(19)
`
`(12)
`
`Europäisches Patentamt
`
`European Patent Office
`
`Office européen des brevets
`
`*EP001536306A1*
`EP 1 536 306 A1
`
`(11)
`
`EUROPEAN PATENT APPLICATION
`
`(43) Date of publication:
`01.06.2005 Bulletin 2005/22
`
`(21) Application number: 04023384.3
`
`(22) Date of filing: 30.09.2004
`
`(84) Designated Contracting States:
`AT BE BG CH CY CZ DE DK EE ES FI FR GB GR
`HU IE IT LI LU MC NL PL PT RO SE SI SK TR
`Designated Extension States:
`AL HR LT LV MK
`
`(30) Priority: 30.09.2003 US 507586 P
`13.09.2004 US 609537 P
`
`(71) Applicant: Broadcom Corporation
`Irvine, California 92618-7013 (US)
`
`(54)
`
`Proximity authentication system
`
`(57)
`Access to secured services may be controlled
`based on the proximity of a wireless token to a comput-
`ing device through which access to the secured services
`is obtained. An authorized user may be provided access
`to a service only when a wireless token assigned to the
`user is in the proximity of the computing device. A user's
`credential may be stored on an RFID token and an RFID
`reader may be implemented within a security boundary
`on the computing device. Thus, the credential may be
`passed to the security boundary without passing
`through the computing device via software messages or
`applications. The security boundary may be provided,
`
`(51) Int Cl.7: G06F 1/00
`
`(72) Inventors:
`• Buer, Mark
`Gilbert, AZ 85296 (US)
`• Frank, Edward H.
`Atherton, CA 94027 (US)
`• Seshadri, Nambirajan
`Irvine, CA 92612 (US)
`
`(74) Representative: Jehle, Volker Armin, Dipl.-Ing.
`Patentanwälte
`Bosch, Graf von Stosch, Jehle,
`Flüggenstrasse 13
`80639 München (DE)
`
`in part, by incorporating the RFID reader onto the same
`chip as a cryptographic processing component. Once
`the information is received by the RFID reader it may be
`encrypted within the chip. As a result, the information
`may never be presented in the clear outside of the chip.
`The cryptographic processing component may crypto-
`graphically encrypt/sign the credential received from the
`token so that assurance may be provided to a service
`provider that the credentials came from a token that was
`proximate to the computing device. An RFID reader,
`cryptographic processing components and a wireless
`network controller may be implemented on a single chip
`in a mobile device.
`
`Printed by Jouve, 75001 PARIS (FR)
`
`EP1 536 306A1
`
`Page 1 of 25
`
`GOOGLE EXHIBIT 1005
`
`

`

`1
`
`EP 1 536 306 A1
`
`2
`
`Description
`
`CROSS-REFERENCE TO RELATED APPLICATION
`(S)
`
`[0001] This application claims the benefit of U.S. Pro-
`visional Patent Application No.
`, filed
`September 13, 2004, entitled PROXIMITY AUTHENTI-
`CATION SYSTEM, Attorney Docket No. 53492/SDB/
`B600, and U.S. Provisional Patent Application No.
`60/507,586, filed September 30, 2003, the disclosures
`of which are hereby incorporated by reference herein.
`
`TECHNICAL FIELD
`
`[0002] This application relates to data communication
`systems and, more specifically, to techniques for au-
`thenticating proximity of a wireless token in a communi-
`cation system.
`
`BACKGROUND
`
`[0003] A variety of security techniques are known for
`protecting information in and controlling the operation of
`a computing device such as a personal computer
`("PC"), a server or a mobile device. For example, phys-
`ical and/or cryptographic techniques may be employed
`to control access to the computing device and to data
`stored in the computing device.
`[0004] Physical security techniques may include lo-
`cating the computing device in a secure location, locking
`the computing device in an enclosure, protecting inte-
`grated circuits (i.e., chips) from invasive monitoring by
`encapsulating the chips in, for example, an epoxy.
`[0005] Cryptographic techniques may include one or
`more of encryption, decryption, authentication, signing
`and verification. In some applications data encryption
`and decryption techniques may be used to prevent un-
`authorized applications or persons from accessing data
`stored in the computing device. For example, security
`passwords that are used to restrict access a PC may be
`stored on the PC in an encrypted form. The operating
`system may then decrypt password when it needs to
`compare it with a password typed in by a user.
`[0006]
`In some applications authentication tech-
`niques may be used to verify that a given set of data is
`authentic. For example, when a server receives a mes-
`sage from a remote client, authentication information
`associated with the message may used to verify that the
`message is from a specific source. In this way, the serv-
`er may ensure that only authorized clients access the
`applications and data provided by the server.
`[0007]
`In practice, there may be circumstances under
`which the process of sending secret credentials such as
`a password or cryptographic key may be compromised.
`For example, when a user uses a computing device to
`access a secured service, the user may first need to en-
`ter the secret credentials into the computing device. The
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`2
`
`computing device may then forward these credentials
`to a service provider that then determines whether the
`user is authorized to use the requested service.
`[0008]
`In the event the computing device has been
`comprised by a hacker or a computer virus, an unau-
`thorized person may gain access to these credentials.
`As a result, an unauthorized person may be able to ac-
`cess the secured service. Serious consequences may
`result when the secured service includes sensitive in-
`formation such as financial data or personal information.
`Accordingly, a need exists for improved techniques for
`providing access to secured services.
`
`SUMMARY
`
`[0009] The invention relates to a system and method
`for authenticating the proximity of a wireless token to a
`computing device. For convenience, an embodiment of
`a system constructed or a method practiced according
`to the invention will be referred to herein simply as an
`"embodiment."
`[0010]
`In one aspect, the invention relates to a system
`and method for providing access to a secured service
`based on a user's proximity to a proximity reader. Once
`the proximity is authenticated the user may then be al-
`lowed to access the secured service.
`[0011]
`In some embodiments an authorized user is
`provided access to a service only when a wireless token
`assigned to the user is in the proximity of a computing
`device through which access to the secured services is
`obtained. In this way, a reasonable assumption may be
`made that the authorized user is in fact using the com-
`puting device to request the service. In contrast, if the
`request was being made by a hacker or a computer vi-
`rus, access may be denied since the token may not be
`in the proximity of the computing device.
`[0012]
`In some embodiments a user's credential are
`stored on an RFID token and an RFID reader is imple-
`mented within a security boundary on the computing de-
`vice. In this way, the credential may be passed to the
`security boundary without passing through the comput-
`ing device via software messages or applications. As a
`result, the credentials may not be intercepted by a hack-
`er or computer virus that may have compromised the
`software executing on the computing system.
`[0013]
`In some embodiments the security boundary
`may be provided, in part, using tamper resistant and/or
`tamper evident hardware. Thus, in the event the com-
`puter was physically tampered with in an attempt to
`compromise the security of the security boundary, such
`tampering may be ineffective or it may be evident to the
`user. In the latter case, the user may then take appro-
`priate steps to re-secure the system.
`[0014]
`In some embodiments, the RFID reader is in-
`corporated onto the same chip as a cryptographic
`processing component. In this way, once the information
`from the RFID token is received by the RFID reader it
`may be encrypted within the chip. As a result, the infor-
`
`Page 2 of 25
`
`

`

`3
`
`EP 1 536 306 A1
`
`4
`
`mation may never be presented in the clear (e.g., unen-
`crypted) outside of the chip. Accordingly, the information
`may only be compromised by a clandestine RFID reader
`or by inspecting the internal contents of the chip. In con-
`ventional commercial settings, these scenarios may be
`unlikely. Accordingly, a system constructed according to
`the invention may provide improved access control for
`secured services.
`[0015]
`In some embodiments, a cryptographic
`processing component may cryptographically encrypt
`and/or sign credentials received from a token. Thus,
`when a service provider receives the credentials, a high
`level of assurance may be provided to the effect that the
`credentials came from a token that was proximate to the
`particular computing device.
`[0016]
`In some embodiments an RFID reader, a cryp-
`tographic processing component and one or more wire-
`less network controller(s) may be implemented on a sin-
`gle chip in a mobile device. This may provide a cost ef-
`fective and secure mechanism to limit access to the
`wireless network(s). In this case, network access may
`only be provided to the mobile device when a token is
`proximate to the mobile device and when that token has
`been assigned to an authorized user of that mobile de-
`vice and the network(s).
`[0017] According to an aspect of the invention, a com-
`munication system comprises:
`
`5
`
`10
`
`15
`
`20
`
`25
`
`a Bluetooth media access controller.
`[0026] Advantageously, the wireless network inter-
`face uses the information to provide authentication to
`the wireless network.
`[0027] Advantageously, the system comprises a serv-
`ice processor coupled to receive the information sent
`over the wireless network and configured to provide ac-
`cess to a service in response to the information.
`[0028] Advantageously, the system comprises a wire-
`less access point adapted to receive the information
`sent over the wireless network and provide the informa-
`tion to a service provider.
`[0029] Advantageously, the system comprises a wire-
`less access point adapted to receive the information
`sent over the wireless network and provide access to
`the wireless network in response to the information.
`[0030] Advantageously, the information comprises a
`password or key.
`[0031] Advantageously,
`RFID token comprising:
`
`the system comprises an
`
`a data memory for storing the information;
`an RF circuit coupled to the data memory for gen-
`erating a signal according to the information; and
`an antenna coupled to receive the signal from the
`RF circuit and adapted to transmit the signal to the
`wireless proximity reader.
`
`an wireless proximity reader configured to receive
`an RF signal from a wireless token located within a
`defined proximity to the proximity reader and con-
`figured to extract information from the received RF
`signal; and
`a wireless network interface coupled to receive the
`information from the proximity reader and send the
`information over a wireless network.
`
`[0018] Advantageously, the system comprises a se-
`curity boundary within which the information is extracted
`and received.
`[0019] Advantageously, the wireless proximity reader
`is an RFID reader.
`[0020] Advantageously, the system comprises an au-
`thentication processor configured to authenticate the in-
`formation sent over the wireless network.
`[0021] Advantageously, the system comprises a cryp-
`tographic processor configured to encrypt or authenti-
`cate the information sent over the wireless network.
`[0022] Advantageously, the cryptographic processor
`uses a key to cryptographically sign the information that
`is sent over the wireless network.
`[0023] Advantageously, the wireless network inter-
`face supports at least one of 802.11 and Bluetooth.
`[0024] Advantageously, the wireless network inter-
`face comprises at least one of an 802.11 media access
`controller and a Bluetooth media access controller.
`[0025] Advantageously, the wireless network inter-
`face comprises an 802.11 media access controller and
`
`[0032] According to an aspect of the invention, a
`method of controlling access to a service comprises:
`
`30
`
`verifying whether a wireless token is within a de-
`fined proximity to a processing device;
`authenticating information associated with the wire-
`less token; and
`providing the authenticated information to a service
`provider.
`
`[0033] Advantageously, the method comprises estab-
`lishing a security boundary for the verifying, authenticat-
`ing and providing.
`[0034] Advantageously, at least a portion of the secu-
`rity boundary comprises a cryptographic boundary.
`[0035] Advantageously, at least a portion of the secu-
`rity boundary comprises an integrated circuit.
`[0036] Advantageously, authenticating comprises
`cryptographically signing the information with a key.
`[0037] Advantageously,
`the authenticated informa-
`tion comprises a response to a challenge from the serv-
`ice provider.
`[0038] Advantageously, providing comprises encrypt-
`ing data sent to the service provider.
`[0039] Advantageously,
`the method comprises re-
`questing access to a service from a service provider.
`[0040] Advantageously,
`the method comprises re-
`ceiving a challenge from the service provider.
`[0041] Advantageously, the service provider provides
`access to a service in response to the authenticated in-
`
`35
`
`40
`
`45
`
`50
`
`55
`
`3
`
`Page 3 of 25
`
`

`

`5
`
`EP 1 536 306 A1
`
`6
`
`formation.
`[0042] Advantageously, the service provider provides
`access to a data network in response to the authenticat-
`ed information.
`[0043] Advantageously, the service provider provides
`access to at least one of an 802.11 network and a Blue-
`tooth network.
`[0044] Advantageously, the service provider provides
`access to an 802.11 network and a Bluetooth network.
`[0045] Advantageously, the service provider provides
`access to encrypted data in response to the authenti-
`cated information.
`[0046] Advantageously, the service provider provides
`a key in response to the authenticated information.
`[0047] Advantageously,
`the information comprises
`credentials associated with a user of the token.
`[0048] Advantageously, an RFID proximity reader
`verifies whether the wireless token is within the defined
`proximity to the wireless proximity reader.
`[0049] According to an aspect of the invention, a
`method of controlling access to a service comprises:
`
`receiving an RF signal from a proximate wireless
`token;
`obtaining information from the RF signal;
`authenticating the information from the RF signal;
`and
`providing the authenticated information to a service
`provider.
`
`[0050] Advantageously, the method comprises estab-
`lishing a security boundary for the obtaining, authenti-
`cating and providing.
`[0051] Advantageously, authenticating comprises
`cryptographically signing the information with a key.
`[0052] Advantageously, providing comprises encrypt-
`ing the signed information.
`[0053] Advantageously,
`the method comprises re-
`questing access to a service from a service provider.
`[0054] Advantageously,
`the method comprises re-
`ceiving a challenge from the service provider in re-
`sponse to the request.
`[0055] Advantageously,
`the authenticated informa-
`tion comprises a response to the challenge.
`[0056] Advantageously, the service provider provides
`access to a service in response to the authenticated in-
`formation.
`[0057] Advantageously, the RF signal is an RFID sig-
`nal.
`[0058] Advantageously,
`the information comprises
`credentials associated with a user of the token.
`[0059] According to an aspect of the invention, an in-
`tegrated circuit comprises:
`
`a wireless proximity reader configured to receive an
`RF signal from a wireless token located within a de-
`fined proximity to the integrated circuit;
`at least one lead that is only routed within the inte-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`4
`
`grated circuit for coupling the wireless proximity
`reader to a wireless network interface; and
`a wireless network interface coupled to receive the
`information from the wireless proximity reader and
`provide the information to a port on the integrated
`circuit to send the information over a wireless net-
`work.
`
`[0060] Advantageously, the integrated circuit com-
`prises a security boundary.
`[0061] Advantageously, the wireless proximity reader
`is an RFID reader.
`[0062] Advantageously, the integrated circuit com-
`prises a cryptographic processor configured to encrypt
`or authenticate the information sent over the wireless
`network.
`[0063] Advantageously, the cryptographic processor
`uses a key to cryptographically sign the information that
`is sent over the wireless network.
`[0064] Advantageously, the wireless network inter-
`face comprises at least one of an 802.11 media access
`controller and a Bluetooth media access controller.
`[0065] Advantageously, the wireless network inter-
`face comprises an 802.11 media access controller and
`a Bluetooth media access controller.
`[0066] Advantageously, the wireless network inter-
`face uses the information to provide authentication to
`the wireless network.
`[0067] Advantageously, the information comprises a
`password or key.
`[0068] According to an aspect of the invention, a com-
`munication system comprises:
`
`a wireless proximity reader configured to receive an
`RF signal from a wireless token located within a de-
`fined proximity to the wireless proximity reader and
`configured to extract information from the received
`RF signal; and
`a key management component coupled to receive
`the information from the wireless proximity reader
`and send the information to a service provider.
`
`[0069] Advantageously, the system comprises a se-
`curity boundary within which the information is extracted
`and received.
`[0070] Advantageously, the key management compo-
`nent comprises a trusted platform module.
`[0071] Advantageously, a user is authenticated to the
`trusted platform module by moving the wireless token
`within the defined proximity to the wireless proximity
`reader.
`[0072] Advantageously, the trusted platform module
`provides access to a protected service after the user is
`authenticated.
`[0073] Advantageously, the trusted platform module
`provides access to encrypted data after the user is au-
`thenticated.
`[0074] Advantageously, the trusted platform module
`
`Page 4 of 25
`
`

`

`7
`
`EP 1 536 306 A1
`
`8
`
`enables use of protected keys after the user is authen-
`ticated.
`[0075] Advantageously, the system comprises a net-
`work interface wherein the trusted platform module pro-
`vides access to a network via the network interface after
`the user is authenticated.
`[0076] Advantageously, the network interface com-
`prises a wireless interface.
`[0077] Advantageously, the network interface com-
`prises at least one of an 802.11 network interface and a
`Bluetooth network interface.
`[0078] Advantageously, the network interface com-
`prises an 802.11 network interface and a Bluetooth net-
`work interface.
`[0079] Advantageously, the system comprises a serv-
`ice provider configured to provide access to data and a
`service.
`[0080] Advantageously, the system comprises a serv-
`ice provider configured to supply cryptographic keys.
`[0081] Advantageously, the wireless proximity reader
`is included within a boundary of the key management
`component.
`[0082] Advantageously, the wireless proximity reader
`is an RFID reader.
`[0083] According to an aspect of the invention, a
`method of providing access to a service comprises:
`
`receiving an RF signal from a proximate wireless
`token;
`obtaining information from the RF signal;
`authenticating the information to a key manage-
`ment component; and
`providing, by the key management component, ac-
`cess to a service.
`
`[0084] Advantageously, the method comprises estab-
`lishing a security boundary for the receiving, obtaining,
`authenticating and providing.
`[0085] Advantageously, at least a portion of the secu-
`rity boundary comprises a cryptographic boundary.
`[0086] Advantageously, at least a portion of the secu-
`rity boundary comprises an integrated circuit.
`[0087] Advantageously, the method comprises au-
`thenticating the information and providing the authenti-
`cated information to a service provider.
`[0088] Advantageously, authenticating the informa-
`tion comprises cryptographically signing the information
`with a key.
`[0089] Advantageously, the key management compo-
`nent comprises a trusted platform module.
`[0090] Advantageously, the trusted platform module
`enables key usage after the user is authenticated.
`[0091] Advantageously, the trusted platform module
`enables access to processing resources after the user
`is authenticated.
`[0092] Advantageously, the trusted platform module
`enables access to data network services after the user
`is authenticated.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`5
`
`[0093] Advantageously, the RF signal is an RFID sig-
`nal.
`[0094] Advantageously,
`the information comprises
`credentials associated with a user of the token.
`[0095] Advantageously,
`the service comprises at
`least one of 802.11 network access and Bluetooth net-
`work access.
`[0096] Advantageously, the service comprises 802.11
`network access and Bluetooth network access.
`[0097] According to an aspect of the invention, an in-
`tegrated circuit comprises:
`
`a wireless proximity reader configured to receive an
`RF signal from a wireless token located within a de-
`fined proximity to the wireless proximity reader and
`configured to extract information from the received
`RF signal; and
`at least one connection within the integrated circuit
`for coupling the wireless proximity reader to a wire-
`less network interface; and
`a key management component coupled to receive
`the information from the wireless proximity reader
`and provide the information to a port on the integrat-
`ed circuit to send the information to a service pro-
`vider.
`
`[0098] Advantageously, the integrated circuit com-
`prises a security boundary within which the information
`is extracted and received.
`[0099] Advantageously, the wireless proximity reader
`is an RFID reader.
`[0100] Advantageously, the wireless proximity reader
`is included within a boundary of the key management
`component.
`[0101] Advantageously, the key management compo-
`nent comprises a trusted platform module.
`[0102] Advantageously, the wireless proximity reader
`is included within a boundary of the trusted platform
`module.
`[0103] Advantageously, the integrated circuit com-
`prises a network interface wherein the trusted platform
`module provides access to a network via the network
`interface after the user is authenticated.
`[0104] Advantageously, the network interface com-
`prises a wireless interface.
`[0105] Advantageously, the wireless network inter-
`face comprises at least one of an 802.11 network inter-
`face and a Bluetooth network interface.
`[0106] Advantageously, the wireless network inter-
`face comprises an 802.11 network interface and a Blue-
`tooth network interface.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0107] These and other features, aspects and advan-
`tages of the present invention will be more fully under-
`stood when considered with respect to the following de-
`tailed description, appended claims and accompanying
`
`Page 5 of 25
`
`

`

`9
`
`EP 1 536 306 A1
`
`10
`
`drawings, wherein:
`
`FIG. 1 is a simplified block diagram of one embod-
`iment of a proximity-based authentication system
`constructed in accordance with the invention;
`FIG. 2 is a flow chart of one embodiment of proxim-
`ity-based authentication operations that may be
`performed in accordance with the invention;
`FIG. 3 is a simplified block diagram of one embod-
`iment of a proximity-based authentication system
`constructed in accordance with the invention;
`FIG. 4 is a flow chart of one embodiment of proxim-
`ity-based authentication operations that may be
`performed in accordance with the invention;
`FIG. 5 is a simplified block diagram of one embod-
`iment of a proximity-based network authentication
`system constructed in accordance with the inven-
`tion;
`FIG. 6 is a simplified block diagram of one embod-
`iment of a proximity-based wireless network au-
`thentication system constructed in accordance with
`the invention;
`FIG. 7 is a flow chart of one embodiment of proxim-
`ity-based network authentication operations that
`may be performed in accordance with the invention;
`FIG. 8 is a simplified block diagram of one embod-
`iment of proximity-based authentication for a trust-
`ed platform module constructed in accordance with
`the invention;
`FIG. 9 is a flow chart of one embodiment of proxim-
`ity-based authentication operations for a trusted
`platform module that may be performed in accord-
`ance with the invention;
`FIG. 10 is a simplified block diagram of one embod-
`iment of an integrated circuit including a trusted
`platform module constructed in accordance with the
`invention; and
`FIG. 11 is a simplified block diagram of one embod-
`iment of proximity-based authentication for a trust-
`ed platform module constructed in accordance with
`the invention.
`
`[0108]
`In accordance with common practice the vari-
`ous features illustrated in the drawings may not be
`drawn to scale. Accordingly, the dimensions of the var-
`ious features may be arbitrarily expanded or reduced for
`clarity. In addition, some of the drawings may be simpli-
`fied for clarity. Thus, the drawings may not depict all of
`the components of a given apparatus or method. Finally,
`like reference numerals denote like features throughout
`the specification and figures.
`
`DETAILED DESCRIPTION
`
`[0109] The invention is described below, with refer-
`ence to detailed illustrative embodiments. It will be ap-
`parent that the invention may be embodied in a wide
`variety of forms, some of which may be quite different
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`6
`
`from those of the disclosed embodiments. Consequent-
`ly, the specific structural and functional details disclosed
`herein are merely representative and do not limit the
`scope of the invention.
`[0110] Figure 1 illustrates one embodiment of a sys-
`tem 100 where selected services may be provided to a
`user via a computing device only when a wireless token
`assigned to a user is proximate to the computing device.
`Operations of the system 100 will be explained in more
`detail in conjunction with the flowchart of Figure 2.
`[0111] As represented by block 202 in Figure 2 an ac-
`cess device 102 (Figure 1) such as a computer includes
`components that may be used to determine whether a
`wireless token 104 assigned to a user or users is prox-
`imate to the access device 102. For example, a wireless
`proximity reader 106 may be configured to receive sig-
`nals 108 (e.g., RF signals) from the wireless proximity
`token 104. The signals 108 may include information that
`uniquely identifies the wireless proximity token 104. In
`addition, this information may include one or more cre-
`dentials (e.g., a password) that may be used to access
`a secured service provided by a service provider 110.
`[0112] The determination of proximity between the to-
`ken 104 and the reader 106 may be established using
`a variety of mechanisms depending on the application.
`In some embodiments, the token will not generate sig-
`nals until it is within a given distance of the reader. This
`may be accomplished, for example, by using a relatively
`passive token that intercepts signals transmitted by the
`reader and transmits signals in response to the received
`signals. Different distances between the token 104 and
`the reader 106 may be defined as indicative of proximity
`depending on the requirements of the application and,
`in some cases, characteristics of the operating environ-
`ment.
`[0113] As represented by block 204, the access de-
`vice 102 may request access to a service from the serv-
`ice provider 110 by sending a signal over a communica-
`tion media 112. Depending upon the particular applica-
`tion, the communication media 112 may comprise, for
`example, electric wires, optical cables or air.
`[0114] Typically, access to the service will be initiated
`by the user's interaction with the access device 102. For
`example, the user may use a keyboard or pointing de-
`vice (e.g., a computer mouse) to request the service. In
`conjunction with this the user may be asked to input a
`password and/or provide a biometric (e.g., a fingerprint)
`to a biometric reader to further verify the authenticity of
`the user. In this way, access to a service may be restrict-
`ed until the user satisfies one or more verification que-
`ries including, for example, what the user knows (e.g.,
`a password), what the user possesses (e.g., a token)
`and who the user is (e.g., a physical or biometric char-
`acteristic).
`[0115]
`In some embodiments, the access device 102
`may automatically request a predefined service once
`the user places the token 104 proximate the access de-
`vice 102. For example, the access device 102 may in-
`
`Page 6 of 25
`
`

`

`11
`
`EP 1 536 306 A1
`
`12
`
`clude a database (not shown) that matches a given to-
`ken (or information from the token) with one or more de-
`fault services. Thus, when a token associated with de-
`fault services approaches the access device 102, the
`access device 102 may automatically request the serv-
`ices from the service provider 110.
`[0116] As represented by block 206, the access de-
`vice 102 may send authentication-related information to
`the service provider 110 to indicate that the token 104
`is proximate to the access device 102. For example, the
`access device 102 may include an authentication com-
`ponent 116 such that the determination of whether the
`token 104 is proximate the access device 102 is per-
`formed in a secure manner. In addition, the information
`provided by the token may be maintained within the ac-
`cess device 102 in a secure manner. For example, the
`information may only pass between the reader 106 and
`the authentication component 114 via a connection 116
`within a common integrated circuit.
`[0117]
`In addition, the authentication component 114
`may be in secure communication with the service pro-
`vider 110. This may be accomplished, for example, by
`placing the authentication component 114 and the serv-
`ice provider 110 on the same integrated circuit or within
`secured hardware. In addition, a cryptographically se-
`cured communication channel may be established be-
`tween the authentication component 114 and the serv-
`ice provider 110.
`[0118]
`In some embodiments, the authentication in-
`formation may include information from the token. In the
`case where the communications over the media 112
`may be cryptographically secured, the authentication
`component 114 may process (e.g., encrypt or sign) the
`information before sending it to the service provider 110.
`Since communications from the access device 102 may
`be trusted in this example, the authentication compo-
`nent 114 thereby provides a cryptographically reliable
`authentication that the information is from a specific to-
`ken that is proximate that particular access device. In
`other words the encryption or cryptographic signing of
`the information may provide the necessary authentica-
`tion.
`[0119] After the service provider 110 has received an
`authenticated indication that the token is proximate the
`access device 102, the service provider 110 may then
`enable access to the requested service (block 208). This
`process may involve verifying that the information sent
`from the token 104 includes a credential associated with
`an authorized user and or access device.
`[0120] As used herein the term service may include,
`for example, access to data and/or a data processing
`service. Thus, a service may enable an access device
`to, for example, read or write data in a data memory,
`access encrypted data, use cryptographic keys, gain ac-
`cess to cryptographic material such as security associ-
`ations and keys, access a web page, access a data net-
`work or access a processing application.
`[0121] As used herein the term data may include any
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`7
`
`information that may be accessed by a computing de-
`vice including, for example, data files, passwords and
`cryptographic security associations including keys.
`[0122] As used herein the term access may include,
`for example, acquiring, using, invoking, etc. Thus, data
`may be accessed by providing a copy of the data to the
`access device. Data also may be accessed by enabling
`the access device to manipulate or use the data. As an
`example of the latter, once a user has been authorized
`to access a service a trusted platform module may use
`keys to perform operations for the user. For a data net-
`work, access may include, for example, sending and/or
`receiving data over the network. For a processing appli-
`cation access may include, for example, invoking, inter-
`acting with or using the application or loading the appli-
`cation onto the access device.
`[0123] A service provider may comprise hardware
`and/or software that facilitate providing a service. For
`example, a service provider may consist of a processing
`system that processes requests for service, verifies
`whether the requester is authorized to access the serv-
`ice and provides or facilitates the requested access.
`[0124]
`In practice, a service provider (e.g.