WO2006014330A2 - Method and system for enhancing security in wireless stations of a local area network (lan) - Google Patents

Method and system for enhancing security in wireless stations of a local area network (lan) Download PDF

Info

Publication number
WO2006014330A2
WO2006014330A2 PCT/US2005/023371 US2005023371W WO2006014330A2 WO 2006014330 A2 WO2006014330 A2 WO 2006014330A2 US 2005023371 W US2005023371 W US 2005023371W WO 2006014330 A2 WO2006014330 A2 WO 2006014330A2
Authority
WO
WIPO (PCT)
Prior art keywords
functions
sensitive data
smart card
storing
wireless station
Prior art date
Application number
PCT/US2005/023371
Other languages
French (fr)
Other versions
WO2006014330A3 (en
Inventor
Panayiotis E. Nastou
Panayiota Bay
Theodore Karoubalis
Stelios Koutroubinas
Original Assignee
Atmel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GR20040100280A external-priority patent/GR1005023B/en
Application filed by Atmel Corporation filed Critical Atmel Corporation
Publication of WO2006014330A2 publication Critical patent/WO2006014330A2/en
Publication of WO2006014330A3 publication Critical patent/WO2006014330A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention is related to wireless LAN (802.11) security, and more particularly to the use of a smart card to enhance wireless LAN (WLAN) security.
  • Wireless communications have merited tremendous growth over the past few years, becoming widely applied to the realm of personal and business computing. Wireless access is quickly broadening network reach by providing convenient and inexpensive access in hard-to-wire locations. A major motivation and benefit from wireless LANs is increased mobility. Wireless network users are able to access LANs from nearly anywhere without being bounded through a conventional wired network connection. A key issue in the area of wireless and mobile communications is security.
  • FIG. 1 illustrates how a wireless client application 10 in a host 11 and a wireless station 12 currently communicate. While only one host is shown, this is meant to be illustrative for the communications that occur between a host and wireless station in a WLAN. Of course, a plurality of systems would be expected to be present in a WLAN.
  • the application 10 passes non- cryptographic operations to the station 12 through the station driver interface 14 of the host 11.
  • the cryptographic operations of the 802. IX authentication are executed in the host 11.
  • the certificates and the keys needed during authentication are stored into operating system (OS) repositories 16 of the host 11 and are retrieved by using operating system calls.
  • OS operating system
  • This strategy of using the OS repositories makes the wireless station 12 less portable, since most of the critical data (certificates and private keys) for security is stored into a specific host. To use the station 12 in another host is difficult, since sensitive information must be transferred from one host to another. Further, storing sensitive data into public places and repositories is less secure, since malicious applications (worms, Trojans, etc.) can be used to retrieve such sensitive data during operating system operations.
  • aspects for enhancing security in wireless stations of a local area network include utilizing a smart card to store sensitive data in a wireless station connected on a host which accesses a wireless local area network (WLAN). Further included is providing a cryptographic token interface in the host for performing cryptographic operations with the sensitive data from the wireless station.
  • WLAN wireless local area network
  • Figure 1 illustrates a block diagram of a wireless station and host of a WLAN of the prior art.
  • FIG. 2 illustrates a block diagram of a wireless station and host of a WLAN in accordance with the present invention.
  • Figure 3 illustrates a block diagram of object classes for a Cryptoki interface in accordance with the present invention.
  • the present invention relates to the use of a smart card to enhance wireless LAN (WLAN) security.
  • WLAN wireless LAN
  • the following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements.
  • Various modifications to the preferred embodiment and the generic principles and features described herein will be readily apparent to those skilled in the art.
  • the present invention is not intended to be limited to the embodiments shown but is to be accorded the widest scope consistent with the principles and features described herein.
  • FIG. 2 illustrates a block diagram of a system in accordance with the present invention that improves upon the system of Figure 1.
  • a wireless station 20 includes a smart card 22 storing sensitive data, the smart card 22 connecting to the wireless station 20 via a serial interface, for example.
  • the storing of sensitive data by a smart card in accordance with the present invention includes all the sensitive information used by the chosen authentication method of 802. IX.
  • an authentication server is often used in the WLAN to support security operations according to a most secure and popular authentication method of EAP-TLS (extensible authentication protocol - transport layer security), the details of which are well known in the art.
  • EAP-TLS extensible authentication protocol - transport layer security
  • sensitive data being utilized includes a supplicant's private key, which is used to sign supplicant messages, the public key of a root certificate authority, which is used by the supplicant to verify the signature of a signed public-key certificate (signed with the private key of the root certificate authority), and a premaster secret.
  • an authentication server may not be present.
  • PSK preshared key
  • Static WEP keys may also be stored in non-enterprise environments
  • non- cryptographic functions are passed from an application 26 of a host 24 to the station 20 through a station driver interface 28, while cryptographic operations are passed from the application 24 to the station 20 using a Cryptoki API 30.
  • the Cryptoki API 30 refers to cryptographic token interface application programming interface, as specified in the fundamental concepts of PKCS #11 (Public- Key Cryptographic Standard) well known in the art.
  • the primary goal for Cryptoki is a low-level programming interface that abstracts the details of portable cryptographic devices, such as those based on smart cards, PCMCIA cards, and smart diskettes, and presents to the application 26 a common model of the cryptographic device, called a "cryptographic token” or simply token.
  • Figure 3 presents the three object classes that Cryptoki defines in accordance with the present invention.
  • a data object 32 is defined by an application, a certificate object 34 stores a certificate, and a key object 36 stores a cryptographic key, which may be a private key 38, a public key 40, or a secret key 42.
  • a token can create and destroy objects, manipulate them, and search for them.
  • a token may also have an internal random number generator.
  • the application 24 opens one or more sessions.
  • a session provides a logical connection between the application 24 and the token.
  • the session can be read/write, such that the application can create, read, write, and destroy both public and private objects, or a session can be read-only, such that the application can only read private objects but can create, read, write, and destroy public objects.
  • the cryptoki interface 30 recognizes two token user types, a security officer and a normal user.
  • the role of the security officer is to initialize the token and to set the normal user's PINs (personal identification numbers), and possibly to manipulate some public objects. Private objects can be accessed by a normal user and that access is granted only if the normal user has been authenticated, i.e., the normal user cannot log in until the security officer has set the normal user's PIN.
  • a token may be used to perform some or all of the following functions included in the cryptoki API in accordance with the present invention: general purpose functions; token management functions; session management functions; object management functions; encryption/decryption functions; message digesting functions; signing and MAC-ing (media access controller) functions; functions for verifying signatures and MACs; dual-purpose cryptographic functions; key management functions; and random number generation functions.
  • the smart card 22 can be used to provide cryptographic operations, e.g., random number generation, signing messages, verifying signatures and MACs, when designed to include a crypto-processor, the functions needing to be performed by the token depend upon those cryptographic capabilities chosen to be provided by the smart card 22, as is well appreciated by those skilled in the art. While providing cryptographic operations on the smart card 22 increases the complexity of the smart card 22, high security is realized, since the sensitive data stored on the smart card 22 need never leave it.
  • a smart card for stations in a WLAN in accordance with the present invention, users are able to move from one computer to another without the need to enter security related data for network access into each computer they are using. Since the security related data is stored safely in the smart card, users can enjoy the same network access privileges by plugging their WLAN station smart card (e.g., via PCMCIA, USB, etc.) in different computers. In this manner portability is ensured without sacrificing security and while avoiding operating system dependency, so as to reduce susceptibility to malicious applications.

Abstract

Aspects for enhancing security in wireless stations of a local area network (LAN) are described. The aspects include utilizing a smart card to store sensitive data in a wireless station accessing a host in a wireless local area network (WLAN). Further included is providing a cryptographic token interface in the host for performing cryptographic operations with the sensitive data from the wireless station.

Description

METHOD AND SYSTEM FOR ENHANCING SECURITY IN WIRELESS STATIONS OF A LOCAL AREA NETWORK (LAN)
FIELD OF THE INVENTION
The present invention is related to wireless LAN (802.11) security, and more particularly to the use of a smart card to enhance wireless LAN (WLAN) security.
BACKGROUND OF THE INVENTION
Wireless communications have merited tremendous growth over the past few years, becoming widely applied to the realm of personal and business computing. Wireless access is quickly broadening network reach by providing convenient and inexpensive access in hard-to-wire locations. A major motivation and benefit from wireless LANs is increased mobility. Wireless network users are able to access LANs from nearly anywhere without being bounded through a conventional wired network connection. A key issue in the area of wireless and mobile communications is security.
The IEEE 802.11 standard for wireless LANs (WLANs) stands as a significant milestone in the evolution of wireless network technologies. In recent years, the members of a 802.1 Ii task group have given great effort in order to provide WLAN users a more powerful security protocol. Figure 1 illustrates how a wireless client application 10 in a host 11 and a wireless station 12 currently communicate. While only one host is shown, this is meant to be illustrative for the communications that occur between a host and wireless station in a WLAN. Of course, a plurality of systems would be expected to be present in a WLAN. For typical communications, the application 10 passes non- cryptographic operations to the station 12 through the station driver interface 14 of the host 11. The cryptographic operations of the 802. IX authentication are executed in the host 11. The certificates and the keys needed during authentication are stored into operating system (OS) repositories 16 of the host 11 and are retrieved by using operating system calls. This strategy of using the OS repositories makes the wireless station 12 less portable, since most of the critical data (certificates and private keys) for security is stored into a specific host. To use the station 12 in another host is difficult, since sensitive information must be transferred from one host to another. Further, storing sensitive data into public places and repositories is less secure, since malicious applications (worms, Trojans, etc.) can be used to retrieve such sensitive data during operating system operations.
Accordingly, a need exists for enhancing security with improved portability for stations in a WLAN that complements the capabilities of 802. IX. The present invention addresses such a need.
SUMMARY OF THE INVENTION
Aspects for enhancing security in wireless stations of a local area network (LAN) are described. The aspects include utilizing a smart card to store sensitive data in a wireless station connected on a host which accesses a wireless local area network (WLAN). Further included is providing a cryptographic token interface in the host for performing cryptographic operations with the sensitive data from the wireless station.
Through the use of a smart card for stations in a WLAN in accordance with the present invention, portability is maintained without sacrificing security, as users are able to use the smart card when moving from one computer to another. Such ability to store sensitive data on a smart card also avoids dependency on a particular system and its operating system repository, thus reducing susceptibility to malicious applications. These and other advantages of the aspects of the present invention will be more fully understood in conjunction with the following detailed description and accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates a block diagram of a wireless station and host of a WLAN of the prior art.
Figure 2 illustrates a block diagram of a wireless station and host of a WLAN in accordance with the present invention.
Figure 3 illustrates a block diagram of object classes for a Cryptoki interface in accordance with the present invention.
DETAILED DESCRIPTION
The present invention relates to the use of a smart card to enhance wireless LAN (WLAN) security. The following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements. Various modifications to the preferred embodiment and the generic principles and features described herein will be readily apparent to those skilled in the art. Thus, the present invention is not intended to be limited to the embodiments shown but is to be accorded the widest scope consistent with the principles and features described herein.
The present invention provides a WLAN station architecture that employs a smart card to allow users to move from one computer to another safely and seamlessly. Figure 2 illustrates a block diagram of a system in accordance with the present invention that improves upon the system of Figure 1. As shown, a wireless station 20 includes a smart card 22 storing sensitive data, the smart card 22 connecting to the wireless station 20 via a serial interface, for example. The storing of sensitive data by a smart card in accordance with the present invention includes all the sensitive information used by the chosen authentication method of 802. IX.
For example, for enterprise-sized environments, an authentication server is often used in the WLAN to support security operations according to a most secure and popular authentication method of EAP-TLS (extensible authentication protocol - transport layer security), the details of which are well known in the art. As is generally understood, for EAP-TLS, sensitive data being utilized includes a supplicant's private key, which is used to sign supplicant messages, the public key of a root certificate authority, which is used by the supplicant to verify the signature of a signed public-key certificate (signed with the private key of the root certificate authority), and a premaster secret. As is further generally understood, for non-enterprise (home or small business) environments, an authentication server may not be present. Under such circumstances, a preshared key (PSK) is often set, such that every user is to use the PSK when the user's supplicant is associated in the PSK mode. Thus, the PSK is static sensitive data which can be stored by a smart card in accordance with the present invention. Static WEP
Figure imgf000004_0001
keys may also be stored in non-enterprise environments
When the wireless station 20 with the smart card 22 connects to a host 24, non- cryptographic functions are passed from an application 26 of a host 24 to the station 20 through a station driver interface 28, while cryptographic operations are passed from the application 24 to the station 20 using a Cryptoki API 30.
The Cryptoki API 30 refers to cryptographic token interface application programming interface, as specified in the fundamental concepts of PKCS #11 (Public- Key Cryptographic Standard) well known in the art. The primary goal for Cryptoki is a low-level programming interface that abstracts the details of portable cryptographic devices, such as those based on smart cards, PCMCIA cards, and smart diskettes, and presents to the application 26 a common model of the cryptographic device, called a "cryptographic token" or simply token. Figure 3 presents the three object classes that Cryptoki defines in accordance with the present invention. A data object 32 is defined by an application, a certificate object 34 stores a certificate, and a key object 36 stores a cryptographic key, which may be a private key 38, a public key 40, or a secret key 42. A token can create and destroy objects, manipulate them, and search for them. In addition to the cryptographic functions a token can perform, a token may also have an internal random number generator.
Whenever an application 24 is to gain access to the token's objects and functions, the application 24 opens one or more sessions. A session provides a logical connection between the application 24 and the token. The session can be read/write, such that the application can create, read, write, and destroy both public and private objects, or a session can be read-only, such that the application can only read private objects but can create, read, write, and destroy public objects. In accordance with the present invention, the cryptoki interface 30 recognizes two token user types, a security officer and a normal user. The role of the security officer is to initialize the token and to set the normal user's PINs (personal identification numbers), and possibly to manipulate some public objects. Private objects can be accessed by a normal user and that access is granted only if the normal user has been authenticated, i.e., the normal user cannot log in until the security officer has set the normal user's PIN.
A token may be used to perform some or all of the following functions included in the cryptoki API in accordance with the present invention: general purpose functions; token management functions; session management functions; object management functions; encryption/decryption functions; message digesting functions; signing and MAC-ing (media access controller) functions; functions for verifying signatures and MACs; dual-purpose cryptographic functions; key management functions; and random number generation functions. Since the smart card 22 can be used to provide cryptographic operations, e.g., random number generation, signing messages, verifying signatures and MACs, when designed to include a crypto-processor, the functions needing to be performed by the token depend upon those cryptographic capabilities chosen to be provided by the smart card 22, as is well appreciated by those skilled in the art. While providing cryptographic operations on the smart card 22 increases the complexity of the smart card 22, high security is realized, since the sensitive data stored on the smart card 22 need never leave it.
Thus, with the use of a smart card for stations in a WLAN in accordance with the present invention, users are able to move from one computer to another without the need to enter security related data for network access into each computer they are using. Since the security related data is stored safely in the smart card, users can enjoy the same network access privileges by plugging their WLAN station smart card (e.g., via PCMCIA, USB, etc.) in different computers. In this manner portability is ensured without sacrificing security and while avoiding operating system dependency, so as to reduce susceptibility to malicious applications.
Although the present invention has been described in accordance with the embodiments shown, one of ordinary skill in the art will readily recognize that there could be variations to the embodiments and those variations would be within the spirit and scope of the present invention. Accordingly, many modifications may be made by one of ordinary skill in the art without departing from the spirit and scope of the appended claims.

Claims

CLAIMS What is claimed is:
1. A method for enhancing security in wireless stations of a local area network (LAN), the method comprising: utilizing a smart card to store sensitive data in a wireless station connected on a host which accesses a wireless local area network (WLAN); and providing a cryptographic token interface in the host for performing cryptographic operations with the sensitive data from the wireless station.
2. The method of claim 1 wherein utilizing a smart card to store sensitive data further comprises storing sensitive data of a chosen authentication method for the
WLAN.
3. The method of claim 2 wherein storing sensitive data further comprises storing a supplicant private key, storing a public key of a root certificate authority, and storing a premaster secret for an EAP-TLS authentication method.
4. The method of claim 2 wherein storing sensitive data further comprises storing static WEP keys and a preshared key (PSK) for non-enterprise WLANs.
5. The method of claim 1 further comprising utilizing random number generation on the smart card.
6. The method of claim 1 further comprising utilizing a crypto-processor on the smart card.
7. The method of claim 1 wherein providing a crytographic token interface further comprises providing functionality for at least one of the group comprising general purpose functions, token management functions, session management functions, object management functions, encryption/decryption functions, message digesting functions, signing and MAC (media access controller) functions, functions for verifying signatures and MACs, dual-purpose cryptographic functions, key management functions, and random number generation functions.
8. A system for enhancing security in wireless stations of a local area network (LAN), the system comprising: a wireless station, the wireless station utilizing a smart card to store sensitive data; and a host, the host providing a cryptographic token interface for performing cryptographic operations with the sensitive data from the wireless station.
9. The system of claim 8 wherein the wireless station utilizing a smart card further stores sensitive data of a chosen authentication method for the WLAN.
10. The system of claim 9 wherein the sensitive data further comprises a supplicant private key, a public key of a root certificate authority, and a premaster secret for an EAP-TLS authentication method.
11. The system of claim 9 wherein the sensitive data further comprises static WEP keys and a preshared key (PSK) for non-enterprise WLANs.
12. The system of claim 8 wherein the wireless station further utilizes a smart card for random number generation.
13. The system of claim 8 wherein the wireless station further utilizes a crypto- processor on the smart card.
14. The system of claim 8 wherein the host providing a crytographic token interface further provides functionality for at least one of the group comprising general purpose functions, token management functions, session management functions, object management functions, encryption/decryption functions, message digesting functions, signing and MAC (media access controller) functions, functions for verifying signatures and MACs, dual-purpose cryptographic functions, key management functions, and random number generation functions.
15. A method for enhancing security in wireless stations of a local area network (LAN), the method comprising: storing sensitive data of a chosen authentication method for a WLAN on a smart card; and utilizing the smart card in a wireless station of the WLAN for secure access to a host of the WLAN.
16. The method of claim 15 wherein storing sensitive data further comprises storing a supplicant private key, storing a public key of a root certificate authority, and storing a premaster secret for an EAP-TLS authentication method.
17. The method of claim 15 wherein storing sensitive data further comprises storing static WEP keys and a preshared key (PSK) for non-enterprise WLANs.
18. The method of claim 15 further comprising utilizing a crypto-processor on the smart card.
19. The method of claim 15 further comprising providing a cryptographic token interface in the host for performing cryptographic operations with the wireless station.
20. The method of claim 19 wherein providing a cryptographic interfaces further comprises providing functionality for at least one of the group comprising general purpose functions, token management functions, session management functions, object management functions, encryption/decryption functions, message digesting functions, signing and MAC (media access controller) functions, functions for verifying signatures and MACs, dual-purpose cryptographic functions, key management functions, and random number generation functions.
PCT/US2005/023371 2004-07-06 2005-07-01 Method and system for enhancing security in wireless stations of a local area network (lan) WO2006014330A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US20040100280 2004-07-06
GR20040100280A GR1005023B (en) 2004-07-06 2004-07-06 Method and system for rnhancing security in wireless stations of local area network (lan)
US10/986,342 US20060010489A1 (en) 2004-07-06 2004-11-10 Method and system for enhancing security in wireless stations of a local area network (LAN)
US10/986,342 2004-11-10

Publications (2)

Publication Number Publication Date
WO2006014330A2 true WO2006014330A2 (en) 2006-02-09
WO2006014330A3 WO2006014330A3 (en) 2007-01-18

Family

ID=35787566

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/023371 WO2006014330A2 (en) 2004-07-06 2005-07-01 Method and system for enhancing security in wireless stations of a local area network (lan)

Country Status (1)

Country Link
WO (1) WO2006014330A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490680B1 (en) * 1997-12-04 2002-12-03 Tecsec Incorporated Access control and authorization system
US20040098581A1 (en) * 2002-08-30 2004-05-20 Xerox Corporation Method and apparatus for establishing and using a secure credential infrastructure

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490680B1 (en) * 1997-12-04 2002-12-03 Tecsec Incorporated Access control and authorization system
US20040098581A1 (en) * 2002-08-30 2004-05-20 Xerox Corporation Method and apparatus for establishing and using a secure credential infrastructure

Also Published As

Publication number Publication date
WO2006014330A3 (en) 2007-01-18

Similar Documents

Publication Publication Date Title
TWI308832B (en) A method and apparatus for securing communications between a smartcard and a terminal
US9288192B2 (en) System and method for securing data from a remote input device
EP1801721B1 (en) Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device
US8079530B2 (en) Method, system and smart card reader for management of access to a smart card
US11398913B2 (en) Secure distributed information system for public device authentication
RU2415470C2 (en) Method of creating security code, method of using said code, programmable device for realising said method
CN104137112B (en) The single-sign-on of safety
US20050138389A1 (en) System and method for making password token portable in trusted platform module (TPM)
CN1906560A (en) Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform
US20050108534A1 (en) Providing services to an open platform implementing subscriber identity module (SIM) capabilities
US20060068758A1 (en) Securing local and intra-platform links
US20060010489A1 (en) Method and system for enhancing security in wireless stations of a local area network (LAN)
WO2006030275A1 (en) Wireless usb network adapter with smart card
US20050288056A1 (en) System including a wireless wide area network (WWAN) module with an external identity module reader and approach for certifying the WWAN module
CN101192921A (en) Share secret key management device
CA2607816C (en) Pairing to a wireless peripheral device at the lock-screen
CN101094073B (en) Two-factor content protection
WO2006014330A2 (en) Method and system for enhancing security in wireless stations of a local area network (lan)
Jansen et al. Smart Cards and Mobile Device Authentication: An Overview and Implementation
CN115550042B (en) Signature verification server for realizing national encryption algorithm based on security chip
CN101193128B (en) Share secret key management method
Lach Using mobile devices for user authentication
Jansen et al. Smart Cards for mobile devices

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase