Dual authentications utilizing secure token chains

US 20070150744A1
Filed: 12/22/2005
Published: 06/28/2007
Est. Priority Date: 12/22/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating a client when the client logs in a servicing server, the method comprising:

(A) submitting a first authentication code and a second authentication code from the client to the servicing server, the second authentication code including a secure token of a reversal secure token chain with a hash function and an index of the secure token in the reversal secure token chain;

(B) verifying the first authentication code at the servicing server;

(C) validating the secure token at the servicing server by comparing a hash value of the secure token with at least one of a previously acquired secure token or a root of the reversal secure token chain; and

(D) confirming the login if the first authentication code and the second authentication code are associated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments include a method and a system of authenticating a client when the client logs in a servicing. According to one embodiment, a first authentication code and a second authentication code is submitted from the client to the servicing server. The second authentication code includes a secure token of a reversal secure token chain with a hash function and an index of the secure token in the reversal secure token chain. The first authentication code is then verified at the servicing server. The secure token is also verified at the servicing server by comparing a hash value of the secure token with a previously acquired secure token or a root of the reversal secure token chain. If the first authentication code and the second authentication code are associated, the login is confirmed.

Citations

20 Claims

1. A method of authenticating a client when the client logs in a servicing server, the method comprising:
- (A) submitting a first authentication code and a second authentication code from the client to the servicing server, the second authentication code including a secure token of a reversal secure token chain with a hash function and an index of the secure token in the reversal secure token chain;
  
  (B) verifying the first authentication code at the servicing server;
  
  (C) validating the secure token at the servicing server by comparing a hash value of the secure token with at least one of a previously acquired secure token or a root of the reversal secure token chain; and
  
  (D) confirming the login if the first authentication code and the second authentication code are associated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the first authentication code comprises a password or a pair of login name and password.
  - 3. The method of claim 1 further comprising a relationship setup prior to the step (A), wherein the relationship setup includes acquiring a server certificate and a client certificate, and wherein the relationship setup is conducted once or until one of the client and server certificates is expired or revoked.
  - 4. The method of claim 3 wherein the client certificate comprises a name of the servicing server, a name of the client, a public key of the client and an expiration date of the client certificate, and wherein the client certificate is signed by a private key of the servicing server.
  - 5. The method of claim 4 wherein the client certificate comprises contact information of the client.
  - 6. The method of claim 3 further comprising a chain setup prior to the step (A), wherein the chain setup comprises:
    - (a) creating the reversal secure token chain with the hash function;
      
      (b) creating a commitment;
      
      (c) submitting the commitment to the servicing server; and
      
      (d) verifying the commitment with a public key of the client at the servicing server; and
      
      wherein the chain setup is conducted every time a new reversal secure token chain is created at the client.
  - 7. The method of claim 6 wherein the reversal secure token chain and the commitment is created by a user program at the client.
  - 8. The method of claim 7 wherein the user program at the client is downloaded from a download server.
  - 9. The method of claim 8 wherein downloading the user program comprises the steps of:
    - (a) obtaining a user-specific download code;
      
      (b) making a download request to the download server;
      
      (c) submitting the user-specific download code to the download server;
      
      (d) at the download server, checking whether the user-specific download code matches with a pre-agreed download code that the download server agreed with the download code authority;
      
      (e) receiving the user program from the download server if the user-specific download code matches with the pre-agreed download code; and
      
      (f) installing the user program at the client; and
      
      wherein the user program is preloaded with PKI keys.
  - 10. The method of claim 8 wherein downloading the user program comprises the steps of:
    - (a) obtaining a user-specific download code;
      
      (b) making a download request to the download server;
      
      (c) receiving the user program from the download server;
      
      (d) installing the user program at the client;
      
      (e) sending the user-specific download code and a public key from the user program to the download server;
      
      (f) at the download server, checking whether the user-specific download code matches with a pre-agreed download code that the download server agreed with the download code authority; and
      
      (g) registering the public key and sending a certificate of the public key to the user program; and
      
      wherein the user program is a generic user program.
  - 11. The method of claim 6 wherein the commitment comprises a purpose of the reversal secure token chain, the client certificate, the root of the reversal secure token chain and current date, and wherein the commitment is signed by a private of the client.
  - 12. The method of claim 11 wherein the commitment comprises a period of time that the reversal secure token chain must be consumed.
  - 13. The method of claim 1 wherein the secure tokes of the reversal secure token chain are consumed in an ascending order.
  - 14. The method of claim 1 wherein the step (C) comprises comparing the hash value of the secure token with a last acquired secure token if the index of the secure token is greater than one.
  - 15. The method of claim 1 wherein the step (C) comprises comparing the hash value of the secure token with the root of the reversal secure token chain if the index of the secure token is equal to one.

16. A method of authenticating a client when the client logs in a servicing server, the method comprising:
- (A) submitting a secure token of a reversal secure token chain with a hash function and an index of the secure token in the reversal secure token chain from the client to the servicing server;
  
  (B) validating the secure token at the servicing server by comparing a hash value of the secure token with at least one of a previously acquired secure token or a root of the reversal secure token chain.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16 further comprising:
    - (a) submitting a password or a pair of login name and password from the client to the servicing server; and
      
      (b) verifying the password or the pair of login name and password at the servicing server.
  - 18. The method of claim 16 wherein the step (B) comprises comparing the hash value of the secure token with a last acquired secure token if the index of the secure token is greater than one.
  - 19. The method of claim 16 wherein the step (B) comprises comparing the hash value of the secure token with the root of the reversal secure token chain if the index of the secure token is equal to one.

20. A system of authenticating a client when the client logs in a servicing server, the system comprising:
- (A) means for submitting a first authentication code and a second authentication code from the client to the servicing server, the second authentication code including a secure token of a reversal secure token chain with a hash function and an index of the secure token in the reversal secure token chain;
  
  (B) means for verifying the first authentication code at the servicing server;
  
  (C) means for validating the secure token at the servicing server by comparing a hash value of the secure token with at least one of a previously acquired secure token or a root of the reversal secure token chain; and
  
  (D) means for confirming the login if the first authentication code and the second authentication code are associated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hong Kong Applied Science And Technology Research Institute Co., Ltd.
Original Assignee
Hong Kong Applied Science And Technology Research Institute Co., Ltd.
Inventors
Lau, Kam, Wong, Ha, Cheng, Siu

Application Number

US11/317,944
Publication Number

US 20070150744A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06Q 20/385   using an alias or single-us...

H04W 12/02   Protecting privacy or anony...

Dual authentications utilizing secure token chains

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dual authentications utilizing secure token chains

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links