Authentication token

US 20030212894A1
Filed: 06/20/2002
Published: 11/13/2003
Est. Priority Date: 05/10/2002
Status: Active Grant

First Claim

Patent Images

1. An authentication token comprising a smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

151 Citations

64 Claims

1. An authentication token comprising a smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64)
- - 2. A token according to claim 1, in which the software application is operative to validate the user input.
  - 3. A token according to claim 1, in which the smart card further comprises a memory storing a unique consumer code which is compared with a user input to validate the user input.
  - 4. A token according to claim 1, in which the smart card further comprises a memory storing a key which is used to generate a one-time password in response to a user input.
  - 5. A token according to claim 4, in which the key is changed each time a one-time password is generated.
  - 6. A token according to claim 5, in which a new key is generated in dependence on a previous key.
  - 7. A token according to claim 4, in which the key is generated by a key generation algorithm using the Advanced Encryption Standard (AES).
  - 8. A token according to claim 4, in which the key is a 128-bit key.
  - 9. A token according to claim 4, in which the key is generated in dependence on a Monotonically Increasing Register (MIR) maintained by a code portion of the software application.
  - 10. A token according to claim 4, in which the key is generated in dependence on a seed value stored in the memory of the smart card.
  - 11. A token according to claim 10, in which the seed value is changed each time a one-time password is generated.
  - 12. A token according to claim 4, in which the software application includes a code portion for personalising the token by initialising the key.
  - 13. A token according to claim 12, in which the software application includes a code portion for initialising the key by exchanging messages with a separate personalisation device using a key exchange protocol.
  - 14. A token according to claim 13, in which the key exchange protocol messages are encrypted.
  - 15. A token according to claim 13, in which the key exchange protocol uses the Diffie-Hellman key exchange algorithm.
  - 16. A token according to claim 10, in which the software application includes a code portion for personalising the token by initialising the seed value.
  - 17. A token according to claim 1, in which the software application includes a code portion which executes a cryptographic algorithm to generate a one-time password in response to a user input.
  - 18. A token according to claim 17, in which the cryptographic algorithm is the Advanced Encryption Standard (AES).
  - 19. A token according to claim 17, in which the algorithm generates a one-time password in dependence on data derived from a Monotonically Increasing Register (MIR) maintained by a code portion of the software application.
  - 20. A token according to claim 17, in which the algorithm generates a one-time password in dependence on a dynamic variable.
  - 21. A token according to claim 20, in which the dynamic variable is time.
  - 22. A token according to claim 21, in which the time is derived from an external input.
  - 23. A token according to claim 1, in which the smart card derives electrical power from an external input.
  - 24. A token according to claim 1, wherein the smart card further comprises a read only memory (ROM) into which the software application is burnt during manufacture.
  - 25. A token according to claim 1, wherein the smart card further comprises a memory which stores the software application.
  - 64. An authentication token according to claim 1 in combination with an interface device according to claim 55.

26. A method of authenticating a user using a smart card, the smart card receiving a user input and executing a software application in response to the user input to generate a one-time password as an output.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 27. A method according to claim 26, in which the software application validates the user input.
  - 28. A method according to claim 26, wherein the user input includes a consumer code which is compared with a unique consumer code stored in a memory on the smart card to validate the user input.
  - 29. A method according to claim 26, in which the one-time password is generated in dependence on a key stored in a memory on the smart card.
  - 30. A method according to claim 29, in which the key is changed each time a one-time password is generated.
  - 31. A method according to claim 30, in which a new key is generated in dependence on a previous key.
  - 32. A method according to claim 29, in which the key is generated by a key generation algorithm using the Advanced Encryption Standard (AES).
  - 33. A method according to claim 29, in which the key is a 128-bit key.
  - 34. A method according to claim 29, in which the key is generated in dependence on a Monotonically Increasing Register (MIR) maintained by a code portion of the software application.
  - 35. A method according to claim 29, in which the key is generated in dependence on a seed value stored in a memory on the smart card.
  - 36. A method according to claim 35, in which the seed value is changed each time a one-time password is generated.
  - 37. A method according to claim 26, in which a code portion of the software application executes a cryptographic algorithm to generate the one-time password.
  - 38. A method according to claim 37, in which the cryptographic algorithm is the Advanced Encryption Standard (AES).
  - 39. A method according to claim 37, in which the algorithm generates a one-time password in dependence on data derived from a Monotonically Increasing Register (MIR) maintained by a code portion of the software application.
  - 40. A method according to claim 37, in which the algorithm generates a one-time password in dependence on a dynamic variable.
  - 41. A method according to claim 40, in which the dynamic variable is time.
  - 42. A method according to claim 41, in which the time is derived from an external input.
  - 43. A method according to claim 26, wherein the user input is inputted by means of a separate interface device which outputs the one-time password.
  - 44. A method according to claim 26, further comprising the step of passing the one-time password to a third party in order to authenticate the user.

45. A method for personalising an authentication token comprising a smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output, comprising the steps:
- establishing an encrypted session with a separate personalisation device; and
  
  , initialising a key stored in a memory on the smart card for subsequent use by a code portion of the software application in generating a one-time password.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. A method according to claim 45, in which the key is initialised by exchanging messages with the separate personalisation device using a key exchange protocol.
  - 47. A method according to claim 46, in which the key exchange protocol messages are encrypted.
  - 48. A method according to claim 46, in which the key exchange protocol uses the Diffie-Hellman key exchange algorithm.
  - 49. A method according to claim 45, wherein the smart card is further personalised by initialising a seed stored in a memory on the smart card which is subsequently used by a code portion of the software application to generate a key for use in generating the one-time password.
  - 50. A method according to claim 45, in which data exchanged between the smart card and the separate personalisation device for use in generating a one-time password is stored by the personalisation device for subsequent transfer to a third party.

51. A method for generating a one-time password comprising the steps:
- concatenating a monotonically increasing register with a dynamic variable to produce a payload;
  
  encrypting the payload using a cryptographic algorithm in dependence on a key to produce a temporary variable;
  
  generating a first integer using the least significant bits of the temporary variable;
  
  generating a second integer by concatenating the two least significant bits of the dynamic variable with the least significant bit of the monotonically increasing register;
  
  combining the first integer with the second integer to produce the one-time password;
  
  executing a key generation algorithm using the monotonically increasing register, the key and a seed to generate a new key and a new seed;
  
  replacing the key with the new key;
  
  replacing the seed with the new seed; and
  
  , incrementing the monotonically increasing register.
- View Dependent Claims (52, 53, 54)
- - 52. A method according to claim 51, in which the cryptographic algorithm is the Advanced Encryption Standard (AES).
  - 53. A method according to claim 51, in which the key generation algorithm is based on ANSI X9.17 and uses the Advanced Encryption Standard (AES).
  - 54. A method according to claim 51, in which the key is a 128-bit key.

55. An interface device for a smart card authentication token, the interface device comprising a smart card interface, a user input device, a user output device, and an executable software application that, when a smart card is coupled to the smart card interface, is operative to co-operate with the smart card to generate a one-time password in response to a unique consumer code input via the user input device, the one-time password being communicated to a user via the user output device.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
- - 56. An interface device according to claim 55, in which the interface device maintains a dynamic variable which, in response to execution of the software application, is communicated to the smart card to generate a one-time password.
  - 57. An interface device according to claim 55, comprising a clock that provides a dynamic variable input to a smart card when the interface device is coupled to the smart card for use in the generation of a one time password.
  - 58. An interface device according to claim 57, in which the clock is synchronised with an external clock.
  - 59. An interface device according to claim 55, in which the user input device is a keypad.
  - 60. An interface device according to claim 55, in which the user output device is a display.
  - 61. An interface device according to claim 55, in which the smart card interface is adapted to be directly coupled to a smart card.
  - 62. An interface device according to claim 55, in which the smart card interface is adapted to be coupled to a smart card over a wireless communications channel.
  - 63. An interface device according to claim 55, adapted to co-operate with smart cards issued to different users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auth Token LLC (Jeffrey M. Gross)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Buck, Peter, Newport, Peter

Granted Patent

US 7,865,738 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/385   using an alias or single-us...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

Authentication token

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

151 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication token

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links