The disclosure relates generally to a method and apparatus for using a smart phone to authenticate the user to a smart card reader emulation device.
As computers and other electronic devices store an increasingly large and sensitive amount of information, the computers and other electronic devices must be secured against unauthorized users. An effective way of securing computers and other electronic devices is to encrypt or otherwise disallow access to a computer until a user provides hardware and/or software that includes unique identifying information about the user. In one embodiment, smart cards may be used to store and transmit unique information about a user to a computer, so that the user may request and gain access to the computer. The smart card includes software and/or hardware, and also stores information that uniquely identifies a user. The uniquely identifying information may include, for example, representative biometric information about the user, a unique encryption certificate generated for the user, or other uniquely identifying information. The user may request access to a computer, and be granted access if the user is authenticated. Smart cards, generally, are physical devices that include memory, and may include other processing components, such as a processor and/or battery. The smart cards generally must be carried by the user, and inserted directly into a computer or device associated with the computer. If a user wishes to gain access to many computers, the user may need more than one smart card. The weight and bulk of one or more smart cards may deter users and/or administrators from implementing smart card security. It is common for users to carry smart phones, and smart phones include memory and/or processing capability that may enable them to operate as a smart card. Replacing one or more smart cards with a single smart phone may reduce overall bulk, and may make it more likely for users to implement smart card security.
Known smart card emulation systems can include a component located on a smart phone to remotely lock and unlock a computer via a Bluetooth connection. However such systems do not appear to allow a user to select a signal strength of the Bluetooth connection to change the range that the smart phone may lock or unlock the computer.
Also, it is known to allow a user to automatically lock and unlock a computer using a Bluetooth device such as a mobile phone. The user can configure the proximity distance and duration, and when the Bluetooth device moves away from the computer, the screensaver is triggered and the computer is locked. When the Bluetooth device is in range, the program unlocks the computer, without requiring user input. However, such systems do not require authentication of the Bluetooth device, or transmission of data between the Bluetooth device and the computer for authentication of the Bluetooth device to the computer.
Near field communication techniques are also known between wireless devices that use very short range wireless links. Setting up the near field communication links can involve exchanging key pairs used to establish a Bluetooth connection or a short range connection. As such, two different wireless protocols are used using two different types of short range links. The information that is transferred in the near field communication may include, for example, key pairs and device IDs that are then used by two devices to establish a short range communication link wherein the short range communication link is encrypted. Typically, the systems authenticate each device to each other to provide a type of mutual authentication of devices. However, the user may have to select from many machines in a room if they want to authenticate two machines in a wireless range. Also, user authentication is not typically provided with such systems.
Also in systems that fail to employ very short range communication links, such as pure Bluetooth links or other short range links, user authentication can be provided to automatically unlock a device when the Bluetooth device is activated. However, when multiple devices are within range, a user needs to typically manually select which device to unlock. Accordingly, it is desirable to have an improved user authentication technique.
Accordingly, there exists a need for an improved method and apparatus for using a portable wireless device to authenticate a user.