Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

An automatic and secure system and method for determining ownership or assignment of networked devices and associated accounts

IP.com Disclosure Number: IPCOM000020262D
Original Publication Date: 2003-Nov-07
Included in the Prior Art Database: 2003-Nov-07
Document File: 3 page(s) / 50K

Publishing Venue

IBM

Abstract

This article describes a means of automatically and continually identifying whether the proposed user of a networked device (ND) is authorised to use the device concerned (which may be a mobile phone, a PDA with wireless access to the internet, a laptop computer, or any connected device). The ND is designed to be inoperable if the proposed user is not authorised and if the RFID tag and authorised signature is not regularly detected during operation. The system also enables any number of users to be authorised to use a given ND, and for separate accounts to be created so that usage may be recorded appropriately (useful for sharing mobile phones between family members for example, or for players sharing an ND to play chargeable on-line games). An innovation of this system is that the same session can be allocated between users simply by detecting which user is using the ND during the session and for how long. No manual intervention is required to switch users. This offers other interesting possibilities for game-playing (eg the game is automatically able to change characters, or perspectives by simply passing the ND to another User). The system does not require the User to manually enter any means of identification. However, for certain applications and devices, an added level of security is possible if the User also has to enter a separate keycode.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 48% of the total text.

Page 1 of 3

  An automatic and secure system and method for determining ownership or assignment of networked devices and associated accounts

Disclosed is a means forr automatically and continually identifying whether an intended user of a networkable device is authorised to use the device concerned. Examples of such networkable devices include mobile phones, PDAs, laptop computers, and games consoles. Client authentication is an essential element of network security within most intranets or extranets. This may be by: Password Authentication:

    Almost all server software permits client authentication by means of a name and password. For example, a server might require a user to type a name and password before granting access to the server. The server maintains a list of names and passwords; if a particular name is on the list, and if the user types the correct password, the server grants access.

Biometric Authentication:

This requires special (and expensive) recognition devices to ensure accuracy.

Certificate based Authentication:

    Client authentication based on certificates is part of the SSL protocol. The client digitally signs a randomly generated piece of data and sends both the certificate and the signed data across the network. The server uses techniques of public-key cryptography to validate the signature and confirm the validity of the certificate. Neither password-based authentication nor certificate-based authentication address security issues related to physical access to individual machines or passwords. Public-key cryptography can only verify that a private key used to sign some data corresponds to the public key in a certificate. It is the user's responsibility to protect a machine's physical security and to keep the private-key password secret.

    The proposed system is an extension of the use of digital signatures and public key encryption and RFID identification. It assumes that each authorised user has a personal digital signature. This is encoded electronically on a passive RFID tag which is incorporated in an object always carried by the user. Examples of how this has been done (eg by Texas Instruments) have been in a ring, a credit card or a key. The networked devices using this system will incorporate an RFID reader. The User's digital signature encoded in this way is used across all the devices enabled as described in this invention. In the system described, each ND also incorporates its own digital signature. The Authority which has the broadest interest in the appropriate use of the ND will act as the Certificate Authority (CA) for the particular set of NDs (eg this may be the mobile phone service provider for mobile phones, the user's employer with regard to laptops or desktop computer, or the individual for a PDA).

    On first registering a user for any particular ND, the CA will create a secure and unique account identification using the combination of the User's, and the ND's digital signatures. The signatures may be individu...