Linking of devices is defined by the achieving of an association of one or more characteristics of a first device with one or more characteristics of one or more further devices. A characteristic allows typically to identify a device, however, in a more general sense a characteristic can relate to any kind of information associated with a device. For linking of a first device to a second device, one or more characteristics of the first device are associated to one or more characteristics of the second device. One or more of the associated characteristics can be determined from the respective devices or from further entities knowing the respective characteristics. In general, linking of devices provides extended information due to the linkage, e.g. by revealing that two devices are linked at some point in time. A table may be used for the association of characteristics and characteristics may be different for different implementations of the linking method.
Linking of devices is increasingly used for authentication purposes. When trying to access an institution like a system or service or device via a non-trusted device like a computer terminal or an automatic teller machine (ATM) or a door, an institution for that access is requested to initially does not have knowledge on the operator of the non-trusted device. For a lot of situations like downloading publicly available information from the Internet or entering a public building this lack of knowledge is not problematic to the institution, i.e. access to the institution is provided via the non-trusted device to any person that is able to operate the non-trusted device. However, for accessing an institution where access restrictions apply, knowledge regarding the legitimization for access is necessary. This knowledge can be e.g. provided by an authentication procedure like verifying a user identity and a password entered into the non-personal device. Alternatively, linking to a trusted device can be used for authentication for granting access.
A trusted device is a device that is associated with an access legitimization as the main characteristic of a trusted device. An access legitimization legitimates the trusted device to access a particular institution. When presenting the trusted device to the particular institution, the access legitimization achieves that access to the particular institution is granted to the trusted device. The particular institution or an entity supporting the particular institution can have certain criteria to verify the access legitimization for granting access. Examples for a trusted device are a mobile phone being legitimated for accessing a mobile telephone network or a credit card being legitimated for accessing a payment service. Depending on the trusted device and the processing of the verification of the access legitimization, an identity of the legitimate owner of the trusted device can be obtained or it can be proven that that a person operating a trusted device is identical to or is authorized by the legitimate owner. The respective information may be associated with the access legitimization of the trusted device.
Thus, when requesting access to an institution via a non-trusted device, a trusted device with an associated access legitimization can be presented. The associated access legitimization can be determined and can be associated to a characteristic like an identifier of the non-trusted device requesting access to the institution. Alternatively, a characteristic of the trusted device referring to the access legitimization associated with the trusted device can be associated to the characteristic of the non-trusted device. The institution to that the access legitimization associated with the trusted device legitimates for access does not necessarily have to be identical to the institution to that the non-trusted device requests access to. Agreements between different institutions can ensure that an access legitimization legitimating for access to a first institution legitimates also for access to a second institution. The associated characteristics of the trusted and non-trusted device can be stored in a database for further processing, e.g. for statistical, charging or legal purposes. Based on the associated characteristics of the non-trusted and trusted device, access can be granted to or via the non-trusted device, because now the institution or the entity supporting the institution for authentication purpose is provided with knowledge on an access legitimization linked to a characteristic of the non-trusted device like an identifier identifying the non-trusted device. Depending on the trusted device and the implementation of the linking method, information about an identity of the legitimate owner of the trusted device or a proof that an operator of the trusted device is identical to or is authorized by the legitimate owner of the trusted device can be obtained and associated to the respective characteristic of the non-trusted device. Also an identity of the institution that is to be accessed can be associated.
More secure linking methods require in addition to the association of characteristics a proof that a first device and a second device that are to be linked are located in close proximity. The proof of the close proximity is seen as sufficient evidence that the operator of the first device is identical to or at least authorized by the operator of the second device.
Different solutions exist for proving the close proximity that are described in the following:
According to a first solution, a local connection between a first device and a second device that are to be linked can be used to send linking data from a server, e.g. a payment or authentication server, via the first device and the second device and than back to the server or vice versa. A successful round-trip of the linking data is sufficient proof for the existing local connection and thus for the close proximity. Local physical connections like cables, docking stations, card readers or local wireless connections with transmission ranges of about less than 10 meters as provided by Infrared (IR) or Bluetooth can be used.
According to a second solution, a person manually transfers linking data from a first device to a second device for proving the close proximity. For example, an authentication server supporting an institution that is to be accessed by a non-trusted device sends a randomly generated one-time password (OTP) as linking data to the trusted device. The person that operates the trusted device and the non-trusted device reads the linking data and manually types the linking data into the non-trusted device. As in the first solution, the round-trip of the linking data is seen as proof for the close proximity.
U.S. Pat. No. 6,259,909 describes a round-trip of a code word used in a method for secure access by a user to a remote system. After an authentication of a first communications device by an access device, a code word is transmitted from the access device to a second communications device. Said code word received by the second communications device is further transmitted from the second communications device via the first communications device to said access device which can grant to the first and/or second communications device access to the remote system after a check for correctness of the code word received from the first communications device. A data processing unit can be used as first communications device and a mobile phone may be used as second communications device.
The aforementioned solutions for proving the close proximity have disadvantages. A local connection requires compatible interfaces at the devices that are to be linked for transferring the data from one device to the other device. However, compatibility of interfaces is very often not given thus limiting the applicability of solutions based on local connections to a small fragment of a potential market. This is especially true for local wireless connections, because appropriate local wireless interfaces like IR or Bluetooth transceivers are rather seldom on devices like personal computers (PCs), workstations, ATMs or older mobile phones. Using local physical connections requires to physically connect devices that are to be linked. However, physically connecting devices is an inconvenient and often even annoying task. Similarly, line-of-sight local wireless connection techniques like IR require appropriate aligning transceivers of devices that are to be linked. Furthermore, replacing a device by an appropriate further device requires to first remove the local connection from the device that is to be replaced and to attach the removed local connection to the appropriate further device thus increasing the inconvenience for the operator.
Solutions based on manually transferred linking data requires the person that operates the first and the second device to be active in a sense that the person has to read the linking data that is to be transferred manually from the first device and to type it into the second device. In order to prevent to guess the linking data, the linking data should not be too short. However, reading of a longer sequence from the first device and typing of the longer sequence into a second device is not convenient and the probability for mistyping increases with the length of the sequence. It is annoying when the linking is rejected because of any reading or typing errors.