Token Based Multi-protocol Authentication System and Methods
First Claim
Patent Images
1. An authentication system comprising:
- a. A plurality of Servers employing a plurality of Proof protocols each requiring a Proof of Token presence before accepting login request from a possessor of said Token;
b. A Token apparatus, capable of communicating with said Servers, comprising;
i. A first private key accessible only to Token and associated with a Manufacturer Certificate required for executing an enrollment protocol of Token to Server;
ii. Processing means capable of selectively executing a plurality of Proof of possession protocols, such that for each Server of the plurality of Servers there is at least one protocol common to Token and Server;
iii. Storage means for securely storing a collection of data elements, each such element corresponding to a particular Server and wherein said data element is required for producing a Proof of possession acceptable to said Server;
iv. Selection means for selecting a data element required for executing a Proof of possession protocol corresponding to a particular Server.
0 Assignments
0 Petitions
Accused Products
Abstract
A Token based, multi-Server and multi-protocol authentication system comprising a plurality of Servers employing potentially a plurality of Proof protocols each requiring a Proof of Token presence before accepting login request from a possessor of said Token and a plurality of Token apparatus capable of communicating with said Servers and storing at least a first private key accessible only to Token, whereby said first key is associated with a Manufacturer Certificate; and whereby each Token is capable of executing a plurality of Proof of possession protocols such that for each Server of the plurality of Servers there is at least one protocol common to Token and Server.
-
Citations
10 Claims
-
1. An authentication system comprising:
-
a. A plurality of Servers employing a plurality of Proof protocols each requiring a Proof of Token presence before accepting login request from a possessor of said Token;
b. A Token apparatus, capable of communicating with said Servers, comprising;
i. A first private key accessible only to Token and associated with a Manufacturer Certificate required for executing an enrollment protocol of Token to Server;
ii. Processing means capable of selectively executing a plurality of Proof of possession protocols, such that for each Server of the plurality of Servers there is at least one protocol common to Token and Server;
iii. Storage means for securely storing a collection of data elements, each such element corresponding to a particular Server and wherein said data element is required for producing a Proof of possession acceptable to said Server;
iv. Selection means for selecting a data element required for executing a Proof of possession protocol corresponding to a particular Server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for generating a plurality of digital certificates guarantying compliance of a Token comprising the steps of:
-
a. Storing within Token a first private key and a first public key during manufacturing process;
a. Generating by Token an asymmetric second private key and a matching second public key;
b. Computing by Token a digital signature to said second public key whereby said signature is encrypted by said first private key;
c. Submitting a certificate request containing at least said signature, first public key and second public key to CA;
d. Verifying at CA that first public key is registered with manufacturer;
e. Receiving at Token from CA a Manufacturer Certificate certifying said second public key. - View Dependent Claims (8)
-
-
9. A method for transferring a first MC from first Token to second Token comprising the steps of:
-
a. Establishing a trust for second Token by First Token based on MC of second Token;
b. Deleting first private key from permanent storage at first Token;
c. Communicating encrypted first private key and associated first MC to second Token;
d. Storing first private key and associated first MC at second Token. - View Dependent Claims (10)
-
Specification