Methods and systems for nonce generation in a token

US 20070283163A1
Filed: 06/06/2006
Published: 12/06/2007
Est. Priority Date: 06/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing a nonce during a login associated with a token in a multi-user computer system, the multi-user computer system including a client, the method comprising:

activating a login process after inserting the token into a token interface associated with the multi-user computer system, the login process activated by a request to execute a user privileged operation made by a client application process;

validating, in the token, a password provided to the login process by an access requester associated with authorized use of the token;

generating a nonce in the token after successfully validating the password; and

passing the nonce to the client application process,wherein the nonce is used by the client application process during execution of the user privileged operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method, a client and a token for providing a nonce during a login associated with the token in a multi-user computer system. A login process is activated after token insertion by a request to execute a user privileged operation made by a client application process. If a password provided to the login process by an access requester associated with authorized use of the token is validated in the token, a nonce is generated in the token. The password is passed to the token in a command and the nonce is passed to the client application process in a response to the command. The nonce is used by the client application process or any other additional processes during execution of the user privileged operation. Additional nonces, including those based on security level can be generated and passed to additional client application processes as execution of user privileged operations is requested.

104 Citations

View as Search Results

24 Claims

1. A method of providing a nonce during a login associated with a token in a multi-user computer system, the multi-user computer system including a client, the method comprising:
- activating a login process after inserting the token into a token interface associated with the multi-user computer system, the login process activated by a request to execute a user privileged operation made by a client application process;
  
  validating, in the token, a password provided to the login process by an access requester associated with authorized use of the token;
  
  generating a nonce in the token after successfully validating the password; and
  
  passing the nonce to the client application process,wherein the nonce is used by the client application process during execution of the user privileged operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the user privileged operation includes access to a resource associated with the multi-user computer system, access to a user privileged data object in the token for at least one of creation, modification, reading, writing, and deletion of the data object, and logout.
  - 3. The method of claim 1, further comprising providing the nonce to at least one of a plurality of additional client application processes associated with the client, the nonce used by the at least one of the plurality of additional client application processes during execution of the user privileged operation and one or more additional user privileged operations.
  - 4. The method of claim 1, further comprising providing a plurality of different nonces to a corresponding plurality of additional client application processes registering with the client, the plurality of different nonces used by the additional client application processes during execution of the user privileged operation and one or more additional user privileged operations.
  - 5. The method of claim 4, wherein the plurality of different nonces are each allocated to the additional client application processes based on different security levels.
  - 6. The method of claim 1, further comprising storing the nonce in a volatile memory associated with the token.
  - 7. The method of claim 1, further comprising storing the nonce in a memory associated with the client.
  - 8. The method of claim 4, further comprising storing the plurality of different nonces in at least one of a volatile memory associated with the token and a memory associated with the client.
  - 9. The method of claim 1, wherein the token includes one of a smartcard and a universal serial bus (USB) token.
  - 10. An apparatus configured to perform the method of claim 1.
  - 11. A computer readable medium comprising computer executable instructions for performing the method of claim 1.

12. A client in a token-access multi-user computer system for providing access to information on a secure basis to an authorized requester associated with a token, the token having a memory including a volatile memory area, the multi-user computer system including a token interface coupled to the client, the client comprising:
- a client memory; and
  
  a client processor coupled to the client memory, the client processor configured to;
  
  activate a login process in response to a request to execute a user privileged operation;
  
  collect a password provided by an access requester associated with authorized use of the token during operation of the login process and transmit the password to the token in a command; and
  
  receive a nonce from the token in a response to the command after the password is successfully validated by the token,wherein the nonce is used by a client application process during execution of the user privileged operation.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The client of claim 12, further comprising providing the nonce to at least one additional client application process associated with the client, the nonce used by the at least one additional client application process during execution of the user privileged operation and one or more additional user privileged operations.
  - 14. The client of claim 12, further comprising providing a plurality of different nonces to a corresponding plurality of additional client application processes registering with the client, the plurality of different nonces used by the plurality of additional client application processes during execution of the user privileged operation and any additional user privileged operations.
  - 15. The client of claim 14, wherein the plurality of different nonces are each allocated to the plurality of additional client application processes based on different security levels.
  - 16. The client of claim 12, wherein the user privileged operation includes access to a resource associated with the multi-user computer system, access to a user privileged data object in the token for at least one of creation, modification, reading, writing, and deletion of the data object, and logout.
  - 17. The client of claim 12, wherein the client processor is further configured to store the nonce in the client memory.
  - 18. The client of claim 12, wherein the nonce is stored in the volatile memory area associated with the token.
  - 19. The client of claim 12, wherein the command and the response are compliant with ISO 7816 part 4, section 5.3.

20. A token for insertion into a multi-user computer system, the token interfacing with a client application process, the token comprising:
- a memory having a volatile memory area; and
  
  a processor coupled to the memory, the processor configured to;
  
  activate an interface process in response to insertion of the token into the multi-user computer system, the interface process for validating a password received in a command from the client application process, the command generated in response to a request to execute a user privileged operation in the client application process;
  
  generate a nonce upon validation of the password;
  
  return the nonce to the client application process in a response to the command; and
  
  store the nonce in the volatile memory area of the memory.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The token of claim 20, wherein the processor is further configured to:
    - generate one of a plurality of different nonces based on a parameter associated with the command; and
      
      return the one of the plurality different nonces to respective one of a plurality of different client application processes associated with the parameter, the one of the plurality of different nonces required during execution of the user privileged operation and any additional user privileged operations.
  - 22. The token of claim 20, wherein the processor is further configured to:
    - generate different nonces based on different security levels; and
      
      return one of the different nonces to a respective one of a plurality of different client application processes based on a respective security level associated with the respective one of the plurality of different client application processes.
  - 23. The token of claim 20, wherein the processor is further configured to process a request for execution of a user privileged operation by comparing a value associated with the request with the nonce and allowing the execution of the user privileged operation if the comparison is successful.
  - 24. The token of claim 20, wherein the command and the response are compliant with ISO 7816, part 4, section 5.3.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert

Granted Patent

US 8,332,637 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/77   in smart cards

G06F 2221/2139   Recurrent verification

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Methods and systems for nonce generation in a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

104 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for nonce generation in a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links