System, device, and method for providing secure electronic commerce transactions
First Claim
1. A system to uniquely identify a security device, the security device coupled to a computing device, the computing device coupled to a server over a computer network, the system comprising:
- a security device coupled to the computing device, the security device storing a serial number associated with the security device and a user key associated with the serial number;
a server coupled to a user information database, the user information database storing a plurality of registered serial numbers and a plurality of user keys, each user key being associated with one of the plurality of registered serial numbers;
wherein, when the computing device attempts to log onto the server over the computer network, the server;
requests a serial number from the security device;
verifies whether the serial number received from the security device is stored as one of the plurality of registered serial numbers in the user information database;
if the serial number is stored within the user information database, the server obtains the associated user key and computes a challenge and computes an expected response based on the associated user key, the server sends the challenge to the security device over the computer network; and
if the server receives a response back from the security device in response to the challenge that matches the expected response, the server allows the computing device to log onto the server.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a security device coupled to a computing device, which is, in turn, coupled to a server through a computer network. The security device stores a serial number associated with the security device and a user key associated with the serial number. When the computing device attempts to log onto the server over the computer network, the server requests a serial number from the security device. If the serial number is stored within a user information database, the server obtains an associated user key and computes a challenge. Further, the server computes an expected response for the security device based on the associated user key. The server then sends the challenge to the security device over the computer network. If the server receives a response back from the security device that matches the expected response, the server will allow the computing device to log onto the server.
-
Citations
46 Claims
-
1. A system to uniquely identify a security device, the security device coupled to a computing device, the computing device coupled to a server over a computer network, the system comprising:
-
a security device coupled to the computing device, the security device storing a serial number associated with the security device and a user key associated with the serial number;
a server coupled to a user information database, the user information database storing a plurality of registered serial numbers and a plurality of user keys, each user key being associated with one of the plurality of registered serial numbers;
wherein, when the computing device attempts to log onto the server over the computer network, the server;
requests a serial number from the security device;
verifies whether the serial number received from the security device is stored as one of the plurality of registered serial numbers in the user information database;
if the serial number is stored within the user information database, the server obtains the associated user key and computes a challenge and computes an expected response based on the associated user key, the server sends the challenge to the security device over the computer network; and
if the server receives a response back from the security device in response to the challenge that matches the expected response, the server allows the computing device to log onto the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method to uniquely identify a security device, the security device coupled to a computing device, the computing device coupled to a server over a computer network, the method comprising:
-
storing a serial number associated with the security device and a user key associated with the serial number at the security device;
storing a plurality of registered serial numbers and a plurality of user keys at the server, each user key being associated with one of the plurality of registered serial numbers;
requesting a serial number from the security device when the computing device attempts to log onto the server over the computer network;
verifying whether the serial number received from the security device is stored as one of the plurality of registered serial numbers at the server;
if the serial number is stored at the server, obtaining the associated user key from the server;
computing a challenge;
computing an expected response based on the associated user key;
sending the challenge to the security device over the computer network; and
if the server receives a response back from the security device in response to the challenge that matches the expected response, allowing the computing device to log onto the server. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A security device to uniquely identify and authenticate a user, the security device coupled to a computing device, the computing device coupled to a server over a computer network, the server coupled to a user information database, the user information database storing a plurality of registered serial numbers and a plurality of user keys, each user key being associated with one of the plurality of registered serial numbers, the security device comprising:
-
a microprocessor; and
a security device memory, the security device memory storing a serial number associated with the security device and a user key associated with the serial number;
wherein, when the computing device attempts to log onto the server over the computer network, the microprocessor operating in conjunction with the security device memory to;
in response to a request from the sever, transmit the serial number to the computing device which is then transmitted to the server;
in response to a challenge from the server, compute a response based upon the user key; and
transmit the response to the computing device which is then transmitted to the server. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A system to uniquely identify a security device, the security device coupled to a computing device, the computing device coupled to a server over a computer network, the system comprising:
-
a security device coupled to the computing device, the security device storing a unique identifier associated with the security device and a user key associated with the unique identifier;
a server coupled to a user information database, the user information database storing a plurality of registered unique identifiers and a plurality of user keys, each user key being associated with one of the plurality of registered unique identifiers;
wherein, when the computing device attempts to log onto the server over the computer network, the server;
requests a unique identifier from the security device;
verifies whether the unique identifier received from the security device is stored as one of the plurality of registered unique identifiers in the user information database;
if the unique identifier is stored within the user information database, the server obtains the associated user key and computes a challenge and computes an expected response based on the associated user key, the server sends the challenge to the security device over the computer network; and
if the server receives a response back from the security device in response to the challenge that matches the expected response, the server allows the computing device to log onto the server. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification