US 20050026595 A1
A security protocol may be implemented on a processor-based system by providing a wireless signal to a handheld device normally carried by the user. If a response is not received, it may be determined that the user is not sufficiently proximate to the device being accessed and that, therefore, the person accessing the device is not authorized. An appropriate security protocol may be implemented as a result.
1. A method comprising:
receiving a wireless signal in a handheld device in response to a request for access to a processor-based system; and
accessing credential information in a subscriber information module; and
transmitting information related to said credential information to said processor-based system to enable access to said system.
2. The method of
3. The method of
4. A processor-based system comprising:
a wireless interface;
a subscriber information module; and
a device, coupled to said module, to receive a wireless request to access a remote processor-based system, to obtain credential information from said module, and to provide said credential information to said remote processor-based system to enable use of said remote processor-based system.
5. The system of
6. The system of
7. The system of
8. The system of
9. An article comprising a medium storing instructions that, if executed, enable a processor-based system to:
receive a wireless signal in a handheld device in response to a request for access to a processor-based system; and
access credential information in a subscriber information module; and
transmit information related to said credential information to said processor-based system to enable access to said system.
10. The article of
11. The article of
12. A method comprising:
establishing a wireless communication link between a mobile device and a computer system when within a communication range;
authenticating a user of the mobile device as an authorized user of the computer system using credential information stored in a portable identification module included in the mobile device, the credential information transmitted from the mobile device using the wireless link; and
monitoring the wireless link between the mobile device and the computer system such that when the link is interrupted an audible alarm on the mobile device is generated.
13. The method of
14. The method of
15. The method of
This invention relates generally to processor-based systems.
Processor-based systems may be wired or wireless, portable and less portable. Wired devices may be connected by physical wires to one another and to electrical connections. A portable device may be coupled by wireless signals to other devices and may use a battery as a source of power. Portable processor-based systems include, for example, laptop computers, cellular telephones, handheld devices, and personal digital assistants.
Processor-based systems are subject to two security concerns. The first concern relates to the security of the data actually stored on the processor-based system. The second security concern relates to the potential theft of the processor-based system. Particularly with portable processor-based systems, theft is easy.
Thus, there is a need for better ways to provide security for processor-based systems.
The wireless protocol 15 may be a short range wireless protocol having a range, for example, on the order of about ten feet. One such protocol having such a range is described as the Bluetooth Specification V.1.OB (2003). The range of the protocol 15 is indicated by the arrow A. So long as the handheld device 14 is within the distance A of the processor-based system 12, wireless communication is possible. If the device 14 strays into the region B, wireless communication may no longer be established.
Thus, a network 10 may be formed of the devices 12, 14, and 16, as well as other devices. The range of the wireless network 10 may be limited by the range of the various wireless protocols 13 and 15 that may be utilized.
The processor-based device 12 may be a laptop computer in one embodiment of the present invention. Laptop computers are particularly prone to being stolen. However, the processor-based device 12 may be any processor-based device.
In one embodiment of the present invention, the user may carry the handheld device 14 on his or her person, for example in the user's pocket or it may be held in the user's hand. Thus, the handheld device 14 is closely associated with the location of a user. That same user may own a processor-based system 12. When the user strays beyond the distance A, wireless communication with the processor-based system 12 is discontinued. This may be used as an indication that someone who is attempting to use the processor-based system 12 is unauthorized. Since it can be determined that the authorized user is not proximate to the processor-based system 12, the system 12 may determine that it is not appropriate to allow the person attempting to use the processor-based system to have access. This may provide data security, preventing the unauthorized user from accessing the computer. It may also provide physical security since there is no incentive to steal the processor-based system 12 if it can never be used.
Thus, in one embodiment of the present invention, the system 12 determines whether the user is proximate by attempting to establish wireless communications with the handheld device 14. If such communications are not possible, the processor-based system 12 implements a security protocol that may include denying access, initiating a phone call to the user or others, initiating an alarm, or simply turning the processor-based system 12 permanently off.
In accordance with another embodiment of the present invention, shown in
In accordance with one embodiment of the present invention, the handheld device 14 may include the software 22 shown in
In another embodiment, a distance measurement solution may be used. For example, a signal strength indication (SSI) may be used to determine whether the user is farther from the system 12 than a predetermined distance.
The bus 42 may also be coupled to a storage device 45 and in one embodiment of the present invention may be a hard disk drive and in another embodiment of the present invention may be a semiconductor memory. The storage 45 may store the access control software 20 a and 20 b.
Any suitable authentication protocol on the processor-based device 12 and the handheld device 14 may be utilized for exchanging credentials. As an example, an 802.1X supplicant on a handheld device 14 and an 802.1X authenticator on the processor-based system 12 may be used to exchange credentials using the Bluetooth personal area network (PAN) profile. For example, the 802.1X protocol may be the IEEE 802.11 protocols currently specified or their successors. See IEEE 802.11 (1999) specification available from IEEE, New York, N.Y. (ISBN 0-7381-2315-3; Product No.: SH94842-TBR). Security credentials may be stored on the handheld device 14 and a subscriber information module (SIM) 52 to perform the 802.1X authentication of user and processor-based system 12 to the network 10. In this way, a single SIM 52 in the user's handheld device 14 serves multiple functions, including user authentication to the handheld device by a personal identification number protected access, user and handheld device authentication to the processor-based system 12, user and processor-based system 12 authentication to a network 10, for example via 802.1X, and verification of user possession of the processor-based system 12. An 802.1X supplicant on the processor-based system 12 may then use these credentials to respond to an 802.1X authentication protocol from an 802.11 access point 16.
While the present invention has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this-present invention.