Who is the assignee on this patent?

Bone Nicholas, Vodafone Ip Licensing Ltd

What technology area does this patent fall under?

Primary CPC classification H04W12/06. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Secure association

US9699156B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9699156-B2
Application number	US-201113823583-A
Country	US
Kind code	B2
Filing date	Sep 14, 2011
Priority date	Sep 14, 2010
Publication date	Jul 4, 2017
Grant date	Jul 4, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method for forming secure associations between IP-enabled devices, the method comprising: establishing, at a first network server, a first secure association between a first one of said devices and the first network server, receiving, at the first network server, from a subscriber known to a network using an authentication storage device, a declaration of ownership to the network of a second one of said devices, the first network server assigning a network realm identity to the second device, receiving, at the first network server, authentication information in response to authentication of the subscriber giving the declaration; transferring the same authentication information from the first network server to the second device, the second network server establishing a second secure association between the second device and the second network server using the transferred authentication information, the first network server establishing a secure connection to the second network server using a third secure association, the first, second and third secure associations forming a chain of secure associations between the first device and the first network server, between the second device and the second network server, and between the first network server and the second network server, said secure connection having corresponding secure association information, the first and second network servers acting as proxies for the first and second devices, negotiating a fourth, different secure association on their behalf using the established chain of secure associations, the negotiated fourth secure association allowing the first device and the second device to communicate directly with each other in a secure manner as a result of the chain of secure associations, despite the first device having no prior communications with the second device and without the first and second devices exchanging keys or certificates, and the first network server transferring said corresponding secure association information to both first and second devices using the first and second associations respectively, thereby providing the necessary association between the first and second IP-enabled devices. 2. The method of claim 1 , wherein declaration of ownership is received from the subscriber authentication storage device. 3. The method of claim 1 , wherein receiving authentication information includes: sending an authentication challenge to the subscriber authentication storage device; and receiving authentication information in response to the authentication challenge. 4. The method of claim 1 , wherein the step of assigning a network realm identity includes authenticating the second device using a manufacturer-provisioned identity. 5. The method of claim 1 , wherein the authentication storage device is a (U)SIM. 6. A system for forming secure associations between IP-enabled devices, the system comprising: a first network server and a second network server, the first network server and the second network server being operable to establish a first secure IP-type association therebetween, said secure association having corresponding secure association information, wherein the first network server establishes a first association with a first one of said devices, receives, from a subscriber known to the network using an authentication storage device, a declaration of ownership of a second one of said devices, assigns a network realm identity to the second device, receives authentication information in response to authentication of the subscriber giving the declaration, and transfers the same authentication information to the second device; and the second network server establishing a second secure association with the second device in accordance with the transferred authentication information, wherein the first network server transfers said corresponding secure association information to the first device using the first association and the second network server transfers said corresponding secure association information to the second device using the second association, the first network server establishing a secure connection to the second network server using a third secure association, the first, second and third secure associations forming a chain of secure associations between the first device and the first network server, between the second device and the second network server, and between the first network server and the second network server, the first and second network servers acting as proxies for the first and second devices, negotiating a fourth, different secure association on their behalf using the established chain of secure associations, the negotiated fourth secure association allowing the first device and the second device to communicate directly with each other in a secure manner as a result of the chain of secure associations, despite the first device having no prior communications with the second device and without the first and second devices exchanging keys or certificates. 7. The system of claim 6 , wherein declaration of ownership is received from a subscriber authentication storage device. 8. The system of claim 6 , wherein receiving authentication information includes: sending an authentication challenge to the subscriber authentication storage means; and receiving authentication information in response to the authentication challenge. 9. The system of claim 6 , wherein the authentication storage device is a (U)SIM.

Assignees

Inventors

Bone Nicholas

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/18
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
H04W12/06Primary
Authentication · CPC title
H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title

Patent family

Related publications grouped by family.

View patent family 43065183

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9699156B2 cover?: To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. T…
Who is the assignee on this patent?: Bone Nicholas, Vodafone Ip Licensing Ltd
What technology area does this patent fall under?: Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).