Proximity based authentication using bluetooth
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04B-007/00
H04W-004/00
H04W-012/06
H04W-084/12
출원번호
US-0673126
(2015-03-30)
등록번호
US-9730001
(2017-08-08)
발명자
/ 주소
George, Moses
출원인 / 주소
VMware, Inc.
인용정보
피인용 횟수 :
0인용 특허 :
4
초록▼
Techniques for securing communications between fixed devices and mobile devices. A mobile device management server mediates communications between the fixed device and mobile device. The mobile device management server enrolls mobile devices and then assists with pairing the mobile devices to fixed
Techniques for securing communications between fixed devices and mobile devices. A mobile device management server mediates communications between the fixed device and mobile device. The mobile device management server enrolls mobile devices and then assists with pairing the mobile devices to fixed devices in an out-of-band manner. This enrollment, coupled with out-of-band pairing, improves the speed and security of authenticating communication between fixed and mobile devices. If the mobile device has appropriate capabilities, the mobile device management server may request that the mobile device obtain and verify biometric data from a user prior to enrollment and performing authentication procedures.
대표청구항▼
1. A method for securing communications between a first device and a mobile device, comprising: verifying enrollment credentials received from the mobile device;receiving, at a management server located remotely from the first device and the mobile device, a first security token associated with a BL
1. A method for securing communications between a first device and a mobile device, comprising: verifying enrollment credentials received from the mobile device;receiving, at a management server located remotely from the first device and the mobile device, a first security token associated with a BLUETOOTH subsystem of the mobile device;receiving, at the management server, a second security token associated with a BLUETOOTH subsystem of the first device; andinitiating, by the management server, an out-of-band pairing between the first device and the mobile device based on the first and second security tokens received at the management server,wherein the out-of-band pairing directly pairs the first device and the mobile device to one another, andwherein the first and second security tokens comprise BLUETOOTH tokens received at the management server via an infrastructure network. 2. The method of claim 1, wherein initiating the out-of-band pairing comprises: transmitting the first security token to the first device; andtransmitting the second security token to the mobile device. 3. The method of claim 1, wherein: the first device comprises a private device, andthe out-of-band pairing is initiated in response to verifying the enrollment credentials. 4. The method of claim 3, further comprising: in response to verifying the enrollment credentials, transmitting a first media access control address (MAC address) associated with the first device to the mobile device and transmitting a second MAC address associated with the mobile device to the first device. 5. The method of claim 4, further comprising: performing a scan for mobile devices, by the first device, via a local wireless network;transmitting, via the local wireless network, a response to the scan from the mobile device to the first device, the response including the second MAC address;determining that the first device has previously received the second MAC address; andperforming an authentication task between the first device and the mobile device, via the local wireless network. 6. The method of claim 1, wherein: the first device comprises a public device, andthe out-of-band pairing is initiated in response to an identification inquiry from the public device that includes a first media access control address (MAC address) of the mobile device for identification. 7. The method of claim 6, further comprising: performing a scan for mobile devices, by the first device, via a local wireless network, to receive the first MAC address from the mobile device. 8. The method of claim 7, further comprising: in response to verifying the enrollment credentials, transmitting a second MAC address that is associated with the first device to the mobile device;receiving the first MAC address;performing the out-of-band pairing in response to determining that the first MAC address corresponds to the mobile device, which is enrolled; andperforming an authentication task between the first device and the mobile device, via the local wireless network. 9. The method of claim 1, wherein: the first security token is generated by a first BLUETOOTH service associated with the mobile device; andthe second security token is generated by a second BLUETOOTH service associated with the first device. 10. A system for securing communications between a first device and a mobile device, comprising: a mobile device management server located remotely from the first device and the mobile device and configured to: verify enrollment credentials received from the mobile device;obtain, via an infrastructure network, a first security token associated with a BLUETOOTH subsystem of the mobile device from the mobile device;obtain, via the infrastructure network, a second security token associated with a BLUETOOTH subsystem of the first device from the first device; andinitiate an out-of-band direct pairing between the first device and the mobile device based on the first and second security tokens,wherein the first and second security tokens comprise BLUETOOTH tokens. 11. The system of claim 10, wherein the mobile device management server is configured to initiate the out-of-band pairing by: transmitting the first security token to the first device; andtransmitting the second security token to the mobile device. 12. The system of claim 10, wherein: the first device comprises a private device, andthe out-of-band pairing is initiated in response to verifying the enrollment credentials. 13. The system of claim 12, wherein the mobile device management server is further configured to: in response to verifying the enrollment credentials, transmit a first media access control address (MAC address) associated with the first device to the mobile device and transmit a second MAC address associated with the mobile device to the first device. 14. The system of claim 13, wherein the first device is configured to perform a scan for mobile devices via a local wireless network,wherein the mobile device is configured to transmit, via the local wireless network, a response to the scan to the first device, the response including the second MAC address,wherein the first device is further configured to determine that the first device has previously received the second MAC address, andwherein the first device and the mobile device are configured to perform an authentication task between the first device and the mobile device, via the local wireless network. 15. The system of claim 10, wherein: the first device comprises a public device, andthe mobile device management server is configured to initiate the out-of-band pairing in response to an identification inquiry from the public device that includes a first media access control address (MAC address) of the mobile device for identification. 16. The system of claim 15, wherein the first device is configured to perform a scan for mobile devices, via a local wireless network, to receive the first MAC address from the mobile device. 17. The system of claim 16, wherein the mobile device management server is further configured to: in response to verifying the enrollment credentials, transmit a second MAC address that is associated with the first device to the mobile device;receive the first MAC address;initiate the out-of-band pairing in response to determining that the first MAC address corresponds to the mobile device, which is enrolled; andperform an authentication task between the first device and the mobile device, via the local wireless network. 18. The system of claim 10, wherein: the first security token is generated by a first BLUETOOTH service associated with the mobile device; andthe second security token is generated by a second BLUETOOTH service associated with the first device. 19. A non-transitory, computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform a method for securing communications between a first device and a mobile device, the method comprising: verifying enrollment credentials received from the mobile device;obtaining, via an infrastructure network, at a management server located remotely from the first device and the mobile device, a first security token associated with a BLUETOOTH subsystem of the mobile device;obtaining, via the infrastructure network, a second security token associated with a BLUETOOTH subsystem of the first device; andinitiating an out-of-band direct pairing between the first device and the mobile device based on the first and second security tokens,wherein the first and second security tokens comprise BLUETOOTH tokens. 20. The non-transitory, computer-readable medium of claim 19, wherein: the first security token is generated by a first BLUETOOTH service associated with the mobile device; andthe second security token is generated by a second BLUETOOTH service associated with the first device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (4)
Adams, Neil P., Management of multiple connections to a security token access device.
Metke, Anthony R.; Reitsma, Katrin; Lewis, Adam C.; Popovich, George; Upp, Steven D., Method and apparatus for single sign-on collaboration among mobile devices.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.