PROXIMITY AUTHENTICATION
First Claim
1. A method of verifying presence of a token at a computer, the method comprising:
- creating a communication link between the token and the computer;
activating a process on the computer that creates a session key with the token;
publishing an availability of the process;
accepting a token authentication request from an other process;
providing a token authentication response to the other process;
validating the token authentication response;
continuing a session with the other process following a valid token authentication response; and
ending the session following a failed token authentication response.
2 Assignments
0 Petitions
Accused Products
Abstract
A security token is coupled to a computer and is available for use by both local and remote processes for on-demand response to a challenge. To minimize the security risk of an unattended session, the challenge may be issued to verify the presence of the token. When the token has a user interface, it may be used in conjunction with the computer to require that a user also participate in transferring displayed data between the token and computer. This helps to ensure that not only the token, but the user are both present at the computer during operation. For the most sensitive operations, such a confirmation may be required with each data submission.
72 Citations
20 Claims
-
1. A method of verifying presence of a token at a computer, the method comprising:
-
creating a communication link between the token and the computer; activating a process on the computer that creates a session key with the token; publishing an availability of the process; accepting a token authentication request from an other process; providing a token authentication response to the other process; validating the token authentication response; continuing a session with the other process following a valid token authentication response; and ending the session following a failed token authentication response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for verifying presence of a token at a computer comprising:
-
the token including a cryptographic unit, a secure memory, and a communication link for maintaining a communication session with the computer; and the computer, including; a port for maintaining the communication session with the computer; a processor for executing programmable instructions; and a memory for storing processor-executable programmable instructions comprising; an interface module that presents an application program interface (API) for communicating with the token; and a program module that initially authenticates the token and thereafter periodically presents a challenge to the token via the API and interrupts an associated session when the token fails to provide a valid response to the challenge. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-readable medium having computer-executable instructions for causing a processor in a computer to implement a method comprising:
-
establishing a session with a security token; cryptographically authenticating the security token; presenting an application program interface (API) that allows communication with the security token using the session; passing a presence challenge from a process to the security token via the API; returning a response to the presence challenge to the process via the API; validating the response to the presence challenge at the process; and deactivating the process when the validating fails. - View Dependent Claims (18, 19, 20)
-
Specification