Universal authentication token

US 20070118891A1
Filed: 11/15/2006
Published: 05/24/2007
Est. Priority Date: 11/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a universal authentication token with authentication data from a plurality of devices, comprising:

(a) establishing a communications connection between the universal authentication token and a device from which authentication data is to be imported;

(b) transmitting a request for authentication data to the device from which authentication data is to be imported;

(c) cryptographically authenticating the identity of the universal token to the device;

(d) transmitting user authentication data to the device from which authentication data is to be imported;

(e) authenticating the identity of a user of the universal authentication token to the device using the user authentication data; and

(f) receiving the requested authentication data if the identity of the universal token and the identity of the user of the universal authentication token are successfully authenticated.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.

256 Citations

20 Claims

1. A method for provisioning a universal authentication token with authentication data from a plurality of devices, comprising:
- (a) establishing a communications connection between the universal authentication token and a device from which authentication data is to be imported;
  
  (b) transmitting a request for authentication data to the device from which authentication data is to be imported;
  
  (c) cryptographically authenticating the identity of the universal token to the device;
  
  (d) transmitting user authentication data to the device from which authentication data is to be imported;
  
  (e) authenticating the identity of a user of the universal authentication token to the device using the user authentication data; and
  
  (f) receiving the requested authentication data if the identity of the universal token and the identity of the user of the universal authentication token are successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18)
- - 2. The method of claim 1, further comprising:
    - (g) repeating steps (a) through (f) for at least one additional device.
  - 3. The method of claim 1, wherein the device is an authentication token.
  - 4. The method of claim 1, wherein the device is a second universal authentication token.
  - 5. The method of claim 1, wherein the universal authentication token is embedded in a second device.
  - 6. The method of claim 1, wherein the request for authentication data includes a digital certificate for the universal authentication token.
  - 7. The method of claim 1, wherein step (c) includes:
    - (i) receiving a random value as a challenge from the device;
      
      (ii) forming hash value from an identifier for the universal authentication token and the received random value;
      
      (iii)encrypting has value with a private key of the universal authentication token to form a digital signature; and
      
      (iv)transmitting the identifier and the digital signature to the device as a response to the challenge.
  - 8. The method of claim 1, wherein user authentication data includes a password.
  - 9. The method of claim 1, wherein user authentication data includes a shared secret.
  - 10. The method of claim 1, wherein user authentication data includes a PIN.
  - 11. The method of claim 1, wherein user authentication data includes biometric data.
  - 12. The method of claim 1, wherein the authentication data includes one or more cryptographic keys.
  - 13. The method of claim 1, wherein the authentication data includes an authentication algorithm.
  - 18. The universal authentication token of claim 11 further comprising:
    - a biometric authentication module.

14. A universal authentication token for storing authentication data for a plurality of resources, comprising:
- means for establishing a communications connection between the universal authentication token and one or more devices from which authentication data is to be imported;
  
  means for receiving authentication data from the one or more devices;
  
  secure processor including means for cryptographically authenticating the identity of the universal token to the device and means for authenticating the identity of a user of the universal token; and
  
  memory configured to store a plurality of resource authentication records, one for each resource to which the user of the universal authentication token is enrolled.
- View Dependent Claims (15, 16, 17, 19, 20)
- - 15. The universal authentication token of claim 14, wherein at least a portion of the memory is within a security boundary established by the secure processor.
  - 16. The universal authentication token of claim 14, wherein the memory is further configured to store user authentication data.
  - 17. The universal authentication token of claim 14, wherein the universal authentication token is embedded in a second device.
  - 19. The universal authentication token of claim 17, wherein at least a portion of the biometric authentication module is included within a security boundary established by the secure processor.
  - 20. The universal authentication token of claim 14 wherein a first authentication record is defined for use with a first authentication algorithm and a second authentication record is defined for use with a second authentication algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark

Granted Patent

US 8,171,531 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 21/445   by mutual authentication, e...

G06F 2221/2129   Authenticate client device ...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/3674   involving authentication

G06Q 2220/00   Business processing using c...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04W 12/069   using certificates or pre-s...

Universal authentication token

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

256 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Universal authentication token

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

256 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links