Search

US-20260127301-A1 - SYSTEM AND METHOD FOR FACILITATING SECURE PROXIMITY BOUND OPERATIONS

US20260127301A1US 20260127301 A1US20260127301 A1US 20260127301A1US-20260127301-A1

Abstract

Process handler for executing secure operations is disclosed. A token is provided to a user device by a process initiator based on an input received from a user of the user device. The token and user data associated with the input are further received by the process handler from the process initiator and stored by the process handler. When the user device is in proximity of the process handler, the process handler establishes a secure ultrawideband ranging session with the user device and further receives the token from the user device. A match between the received token from the user device and the stored token in the process handler is identified. The process handler validates the user device based on the match. Based on the validation of the user device, the process handler executes the secure operation on the user data.

Inventors

  • Sunil Dilipkumar Jogi
  • Srivathsa Masthi Parthasarathi
  • Hugues Jean Marie de Perthuis
  • Sundaresan Swaminathan

Assignees

  • NXP B.V.

Dates

Publication Date
20260507
Application Date
20250908
Priority Date
20240927

Claims (20)

  1. 1 . A process handler comprising: circuitry configured to: establish a secure ranging session with a user device based on the user device being within a detection range associated with the circuitry; receive a first token from the user device based on the established secure ranging session, wherein the first token is generated by a process initiator to facilitate a secure operation; determine a second token associated with the process initiator, wherein the second token is further associated with the secure operation; validate the user device based on a match between the first token and the second token; and execute, based on the validation of the user device, the secure operation.
  2. 2 . The process handler of claim 1 , wherein the first token and the second token include random data.
  3. 3 . The process handler of claim 1 , wherein the first token and the second token have a token length of at least 16 bytes.
  4. 4 . The process handler of claim 1 , wherein the first token and the second token are set to expire after a validity period.
  5. 5 . The process handler of claim 4 , wherein the circuitry validates the user device in the validity period.
  6. 6 . The process handler of claim 1 , wherein the circuitry is further configured to receive secure data and a set of instructions corresponding to the secure operation from the process initiator, wherein the second token is an identifier of the secure data.
  7. 7 . The process handler of claim 6 , wherein based on the validation of the user device, the circuitry executes the secure operation based on the secure data and the set of instructions.
  8. 8 . The process handler of claim 1 , wherein the secure ranging session is an ultrawideband secure ranging session.
  9. 9 . The process handler of claim 1 , wherein the validation of the user device is indicative of comparing the first token and the second token to determine the match between the first token and the second token.
  10. 10 . The process handler of claim 1 , wherein the circuitry receives the second token prior to receiving the first token.
  11. 11 . The process handler of claim 1 , wherein the circuitry is further configured to detect, prior to establishing the secure ranging session, the user device, wherein the user device is detected based on the user device being within the detection range associated with the circuitry.
  12. 12 . The process handler of claim 1 , wherein the circuitry is further configured to authenticate the user device, and wherein the secure ranging session is established based on a mutual authentication between the process handler and the user device being successful.
  13. 13 . The process handler of claim 1 , wherein the secure operation corresponds to printing of data, and wherein the process handler comprises one of a standalone printer or a network printer.
  14. 14 . The process handler of claim 1 , wherein the circuitry comprises: an ultrawideband (UWB) anchor that is configured to: detect the user device within the detection range; establish the secure ranging session with the user device based on the user device being in the detection range; and receive the first token from the user device based on the established secure ranging session.
  15. 15 . The process handler of claim 14 , wherein the circuitry further comprises: a secure element coupled to the UWB anchor, wherein the secure element is configured to: receive the second token from the process initiator; and validate the user device based on the match between the first token and the second token.
  16. 16 . A method comprising: establishing, by a process handler, a secure ranging session with a user device based on the user device being within a detection range of the process handler; receiving, by the process handler, a first token from the user device based on the established secure ranging session, wherein the first token is generated by a process initiator to facilitate a secure operation; determining, by the process handler, a second token associated with the process initiator, wherein the second token is further associated with the secure operation; validating, by the process handler, the user device based on a match between the first token and the second token; and executing, by the process handler, the secure operation based on the validation of the user device.
  17. 17 . The method of claim 16 , wherein the secure ranging session is a ultrawideband ranging session.
  18. 18 . The method of claim 16 , wherein the first token and the second token are set to expire after a validity period.
  19. 19 . The method of claim 16 , further comprising receiving, by the process handler, secure data and a set of instructions corresponding to the secure operation from the process initiator.
  20. 20 . The method of claim 19 , wherein the second token is an identifier of the secure data.

Description

CROSS-REFEENCE TO RELATED APPLICATIONS This application claims priority under 35 U.S.C. § 119 to India Patent application no. 202441073087, filed on Sep. 27, 2024, the contents of which are incorporated by reference herein. FIELD OF USE The present disclosure relates generally to wireless communications and, more particularly, to a system and method for facilitating secure proximity bound operations. BACKGROUND To print data, a user typically selects a print command on an electronic device. Based on the print command, the electronic device transmits the data to be printed to a printing system by way of a wired connection or wirelessly. When the user arrives at a location of the printing system, the user either enters login details into the printing system or taps a card that stores an identifier of the user such as a name of the user, at the printing system, for identification of the user. The printing system prints the data (e.g., execute a printing operation) upon successfully identifying the user. Such operations are however, susceptible to network attacks that result in loss of the data during transmission. In addition, it is inconvenient for the user to remember the login details or carry the card each time to the location of the printing device. BRIEF DESCRIPTION OF DRAWINGS The following detailed description of the embodiments of the present disclosure will be better understood when read in conjunction with the appended drawings. The present disclosure is illustrated by way of example, and not limited by the accompanying figures, in which like references indicate similar elements. FIG. 1 illustrates a schematic diagram of a system environment in accordance with an embodiment of the present disclosure; FIGS. 2A-2C represent a process flow diagram that illustrates operations executed by a process initiator, a user device, and a process handler of the system environment of FIG. 1 in accordance with an embodiment of the present disclosure; and FIGS. 3A-3B, collectively represent a flowchart that illustrates a secure method executed by the process handler of the system environment of FIG. 1 in accordance with an embodiment of the present disclosure. DETAILED DESCRIPTION The detailed description of the appended drawings is intended as a description of the embodiments of the present disclosure, and is not intended to represent the only form in which the present disclosure may be practiced. It is to be understood that the same or equivalent functions may be accomplished by different embodiments that are intended to be encompassed within the spirit and scope of the present disclosure. Overview In conventional printing systems, a user provides a print command associated with user data on an electronic device and the user data is transmitted to a printing system by the electronic device by way of a wired connection or wirelessly. When the user arrives at a location of the printing system, the user may either enter login details such as username and password into the printing system or tap a near field communication (NFC) card that stores an identifier of the user such as a name of the user, at the printing system. The printing system may authenticate the user based on at least one of the login details and the identifier. Upon successfully authenticating the user, the printing system may print the user data (e.g., execute a printing operation) associated with the user. Such operations are, however, susceptible to network attacks that may result in loss of the user data during transmission. In addition, it is inconvenient for the user to remember and input the login details for printing the data or carry the NFC card each time to the location of the printing device. In one or more embodiments, systems, methods, and devices are described herein that enable secure printing using ultrawideband ranging-based proximity (e.g., handsfree printing). In one or more embodiments, a computing device (such as a laptop computer) may establish a secure channel with a printer, such as a standalone printer, a network printer, or a shared drive that can be accessed for printing. A user may interact with the computing device to initiate a printing operation to print a selected file. The computing device may be understood to be a process initiator. In one or more embodiments, in response to initiating the printing operation, the computing device may generate a token for validation with a remote printer (process handler) and sends the token to the user's communication device (user device), such as a smartphone. The computing device (process initiator) may rename the selected file with the token and upload the renamed file to the secure channel for printing. When the user approaches a selected printer (process handler) with his or her smartphone (user device), the printer (process handler) may perform UWB secure ranging to authenticate the smartphone (user device). Once the smartphone is authenticated, the smartphone may transfer the