 (en) * 2016-06-12 2018-09-27 Apple Inc. Modifying security state with secured range detection
WO2019067105A1 (fr) * 2017-09-29 2019-04-04 Apple Inc. Dispositif mobile de communication et de télémétrie à l'aide d'un système de commande d'accès à fonctionnalité automatique

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9002322B2 (en) * 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
SG11201505362WA (en) * 2013-01-09 2015-08-28 Evernym Inc Systems and methods for access-controlled interactions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282877A1 (en) * 2013-03-13 2014-09-18 Lookout, Inc. System and method for changing security behavior of a device based on proximity to another device
US20170357788A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Unlocking a device
US20170359169A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Modifying security state with secured range detection
US20180276367A1 (en) * 2016-06-12 2018-09-27 Apple Inc. Modifying security state with secured range detection
WO2019067105A1 (fr) * 2017-09-29 2019-04-04 Apple Inc. Dispositif mobile de communication et de télémétrie à l'aide d'un système de commande d'accès à fonctionnalité automatique

Also Published As

Publication number Publication date
WO2020214833A9 (fr) 2020-12-24
EP3925254A1 (fr) 2021-12-22
CN113692584A (zh) 2021-11-23

Similar Documents

Publication Publication Date Title
US11250118B2 (en) Remote interaction with a device using secure range detection
AU2021200451B2 (en) Modifying security state with secured range detection
US11176237B2 (en) Modifying security state with secured range detection
US11832099B2 (en) System and method of notifying mobile devices to complete transactions
US9807610B2 (en) Method and apparatus for seamless out-of-band authentication
US9524388B2 (en) System and method for enforcing a policy for an authenticator device
AU2018203927A1 (en) Auto-user registration and unlocking of a computing device
JP2019531567A (ja) 装置認証のシステム及び方法
KR20160097323A (ko) Nfc 인증 메커니즘
US20170289159A1 (en) Security support for free wi-fi and sponsored connectivity for paid wi-fi
US10021092B1 (en) Systems and methods for device authentication
US9648495B2 (en) Method and device for transmitting a verification request to an identification module
US11178137B2 (en) System for IoT devices communicating with server using a tentative common key
EP3925254A1 (fr) Interaction à distance avec un dispositif au moyen d'une détection de portée sécurisée
KR102198160B1 (ko) 인증서 관리 방법
US20230198981A1 (en) Systems and methods for credentials sharing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20724335

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020724335

Country of ref document: EP

Effective date: 20210917

NENP Non-entry into the national phase

Ref country code: DE