Multi-factor authentication using a smartcard

US 20070118745A1
Filed: 11/15/2006
Published: 05/24/2007
Est. Priority Date: 11/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method for performing multi-factor authentication in a processor using a non-cryptographic capability of a smartcard as an authentication factor, comprising:

(a) requesting access to a device;

(b) receiving at least one request for authentication using at least two authentication factors;

(c) receiving authentication data associated with a first authentication factor;

(d) receiving authentication data associated with a second authentication factor from a smartcard, wherein step (d) includes;

(i) establishing communication between the processor and the smartcard, and (ii) receiving a transaction code from the smartcard, wherein the transaction code monotonically increases each time a transaction is attempted with the smartcard;

(e) communicating the authentication data associated with the first authentication factor and received transaction code as the authentication data associated with the second authentication factor to the device; and

(f) receiving authorization to access the requested service if the first authentication data and the second authentication data were verified by server.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.

235 Citations

22 Claims

1. A method for performing multi-factor authentication in a processor using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
- (a) requesting access to a device;
  
  (b) receiving at least one request for authentication using at least two authentication factors;
  
  (c) receiving authentication data associated with a first authentication factor;
  
  (d) receiving authentication data associated with a second authentication factor from a smartcard, wherein step (d) includes;
  
  (i) establishing communication between the processor and the smartcard, and (ii) receiving a transaction code from the smartcard, wherein the transaction code monotonically increases each time a transaction is attempted with the smartcard;
  
  (e) communicating the authentication data associated with the first authentication factor and received transaction code as the authentication data associated with the second authentication factor to the device; and
  
  (f) receiving authorization to access the requested service if the first authentication data and the second authentication data were verified by server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the device is remote from the processor.
  - 3. The method of claim 1, wherein the processor is local to the device.
  - 4. The method of claim 1, wherein the authentication data associated with the first authentication factor includes a user identifier and a password.
  - 5. The method of claim 1, wherein the authentication data associated with the first authentication factor includes a biometric template.
  - 6. The method of claim 1, wherein step (d) further includes:
    - (iii) calculating a one-time password based on the transaction code received from the smartcard.
  - 7. The method of claim 1, wherein step (d) further includes:
    - prior to step (d)(ii), simulating a transaction request with the smartcard to cause the smartcard to generate a transaction code, wherein the simulated transaction request includes a transaction value of zero.
  - 8. The method of claim 1, wherein the processor is a secure processor.
  - 9. The method of claim 1, wherein step (e) further includes:
    - establishing a secure communications session with the device.
  - 10. The method of claim 9, wherein establishing a secure communications session with device includes:
    - (i) transmitting a message to the device including a digital certificate for a secure processor;
      
      (ii) receiving a message from the device including an encrypted symmetric key if the device successfully validated the digital certificate for the secure processor, wherein the symmetric key is encrypted with the public key of the secure processor;
      
      (iii) decrypting the encrypted symmetric key with private key of the secure processor; and
      
      (iv) engaging in secure communications using the symmetric key to encrypt and decrypt communications.

11. A method for performing multi-factor authentication in a remote computer using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
- (a) receiving a request from a device to access the remote computer;
  
  (b) requesting authentication using at least two authentication factors from the requesting device;
  
  (c) receiving authentication data associated with a first authentication factor;
  
  (d) receiving a transaction code from the smartcard as the authentication data associated with second authentication factor, wherein the transaction code monotonically increases each time a transaction is attempted with the smartcard;
  
  (e) verifying the first authentication data;
  
  (g) verifying the transaction code; and
  
  (f) authorizing access to the requested service if the first authentication data and the second authentication data are successfully verified.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the authentication data associated with the first authentication factor includes a user identifier and a password.
  - 13. The method of claim 11, wherein the authentication data associated with the first authentication factor includes a biometric template.
  - 14. The method of claim 11, wherein step (g) includes:
    - (i) determining an expected transaction code for the smartcard; and
      
      (ii) determining whether the received transaction code matches the expected transaction code.
  - 15. The method of claim 14, wherein step (g)(i) includes generating a one-time password based on the expected transaction code and step (g)(ii) includes determining whether the received transaction code matches the generated one-time password.
  - 16. The method of claim 11, wherein step (g) includes:
    - (i) transmitting a transaction request to a verification server for validation, wherein the transaction request includes the transaction code; and
      
      (ii) receiving a validation response, wherein the validation is successful if the transmitted transaction code matches a transaction code for the smartcard expected by the verification server.
  - 17. The method of claim 16, wherein the transaction request includes a transaction value of zero.
  - 18. The method of claim 11, further comprising:
    - prior to step (d), establishing a secure communications session with the device.
  - 19. The method of claim 18, wherein establishing the secure communications session with the device includes:
    - (i) receiving a message from the device, the message including a digital certificate including a public key for the device;
      
      (ii) validating the received digital certificate;
      
      (iii) generating a symmetric key;
      
      (iv) encrypting the generated symmetric key with the public key of the device; and
      
      (v) transmitting the encrypted symmetric key to the device; and
      
      (vi) engaging in secure communications using the symmetric key to encrypt and decrypt communications.

20. A processor for performing multi-factor authentication using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
- a smartcard reader for receiving a transaction code from a smartcard, wherein the smartcard reader is within a secure boundary established by the secure processor and wherein the transaction code monotonically increases each time a transaction is attempted with the smartcard;
  
  means for establishing a secure communications session with a remote computing device; and
  
  means for securely transmitting received transaction code as an additional authentication factor to the remote computing device.
- View Dependent Claims (21, 22)
- - 21. The secure processor of claim 20, wherein the processor is integrated into a computing device.
  - 22. The secure processor of claim 20, wherein the processor is coupled to a computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark

Granted Patent

US 8,245,292 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0823   using certificates cryptogr...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Multi-factor authentication using a smartcard

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

235 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-factor authentication using a smartcard

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

235 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links