US20140137235A1 - Proximity Based Device Security - Google Patents

Proximity Based Device Security Download PDF

Info

Publication number
US20140137235A1
US20140137235A1 US14/158,907 US201414158907A US2014137235A1 US 20140137235 A1 US20140137235 A1 US 20140137235A1 US 201414158907 A US201414158907 A US 201414158907A US 2014137235 A1 US2014137235 A1 US 2014137235A1
Authority
US
United States
Prior art keywords
security token
proximity
proximity security
application
wireless communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/158,907
Inventor
Michael Horton
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Intellectual Property I LP
Original Assignee
AT&T Intellectual Property I LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AT&T Intellectual Property I LP filed Critical AT&T Intellectual Property I LP
Priority to US14/158,907 priority Critical patent/US20140137235A1/en
Assigned to AT&T INTELLECTUAL PROPERTY I, L.P. reassignment AT&T INTELLECTUAL PROPERTY I, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HORTON, MICHAEL
Publication of US20140137235A1 publication Critical patent/US20140137235A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • the present disclosure relates to device security. More specifically, the present disclosure relates to using a proximity security token to provide proximity-based device security.
  • cellular telephones have become a common tool of everyday life.
  • Cellular telephones are no longer simply used to place telephone calls.
  • cellular telephones often in the form of a smartphone, are now used for storing addresses, keeping a calendar, reading e-mails, drafting documents, etc.
  • e-mails or documents may be private or privileged and need to be safe from unauthorized users. An unauthorized user picking up or stealing the smartphone should not be able to access this private information.
  • smartphones may be password protected through the keypad.
  • users of smartphones find password locks on smartphones annoying and inconvenient.
  • the user sets up a password consisting of a series of keystrokes which must be re-entered to later access the cellular phone.
  • These passwords can generally be any number of characters which the user will remember.
  • the password is challenging enough that an unauthorized user cannot simply guess the password and gain access.
  • a problem with using simply a keypad for password entry is the ability of others to determine the password without the user's knowledge. Someone may be able to see the user enter the password and easily be able to repeat it.
  • What is needed is a way to secure a device while keeping the device easily accessible to an authorized user.
  • the present invention addresses the above-identified issues by providing a separate proximity security token in communication with a wireless communication device.
  • the token is carried by the user while device logic is installed on the user's wireless communication device.
  • the device logic along with transceivers allows the wireless communication device to sense proximity of the token through wireless communication. Given a certain range of the proximity security token, as determined by the wireless signal strength, the device logic locks or unlocks the wireless communication device.
  • the proximity security token is too far away, then the wireless communication device is locked and can only be accessed via a backup method of entering a password or other direct input form such as voice authentication.
  • Embodiments of the proximity security token solution make use of ultra-low power communications so that the proximity security token does not need to be continuously recharged, but instead is powered by a coin cell battery.
  • the proximity security token also provides an enhanced two factor authentication function for controlling other services on the wireless communication device or web based services via the wireless communication device.
  • exemplary embodiments of the present invention include an input, such as a biometric scanner, within the proximity security token. The input provides for further authentication based upon the identity of the user or an entry.
  • the present invention is a wireless communication device for allowing use when in range of a proximity security token.
  • the device includes a processor, a memory in communication with the processor, a transceiver in communication with the processor, and a device logic on the memory.
  • the device logic detects the presence of the proximity security token, receives a key from the proximity security token, allows use of the device, and monitors the presence of the proximity security token while the device is in use.
  • the device logic prevents use of the device upon detecting an absence of the proximity security token.
  • the present invention is a proximity security token for allowing use of a wireless communication device when in range of the wireless communication device.
  • the proximity security token includes a processor, a memory in communication with the processor, a transceiver in communication with the processor, a secure input in communication with the processor, a battery in communication with the processor, and a token logic on the memory.
  • the token logic detects the presence of the wireless communication device, receives a key from a user via the secure input, transmits the key to the wireless communication device, and monitors the presence of the wireless communication device while the wireless communication device is in use.
  • the token logic prevents use of the wireless communication device upon detecting an absence of the wireless communication device.
  • the present invention is a method for allowing use of a wireless communication device when in range of a proximity security token.
  • the method includes detecting the presence of the proximity security token, receiving a secure input from the proximity security token, allowing use of the device, and monitoring the presence of the proximity security token while the device is in use. Use of the device is prevented upon detecting an absence of the proximity security token.
  • FIGS. 1A and 1B show a wireless communication device for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • FIGS. 2A and 2B show a proximity security token, or fob, according to an exemplary embodiment of the present invention.
  • FIG. 3 shows a method of the present invention utilizing a password backup for the presence of a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 4 shows the separation of a wireless communication device from a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 5 shows a wireless communication device being left in an automobile, according to an exemplary embodiment of the present invention.
  • FIG. 6 shows a method of the present invention utilizing a proximity security token for unlocking an application on a wireless communication device, according to an exemplary embodiment of the present invention.
  • FIG. 7 shows a screenshot of a user setup of a security application for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 8A shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • FIG. 8B shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • FIGS. 9A and 9B show proximity security tokens with an embedded input, according to embodiments of the present invention.
  • FIG. 10 shows a proximity security token further being used to unlock an automobile, according to an exemplary embodiment of the present invention.
  • FIG. 11 shows a method of utilizing a biometric sensor on a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 12 shows a proximity security token used to authenticate a transaction, according to an exemplary embodiment of the present invention.
  • the token is carried by the user while device logic is installed on the user's wireless communication device.
  • the device logic along with transceivers, allows the wireless communication device to sense proximity of the token through wireless communication. Given a certain range of the proximity security token, as determined by the wireless signal strength, the device logic locks or unlocks the wireless communication device.
  • the proximity security token is too far away, then the wireless communication device is locked and can only be accessed via a backup method of entering a password or other direct input form such as voice authentication.
  • Embodiments of the proximity security token solution make use of ultra-low power communications so that the proximity security token does not need to be continuously recharged, but instead is powered by a long life coin cell battery.
  • the proximity security token also provides enhanced two factor authentication function for controlling other services on the wireless communication device or web based services via the wireless communication device.
  • Exemplary embodiments of the present invention contain an input, such as a biometric scanner, within the proximity security token. The input provides for further authentication based upon the identity of the user or an entry.
  • the proximity security token operates in one of two possible states of “active and unlocked” and “inactive and locked”.
  • the biometric function on the proximity security token is utilized to authenticate the user to the proximity security token and thus put the proximity security token in an “active and unlocked” state.
  • the proximity security token In the “active and unlocked” state, the proximity security token is able to communicate an approved unlock code to the wireless communication device via proximity communications.
  • the “active and unlocked” token state may be based on a countdown timer sequence based upon user defined settings in logic on the wireless communication device logic. Once the timer expires, the proximity security token changes to an “inactive and locked” state that triggers a locked state being communicated to the wireless communication device.
  • the user may put the proximity security token back into an “active and unlocked” state by performing an authentication activity directly on the proximity security token.
  • This feature provides the user with safeguards against the wireless communication device remaining in an unlocked and user interface accessible state if the user loses control of both the proximity security token and the wireless device to, for instance, an attacker.
  • the user is alerted of the separation of the wireless communication device and the proximity security token via an audible tone from the device and/or the proximity security token when the proximity security token and device are separated beyond a certain distance for a period of time defined by program logic. If the user leaves one or the other behind, then this makes the user aware that the wireless communication device or proximity security token is missing from their direct control.
  • other security functions may be triggered so that data on the wireless communication device is properly secured when the proximity security token and wireless communication device become separated for an extended period of time. These security functions may include, but are not limited to, memory wipes, etc.
  • the proximity security token may be used by an assigned user to unlock building electronic access control systems, for unlocking and starting automobiles, etc. These embodiments may use the concept of unlocking the proximity security token with either a PIN code or biometric signature such as a fingerprint as a form of secondary authentication requirement so that the proximity security token is unlocked and able to approve the proximity based unlock of the system. In alternative forms these other systems being accessed may or may not require the secondary form of authentication in order to process a user requested function such as door entry or automobile ignition.
  • Wireless communication device refers to any electronic device capable of wirelessly sending and receiving data.
  • a wireless communication device may have a processor, a memory, a transceiver, an input, and an output. Examples of such devices include cellular telephones, personal digital assistants (PDAs), portable computers, etc.
  • a wireless communication device also includes smart cards, such as contactless integrated circuit cards (CICC).
  • the memory stores applications, software, or logic. Examples of processors are computer processors (processing units), microprocessors, digital signal processors, controllers and microcontrollers, etc. Examples of device memories that may comprise logic include RAM (random access memory), flash memories, ROMS (read-only memories), EPROMS (erasable programmable read-only memories), and EEPROMS (electrically erasable programmable read-only memories).
  • Logic refers to any information having the form of instruction signals and/or data that may be applied to direct the operation of a processor.
  • Logic may be formed from signals stored in a device memory.
  • Software is one example of such logic.
  • Logic may also be comprised by digital and/or analog hardware circuits, for example, hardware circuits comprising logical AND, OR, XOR, NAND, NOR, and other logical operations.
  • Logic may be formed from combinations of software and hardware.
  • On a network logic may be programmed on a server, or a complex of servers. A particular logic unit is not limited to a single logical location on the network.
  • Wireless communication devices may communicate with each other and with other elements via a network, for instance, a wireless network, or a wireline network.
  • a “network” can include broadband wide-area networks, local-area networks, and personal area networks. Communication across a network is preferably packet-based; however, radio and frequency/amplitude modulations networks can enable communication between communication devices using appropriate analog-digital-analog converters and other elements. Examples of radio networks include WiFi and BLUETOOTH networks, with communication being enabled by hardware elements called “transceivers.” Wireless communication devices may have more than one transceiver, capable of communicating over different networks.
  • a cellular telephone can include a GPRS transceiver for communicating with a cellular base station, a WiFi transceiver for communicating with a WiFi network, and a BLUETOOTH transceiver for communicating with a BLUETOOTH device.
  • a network typically includes a plurality of elements that host logic for performing tasks on the network.
  • servers may be placed at several logical points on the network. Servers may further be in communication with databases and can enable communication devices to access the contents of a database.
  • a settings server is an example of such a server.
  • a settings server can include several network elements, including other servers, and is part of a network, for example, a cellular network.
  • a settings server hosts or is in communication with a database hosting an account for a user of a wireless communication device.
  • the “user account” includes several attributes for a particular user, including a unique identifier of the wireless communication device(s) owned by the user, relationships with other users, driver settings, and other information.
  • FIGS. 1A and 1B show a wireless communication device 100 for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • wireless communication device 100 is a smartphone.
  • Wireless communication device 100 using an onboard security application, exchanges signals with a proximity security token to determine whether the proximity security token is in proximity of wireless communication device 100 .
  • the signals include a unique identifier, such as a digital key.
  • the unique identifier is unique to the proximity security token and is present to ensure that only the authorized proximity security token registers with wireless communication device 100 .
  • wireless communication device 100 is in an unlocked state, such that it may be operated by a user.
  • Proximity is a distance that may be default or set by a user of wireless communication device 100 .
  • FIG. 1A shows the external components of wireless communication device 100 .
  • Wireless communication device 100 includes a display 101 , a keypad 103 , a microphone 105 , and an antenna 107 .
  • Display 101 may be a liquid crystal display (LCD), a light emitting diode display (LED), a touchscreen display, etc. and provides an output for applications stored on memory and executed by CPU.
  • Keypad 103 provides for an input for device. Keypad 103 may contain alphanumeric keys as well as hotkeys, etc.
  • Microphone 105 provides a further input for device. Microphone 105 may be used for voice calls, commands, recording, etc.
  • Antenna 107 provides a means for sending and receiving signals from transceiver 119 to other devices, such as the proximity security token, or networks, such as cellular networks.
  • FIG. 1B shows the internal components of wireless communication device 100 .
  • the internal components include a central processing unit (CPU) 111 , a memory 113 storing a device logic 114 , a speaker 115 , a battery 117 or other power supply, and a transceiver 119 .
  • CPU 111 controls the components of wireless communication device 100 by executing device logic 114 from memory 113 .
  • Memory 113 stores device logic 114 as well as other data for wireless communication device 100 .
  • Device logic 114 includes a security application for wireless communication device 100 . In exemplary embodiments of the present invention, the security application provides for proximity-based security for wireless communication device 100 .
  • the security application operates transceiver 119 to send and receive signals to and from the proximity security token, measures the strength of the received signals, and determines whether the proximity security token is within an established proximity. If the proximity security token is within the established proximity of wireless communication device 100 , then the security application allows access to wireless communication device 100 and/or applications on memory 113 of wireless communication device 100 . If the proximity security token is not within the proximity, then the security application locks wireless communication device 100 and/or applications on wireless communication device 100 . In addition to locking the device, the speaker may emit an audible alert.
  • the security application on logic 114 can lock wireless communication device 100 entirely, lock certain applications, or lock specific features of wireless communication device 100 . For instance, when the proximity security token is out of range, logic 114 can lock a cellular transceiver on wireless communication device 100 , thereby rendering wireless communication device 100 unable to connect to a cellular network. Alternatively, logic 114 can lock keypad 103 or touchscreen 101 , thereby rendering wireless communication device 100 unusable. Specific folders or files, or sensitive data stored on memory 113 can be locked as well. Other combinations will be apparent to one of ordinary skill in the art in light of this disclosure.
  • FIGS. 2A and 2B show a proximity security token 220 , or key fob, according to an exemplary embodiment of the present invention.
  • Proximity security token 220 is a small hardware device with built-in authentication mechanisms.
  • Proximity security token 220 when used in conjunction with a wireless communication device, allows access to the wireless communication device while proximity security token 220 is in proximity of the wireless communication device.
  • proximity security token 220 is shown in the form of a key fob. In this way, proximity security token 220 is attached to keys 230 such that it is likely kept with a user.
  • FIG. 2B shows the internal components of proximity security token 220 .
  • Proximity security token 220 contains a central processing unit (CPU) 221 , a memory 223 containing a token logic 224 , a battery 229 or other power supply, a transceiver 225 , a speaker 222 , and an antenna 227 .
  • CPU 221 controls the functions of proximity security token 220 according to logic 224 on memory 223 .
  • Memory 223 may be Random Access Memory (RAM), Read Only Memory (ROM), or any other means of physically storing logic 224 .
  • Battery 229 provides power to each of the components of proximity security token 220 .
  • battery 229 is a coin cell battery, such as a watch battery.
  • Transceiver 225 communicates with the wireless communication device, such as communicating with a smartphone.
  • the communication occurs through antenna 227 , which may be coiled around an outer perimeter of proximity security token 220 .
  • This communication may occur using any wireless technology, such as BLUETOOTH, BLUETOOTH LOW ENERGY (BLE), Near Field Communication (NFC), a proximity/contactless smart card, passive keyless entry, WiFi, cellular communication, etc.
  • the communication is used to detect a distance between the wireless communication device and proximity security token 220 , and transmit data between proximity security token 220 and the wireless communication device.
  • the data includes a unique identifier identifying proximity security token 220 .
  • Speaker 222 provides an output for proximity security token 220 .
  • speaker 222 emits an audible sound when proximity security token 220 is separated from the wireless communication device outside of the set proximity.
  • the inner components of proximity security token 220 may be embedded within an outer cover of proximity security token 220 , laminated between two external layers of proximity security token 220 , or generally covered so as to maintain durability and weatherproofing of proximity security token 220 .
  • the proximity security token may include color diodes on the outer cover.
  • the color diodes alert a user as to the state of the proximity security token and may further alert the user of available functions on a wireless communication device.
  • the proximity security token may include red, yellow, and green diodes.
  • the green diode may signify that the proximity security token is fully unlocked.
  • the proximity security token may become fully unlocked, for instance, upon entry of a biometric by the user. In a fully unlocked state, the user may have full access to features and applications of the wireless communication device.
  • the red diode may signify that the proximity security token is locked.
  • the proximity security token may remain locked, for instance, when the proximity security token has not been activated and/or a user biometric has not been entered. In a locked state, the user may not be able to use any of the features or applications of the wireless communication device.
  • the yellow diode may signify that the proximity security token is only partially unlocked.
  • the proximity security token may be partially unlocked, for instance, when the proximity security token has been activated, but a user biometric has not been entered. In a partially unlocked state, the user may have access to certain features and applications of the wireless communication device, but not others. For instance, basic applications may be allowed while work applications remain locked. While three diodes are disclosed, embodiments of the invention may include any number or color of diodes.
  • FIG. 3 shows a method of the present invention utilizing a password backup for the presence of a proximity security token, according to an exemplary embodiment of the present invention.
  • the presence of the proximity security token unlocks a wireless communication device.
  • the method begins when a user activates a wireless communication device S 331 .
  • the wireless communication device is unlocked S 335 and may be used. If the proximity security token is not present, or out of range of the set proximity, then the user is prompted to enter a password S 333 . The device logic on the wireless communication device then determines whether the entered password is correct S 334 . If the entered password is incorrect, then the wireless communication device remains locked S 336 . If the entered password is correct, then the wireless communication device is unlocked S 335 and becomes operable by the user.
  • the password entry provides a second layer of security, being utilized in addition to the detected presence of the proximity security token, rather than as a replacement to requiring the proximity security token.
  • a user picks up the user's smartphone and attempts to use the smartphone. If the user has the proximity security token on their keychain in the user's pocket, or anywhere within a set proximity, then the smartphone unlocks, and the user may use the smartphone. If the user forgot the proximity security token at home, then the user is instead prompted to enter a password to unlock the smartphone. If the user enters the correct password, then the smartphone is unlocked. If the password is not correct, then the smartphone remains locked until a correct password is entered or the proximity security token becomes present.
  • entering an incorrect password multiple times may cause the smartphone to deny repeated password attempts and remain locked until the proximity security token is present.
  • entering an incorrect password multiple times indicates to the device logic that an unauthorized user is attempting to “crack” the password, causing the device logic to wipe the memory. Wiping includes simple formatting, redundant overwriting, physical destruction, etc. Such a feature may help to prevent the theft of highly sensitive data from the smartphone.
  • FIG. 4 shows the separation of a wireless communication device 400 from a proximity security token 420 , according to an exemplary embodiment of the present invention.
  • Proximity security token 420 is shown on a keychain with a key 430 such that it is likely to be carried with a user.
  • both wireless communication device 400 and proximity security token 420 detect the proximity to each other.
  • Proximity security token 420 and wireless communication device 400 send out signals which are measured by the other. The strength of the signal is used to determine a distance between wireless communication device 400 and proximity security token 420 .
  • proximity security token 420 and wireless communication device 400 may simply determine whether or not a signal sequence is received within a prescribed amount of time.
  • the signals may be transmitted at a strength that is only received when proximity security token 420 and wireless communication device 400 are within proximity.
  • wireless communication device 400 and proximity security token 420 are separated by more than an established distance, they are no longer within the set proximity.
  • both wireless communication device 400 and proximity security token 420 emit an audible tone, notifying the user that he or she is leaving the other behind.
  • the set proximity may be set at a time of manufacturing, at a time of uploading a security application to wireless communication device 400 , by a user of wireless communication device 400 , etc.
  • both proximity security token 420 and wireless communication device 400 are able to sense the proximity of each other, both will emit the audible tone when separated.
  • Such a feature may be useful, for example, when leaving a smartphone (or keys) in a taxi cab.
  • only the wireless communication device is able to sense the proximity of the proximity security token. Because the proximity security token does not detect the distance of the wireless communication device, only the wireless communication device emits the audible tone. This feature is useful in a proximity security token without a power supply, for instance an RFID proximity security token, or one having an inductive coil antenna.
  • FIG. 5 shows a wireless communication device 500 being left in an automobile 542 , according to an exemplary embodiment of the present invention.
  • wireless communication device 500 and the proximity security token are separated by a predetermined distance.
  • wireless communication device 500 detects the separation. Once the separation exceeds the established proximity, wireless communication device 500 emits an audible tone. This notifies anyone remaining in automobile 542 that wireless communication device 500 is being left behind.
  • the wireless communication device when the wireless communication device detects a separation from the proximity security token, the wireless communication device sends a signal which is received by a transceiver of an automobile, causing the automobile to emit an audible tone such as a horn.
  • an audible tone may be easier for the user to hear from outside the automobile.
  • This feature can come preloaded on an automobile, or may be available as an aftermarket addition.
  • FIG. 6 shows a method of the present invention utilizing a proximity security token for unlocking an application on a wireless communication device, according to an exemplary embodiment of the present invention.
  • a user activates the wireless communication device and attempts to access the application S 650 , for instance, by pressing an icon on a touchscreen display of the wireless communication device.
  • Device logic on the wireless communication device determines whether a proximity security token is required to access the application S 651 . If the proximity security token is not required, then the application is available for use by the user S 652 . If the proximity security token is required for the application, then the application remains inaccessible until the device logic determines whether the proximity security token is present S 654 . This may be accomplished by detecting and/or measuring signals from the proximity security token to the wireless communication device.
  • the device logic may also require the proximity security token to be activated, such as by pressing a button on the proximity security token, inputting a biometric to the proximity security token, etc. If the proximity security token is required, but not present, then the application remains locked S 655 . If the proximity security token is present, then the application is unlocked for use by the user S 652 . The device logic constantly or periodically monitors for the presence of the proximity security token while the application is unlocked S 653 . The device logic determines whether the proximity security token is present S 654 . If the proximity security token remains present, then the application remains unlocked S 652 . If the proximity security token is no longer in proximity to the wireless communication device, then the application is locked S 655 .
  • the wireless communication device when the application is locked S 655 , the wireless communication device starts an internal timer S 656 .
  • the wireless communication device monitors for the presence of the proximity security token S 653 .
  • the wireless communication device determines whether the proximity security token has been absent from the proximity for more than a set period of time S 657 , such as thirty minutes, as measured by the internal timer and either established by the user or by pre-set logic. If the proximity security token is absent for the set period of time, the memory of the wireless communication device is wiped S 658 .
  • a set period of time S 657 such as thirty minutes, as measured by the internal timer and either established by the user or by pre-set logic. If the proximity security token is absent for the set period of time, the memory of the wireless communication device is wiped S 658 .
  • Such a feature may be set by the user for wireless communication devices containing sensitive information. This may serve to prevent sensitive data from being stolen from the wireless communication device.
  • a proximity security token may be in a fixed location, such as an office building, such that a business application on a wireless communication device may only be used in that location. It may be desirable to have access to a virtual private network limited to devices in the office building. Applications such as a notepad may be used at any location. Thus, a notepad application on a laptop associated with the proximity security token can be accessed by a user from home while the laptop is at home. However, if the user tries to access the business application, the business application is locked because the proximity security token is not present at home. When at the office building with the laptop, the proximity security token is in proximity of the laptop and the user is allowed to access the business application.
  • Logic on the laptop constantly monitors whether the proximity security token is within a set proximity. Thus, if the user is accessing the business application while leaving the building with the laptop, the business application locks when the user leaves the building, as it is no longer in proximity with the proximity security token.
  • the entire memory need not be wiped, but only a sensitive portion of the memory, as defined by a user of the wireless communication device, a user's employer, a service provider, or an author of the sensitive data.
  • FIG. 7 shows a screenshot of a user setup 760 of a security application for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • user setup 760 is shown on a display 701 of a wireless communication device 700 .
  • User setup 760 includes a status 761 , a signal strength 763 , a biometric requirement 767 , a memory purging option 765 , an ‘OK’ button 769 , and a ‘Cancel’ button 768 .
  • Other settings will be evident to one skilled in the art in light of this disclosure.
  • a user may use a keypad 703 on wireless communication device 700 to select from options on user setup 760 .
  • Status 761 displays a current status of wireless communication device 700 with respect to the proximity security token. For instance, status 761 shows that the proximity security token is in range and wireless communication device 700 is currently unlocked.
  • Signal strength 763 displays a current signal strength between wireless communication device 700 and the proximity security token. Using status 761 , for a specific signal strength the user may specify that at the current strength wireless communication device 700 should be locked.
  • Biometric requirement 767 allows the user to determine what, if any, biometric is required to unlock the device and/or an application, and for which applications. For instance, the screenshot shows that email, client database, and bank software require a biometric.
  • Memory purging option 765 allows the user to set a time at which the memory of wireless communication is purged 765 . This time is an amount of time wireless communication device 700 is out of proximity with the proximity security token. ‘OK’ button 769 allows the user to accept the current settings. ‘Cancel’ button 768 does not accept the current settings but instead reverts to previous settings. These settings may also be pre-set for the user at the time the security application is loaded onto wireless communication device 700 .
  • the memory need not be wiped completely in every application. For some applications, only a portion of the memory may need purging. Applications requiring biometrics may need specific forms of biometric in order to be accessed. Different tokens may come with different forms of input. The options displayed will match the available input.
  • FIG. 8A shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • the user must first activate the proximity security token S 870 . This may be accomplished by touching the proximity security token, pressing a button on the proximity security token, swiping a finger on an input of the proximity security token, etc. With the proximity security token activated, the user manipulates a biometric sensor on the proximity security token S 871 . This may be swiping the users fingerprint on the biometric sensor, scanning the iris of the user with the biometric sensor, detecting the voice of the user, etc. The wireless communication device then determines whether the biometric input matches a biometric for an authorized user S 872 .
  • logic on the proximity security token determines whether the biometric input matches an authorized user and sends a confirmation to the device. If the biometric input does not match, then the wireless communication device is locked and inoperable S 875 . If the biometric input matches an authorized user, then the wireless communication device is unlocked S 873 . With the wireless communication device unlocked, logic on the wireless communication device determines whether the proximity security token remains in proximity to the wireless communication device S 874 . If the proximity security token is no longer in proximity to the wireless communication device, then the wireless communication device is locked and becomes inoperable S 875 . If the proximity security token remains in proximity to the wireless communication device, then the device remains unlocked and access to applications is granted S 876 .
  • the wireless communication device continues to monitor the proximity while the device is in use S 877 . If the proximity security token is no longer in proximity to the wireless communication device, then the wireless communication device is locked S 875 . The wireless communication device remains unlocked while the proximity security token remains in proximity.
  • a user grabs their smartphone and proximity security token before heading out for the day. While the smartphone is not in use, the proximity security token may be in a low power mode, or sleep mode. The user activates the proximity security token by pressing a button on the proximity security token, bringing the proximity security token out of sleep mode. The user then swipes a finger across a fingerprint scanner on the proximity security token. The smartphone determines that the biometric entry matches that of the user and unlocks the smartphone. With the biometric match, the smartphone remains unlocked while in the proximity of the proximity security token.
  • the proximity security token must be present and active to unlock the smartphone and/or applications on the smartphone.
  • the user sets a limited duration for the unlocked mode. Once unlocked, a timer in the proximity security token begins to count down for the duration. After the duration expires, the user is required to re-authenticate by swiping the user's finger once again. For example, the user may program the smartphone to require authentication after every hour, after five minutes of non-use, etc.
  • an application may require a secondary authentication in order to process a request.
  • the user may utilize the proximity security token to input the secondary authentication, such as a biometric of the user.
  • FIG. 8B shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • the user must first activate the proximity security token S 870 . This may be accomplished by touching the proximity security token, pressing a button on the proximity security token, swiping a finger on an input of the proximity security token, etc.
  • a timer on the proximity security token starts S 878 .
  • the timer lasts for a period of time in which the proximity security token is to remain active. This period of time may be set by the user, by a manufacturer, by a wireless communication device, etc.
  • the method determines whether the period of time has elapsed and the timer has ended S 879 .
  • the wireless communication device and/or the proximity security token determines whether the proximity security token is in proximity of the wireless communication device S 874 . If the proximity security token is not in proximity of the wireless communication device, the wireless communication device is locked S 875 . If the proximity security token is in proximity of the wireless communication device, the wireless communication device is unlocked S 873 . With the wireless communication device unlocked, the wireless communication device monitors the proximity of the proximity security device S 877 . The user then attempts to access an application. The wireless communication device determines whether a secondary authentication is required to access the application S 837 . If secondary authentication is not required, access to the application is allowed S 876 .
  • the user must swipe a finger on the proximity security token S 871 or otherwise enter a biometric.
  • the wireless communication device and/or the proximity security token determines whether the user's biometric matches a stored biometric for the user S 872 . If the user's biometric matches, access to the application is allowed S 876 . If the user's biometric does not match, access to the application is blocked S 838 .
  • FIGS. 9A and 9B show proximity security tokens in the form of key fobs with an embedded input, according to embodiments of the present invention.
  • the embedded inputs allow for a second level of authentication of a user, in addition to the proximity of the proximity security token to a wireless communication device.
  • Embedded inputs could be in many varying forms of icon usage such as numbers or symbols.
  • the input is a biometric sensor, such as a fingerprint scanner 926 on proximity security token 920 .
  • fingerprint scanner 926 is used as a secondary authentication.
  • an image of the fingerprint is optically scanned.
  • the image is then compared to a previously recorded image in order to authorize the user.
  • the comparison is accomplished by logic on board proximity security token 920 .
  • Proximity security token 920 is portable, sealed to be weatherproof, and attached to a keychain 930 .
  • the input is a keypad 928 on a proximity security token 920 .
  • Keypad 928 is used to enter a key or key sequence to further authenticate a user.
  • the key sequence is compared with a stored key sequence. A match confirms the user is an authorized user.
  • the comparison is performed by logic on board proximity security token 920 .
  • the fingerprint scanner or the keypad is used to energize or awaken the proximity security token from a low-power or sleep mode.
  • the comparison of a key sequence or fingerprint scan is alternatively accomplished by a wireless communication device being unlocked.
  • Proximity security token may be any shape or size, and may be ergonomically and/or visually appealing.
  • FIG. 10 shows a proximity security token 1020 being used to unlock an automobile 1042 , according to an exemplary embodiment of the present invention.
  • automobile 1042 is unlocked and/or able to be started due to the detection of proximity security token 1020 .
  • Automobile 1042 includes a central processing unit (CPU) 1044 , a memory 1046 containing an automobile logic 1047 , and a transceiver 1048 in order to determine a distance of proximity security token 1020 .
  • proximity security token 1020 is shown on a keychain 1030 , such that it remains in the possession of a user.
  • logic 1047 automatically unlocks automobile 1042 .
  • the engine of automobile 1042 also starts automatically due to the proximity of proximity security token 1020 .
  • CPU 1044 , transceiver 1048 , and logic 1047 are used to determine a distance between automobile 1042 and proximity security token 1020 . At one detected distance, logic 1047 causes the door or doors to unlock. At the same distance or a second detected distance, logic 1047 causes automobile 1042 to start.
  • the automobile starts at a shorter distance than the unlocking of automobile 1042 , such as when the user with proximity security token 1020 is in the driver's seat of automobile 1042 .
  • Alternate embodiments allow the user to set distances for starting and unlocking. For instance, a user may desire the automobile to start at a further distance, allowing the inner cabin of automobile 1042 to reach a comfortable climate. Another user may not want automobile 1042 to unlock until the user is right next to automobile 1042 .
  • the user sets automobile 1042 to only unlock the driver's side door, while other embodiments enable a user to set automobile 1042 to unlock all the doors.
  • starting the ignition of automobile 1042 requires a secondary authentication with a biometric, code, etc.
  • FIG. 11 shows a method of utilizing a biometric sensor on a proximity security token, according to an exemplary embodiment of the present invention.
  • a user makes an attempt to activate a wireless communication device S 1180 , for example, a smartphone. This attempt is made by touching the screen, pressing a button, etc.
  • Device logic on the wireless communication device determines whether the proximity security token, or key fob, is present S 1181 . This is accomplished by invoking a transceiver to communicate with the proximity security token, and determining a distance between the wireless communication device and the proximity security token using the methods described herein. If the proximity security token is not present, then the wireless communication device remains locked and the user cannot access applications on the wireless communication device S 1182 .
  • the wireless communication device is unlocked, allowing the user to access applications, make calls, etc. S 1183 .
  • an attempt is made to conduct a transaction on the wireless communication device S 1184 .
  • This transaction may be a purchase, a download, an upload, an attempt to access an application or web service, etc.
  • the device logic on the wireless communication device determines whether a biometric is required to conduct the transaction S 1185 . This determination may be made based upon rules stored within the device logic, requests for authentication from outside entities, requests from an independent operation such as a web service, etc. A required biometric provides an extra layer of security for the transaction. If a biometric is not required for the transaction, then the transaction is allowed S 1187 .
  • the logic determines whether an input biometric matches a stored biometric for an authorized user S 1186 .
  • This logic could be performed either on the proximity security token and/or the wireless communication device.
  • This biometric may be a fingerprint scan, an iris scan, a voice detection, etc., stored on either the proximity security token or the wireless communication device. If the biometric matches the stored biometric, then the transaction is allowed S 1187 . If the biometric does not match the stored biometric, then the transaction fails S 1188 .
  • a failed biometric locks the entire device, while in other embodiments other applications on the device may still be used.
  • the same process is used to access an application or database in other embodiments.
  • the user may desire to use a smartphone to access a mobile banking application. The user unlocks the smartphone by attempting to access the smartphone with the proximity security token present. The user then attempts to access the mobile banking application. This application requires a higher level of security than other applications, and the user's fingerprint is requested on the proximity security token. The user scans their fingerprint on the proximity security token. If the user's fingerprint matches the authorized fingerprint for the application, then the user is able to access the mobile banking application.
  • the user accesses a bank's website over a mobile browser that requires the user to log in using a username and password.
  • the bank website requires two-factor authentication and requests the smartphone to authenticate the user's identity.
  • the smartphone prompts the user to swipe the user's finger on the proximity security token. If the fingerprint matches, then the authentication succeeds and the user can access the bank website.
  • a fingerprint match releases a one-time password to the smartphone, which in turn submits the one-time password or other authentication credential or authorization to the bank website to complete the authentication process.
  • FIG. 12 shows a proximity security token 1220 used to authenticate a transaction, according to an exemplary embodiment of the present invention.
  • a wireless communication device 1200 is being used to make a payment to a register 1290 , for instance, using Near Field Communication (NFC).
  • NFC Near Field Communication
  • a user rings up an item at register 1290 and proceeds to payment.
  • An application on wireless communication device 1200 first confirms that proximity security token 1220 is within a set proximity to wireless communication device 1200 to proceed with the purchase process.
  • the application makes a request to the user to provide authentication to proximity security token 1220 with a fingerprint as a second factor for authentication of the user.
  • proximity security token 1220 authorizes the fingerprint
  • wireless communication device 1200 sends the payment information to register 1290 and the payment transaction is complete.
  • Such a transaction uses a one-time password (OTP) token standard.
  • OTP one-time password
  • second-factor authentication is only required when a payment amount is over a specified amount or given some other user or system defined parameters
  • the wireless communication device authorizes the fingerprint or other biometric of the user. Credentials for the user are stored on the wireless communication device, such as in the UICC, SIM card, or a memory of the wireless communication device.
  • the proximity security token transmits a fingerprint template of the scanned fingerprint to the wireless communication device where the fingerprint template is verified with the credentials. Once the wireless communication device verifies the fingerprint, the wireless communication device sends the payment information to the register and the payment transaction is complete.
  • the specification may have presented the method and/or process of the present invention as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. As one of ordinary skill in the art would appreciate, other sequences of steps may be possible. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. In addition, the claims directed to the method and/or process of the present invention should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the present invention.

Abstract

Devices, systems and methods are disclosed for additional security, functionality, and convenience in the operation of a wireless communication device with the use of a separate proximity security token in communication with the wireless communication device. In exemplary embodiments, the token is carried by the user while device logic is installed on the user's wireless communication device. The device logic along with transceivers allows the device to sense proximity of the token through wireless communication. Given a certain range of the proximity security token, as determined by the wireless signal strength, the device logic determines whether the device is in a locked or unlocked state. If the proximity security token is outside the range, then the device is locked. The proximity security token uses ultra-low power communications for optimal battery life.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a continuation of and claims priority to U.S. patent application Ser. No. 12/818,988, filed Jun. 18, 2010, entitled “Proximity Based Device Security,” now allowed, which is incorporated herein by reference in its entirety.
  • BACKGROUND
  • 1. Technical Field
  • The present disclosure relates to device security. More specifically, the present disclosure relates to using a proximity security token to provide proximity-based device security.
  • 2. Background
  • Communications devices, such as cellular telephones, have become a common tool of everyday life. Cellular telephones are no longer simply used to place telephone calls. With the number of features available rapidly increasing, cellular telephones, often in the form of a smartphone, are now used for storing addresses, keeping a calendar, reading e-mails, drafting documents, etc. With this wide range of features comes an even greater need for security. For instance, e-mails or documents may be private or privileged and need to be safe from unauthorized users. An unauthorized user picking up or stealing the smartphone should not be able to access this private information.
  • As more enterprises turn towards smartphones, the ability to lock phones is a necessity. Currently, smartphones may be password protected through the keypad. However, users of smartphones find password locks on smartphones annoying and inconvenient. The user sets up a password consisting of a series of keystrokes which must be re-entered to later access the cellular phone. These passwords can generally be any number of characters which the user will remember. Ideally, the password is challenging enough that an unauthorized user cannot simply guess the password and gain access. A problem with using simply a keypad for password entry is the ability of others to determine the password without the user's knowledge. Someone may be able to see the user enter the password and easily be able to repeat it. Additionally, these passwords are inconvenient, as users must look directly at the keypad and press a sequence of buttons. The keys are often small with hard to read numbers or letters and lockouts may require frequent use of the passwords. Thus, users often choose to disable such features. More of these users may choose to utilize the security mechanisms if such mechanisms were easier and more convenient. Such security becomes even more important as devices are used more frequently as a means for mobile payments.
  • What is needed is a way to secure a device while keeping the device easily accessible to an authorized user.
  • SUMMARY
  • The present invention addresses the above-identified issues by providing a separate proximity security token in communication with a wireless communication device. In exemplary embodiments, the token is carried by the user while device logic is installed on the user's wireless communication device. The device logic along with transceivers allows the wireless communication device to sense proximity of the token through wireless communication. Given a certain range of the proximity security token, as determined by the wireless signal strength, the device logic locks or unlocks the wireless communication device. In embodiments of the invention, if the proximity security token is too far away, then the wireless communication device is locked and can only be accessed via a backup method of entering a password or other direct input form such as voice authentication. Embodiments of the proximity security token solution make use of ultra-low power communications so that the proximity security token does not need to be continuously recharged, but instead is powered by a coin cell battery.
  • The proximity security token also provides an enhanced two factor authentication function for controlling other services on the wireless communication device or web based services via the wireless communication device. Exemplary embodiments of the present invention include an input, such as a biometric scanner, within the proximity security token. The input provides for further authentication based upon the identity of the user or an entry.
  • In one exemplary embodiment, the present invention is a wireless communication device for allowing use when in range of a proximity security token. The device includes a processor, a memory in communication with the processor, a transceiver in communication with the processor, and a device logic on the memory. The device logic detects the presence of the proximity security token, receives a key from the proximity security token, allows use of the device, and monitors the presence of the proximity security token while the device is in use. The device logic prevents use of the device upon detecting an absence of the proximity security token.
  • In another exemplary embodiment, the present invention is a proximity security token for allowing use of a wireless communication device when in range of the wireless communication device. The proximity security token includes a processor, a memory in communication with the processor, a transceiver in communication with the processor, a secure input in communication with the processor, a battery in communication with the processor, and a token logic on the memory. The token logic detects the presence of the wireless communication device, receives a key from a user via the secure input, transmits the key to the wireless communication device, and monitors the presence of the wireless communication device while the wireless communication device is in use. The token logic prevents use of the wireless communication device upon detecting an absence of the wireless communication device.
  • In yet another exemplary embodiment, the present invention is a method for allowing use of a wireless communication device when in range of a proximity security token. The method includes detecting the presence of the proximity security token, receiving a secure input from the proximity security token, allowing use of the device, and monitoring the presence of the proximity security token while the device is in use. Use of the device is prevented upon detecting an absence of the proximity security token.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIGS. 1A and 1B show a wireless communication device for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • FIGS. 2A and 2B show a proximity security token, or fob, according to an exemplary embodiment of the present invention.
  • FIG. 3 shows a method of the present invention utilizing a password backup for the presence of a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 4 shows the separation of a wireless communication device from a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 5 shows a wireless communication device being left in an automobile, according to an exemplary embodiment of the present invention.
  • FIG. 6 shows a method of the present invention utilizing a proximity security token for unlocking an application on a wireless communication device, according to an exemplary embodiment of the present invention.
  • FIG. 7 shows a screenshot of a user setup of a security application for use with a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 8A shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • FIG. 8B shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention.
  • FIGS. 9A and 9B show proximity security tokens with an embedded input, according to embodiments of the present invention.
  • FIG. 10 shows a proximity security token further being used to unlock an automobile, according to an exemplary embodiment of the present invention.
  • FIG. 11 shows a method of utilizing a biometric sensor on a proximity security token, according to an exemplary embodiment of the present invention.
  • FIG. 12 shows a proximity security token used to authenticate a transaction, according to an exemplary embodiment of the present invention.
  • DETAILED DESCRIPTION
  • The following detailed description discloses devices, systems, and methods for additional security, functionality, and convenience in the operation of a wireless communication device with the use of a separate proximity security token in communication with the wireless communication device. In exemplary embodiments, the token is carried by the user while device logic is installed on the user's wireless communication device. The device logic, along with transceivers, allows the wireless communication device to sense proximity of the token through wireless communication. Given a certain range of the proximity security token, as determined by the wireless signal strength, the device logic locks or unlocks the wireless communication device. In embodiments of the invention, if the proximity security token is too far away, then the wireless communication device is locked and can only be accessed via a backup method of entering a password or other direct input form such as voice authentication. Embodiments of the proximity security token solution make use of ultra-low power communications so that the proximity security token does not need to be continuously recharged, but instead is powered by a long life coin cell battery.
  • The proximity security token also provides enhanced two factor authentication function for controlling other services on the wireless communication device or web based services via the wireless communication device. Exemplary embodiments of the present invention contain an input, such as a biometric scanner, within the proximity security token. The input provides for further authentication based upon the identity of the user or an entry.
  • In further exemplary embodiments, the proximity security token operates in one of two possible states of “active and unlocked” and “inactive and locked”. The biometric function on the proximity security token is utilized to authenticate the user to the proximity security token and thus put the proximity security token in an “active and unlocked” state. In the “active and unlocked” state, the proximity security token is able to communicate an approved unlock code to the wireless communication device via proximity communications. The “active and unlocked” token state may be based on a countdown timer sequence based upon user defined settings in logic on the wireless communication device logic. Once the timer expires, the proximity security token changes to an “inactive and locked” state that triggers a locked state being communicated to the wireless communication device. The user may put the proximity security token back into an “active and unlocked” state by performing an authentication activity directly on the proximity security token. This feature provides the user with safeguards against the wireless communication device remaining in an unlocked and user interface accessible state if the user loses control of both the proximity security token and the wireless device to, for instance, an attacker.
  • In further exemplary embodiments, the user is alerted of the separation of the wireless communication device and the proximity security token via an audible tone from the device and/or the proximity security token when the proximity security token and device are separated beyond a certain distance for a period of time defined by program logic. If the user leaves one or the other behind, then this makes the user aware that the wireless communication device or proximity security token is missing from their direct control. In exemplary embodiments of the invention, other security functions may be triggered so that data on the wireless communication device is properly secured when the proximity security token and wireless communication device become separated for an extended period of time. These security functions may include, but are not limited to, memory wipes, etc.
  • In exemplary embodiments of the invention, the proximity security token may be used by an assigned user to unlock building electronic access control systems, for unlocking and starting automobiles, etc. These embodiments may use the concept of unlocking the proximity security token with either a PIN code or biometric signature such as a fingerprint as a form of secondary authentication requirement so that the proximity security token is unlocked and able to approve the proximity based unlock of the system. In alternative forms these other systems being accessed may or may not require the secondary form of authentication in order to process a user requested function such as door entry or automobile ignition.
  • “Wireless communication device”, as used herein and throughout this disclosure, refers to any electronic device capable of wirelessly sending and receiving data. A wireless communication device may have a processor, a memory, a transceiver, an input, and an output. Examples of such devices include cellular telephones, personal digital assistants (PDAs), portable computers, etc. A wireless communication device also includes smart cards, such as contactless integrated circuit cards (CICC). The memory stores applications, software, or logic. Examples of processors are computer processors (processing units), microprocessors, digital signal processors, controllers and microcontrollers, etc. Examples of device memories that may comprise logic include RAM (random access memory), flash memories, ROMS (read-only memories), EPROMS (erasable programmable read-only memories), and EEPROMS (electrically erasable programmable read-only memories).
  • “Logic” as used herein and throughout this disclosure, refers to any information having the form of instruction signals and/or data that may be applied to direct the operation of a processor. Logic may be formed from signals stored in a device memory. Software is one example of such logic. Logic may also be comprised by digital and/or analog hardware circuits, for example, hardware circuits comprising logical AND, OR, XOR, NAND, NOR, and other logical operations. Logic may be formed from combinations of software and hardware. On a network, logic may be programmed on a server, or a complex of servers. A particular logic unit is not limited to a single logical location on the network.
  • Wireless communication devices may communicate with each other and with other elements via a network, for instance, a wireless network, or a wireline network. A “network” can include broadband wide-area networks, local-area networks, and personal area networks. Communication across a network is preferably packet-based; however, radio and frequency/amplitude modulations networks can enable communication between communication devices using appropriate analog-digital-analog converters and other elements. Examples of radio networks include WiFi and BLUETOOTH networks, with communication being enabled by hardware elements called “transceivers.” Wireless communication devices may have more than one transceiver, capable of communicating over different networks. For example, a cellular telephone can include a GPRS transceiver for communicating with a cellular base station, a WiFi transceiver for communicating with a WiFi network, and a BLUETOOTH transceiver for communicating with a BLUETOOTH device. A network typically includes a plurality of elements that host logic for performing tasks on the network.
  • In modern packet-based wide-area networks, servers may be placed at several logical points on the network. Servers may further be in communication with databases and can enable communication devices to access the contents of a database. A settings server is an example of such a server. A settings server can include several network elements, including other servers, and is part of a network, for example, a cellular network. A settings server hosts or is in communication with a database hosting an account for a user of a wireless communication device. The “user account” includes several attributes for a particular user, including a unique identifier of the wireless communication device(s) owned by the user, relationships with other users, driver settings, and other information.
  • For the following description, it can be assumed that most correspondingly labeled structures across the figures (e.g., 132 and 232, etc.) possess the same characteristics and are subject to the same structure and function. If there is a difference between correspondingly labeled elements that is not pointed out, and this difference results in a non-corresponding structure or function of an element for a particular embodiment, then that conflicting description given for that particular embodiment shall govern.
  • FIGS. 1A and 1B show a wireless communication device 100 for use with a proximity security token, according to an exemplary embodiment of the present invention. In this embodiment, wireless communication device 100 is a smartphone. Wireless communication device 100, using an onboard security application, exchanges signals with a proximity security token to determine whether the proximity security token is in proximity of wireless communication device 100. The signals include a unique identifier, such as a digital key. The unique identifier is unique to the proximity security token and is present to ensure that only the authorized proximity security token registers with wireless communication device 100. In exemplary embodiments of the present invention, with the proximity security token in close proximity, wireless communication device 100 is in an unlocked state, such that it may be operated by a user. Proximity is a distance that may be default or set by a user of wireless communication device 100.
  • FIG. 1A shows the external components of wireless communication device 100. Wireless communication device 100 includes a display 101, a keypad 103, a microphone 105, and an antenna 107. Display 101 may be a liquid crystal display (LCD), a light emitting diode display (LED), a touchscreen display, etc. and provides an output for applications stored on memory and executed by CPU. Keypad 103 provides for an input for device. Keypad 103 may contain alphanumeric keys as well as hotkeys, etc. Microphone 105 provides a further input for device. Microphone 105 may be used for voice calls, commands, recording, etc. Antenna 107 provides a means for sending and receiving signals from transceiver 119 to other devices, such as the proximity security token, or networks, such as cellular networks.
  • FIG. 1B shows the internal components of wireless communication device 100. The internal components include a central processing unit (CPU) 111, a memory 113 storing a device logic 114, a speaker 115, a battery 117 or other power supply, and a transceiver 119. CPU 111 controls the components of wireless communication device 100 by executing device logic 114 from memory 113. Memory 113 stores device logic 114 as well as other data for wireless communication device 100. Device logic 114 includes a security application for wireless communication device 100. In exemplary embodiments of the present invention, the security application provides for proximity-based security for wireless communication device 100. The security application operates transceiver 119 to send and receive signals to and from the proximity security token, measures the strength of the received signals, and determines whether the proximity security token is within an established proximity. If the proximity security token is within the established proximity of wireless communication device 100, then the security application allows access to wireless communication device 100 and/or applications on memory 113 of wireless communication device 100. If the proximity security token is not within the proximity, then the security application locks wireless communication device 100 and/or applications on wireless communication device 100. In addition to locking the device, the speaker may emit an audible alert.
  • The security application on logic 114 can lock wireless communication device 100 entirely, lock certain applications, or lock specific features of wireless communication device 100. For instance, when the proximity security token is out of range, logic 114 can lock a cellular transceiver on wireless communication device 100, thereby rendering wireless communication device 100 unable to connect to a cellular network. Alternatively, logic 114 can lock keypad 103 or touchscreen 101, thereby rendering wireless communication device 100 unusable. Specific folders or files, or sensitive data stored on memory 113 can be locked as well. Other combinations will be apparent to one of ordinary skill in the art in light of this disclosure.
  • FIGS. 2A and 2B show a proximity security token 220, or key fob, according to an exemplary embodiment of the present invention. Proximity security token 220 is a small hardware device with built-in authentication mechanisms. Proximity security token 220, when used in conjunction with a wireless communication device, allows access to the wireless communication device while proximity security token 220 is in proximity of the wireless communication device. In FIG. 2A, proximity security token 220 is shown in the form of a key fob. In this way, proximity security token 220 is attached to keys 230 such that it is likely kept with a user.
  • FIG. 2B shows the internal components of proximity security token 220. Proximity security token 220 contains a central processing unit (CPU) 221, a memory 223 containing a token logic 224, a battery 229 or other power supply, a transceiver 225, a speaker 222, and an antenna 227. CPU 221 controls the functions of proximity security token 220 according to logic 224 on memory 223. Memory 223 may be Random Access Memory (RAM), Read Only Memory (ROM), or any other means of physically storing logic 224. Battery 229 provides power to each of the components of proximity security token 220. In this exemplary embodiment, battery 229 is a coin cell battery, such as a watch battery. Transceiver 225 communicates with the wireless communication device, such as communicating with a smartphone. The communication occurs through antenna 227, which may be coiled around an outer perimeter of proximity security token 220. This communication may occur using any wireless technology, such as BLUETOOTH, BLUETOOTH LOW ENERGY (BLE), Near Field Communication (NFC), a proximity/contactless smart card, passive keyless entry, WiFi, cellular communication, etc. The communication is used to detect a distance between the wireless communication device and proximity security token 220, and transmit data between proximity security token 220 and the wireless communication device. The data includes a unique identifier identifying proximity security token 220. Speaker 222 provides an output for proximity security token 220. In this exemplary embodiment, speaker 222 emits an audible sound when proximity security token 220 is separated from the wireless communication device outside of the set proximity. The inner components of proximity security token 220 may be embedded within an outer cover of proximity security token 220, laminated between two external layers of proximity security token 220, or generally covered so as to maintain durability and weatherproofing of proximity security token 220.
  • In exemplary embodiments of a proximity security token, the proximity security token may include color diodes on the outer cover. The color diodes alert a user as to the state of the proximity security token and may further alert the user of available functions on a wireless communication device. For instance, the proximity security token may include red, yellow, and green diodes. The green diode may signify that the proximity security token is fully unlocked. The proximity security token may become fully unlocked, for instance, upon entry of a biometric by the user. In a fully unlocked state, the user may have full access to features and applications of the wireless communication device. The red diode may signify that the proximity security token is locked. The proximity security token may remain locked, for instance, when the proximity security token has not been activated and/or a user biometric has not been entered. In a locked state, the user may not be able to use any of the features or applications of the wireless communication device. The yellow diode may signify that the proximity security token is only partially unlocked. The proximity security token may be partially unlocked, for instance, when the proximity security token has been activated, but a user biometric has not been entered. In a partially unlocked state, the user may have access to certain features and applications of the wireless communication device, but not others. For instance, basic applications may be allowed while work applications remain locked. While three diodes are disclosed, embodiments of the invention may include any number or color of diodes.
  • FIG. 3 shows a method of the present invention utilizing a password backup for the presence of a proximity security token, according to an exemplary embodiment of the present invention. In this embodiment, the presence of the proximity security token unlocks a wireless communication device. The method begins when a user activates a wireless communication device S331. Device logic on the wireless communication device, along with a processor and transceiver on the wireless communication device, determines whether a proximity security token is within a set proximity S332. This determination may be accomplished by measuring a signal strength of a signal from the proximity security token. The range of the set proximity may vary based upon the type of wireless communication device being used and the user's preference. If the proximity security token is within the set proximity, then the wireless communication device is unlocked S335 and may be used. If the proximity security token is not present, or out of range of the set proximity, then the user is prompted to enter a password S333. The device logic on the wireless communication device then determines whether the entered password is correct S334. If the entered password is incorrect, then the wireless communication device remains locked S336. If the entered password is correct, then the wireless communication device is unlocked S335 and becomes operable by the user.
  • In other exemplary embodiments, the password entry provides a second layer of security, being utilized in addition to the detected presence of the proximity security token, rather than as a replacement to requiring the proximity security token. In another exemplary embodiment, a user picks up the user's smartphone and attempts to use the smartphone. If the user has the proximity security token on their keychain in the user's pocket, or anywhere within a set proximity, then the smartphone unlocks, and the user may use the smartphone. If the user forgot the proximity security token at home, then the user is instead prompted to enter a password to unlock the smartphone. If the user enters the correct password, then the smartphone is unlocked. If the password is not correct, then the smartphone remains locked until a correct password is entered or the proximity security token becomes present. In other exemplary embodiments, entering an incorrect password multiple times may cause the smartphone to deny repeated password attempts and remain locked until the proximity security token is present. Alternatively, entering an incorrect password multiple times indicates to the device logic that an unauthorized user is attempting to “crack” the password, causing the device logic to wipe the memory. Wiping includes simple formatting, redundant overwriting, physical destruction, etc. Such a feature may help to prevent the theft of highly sensitive data from the smartphone.
  • FIG. 4 shows the separation of a wireless communication device 400 from a proximity security token 420, according to an exemplary embodiment of the present invention. Proximity security token 420 is shown on a keychain with a key 430 such that it is likely to be carried with a user. In this exemplary embodiment, both wireless communication device 400 and proximity security token 420 detect the proximity to each other. Proximity security token 420 and wireless communication device 400 send out signals which are measured by the other. The strength of the signal is used to determine a distance between wireless communication device 400 and proximity security token 420. Alternatively, rather than measuring the signals, proximity security token 420 and wireless communication device 400 may simply determine whether or not a signal sequence is received within a prescribed amount of time. The signals may be transmitted at a strength that is only received when proximity security token 420 and wireless communication device 400 are within proximity. When wireless communication device 400 and proximity security token 420 are separated by more than an established distance, they are no longer within the set proximity. At this point, both wireless communication device 400 and proximity security token 420 emit an audible tone, notifying the user that he or she is leaving the other behind. The set proximity may be set at a time of manufacturing, at a time of uploading a security application to wireless communication device 400, by a user of wireless communication device 400, etc. For example, when both proximity security token 420 and wireless communication device 400 are able to sense the proximity of each other, both will emit the audible tone when separated. Such a feature may be useful, for example, when leaving a smartphone (or keys) in a taxi cab.
  • In other exemplary embodiments, only the wireless communication device is able to sense the proximity of the proximity security token. Because the proximity security token does not detect the distance of the wireless communication device, only the wireless communication device emits the audible tone. This feature is useful in a proximity security token without a power supply, for instance an RFID proximity security token, or one having an inductive coil antenna.
  • FIG. 5 shows a wireless communication device 500 being left in an automobile 542, according to an exemplary embodiment of the present invention. When wireless communication device 500 and the proximity security token are separated by a predetermined distance, wireless communication device emits an audible tone. For instance, when the user gets out of automobile 542 with the proximity security token but without wireless communication device 500, wireless communication device 500 and the proximity security token are separated. Wireless communication device 500 detects the separation. Once the separation exceeds the established proximity, wireless communication device 500 emits an audible tone. This notifies anyone remaining in automobile 542 that wireless communication device 500 is being left behind.
  • In further embodiments of the present invention, when the wireless communication device detects a separation from the proximity security token, the wireless communication device sends a signal which is received by a transceiver of an automobile, causing the automobile to emit an audible tone such as a horn. Such an audible tone may be easier for the user to hear from outside the automobile. This feature can come preloaded on an automobile, or may be available as an aftermarket addition.
  • FIG. 6 shows a method of the present invention utilizing a proximity security token for unlocking an application on a wireless communication device, according to an exemplary embodiment of the present invention. In this embodiment, a user activates the wireless communication device and attempts to access the application S650, for instance, by pressing an icon on a touchscreen display of the wireless communication device. Device logic on the wireless communication device determines whether a proximity security token is required to access the application S651. If the proximity security token is not required, then the application is available for use by the user S652. If the proximity security token is required for the application, then the application remains inaccessible until the device logic determines whether the proximity security token is present S654. This may be accomplished by detecting and/or measuring signals from the proximity security token to the wireless communication device. In addition to being present, the device logic may also require the proximity security token to be activated, such as by pressing a button on the proximity security token, inputting a biometric to the proximity security token, etc. If the proximity security token is required, but not present, then the application remains locked S655. If the proximity security token is present, then the application is unlocked for use by the user S652. The device logic constantly or periodically monitors for the presence of the proximity security token while the application is unlocked S653. The device logic determines whether the proximity security token is present S654. If the proximity security token remains present, then the application remains unlocked S652. If the proximity security token is no longer in proximity to the wireless communication device, then the application is locked S655. In certain embodiments of the present invention, when the application is locked S655, the wireless communication device starts an internal timer S656. The wireless communication device monitors for the presence of the proximity security token S653. The wireless communication device determines whether the proximity security token has been absent from the proximity for more than a set period of time S657, such as thirty minutes, as measured by the internal timer and either established by the user or by pre-set logic. If the proximity security token is absent for the set period of time, the memory of the wireless communication device is wiped S658. Such a feature may be set by the user for wireless communication devices containing sensitive information. This may serve to prevent sensitive data from being stolen from the wireless communication device.
  • In some embodiments of the present invention, a proximity security token may be in a fixed location, such as an office building, such that a business application on a wireless communication device may only be used in that location. It may be desirable to have access to a virtual private network limited to devices in the office building. Applications such as a notepad may be used at any location. Thus, a notepad application on a laptop associated with the proximity security token can be accessed by a user from home while the laptop is at home. However, if the user tries to access the business application, the business application is locked because the proximity security token is not present at home. When at the office building with the laptop, the proximity security token is in proximity of the laptop and the user is allowed to access the business application. Logic on the laptop constantly monitors whether the proximity security token is within a set proximity. Thus, if the user is accessing the business application while leaving the building with the laptop, the business application locks when the user leaves the building, as it is no longer in proximity with the proximity security token.
  • In other exemplary embodiments the entire memory need not be wiped, but only a sensitive portion of the memory, as defined by a user of the wireless communication device, a user's employer, a service provider, or an author of the sensitive data.
  • FIG. 7 shows a screenshot of a user setup 760 of a security application for use with a proximity security token, according to an exemplary embodiment of the present invention. In this embodiment, user setup 760 is shown on a display 701 of a wireless communication device 700. User setup 760 includes a status 761, a signal strength 763, a biometric requirement 767, a memory purging option 765, an ‘OK’ button 769, and a ‘Cancel’ button 768. Other settings will be evident to one skilled in the art in light of this disclosure.
  • A user may use a keypad 703 on wireless communication device 700 to select from options on user setup 760. Status 761 displays a current status of wireless communication device 700 with respect to the proximity security token. For instance, status 761 shows that the proximity security token is in range and wireless communication device 700 is currently unlocked. Signal strength 763 displays a current signal strength between wireless communication device 700 and the proximity security token. Using status 761, for a specific signal strength the user may specify that at the current strength wireless communication device 700 should be locked. Biometric requirement 767 allows the user to determine what, if any, biometric is required to unlock the device and/or an application, and for which applications. For instance, the screenshot shows that email, client database, and bank software require a biometric. Memory purging option 765 allows the user to set a time at which the memory of wireless communication is purged 765. This time is an amount of time wireless communication device 700 is out of proximity with the proximity security token. ‘OK’ button 769 allows the user to accept the current settings. ‘Cancel’ button 768 does not accept the current settings but instead reverts to previous settings. These settings may also be pre-set for the user at the time the security application is loaded onto wireless communication device 700.
  • There are many ways to display the options associated with the proximity security token. Of the options in FIG. 7, more detailed options can be specified. The memory need not be wiped completely in every application. For some applications, only a portion of the memory may need purging. Applications requiring biometrics may need specific forms of biometric in order to be accessed. Different tokens may come with different forms of input. The options displayed will match the available input.
  • FIG. 8A shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention. In this embodiment, the user must first activate the proximity security token S870. This may be accomplished by touching the proximity security token, pressing a button on the proximity security token, swiping a finger on an input of the proximity security token, etc. With the proximity security token activated, the user manipulates a biometric sensor on the proximity security token S871. This may be swiping the users fingerprint on the biometric sensor, scanning the iris of the user with the biometric sensor, detecting the voice of the user, etc. The wireless communication device then determines whether the biometric input matches a biometric for an authorized user S872. Alternatively, logic on the proximity security token determines whether the biometric input matches an authorized user and sends a confirmation to the device. If the biometric input does not match, then the wireless communication device is locked and inoperable S875. If the biometric input matches an authorized user, then the wireless communication device is unlocked S873. With the wireless communication device unlocked, logic on the wireless communication device determines whether the proximity security token remains in proximity to the wireless communication device S874. If the proximity security token is no longer in proximity to the wireless communication device, then the wireless communication device is locked and becomes inoperable S875. If the proximity security token remains in proximity to the wireless communication device, then the device remains unlocked and access to applications is granted S876. The wireless communication device continues to monitor the proximity while the device is in use S877. If the proximity security token is no longer in proximity to the wireless communication device, then the wireless communication device is locked S875. The wireless communication device remains unlocked while the proximity security token remains in proximity.
  • For example, a user grabs their smartphone and proximity security token before heading out for the day. While the smartphone is not in use, the proximity security token may be in a low power mode, or sleep mode. The user activates the proximity security token by pressing a button on the proximity security token, bringing the proximity security token out of sleep mode. The user then swipes a finger across a fingerprint scanner on the proximity security token. The smartphone determines that the biometric entry matches that of the user and unlocks the smartphone. With the biometric match, the smartphone remains unlocked while in the proximity of the proximity security token.
  • Either the press of the button or the swiping of the finger may bring the proximity security token into an active mode. According to embodiments of the present invention, the proximity security token must be present and active to unlock the smartphone and/or applications on the smartphone.
  • In other exemplary embodiments of the present invention, the user sets a limited duration for the unlocked mode. Once unlocked, a timer in the proximity security token begins to count down for the duration. After the duration expires, the user is required to re-authenticate by swiping the user's finger once again. For example, the user may program the smartphone to require authentication after every hour, after five minutes of non-use, etc.
  • In further exemplary embodiments of the present invention, an application may require a secondary authentication in order to process a request. The user may utilize the proximity security token to input the secondary authentication, such as a biometric of the user.
  • FIG. 8B shows a method of the present invention utilizing a proximity security token for unlocking a device and application, according to an exemplary embodiment of the present invention. In this embodiment, the user must first activate the proximity security token S870. This may be accomplished by touching the proximity security token, pressing a button on the proximity security token, swiping a finger on an input of the proximity security token, etc. With the proximity security token activated, a timer on the proximity security token starts S878. The timer lasts for a period of time in which the proximity security token is to remain active. This period of time may be set by the user, by a manufacturer, by a wireless communication device, etc. The method determines whether the period of time has elapsed and the timer has ended S879. If the timer has ended, the user must activate the token again S870. If the timer has not ended, the wireless communication device and/or the proximity security token determines whether the proximity security token is in proximity of the wireless communication device S874. If the proximity security token is not in proximity of the wireless communication device, the wireless communication device is locked S875. If the proximity security token is in proximity of the wireless communication device, the wireless communication device is unlocked S873. With the wireless communication device unlocked, the wireless communication device monitors the proximity of the proximity security device S877. The user then attempts to access an application. The wireless communication device determines whether a secondary authentication is required to access the application S837. If secondary authentication is not required, access to the application is allowed S876. If secondary authentication is required, the user must swipe a finger on the proximity security token S871 or otherwise enter a biometric. The wireless communication device and/or the proximity security token determines whether the user's biometric matches a stored biometric for the user S872. If the user's biometric matches, access to the application is allowed S876. If the user's biometric does not match, access to the application is blocked S838.
  • FIGS. 9A and 9B show proximity security tokens in the form of key fobs with an embedded input, according to embodiments of the present invention. The embedded inputs allow for a second level of authentication of a user, in addition to the proximity of the proximity security token to a wireless communication device. Embedded inputs could be in many varying forms of icon usage such as numbers or symbols. In FIG. 9A, the input is a biometric sensor, such as a fingerprint scanner 926 on proximity security token 920. In this embodiment, fingerprint scanner 926 is used as a secondary authentication. When a user swipes a finger across fingerprint scanner 926, an image of the fingerprint is optically scanned. The image is then compared to a previously recorded image in order to authorize the user. In this embodiment, the comparison is accomplished by logic on board proximity security token 920. Proximity security token 920 is portable, sealed to be weatherproof, and attached to a keychain 930.
  • In FIG. 9B, the input is a keypad 928 on a proximity security token 920. Keypad 928 is used to enter a key or key sequence to further authenticate a user. The key sequence is compared with a stored key sequence. A match confirms the user is an authorized user. In this embodiment, the comparison is performed by logic on board proximity security token 920.
  • In other exemplary embodiments, the fingerprint scanner or the keypad is used to energize or awaken the proximity security token from a low-power or sleep mode. The comparison of a key sequence or fingerprint scan is alternatively accomplished by a wireless communication device being unlocked. Proximity security token may be any shape or size, and may be ergonomically and/or visually appealing.
  • FIG. 10 shows a proximity security token 1020 being used to unlock an automobile 1042, according to an exemplary embodiment of the present invention. In this embodiment, automobile 1042 is unlocked and/or able to be started due to the detection of proximity security token 1020. Automobile 1042 includes a central processing unit (CPU) 1044, a memory 1046 containing an automobile logic 1047, and a transceiver 1048 in order to determine a distance of proximity security token 1020. In this embodiment, proximity security token 1020 is shown on a keychain 1030, such that it remains in the possession of a user. When the user in possession of proximity security token 1020 walks within the proximity of automobile 1042, at a set distance, logic 1047 automatically unlocks automobile 1042. In this embodiment, the engine of automobile 1042 also starts automatically due to the proximity of proximity security token 1020. CPU 1044, transceiver 1048, and logic 1047 are used to determine a distance between automobile 1042 and proximity security token 1020. At one detected distance, logic 1047 causes the door or doors to unlock. At the same distance or a second detected distance, logic 1047 causes automobile 1042 to start.
  • In other embodiments, the automobile starts at a shorter distance than the unlocking of automobile 1042, such as when the user with proximity security token 1020 is in the driver's seat of automobile 1042. Alternate embodiments allow the user to set distances for starting and unlocking. For instance, a user may desire the automobile to start at a further distance, allowing the inner cabin of automobile 1042 to reach a comfortable climate. Another user may not want automobile 1042 to unlock until the user is right next to automobile 1042. In some embodiments, the user sets automobile 1042 to only unlock the driver's side door, while other embodiments enable a user to set automobile 1042 to unlock all the doors. In embodiments of the invention, after the doors of automobile 1042 have been opened due to the proximity of proximity security token 1020, starting the ignition of automobile 1042 requires a secondary authentication with a biometric, code, etc.
  • FIG. 11 shows a method of utilizing a biometric sensor on a proximity security token, according to an exemplary embodiment of the present invention. In this embodiment, a user makes an attempt to activate a wireless communication device S1180, for example, a smartphone. This attempt is made by touching the screen, pressing a button, etc. Device logic on the wireless communication device determines whether the proximity security token, or key fob, is present S1181. This is accomplished by invoking a transceiver to communicate with the proximity security token, and determining a distance between the wireless communication device and the proximity security token using the methods described herein. If the proximity security token is not present, then the wireless communication device remains locked and the user cannot access applications on the wireless communication device S1182. If the proximity security token is present, then the wireless communication device is unlocked, allowing the user to access applications, make calls, etc. S1183. With the wireless communication device unlocked, an attempt is made to conduct a transaction on the wireless communication device S1184. This transaction may be a purchase, a download, an upload, an attempt to access an application or web service, etc. The device logic on the wireless communication device determines whether a biometric is required to conduct the transaction S1185. This determination may be made based upon rules stored within the device logic, requests for authentication from outside entities, requests from an independent operation such as a web service, etc. A required biometric provides an extra layer of security for the transaction. If a biometric is not required for the transaction, then the transaction is allowed S1187. If a biometric is required, then the logic determines whether an input biometric matches a stored biometric for an authorized user S1186. This logic could be performed either on the proximity security token and/or the wireless communication device. This biometric may be a fingerprint scan, an iris scan, a voice detection, etc., stored on either the proximity security token or the wireless communication device. If the biometric matches the stored biometric, then the transaction is allowed S1187. If the biometric does not match the stored biometric, then the transaction fails S1188.
  • In further embodiments of the invention, a failed biometric locks the entire device, while in other embodiments other applications on the device may still be used. Instead of conducting a transaction, the same process is used to access an application or database in other embodiments. In other exemplary embodiments, the user may desire to use a smartphone to access a mobile banking application. The user unlocks the smartphone by attempting to access the smartphone with the proximity security token present. The user then attempts to access the mobile banking application. This application requires a higher level of security than other applications, and the user's fingerprint is requested on the proximity security token. The user scans their fingerprint on the proximity security token. If the user's fingerprint matches the authorized fingerprint for the application, then the user is able to access the mobile banking application.
  • Alternatively, the user accesses a bank's website over a mobile browser that requires the user to log in using a username and password. The bank website requires two-factor authentication and requests the smartphone to authenticate the user's identity. The smartphone prompts the user to swipe the user's finger on the proximity security token. If the fingerprint matches, then the authentication succeeds and the user can access the bank website. In these embodiments, a fingerprint match releases a one-time password to the smartphone, which in turn submits the one-time password or other authentication credential or authorization to the bank website to complete the authentication process.
  • FIG. 12 shows a proximity security token 1220 used to authenticate a transaction, according to an exemplary embodiment of the present invention. In this embodiment, a wireless communication device 1200 is being used to make a payment to a register 1290, for instance, using Near Field Communication (NFC). A user rings up an item at register 1290 and proceeds to payment. An application on wireless communication device 1200 first confirms that proximity security token 1220 is within a set proximity to wireless communication device 1200 to proceed with the purchase process. In order to initiate a payment, the application makes a request to the user to provide authentication to proximity security token 1220 with a fingerprint as a second factor for authentication of the user. Once proximity security token 1220 authorizes the fingerprint, wireless communication device 1200 sends the payment information to register 1290 and the payment transaction is complete. Such a transaction uses a one-time password (OTP) token standard. In other exemplary embodiments of the present invention, second-factor authentication is only required when a payment amount is over a specified amount or given some other user or system defined parameters.
  • In an alternative embodiment, the wireless communication device authorizes the fingerprint or other biometric of the user. Credentials for the user are stored on the wireless communication device, such as in the UICC, SIM card, or a memory of the wireless communication device. The proximity security token transmits a fingerprint template of the scanned fingerprint to the wireless communication device where the fingerprint template is verified with the credentials. Once the wireless communication device verifies the fingerprint, the wireless communication device sends the payment information to the register and the payment transaction is complete.
  • The foregoing disclosure of the exemplary embodiments of the present invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many variations and modifications of the embodiments described herein will be apparent to one of ordinary skill in the art in light of the above disclosure. The scope of the invention is to be defined only by the claims appended hereto, and by their equivalents.
  • Further, in describing representative embodiments of the present invention, the specification may have presented the method and/or process of the present invention as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. As one of ordinary skill in the art would appreciate, other sequences of steps may be possible. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. In addition, the claims directed to the method and/or process of the present invention should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the present invention.

Claims (20)

I claim:
1. A device comprising:
a processor; and
a memory coupled to the processor, the memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising:
determining that a proximity security token is required to access an application,
in response to determining that the proximity security token is required to access the application, locking access to the application,
in response to detecting an attempt to access the application, determining if the proximity security token is present,
detecting a presence of the proximity security token by measuring signals emitted by the proximity security token,
determining if the proximity security token is within a predefined distance of the device, and
in response to a determination that the proximity security token is within the predefined distance of the device,
obtaining a unique identifier from the proximity security token, and
in response to obtaining the unique identifier, unlocking the application.
2. The device of claim 1, wherein the instructions, when executed by the processor, cause the processor to perform operations further comprising:
determining if the proximity security token remains within the predefined distance; and
in response to a determination that the proximity security token does not remain within the predefined distance, locking the application.
3. The device of claim 2, wherein the instructions, when executed by the processor, cause the processor to perform operations further comprising:
starting a timer for a set time period upon locking the application; and
determining, upon expiration of the timer, if the proximity security token is within the predefined distance.
4. The device of claim 3, wherein the instructions, when executed by the processor, cause the processor to perform operations further comprising:
in response to determining that the proximity security token is not within the predefined distance, wiping a portion of the memory.
5. The device of claim 3, wherein the instructions, when executed by the processor, cause the processor to perform operations further comprising:
in response to determining that the proximity security token is not within the predefined distance, wiping the memory.
6. The device of claim 1, further comprising a display, wherein the instructions, when executed by the processor, causes the processor to perform operations further comprising displaying a plurality of security settings on the display.
7. The device of claim 6, wherein the security settings comprise an option to wipe the memory after the set time period and a further option for requiring biometric information.
8. The device of claim 7, further comprising an input device, wherein the security settings are adjustable via the input device.
9. The device of claim 1, further comprising a speaker, wherein the operations further comprise emitting a sound through the speaker upon detecting an absence of the proximity security token.
10. A method comprising:
determining, by a device that executes a token logic, whether a proximity security token is required to access an application;
in response to determining that the proximity security token is required to access the application, locking, by the device, access to the application;
detecting, by the device, an attempt to access the application;
in response to detecting the attempt to access the application, determining, by the device, if the proximity security token is within a predefined distance of the device by measuring signals emitted by the proximity security token;
in response to a determination that the proximity token is not within the predefined distance, not unlocking the application; and
in response to a determination that the proximity token is within the predefined distance requesting, by the device, a unique identifier from the proximity security token, and
in response to obtaining the unique identifier from the proximity security token, unlocking, by the device, the application.
11. The method of claim 10, wherein the secure input comprises a biometric input.
12. The method of claim 10, further comprising requiring the secure input to conduct a transaction.
13. The method of claim 10, further comprising generating a one-time password.
14. The method of claim 10, further comprising:
determining if the proximity security token remains within the predefined distance of the device; and
in response to a determination that the proximity security token does not remain within the predefined distance of the device, locking the application.
15. The method of claim 14, further comprising:
starting a timer for a set time period upon locking the application; and
determining, upon expiration of the timer, if the proximity security token is within the predefined distance.
16. The method of claim 15, further comprising:
in response to determining that the proximity security token is not within the predefined distance, wiping a portion of a memory of the device.
17. The method of claim 15, further comprising:
in response to determining that the proximity security token is not within the predefined distance, wiping a memory of the device.
18. A method comprising:
determining, by a mobile communications device that executes a token logic, that a proximity security token is required to access an application executed by the mobile communications device;
in response to determining that the proximity security token is required to access the application, locking, by the mobile communications device, access to the application;
detecting, by the mobile communications device, an attempt to access the application;
in response to detecting the attempt to access the application, determining, by the mobile communications device, if the proximity security token is within a predefined distance of the mobile communications device by measuring signals emitted by the proximity security token;
in response to a determination that the proximity token is not within the predefined distance, not unlocking the application; and
in response to a determination that the proximity token is within the predefined distance requesting, by the mobile communications device, a unique identifier from the proximity security token, and
in response to obtaining the unique identifier from the proximity security token, unlocking, by the mobile communications device, the application.
19. The method of claim 18, further comprising:
determining if the proximity security token remains within the predefined distance of the mobile communications device;
in response to a determination that the proximity security token does not remain within the predefined distance of the mobile communications device, locking the application;
starting a timer for a set time period upon locking the application; and
determining, upon expiration of the timer, if the proximity security token is within the predefined distance.
20. The method of claim 19, further comprising:
in response to determining that the proximity security token is not within the predefined distance, wiping a portion of a memory of the mobile communications device.
US14/158,907 2010-06-18 2014-01-20 Proximity Based Device Security Abandoned US20140137235A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/158,907 US20140137235A1 (en) 2010-06-18 2014-01-20 Proximity Based Device Security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/818,988 US9443071B2 (en) 2010-06-18 2010-06-18 Proximity based device security
US14/158,907 US20140137235A1 (en) 2010-06-18 2014-01-20 Proximity Based Device Security

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/818,988 Continuation US9443071B2 (en) 2010-06-18 2010-06-18 Proximity based device security

Publications (1)

Publication Number Publication Date
US20140137235A1 true US20140137235A1 (en) 2014-05-15

Family

ID=45329880

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/818,988 Active 2031-11-29 US9443071B2 (en) 2010-06-18 2010-06-18 Proximity based device security
US14/158,907 Abandoned US20140137235A1 (en) 2010-06-18 2014-01-20 Proximity Based Device Security

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/818,988 Active 2031-11-29 US9443071B2 (en) 2010-06-18 2010-06-18 Proximity based device security

Country Status (1)

Country Link
US (2) US9443071B2 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140222630A1 (en) * 2013-02-07 2014-08-07 Securecheck, Llc Apparatus, system and method for facilitating and securing access to transactions in a retail environment
US20140291392A1 (en) * 2013-04-02 2014-10-02 Nxp B.V. Digital wallet bridge
KR20160045602A (en) * 2014-10-17 2016-04-27 램 리써치 코포레이션 Method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool
US20160150402A1 (en) * 2014-11-20 2016-05-26 At&T Intellectual Property I, L.P. Separating Sensitive Data From Mobile Devices For Theft Prevention
US20160337851A1 (en) * 2015-05-14 2016-11-17 Canon Kabushiki Kaisha Information processing apparatus, control method for information processing apparatus, and storage medium
DE102015114367A1 (en) * 2015-08-28 2017-03-02 Stone-ID GmbH & Co. KG Device and method for authenticating and authorizing persons
US9674700B2 (en) 2014-11-04 2017-06-06 Qualcomm Incorporated Distributing biometric authentication between devices in an ad hoc network
US10862684B2 (en) 2014-11-17 2020-12-08 Samsung Electronics Co., Ltd. Method and apparatus for providing service on basis of identifier of user equipment
US11109233B2 (en) * 2012-12-03 2021-08-31 Samsung Electronics Co., Ltd. Method and mobile terminal for controlling screen lock

Families Citing this family (163)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8233554B2 (en) 2010-03-29 2012-07-31 Eices Research, Inc. Increased capacity communications for OFDM-based wireless communications systems/methods/devices
US8670493B2 (en) * 2005-06-22 2014-03-11 Eices Research, Inc. Systems and/or methods of increased privacy wireless communications
USRE47633E1 (en) * 2005-06-22 2019-10-01 Odyssey Wireless Inc. Systems/methods of conducting a financial transaction using a smartphone
US8677377B2 (en) 2005-09-08 2014-03-18 Apple Inc. Method and apparatus for building an intelligent automated assistant
US9318108B2 (en) 2010-01-18 2016-04-19 Apple Inc. Intelligent automated assistant
US8977255B2 (en) 2007-04-03 2015-03-10 Apple Inc. Method and system for operating a multi-function portable electronic device using voice-activation
US9374746B1 (en) 2008-07-07 2016-06-21 Odyssey Wireless, Inc. Systems/methods of spatial multiplexing
US8676904B2 (en) 2008-10-02 2014-03-18 Apple Inc. Electronic devices with voice command and contextual data processing capabilities
US9462411B2 (en) 2008-11-04 2016-10-04 Telcom Ventures, Llc Mobile device mode enablement responsive to a proximity criterion
US20120311585A1 (en) 2011-06-03 2012-12-06 Apple Inc. Organizing task items that represent tasks to perform
HK1138478A2 (en) * 2009-06-18 2010-08-20 Shining Union Ltd A password input device
US10276170B2 (en) 2010-01-18 2019-04-30 Apple Inc. Intelligent automated assistant
EP2431904A1 (en) * 2010-09-21 2012-03-21 Research In Motion Limited Circumstantial authentication
US8683562B2 (en) * 2011-02-03 2014-03-25 Imprivata, Inc. Secure authentication using one-time passwords
US9490700B2 (en) * 2011-02-25 2016-11-08 Vasco Data Security, Inc. Portable handheld strong authentication token having parallel-serial battery switching and voltage regulating circuit
US9262612B2 (en) * 2011-03-21 2016-02-16 Apple Inc. Device access using voice authentication
EP2587854A1 (en) * 2011-10-31 2013-05-01 Money and Data Protection Lizenz GmbH & Co. KG Device for mobile communication
US8918855B2 (en) * 2011-12-09 2014-12-23 Blackberry Limited Transaction provisioning for mobile wireless communications devices and related methods
US10419907B2 (en) 2012-02-22 2019-09-17 Qualcomm Incorporated Proximity application discovery and provisioning
US9544075B2 (en) 2012-02-22 2017-01-10 Qualcomm Incorporated Platform for wireless identity transmitter and system using short range wireless broadcast
US10839365B2 (en) * 2012-03-01 2020-11-17 Paypal, Inc. Finger print funding source selection
US8725113B2 (en) * 2012-03-12 2014-05-13 Google Inc. User proximity control of devices
CN102529888A (en) * 2012-03-13 2012-07-04 鸿富锦精密工业(深圳)有限公司 Automobile use permission control system and method
US9137246B2 (en) * 2012-04-09 2015-09-15 Brivas Llc Systems, methods and apparatus for multivariate authentication
US10360593B2 (en) 2012-04-24 2019-07-23 Qualcomm Incorporated Retail proximity marketing
US20130305378A1 (en) * 2012-05-09 2013-11-14 Visa Europe Limited Method and system for establishing trust between a service provider and a client of the service provider
US10417037B2 (en) 2012-05-15 2019-09-17 Apple Inc. Systems and methods for integrating third party services with a digital assistant
US20140026188A1 (en) * 2012-07-23 2014-01-23 Justin L. Gubler Systems, methods, and devices for restricting use of electronic devices based on proximity to wireless devices
US8769657B2 (en) * 2012-08-10 2014-07-01 Kaspersky Lab Zao System and method for controlling user's access to protected resources using multi-level authentication
US9519761B2 (en) * 2012-09-06 2016-12-13 Paypal, Inc. Systems and methods for authentication using low quality and high quality authentication information
US20140090039A1 (en) * 2012-09-24 2014-03-27 Plantronics, Inc. Secure System Access Using Mobile Biometric Devices
MX2015004817A (en) * 2012-11-16 2016-02-10 Ericsson Telefon Ab L M Vicinity-based multi-factor authentication.
CN103914643A (en) * 2012-12-31 2014-07-09 伊姆西公司 Method, system and device for securely operating computer
GB2509495A (en) * 2013-01-02 2014-07-09 Knightsbridge Portable Comm Sp Device and system for user authentication to permit access to an electronic device
US9473507B2 (en) 2013-01-03 2016-10-18 International Business Machines Corporation Social and proximity based access control for mobile applications
US20140196137A1 (en) * 2013-01-07 2014-07-10 Curtis John Schwebke Unified communications with a cloud client device
KR20230137475A (en) 2013-02-07 2023-10-04 애플 인크. Voice trigger for a digital assistant
US9203835B2 (en) 2013-03-01 2015-12-01 Paypal, Inc. Systems and methods for authenticating a user based on a biometric model associated with the user
US9763097B2 (en) * 2013-03-13 2017-09-12 Lookout, Inc. Method for performing device security corrective actions based on loss of proximity to another device
US10360364B2 (en) 2013-03-13 2019-07-23 Lookout, Inc. Method for changing mobile communication device functionality based upon receipt of a second code
US11017069B2 (en) * 2013-03-13 2021-05-25 Lookout, Inc. Method for changing mobile communications device functionality based upon receipt of a second code and the location of a key device
US10652394B2 (en) 2013-03-14 2020-05-12 Apple Inc. System and method for processing voicemail
US10748529B1 (en) 2013-03-15 2020-08-18 Apple Inc. Voice activated device for use with a voice-based digital assistant
EP2782041B1 (en) * 2013-03-22 2018-11-14 F. Hoffmann-La Roche AG Analysis system ensuring that sensitive data are not accessible
WO2014146186A1 (en) * 2013-03-22 2014-09-25 Keyfree Technologies Inc. Managing access to a restricted area
US9294922B2 (en) 2013-06-07 2016-03-22 Blackberry Limited Mobile wireless communications device performing device unlock based upon near field communication (NFC) and related methods
EP2811725B1 (en) * 2013-06-07 2016-01-06 BlackBerry Limited Mobile wireless communications device performing device unlock based upon near field communication (nfc) and related methods
US10176167B2 (en) 2013-06-09 2019-01-08 Apple Inc. System and method for inferring user intent from speech inputs
GB2513669B (en) 2013-06-21 2016-07-20 Visa Europe Ltd Enabling access to data
EP3020030A1 (en) * 2013-07-12 2016-05-18 Trolmens Gård Ab Mobile-device security
US9213820B2 (en) * 2013-09-10 2015-12-15 Ebay Inc. Mobile authentication using a wearable device
US9769160B2 (en) * 2013-09-19 2017-09-19 Qualcomm Incorporated Method and apparatus for controlling access to electronic devices
US9582595B2 (en) 2013-09-26 2017-02-28 EVRYTHNG Limited Computer-implemented object information service and computer-implemented method for obtaining information about objects from same
WO2015047283A2 (en) 2013-09-27 2015-04-02 Empire Technology Development Llc Information protection method and system
JP6268942B2 (en) * 2013-11-06 2018-01-31 株式会社リコー Authentication system, authentication management apparatus, authentication method and program
US9363264B2 (en) * 2013-11-25 2016-06-07 At&T Intellectual Property I, L.P. Networked device access control
US9230430B2 (en) * 2013-11-27 2016-01-05 Google Inc. Detecting removal of wearable authentication device
US9928672B2 (en) 2013-12-05 2018-03-27 Wallflower Labs Inc. System and method of monitoring and controlling appliances and powered devices using radio-enabled proximity sensing
KR102061913B1 (en) 2013-12-12 2020-01-02 삼성전자주식회사 Method and apparatus for controlling operations of electronic device
GB2521614B (en) * 2013-12-23 2021-01-13 Arm Ip Ltd Controlling authorisation within computer systems
JP6063859B2 (en) * 2013-12-24 2017-01-18 株式会社日立製作所 Portable key device and device control method
US20150184628A1 (en) * 2013-12-26 2015-07-02 Zhigang Fan Fobless keyless vehicle entry and ingnition methodand system
KR102216243B1 (en) * 2014-02-05 2021-02-17 엘지전자 주식회사 Display device and method for controlling the same
US9449165B2 (en) 2014-02-06 2016-09-20 Untethered Labs, Inc. System and method for wireless proximity-based access to a computing device
CZ2014126A3 (en) * 2014-03-03 2015-09-16 AVAST Software s.r.o. Method of and assembly for securing control of bank account
US11042904B1 (en) * 2014-03-12 2021-06-22 Groupon, Inc. Method and system for detecting application programs on mobile computing device
US11010793B1 (en) * 2014-03-12 2021-05-18 Groupon, Inc. Method and system for determining user profile data for promotion and marketing service using mobile application program information
US10846749B1 (en) 2014-03-12 2020-11-24 Groupon, Inc. Method and system for offering promotion impressions using application programs
US10891651B1 (en) * 2014-03-12 2021-01-12 Groupon, Inc. Method and system for launching application programs using promotion impressions
US10937062B1 (en) * 2014-03-12 2021-03-02 Groupon, Inc. Method and system for facilitating download of application programs on mobile computing device
CN103944615B (en) * 2014-04-14 2016-09-14 惠州Tcl移动通信有限公司 Method and the system thereof closely unlocked is realized according to electrocardiogram
US20150310452A1 (en) * 2014-04-27 2015-10-29 AuthAir, Inc. Access Control System For Medical And Dental Computer Systems
EP3480811A1 (en) 2014-05-30 2019-05-08 Apple Inc. Multi-command single utterance input method
US10170123B2 (en) 2014-05-30 2019-01-01 Apple Inc. Intelligent assistant for home automation
US9715875B2 (en) 2014-05-30 2017-07-25 Apple Inc. Reducing the need for manual start/end-pointing and trigger phrases
US9424417B2 (en) 2014-06-04 2016-08-23 Qualcomm Incorporated Secure current movement indicator
US9338493B2 (en) 2014-06-30 2016-05-10 Apple Inc. Intelligent automated assistant for TV user interactions
US10212136B1 (en) 2014-07-07 2019-02-19 Microstrategy Incorporated Workstation log-in
US20160042168A1 (en) * 2014-08-07 2016-02-11 Christopher Eric HOLLAND Method and apparatus for authenticating users
US10235854B2 (en) 2014-08-19 2019-03-19 Sensormatic Electronics, LLC Tailgating detection in frictionless access control system
US9865144B2 (en) 2014-08-19 2018-01-09 Sensormatic Electronics, LLC Video recognition in frictionless access control system
US10158550B2 (en) 2014-08-19 2018-12-18 Sensormatic Electronics, LLC Access control system with omni and directional antennas
US9697656B2 (en) 2014-08-19 2017-07-04 Sensormatic Electronics, LLC Method and system for access control proximity location
GB2529812A (en) * 2014-08-28 2016-03-09 Kopper Mountain Ltd Method and system for mobile data and communications security
US20160092665A1 (en) * 2014-09-27 2016-03-31 Intel Corporation Liveness Detection for User Authentication
US20160180335A1 (en) * 2014-12-17 2016-06-23 Empire Technology Development Llc Alarm service
FR3030816A1 (en) * 2014-12-18 2016-06-24 Orange TECHNIQUE FOR MONITORING READING OF A DIGITAL OBJECT
US9721566B2 (en) 2015-03-08 2017-08-01 Apple Inc. Competing devices responding to voice triggers
US9886953B2 (en) 2015-03-08 2018-02-06 Apple Inc. Virtual assistant activation
US9614829B1 (en) * 2015-03-27 2017-04-04 EMC IP Holding Company LLC Deauthentication in multi-device user environments
US10460227B2 (en) 2015-05-15 2019-10-29 Apple Inc. Virtual assistant in a communication session
US9947155B2 (en) 2015-05-20 2018-04-17 Sensormatic Electronics, LLC Frictionless access system for public access point
US10200824B2 (en) 2015-05-27 2019-02-05 Apple Inc. Systems and methods for proactively identifying and surfacing relevant content on a touch-sensitive device
US9578173B2 (en) 2015-06-05 2017-02-21 Apple Inc. Virtual assistant aided communication with 3rd party service in a communication session
US20160378747A1 (en) 2015-06-29 2016-12-29 Apple Inc. Virtual assistant for media playback
US10671428B2 (en) 2015-09-08 2020-06-02 Apple Inc. Distributed personal assistant
US10740384B2 (en) 2015-09-08 2020-08-11 Apple Inc. Intelligent automated assistant for media search and playback
US10747498B2 (en) 2015-09-08 2020-08-18 Apple Inc. Zero latency digital assistant
US10331312B2 (en) 2015-09-08 2019-06-25 Apple Inc. Intelligent automated assistant in a media environment
US10402617B2 (en) 2015-09-30 2019-09-03 Apple Inc. Input devices incorporating biometric sensors
US20170103224A1 (en) * 2015-10-07 2017-04-13 Lieyu Hu Method and System for Providing Secure Access and Data Storage to Mobile Computing Devices
US10691473B2 (en) 2015-11-06 2020-06-23 Apple Inc. Intelligent automated assistant in a messaging environment
US10956666B2 (en) 2015-11-09 2021-03-23 Apple Inc. Unconventional virtual assistant interactions
WO2017085545A1 (en) * 2015-11-17 2017-05-26 Idee Limited Security systems and methods with identity management for access to restricted access locations
US10223066B2 (en) 2015-12-23 2019-03-05 Apple Inc. Proactive assistance based on dialog communication between devices
US10855664B1 (en) 2016-02-08 2020-12-01 Microstrategy Incorporated Proximity-based logical access
US10231128B1 (en) * 2016-02-08 2019-03-12 Microstrategy Incorporated Proximity-based device access
US11227589B2 (en) 2016-06-06 2022-01-18 Apple Inc. Intelligent list reading
US10586535B2 (en) 2016-06-10 2020-03-10 Apple Inc. Intelligent digital assistant in a multi-tasking environment
DK201670540A1 (en) 2016-06-11 2018-01-08 Apple Inc Application integration with a digital assistant
DK179415B1 (en) 2016-06-11 2018-06-14 Apple Inc Intelligent device arbitration and control
US11582215B2 (en) 2016-06-12 2023-02-14 Apple Inc. Modifying security state with secured range detection
US11250118B2 (en) * 2016-06-12 2022-02-15 Apple Inc. Remote interaction with a device using secure range detection
WO2017223411A1 (en) * 2016-06-23 2017-12-28 Jpmorgan Chase Bank, N.A. Systems and methods for implementing a proximity lock using bluetooth low energy
JP6798169B2 (en) * 2016-07-13 2020-12-09 コニカミノルタ株式会社 Authentication system, control method and program
US20180122217A1 (en) * 2016-10-27 2018-05-03 Lenovo (Singapore) Pte. Ltd. Detecting Wireless Signals to Engage Security System Awareness
US11204787B2 (en) 2017-01-09 2021-12-21 Apple Inc. Application integration with a digital assistant
CN106951759A (en) * 2017-03-07 2017-07-14 青岛海信移动通信技术股份有限公司 Unlocked by fingerprint control method and device
US10657242B1 (en) 2017-04-17 2020-05-19 Microstrategy Incorporated Proximity-based access
US11140157B1 (en) 2017-04-17 2021-10-05 Microstrategy Incorporated Proximity-based access
US10771458B1 (en) 2017-04-17 2020-09-08 MicoStrategy Incorporated Proximity-based user authentication
DK201770383A1 (en) 2017-05-09 2018-12-14 Apple Inc. User interface for correcting recognition errors
US10726832B2 (en) 2017-05-11 2020-07-28 Apple Inc. Maintaining privacy of personal information
DK179496B1 (en) 2017-05-12 2019-01-15 Apple Inc. USER-SPECIFIC Acoustic Models
DK179745B1 (en) 2017-05-12 2019-05-01 Apple Inc. SYNCHRONIZATION AND TASK DELEGATION OF A DIGITAL ASSISTANT
DK201770428A1 (en) 2017-05-12 2019-02-18 Apple Inc. Low-latency intelligent automated assistant
DK179560B1 (en) 2017-05-16 2019-02-18 Apple Inc. Far-field extension for digital assistant services
US20180336892A1 (en) 2017-05-16 2018-11-22 Apple Inc. Detecting a trigger of a digital assistant
US20180336275A1 (en) 2017-05-16 2018-11-22 Apple Inc. Intelligent automated assistant for media exploration
EP3732599A4 (en) 2017-12-29 2021-09-01 Idee Limited Single sign on (sso) using continuous authentication
JP7314360B2 (en) 2018-01-16 2023-07-25 マクセル株式会社 User authentication system and mobile terminal
US11677744B2 (en) 2018-01-16 2023-06-13 Maxell, Ltd. User authentication system and portable terminal
US10818288B2 (en) 2018-03-26 2020-10-27 Apple Inc. Natural assistant interaction
US11145294B2 (en) 2018-05-07 2021-10-12 Apple Inc. Intelligent automated assistant for delivering content from user experiences
US10928918B2 (en) 2018-05-07 2021-02-23 Apple Inc. Raise to speak
US10892996B2 (en) 2018-06-01 2021-01-12 Apple Inc. Variable latency device coordination
DK179822B1 (en) 2018-06-01 2019-07-12 Apple Inc. Voice interaction at a primary device to access call functionality of a companion device
DK180639B1 (en) 2018-06-01 2021-11-04 Apple Inc DISABILITY OF ATTENTION-ATTENTIVE VIRTUAL ASSISTANT
DE102018007497A1 (en) * 2018-09-24 2020-03-26 ASTRA Gesellschaft für Asset Management mbH & Co. KG Access control system for computers
US11010561B2 (en) 2018-09-27 2021-05-18 Apple Inc. Sentiment prediction from textual data
US10839159B2 (en) 2018-09-28 2020-11-17 Apple Inc. Named entity normalization in a spoken dialog system
US11170166B2 (en) 2018-09-28 2021-11-09 Apple Inc. Neural typographical error modeling via generative adversarial networks
US11462215B2 (en) 2018-09-28 2022-10-04 Apple Inc. Multi-modal inputs for voice commands
SG11202103377WA (en) * 2018-10-08 2021-04-29 Visa Int Service Ass Techniques for token proximity transactions
US11475898B2 (en) 2018-10-26 2022-10-18 Apple Inc. Low-latency multi-speaker speech recognition
US11638059B2 (en) 2019-01-04 2023-04-25 Apple Inc. Content playback on multiple devices
US11348573B2 (en) 2019-03-18 2022-05-31 Apple Inc. Multimodality in digital assistant systems
US11307752B2 (en) 2019-05-06 2022-04-19 Apple Inc. User configurable task triggers
US11217251B2 (en) 2019-05-06 2022-01-04 Apple Inc. Spoken notifications
US11475884B2 (en) 2019-05-06 2022-10-18 Apple Inc. Reducing digital assistant latency when a language is incorrectly determined
US11423908B2 (en) 2019-05-06 2022-08-23 Apple Inc. Interpreting spoken requests
US11140099B2 (en) 2019-05-21 2021-10-05 Apple Inc. Providing message response suggestions
DK201970510A1 (en) 2019-05-31 2021-02-11 Apple Inc Voice identification in digital assistant systems
US11496600B2 (en) 2019-05-31 2022-11-08 Apple Inc. Remote execution of machine-learned models
DK180129B1 (en) 2019-05-31 2020-06-02 Apple Inc. User activity shortcut suggestions
US11289073B2 (en) 2019-05-31 2022-03-29 Apple Inc. Device text to speech
US11360641B2 (en) 2019-06-01 2022-06-14 Apple Inc. Increasing the relevance of new available information
WO2021056255A1 (en) 2019-09-25 2021-04-01 Apple Inc. Text detection using global geometry estimators
US20210264043A1 (en) * 2020-02-21 2021-08-26 Refocus On Life B.V. Selectively restricting interaction with apps on a digital device
US11038934B1 (en) 2020-05-11 2021-06-15 Apple Inc. Digital assistant hardware abstraction
US11755276B2 (en) 2020-05-12 2023-09-12 Apple Inc. Reducing description length based on confidence
US11388157B2 (en) 2020-10-21 2022-07-12 International Business Machines Corporation Multi-factor authentication of internet of things devices
WO2022261628A1 (en) * 2021-06-08 2022-12-15 Mewt LLC Wireless kill switch

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5083968A (en) * 1988-11-29 1992-01-28 Hart Frank J Interactive toy
US5719551A (en) * 1996-08-22 1998-02-17 Flick; Kenneth E. Vehicle security system for a vehicle having a data communications bus and related methods
US5724028A (en) * 1994-12-21 1998-03-03 United Technologies Automotive, Inc. RF remote system with drive-away prevention
US5796935A (en) * 1995-07-20 1998-08-18 Raytheon Company Voting node for a distributed control system
US5799086A (en) * 1994-01-13 1998-08-25 Certco Llc Enhanced cryptographic system and method with key escrow feature
US5953844A (en) * 1998-12-01 1999-09-21 Quantum Leap Research Inc. Automatic firearm user identification and safety module
US6338140B1 (en) * 1998-07-27 2002-01-08 Iridium Llc Method and system for validating subscriber identities in a communications network
US6535136B1 (en) * 1998-02-26 2003-03-18 Best Lock Corporation Proximity card detection system
US20030228846A1 (en) * 2002-06-05 2003-12-11 Shlomo Berliner Method and system for radio-frequency proximity detection using received signal strength variance
US6742714B2 (en) * 1999-09-16 2004-06-01 Kenneth B. Cecil Proximity card with incorporated PIN code protection
US20040250074A1 (en) * 2003-06-05 2004-12-09 Roger Kilian-Kehr Securing access to an application service based on a proximity token
US20050105734A1 (en) * 2003-09-30 2005-05-19 Mark Buer Proximity authentication system
US20060021005A1 (en) * 2004-07-21 2006-01-26 Williams Cuong G System and method for lost data destruction of electronic data stored on a portable electronic device using a security interval
US7302571B2 (en) * 2001-04-12 2007-11-27 The Regents Of The University Of Michigan Method and system to maintain portable computer data secure and authentication token for use therein
US7412542B1 (en) * 2003-11-26 2008-08-12 Microsoft Corporation Bridging a gaming console with a wireless network
US7539565B2 (en) * 2006-02-24 2009-05-26 Denso International America, Inc. Smart unlock control by vehicle location
US20090207013A1 (en) * 2008-02-20 2009-08-20 Mourad Ben Ayed Systems for monitoring proximity to prevent loss or to assist recovery
US20100029200A1 (en) * 2006-09-29 2010-02-04 Antonio Varriale Use, provision, customization and billing of services for mobile users through distinct electronic apparatuses
US7848746B2 (en) * 2006-02-03 2010-12-07 Emc Corporation Authentication methods and apparatus utilizing hash chains
US7944354B2 (en) * 2007-11-29 2011-05-17 International Business Machines Corporation System and method for shopping cart security

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6847302B2 (en) * 2001-09-28 2005-01-25 Seatsignal, Inc. Object-proximity monitoring and alarm system
CN1820279B (en) 2003-06-16 2012-01-25 Uru科技公司 Method and system for creating and operating biometrically enabled multi-purpose credential management devices
JP2008508621A (en) * 2004-08-03 2008-03-21 シルバーブルック リサーチ ピーティワイ リミテッド Walk-up printing
US20080028230A1 (en) * 2006-05-05 2008-01-31 Tri-D Systems, Inc. Biometric authentication proximity card
US7748618B2 (en) 2006-08-21 2010-07-06 Verizon Patent And Licensing Inc. Secure near field transaction
US8104091B2 (en) 2008-03-07 2012-01-24 Samsung Electronics Co., Ltd. System and method for wireless communication network having proximity control based on authorization token

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5083968A (en) * 1988-11-29 1992-01-28 Hart Frank J Interactive toy
US5799086A (en) * 1994-01-13 1998-08-25 Certco Llc Enhanced cryptographic system and method with key escrow feature
US5724028A (en) * 1994-12-21 1998-03-03 United Technologies Automotive, Inc. RF remote system with drive-away prevention
US5796935A (en) * 1995-07-20 1998-08-18 Raytheon Company Voting node for a distributed control system
US5719551A (en) * 1996-08-22 1998-02-17 Flick; Kenneth E. Vehicle security system for a vehicle having a data communications bus and related methods
US6535136B1 (en) * 1998-02-26 2003-03-18 Best Lock Corporation Proximity card detection system
US6338140B1 (en) * 1998-07-27 2002-01-08 Iridium Llc Method and system for validating subscriber identities in a communications network
US5953844A (en) * 1998-12-01 1999-09-21 Quantum Leap Research Inc. Automatic firearm user identification and safety module
US6742714B2 (en) * 1999-09-16 2004-06-01 Kenneth B. Cecil Proximity card with incorporated PIN code protection
US7302571B2 (en) * 2001-04-12 2007-11-27 The Regents Of The University Of Michigan Method and system to maintain portable computer data secure and authentication token for use therein
US20030228846A1 (en) * 2002-06-05 2003-12-11 Shlomo Berliner Method and system for radio-frequency proximity detection using received signal strength variance
US20040250074A1 (en) * 2003-06-05 2004-12-09 Roger Kilian-Kehr Securing access to an application service based on a proximity token
US20050105734A1 (en) * 2003-09-30 2005-05-19 Mark Buer Proximity authentication system
US7412542B1 (en) * 2003-11-26 2008-08-12 Microsoft Corporation Bridging a gaming console with a wireless network
US20060021005A1 (en) * 2004-07-21 2006-01-26 Williams Cuong G System and method for lost data destruction of electronic data stored on a portable electronic device using a security interval
US7848746B2 (en) * 2006-02-03 2010-12-07 Emc Corporation Authentication methods and apparatus utilizing hash chains
US7539565B2 (en) * 2006-02-24 2009-05-26 Denso International America, Inc. Smart unlock control by vehicle location
US20100029200A1 (en) * 2006-09-29 2010-02-04 Antonio Varriale Use, provision, customization and billing of services for mobile users through distinct electronic apparatuses
US7944354B2 (en) * 2007-11-29 2011-05-17 International Business Machines Corporation System and method for shopping cart security
US20090207013A1 (en) * 2008-02-20 2009-08-20 Mourad Ben Ayed Systems for monitoring proximity to prevent loss or to assist recovery

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11751053B2 (en) * 2012-12-03 2023-09-05 Samsung Electronics Co., Ltd. Method and mobile terminal for controlling screen lock
US20210360404A1 (en) * 2012-12-03 2021-11-18 Samsung Electronics Co., Ltd. Method and mobile terminal for controlling screen lock
US11109233B2 (en) * 2012-12-03 2021-08-31 Samsung Electronics Co., Ltd. Method and mobile terminal for controlling screen lock
US20140222630A1 (en) * 2013-02-07 2014-08-07 Securecheck, Llc Apparatus, system and method for facilitating and securing access to transactions in a retail environment
US10102522B2 (en) * 2013-04-02 2018-10-16 Nxp B.V. Digital wallet bridge
US20140291392A1 (en) * 2013-04-02 2014-10-02 Nxp B.V. Digital wallet bridge
TWI677024B (en) * 2014-10-17 2019-11-11 美商蘭姆研究公司 A method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool
US9736135B2 (en) 2014-10-17 2017-08-15 Lam Research Corporation Method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool
CN105530636A (en) * 2014-10-17 2016-04-27 朗姆研究公司 Method, apparatus, and system for establishing a virtual tether
KR102369632B1 (en) * 2014-10-17 2022-03-02 램 리써치 코포레이션 Method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool
KR20160045602A (en) * 2014-10-17 2016-04-27 램 리써치 코포레이션 Method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool
US9674700B2 (en) 2014-11-04 2017-06-06 Qualcomm Incorporated Distributing biometric authentication between devices in an ad hoc network
US10862684B2 (en) 2014-11-17 2020-12-08 Samsung Electronics Co., Ltd. Method and apparatus for providing service on basis of identifier of user equipment
US10051111B2 (en) * 2014-11-20 2018-08-14 At&T Intellectual Property I, L.P. Separating sensitive data from mobile devices for theft prevention
US10681204B2 (en) 2014-11-20 2020-06-09 At&T Intellectual Property I, L.P. Separating sensitive data from mobile devices for theft prevention
US20160150402A1 (en) * 2014-11-20 2016-05-26 At&T Intellectual Property I, L.P. Separating Sensitive Data From Mobile Devices For Theft Prevention
US20190028894A1 (en) * 2015-05-14 2019-01-24 Canon Kabushiki Kaisha Information processing apparatus, control method for information processing apparatus, and storage medium
US20160337851A1 (en) * 2015-05-14 2016-11-17 Canon Kabushiki Kaisha Information processing apparatus, control method for information processing apparatus, and storage medium
DE102015114367A1 (en) * 2015-08-28 2017-03-02 Stone-ID GmbH & Co. KG Device and method for authenticating and authorizing persons

Also Published As

Publication number Publication date
US9443071B2 (en) 2016-09-13
US20110314539A1 (en) 2011-12-22

Similar Documents

Publication Publication Date Title
US9443071B2 (en) Proximity based device security
US10523670B2 (en) Devices, systems, and methods for security using magnetic field based identification
TWI643133B (en) Fingerprint recognition card and method for operating fingerprint recognition card
US11669338B2 (en) Device locator disable authentication
US7882541B2 (en) Authentication system in information processing terminal using mobile information processing device
US8667560B2 (en) Authenticating a user with picture messaging
US9183683B2 (en) Method and system for access to secure resources
EP1609043B1 (en) Apparatus for authorising access to an electronic device
US8191161B2 (en) Wireless authentication
WO2002042890A1 (en) Security system for information processor
US10629012B1 (en) Multi-factor authentication for vehicles
US9946859B2 (en) Systems and methods for enabling a lock screen of an electronic device
US9542547B2 (en) Identification to access portable computing device
KR20050015000A (en) Door lock system and operating method using a mobile terminal
US11787367B1 (en) Systems for shared vehicle access

Legal Events

Date Code Title Description
AS Assignment

Owner name: AT&T INTELLECTUAL PROPERTY I, L.P., GEORGIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HORTON, MICHAEL;REEL/FRAME:032219/0422

Effective date: 20100616

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION