MOBILE SMARTCARD BASED AUTHENTICATION

US 20090150667A1
Filed: 11/26/2008
Published: 06/11/2009
Est. Priority Date: 12/07/2007
Status: Active Grant

First Claim

Patent Images

1. Method for processing authentication information in a smartcard reader, the method comprising the following steps:

receiving a challenge in the smartcard reader and sending the challenge to a smartcard;

receiving a response to the challenge from the smartcard, said response having at least a first part and a second part;

in response to having received the challenge in the smartcard reader via an interface to a computing device during normal authentication, sending said response to said computing device;

in response to having received the challenge in the smartcard reader via an interface to a computing device during an authentication preparation phase, sending the first part of the response to the computing device; and

in response to having received the challenge in the smartcard reader via a user interface of the smartcard reader, presenting at least the second part of the response to a user via the user interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an authentication server, information representing a first part of a response to a challenge is received during the authentication preparation phase. The challenge and the first part of the response are stored for further use. The challenge is resent and information representing a second part of the response to the challenge is received during a modified authentication phase. The first and second parts of the response are checked against the challenge for authenticating the user. In a smartcard reader, the response received from the smartcard is sent to a computing device, when the smartcard reader received the challenge via an interface to the computing device during normal authentication. In response to the smartcard reader having received the challenge via the interface to the computing device during an authentication preparation phase, the smartcard reader sends the first part of the response to the computing device. In response to the smartcard reader having received the challenge via a user interface, it presents at least the second part of the response to a user via the user interface.

9 Citations

View as Search Results

20 Claims

1. Method for processing authentication information in a smartcard reader, the method comprising the following steps:
- receiving a challenge in the smartcard reader and sending the challenge to a smartcard;
  
  receiving a response to the challenge from the smartcard, said response having at least a first part and a second part;
  
  in response to having received the challenge in the smartcard reader via an interface to a computing device during normal authentication, sending said response to said computing device;
  
  in response to having received the challenge in the smartcard reader via an interface to a computing device during an authentication preparation phase, sending the first part of the response to the computing device; and
  
  in response to having received the challenge in the smartcard reader via a user interface of the smartcard reader, presenting at least the second part of the response to a user via the user interface.
- View Dependent Claims (2, 3, 4, 5)
- - 2. Method as defined in claim 1, wherein the second part of the response comprises a limited number of digits, preferably between 6 and 12 digits, selected from the complete response.
  - 3. Method as defined in claim 1, further comprising selecting the second part of the response in accordance with a predefined mask.
  - 4. Method as defined in claim 3, further comprising negotiating the mask during the authentication preparation phase.
  - 5. Method as defined in any of claim 1, further comprising using cryptography techniques for processing challenges and responses.

6. Computer program product comprising a computer usable medium having computer usable program code for processing authentication information in a smartcard reader, said computer program product including:
- computer usable program code for receiving a challenge in the smartcard reader and sending the challenge to a smartcard;
  
  computer usable program code for receiving a response to the challenge from the smartcard, said response having at least a first part and a second part;
  
  computer usable program code for sending said response to said computing device in response to having received the challenge in the smartcard reader via an interface to a computing device during normal authentication;
  
  computer usable program code for sending the first part of the response to the computing device in response to having received the challenge in the smartcard reader via an interface to a computing device during an authentication preparation phase; and
  
  computer usable program code for presenting at least the second part of the response to a user via the user interface in response to having received the challenge in the smartcard reader via a user interface of the smartcard reader.

7. A smartcard reader device comprising:
- a user interface component for presenting information to a user and receiving input information from the user;
  
  a first component for providing an interface to a computing device for at least receiving a challenge from the computing device;
  
  a second component for providing an interface to a smartcard for at least sending a challenge to the smartcard and receiving a response to the challenge from the smartcard, said response having at least a first part and a second part; and
  
  a processing component for controlling operation of the smartcard reader, the processing component causing;
  
  the first component to send a response received from the smartcard to said computing device in response to the smartcard reader having received the respective challenge via the interface to the computing device during normal authentication;
  
  the first component to send the first part of a response received from the smartcard to the computing device in response to the smartcard reader having received the respective challenge via the interface to the computing device during an authentication preparation phase; and
  
  the user interface component to present at least the second part of a response received from the smart card via the user interface component in response to the smartcard reader having received the respective challenge via the user interface component.

8. Method for processing authentication information in an authentication server, the method comprising the following steps:
- sending a challenge during an authentication preparation phase for authenticating a user;
  
  in response to sending the challenge during an authentication preparation phase, receiving information representing a first part of a response to the challenge;
  
  storing the challenge and the first part of the response during the authentication preparation phase for further use during modified authentication;
  
  resending the challenge during modified authentication for authenticating the user;
  
  in response to resending the challenge, receiving information representing a second part of the response to the challenge; and
  
  checking the first and second parts of the response against the challenge and successfully authenticating the user during the modified authentication if the response proves to be valid.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. Method as defined in claim 8, further comprising generating and storing a set of challenges and a set of first parts of the respective responses during the authentication preparation phase.
  - 10. Method as defined in claim 9, further comprising removing challenges from the set of challenges after use during the modified authentication.
  - 11. Method as defined in claim 10, further comprising notifying the user when a number of challenges in the set of challenges is below a predefined value.
  - 12. Method as defined in claim 9, further comprising triggering the authentication preparation phase when a number of challenges is below a predefined value.
  - 13. Method as defined in claim 8, further comprising triggering the modified authentication and resending the challenge when a predefined criterion is fulfilled.
  - 14. Method as defined in claim 13, wherein the predefined criterion is one of the following:
    - the authentication server is triggered by a module to resend a challenge, andthe authentication server is blocked by a module from sending a new challenge.
  - 15. Method as defined in claim 8, further comprising using cryptography techniques for processing challenges and responses.
  - 16. Method as defined in claim 8, wherein the second part of the response comprises a limited number of digits, preferably between 6 and 12 digits, selected from the complete response.
  - 17. Method as defined in claim 8, further comprising selecting the second part of the response in accordance with a predefined mask.
  - 18. Method as defined in claim 17, further comprising negotiating the mask during the authentication preparation phase.

19. Computer program product comprising a computer usable medium having computer usable program code for processing authentication information in an authentication server, said computer program product including:
- computer usable program code for sending a challenge during an authentication preparation phase for authenticating a user;
  
  computer usable program code for receiving, in response to sending the challenge during an authentication preparation phase, information representing a first part of a response to the challenge;
  
  computer usable program code for storing the challenge and the first part of the response during the authentication preparation phase for further use during modified authentication;
  
  computer usable program code for resending the challenge during modified authentication for authenticating the user;
  
  computer usable program code for receiving, in response to resending the challenge, information representing a second part of the response to the challenge; and
  
  computer usable program code for checking the first and second parts of the response against the challenge and successfully authenticating the user during the modified authentication if the response proves to be valid.

20. Computing system for processing information, said computing system comprising:
- means for sending a challenge during an authentication preparation phase for authenticating a user;
  
  means for receiving, in response to sending the challenge during an authentication preparation phase, information representing a first part of a response to the challenge;
  
  means for storing the challenge and the first part of the response during the authentication preparation phase for further use during modified authentication;
  
  means for resending the challenge during modified authentication for authenticating the user;
  
  means for receiving, in response to resending the challenge, information representing a second part of the response to the challenge; and
  
  means for checking the first and second parts of the response against the challenge and successfully authenticating the user during the modified authentication if the response proves to be valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Baltzer, Boris

Granted Patent

US 8,132,244 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 2221/2103   Challenge-response

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

MOBILE SMARTCARD BASED AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE SMARTCARD BASED AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links