Token authentication system

US 20070101152A1
Filed: 10/17/2005
Published: 05/03/2007
Est. Priority Date: 10/17/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling user access with a token having fixed manufacturer controlled information, the method comprising:

determining the manufacturer controlled information from the token;

generating a cryptographic key using the manufacturer controlled information of the token; and

authenticating the token using the generated cryptographic key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method and program product for enabling token authentication by generating a secret key using manufacturer controlled information (57) present on a token (34). A computer (30) typically reads the manufacturer controlled information and applies an cryptographic algorithm (41) to determine the secret key (47). The secret key (47) may comprise or be used to generate a one-time password (42) for use in authenticating the token (34). Typical manufacturer controlled information (57) present on the token (34) includes static, non-writeable/erasable information, such as a serial number (56) or manufacturer ID (54). Where desired, the token authentication is accomplished in the absence of memory or processors on the token that are dedicated to the authentication process, itself. This absence reduces token hardware requirements and associated expenses. The dynamic generation of the cryptographic key (47) also reduces risks conventionally associated with duplicating static keys stored within token memory. Where desired, token includes a password (55) and/or a user name (53) in addition to the manufacturer controlled information (57) for realizing multiple factor authentication. As such, the password (55) and user name (53) stored on the token (34) may automatically be transmitted to the access device (14).

87 Citations

View as Search Results

33 Claims

1. A method of controlling user access with a token having fixed manufacturer controlled information, the method comprising:
- determining the manufacturer controlled information from the token;
  
  generating a cryptographic key using the manufacturer controlled information of the token; and
  
  authenticating the token using the generated cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein authenticating the token using the cryptographic key further comprises determining a one-time password.
  - 3. The method of claim 2, further comprising determining that the one-time password matches another one-time password.
  - 4. The method of claim 3, wherein determining the one-time password further includes updating a counter.
  - 5. The method of claim 4 further comprising synchronizing the counter with a second counter.
  - 6. The method of claim 1, wherein authenticating the token further comprises determining a look ahead value used for comparison of at least one of the cryptographic key and a value determined using the cryptographic key.
  - 7. The method of claim 1, wherein determining the manufacturer controlled information further comprises determining the manufacturer controlled information from a flash drive.
  - 8. The method of claim 1, wherein authenticating the token using the cryptographic key further comprises additionally using a password.
  - 9. The method of claim 8, wherein using the password further comprises using a password actively input by a user.
  - 10. The method of claim 8, wherein using the password further comprises using a password read from a memory.
  - 11. The method of claim 1, wherein authenticating the token using the cryptographic key further includes receiving a user name.
  - 12. The method of claim 11, wherein receiving the user name further comprises receiving the user name from a memory.
  - 13. The method of claim 1, wherein generating the cryptographic key using the manufacturer controlled information further comprises applying a cryptographic algorithm to the manufacturer controlled information.
  - 14. The method of claim 1, wherein generating the cryptographic key using the manufacturer controlled information further comprises using a serial number.
  - 15. The method of claim 1, wherein generating the cryptographic key using the manufacturer controlled information further comprises using a manufacturer identifier.
  - 16. The method of claim 1, wherein generating the cryptographic key using the manufacturer controlled information further comprises using at least one of a product identifier, a date of manufacture and a model number.
  - 17. The method of claim 1, further comprising determining that at least one of the token and an authenticating computer has been compromised.
  - 18. The method of claim 1, wherein determining that at least one of the token and the authentication computer has been compromised further comprises determining that a first counter of the token is different than a second counter of the authenticating computer.
  - 19. The method of claim 1, wherein authenticating the cryptographic token further comprises authenticating at a computer that is remote from a device that receives the token.
  - 20. The method of claim 1, wherein authenticating the cryptographic token further comprises authenticating at a client computer.

21. A method of controlling user access with random data stored within a memory of a token, the method comprising:
- determining the random data from the token;
  
  generating a cryptographic key using the random data of the token; and
  
  authenticating the token using the generated cryptographic key.

22. An apparatus, comprising:
- a token having fixed manufacturer controlled information; and
  
  an access control device comprising a program resident in a memory, the program configured to determine the manufacturer controlled information from the token;
  
  to generate a cryptographic key using the manufacturer controlled information of the token; and
  
  to authenticate the token using the generated cryptographic key.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The apparatus of claim 22, further comprising a log included in the memory, the log configured to maintain a count of failed authentication attempts.
  - 24. The apparatus of claim 22, wherein the cryptographic key comprises a one-time password.
  - 25. The apparatus of claim 24, wherein the program is further configured to determine if the one-time password matches another one-time password retrieved from the memory.
  - 26. The apparatus of claim 22, further comprising at least one of a counter and a clock.
  - 27. The apparatus of claim 22, wherein the program is further configured to synchronize the counter with a second counter.
  - 28. The apparatus of claim 22, wherein the program is further configured to determine a look ahead value used for comparison of at least one of the cryptographic key and a value determined using the cryptographic key.
  - 29. The apparatus of claim 22, wherein the token comprises a flash drive.
  - 30. The apparatus of claim 22, wherein the program is further configured to authenticate the token using multifactor data.
  - 31. The apparatus of claim 22, wherein the manufacturer controlled information further comprises at least one of a serial number, a manufacturer identifier, a model number, and a date of manufacture.

32. An access control device, comprising:
- a token comprising a memory having random data; and
  
  a program resident in the memory, the program configured to determine the random data from the token;
  
  to generate a cryptographic key using the random data of the token; and
  
  to authenticate the token using the generated cryptographic key.

33. A program product, comprising:
- program code configured to determine fixed manufacturer controlled information from a token;
  
  to generate a cryptographic key using the manufacturer controlled information of the token; and
  
  to authenticate the token using the generated cryptographic key; and
  
  a signal bearing medium bearing the program code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Saflink Corporation (Imprivata Incorporated)
Inventors
Mercredi, Dwayne, Vance, Joachim, Robinson, Joseph

Application Number

US11/252,040
Publication Number

US 20070101152A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/80   Wireless network architectu...

H04L 63/0838   using one-time-passwords

H04L 9/0877   using additional device, e....

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Token authentication system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Token authentication system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links