STRONG AUTHENTICATION TOKEN GENERATING ONE-TIME PASSWORDS AND SIGNATURES UPON SERVER CREDENTIAL VERIFICATION
First Claim
1. An apparatus for generating security values for use in interactions with a server, said apparatus comprising trustworthy means to communicate information to a user, a data input interface for receiving server credential information, a processor for performing a verification of said server credential, and a processor for generating security values conditional on said verification, said generating of security values being performed using a first secret shared between said apparatus and said server and said verification of said server credential information being performed using a second secret shared between said apparatus and said server.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token'"'"'s trustworthy interfaces
329 Citations
41 Claims
- 1. An apparatus for generating security values for use in interactions with a server, said apparatus comprising trustworthy means to communicate information to a user, a data input interface for receiving server credential information, a processor for performing a verification of said server credential, and a processor for generating security values conditional on said verification, said generating of security values being performed using a first secret shared between said apparatus and said server and said verification of said server credential information being performed using a second secret shared between said apparatus and said server.
- 12. An apparatus for producing and communicating to a user security values for use in interactions with a server, said apparatus comprising trustworthy means to communicate information to a user, a data input interface for receiving server credential information, and an interface to cooperate with a removable security device in order to generate security values conditional on verification of said server credential information, said generating of security values being performed using a first secret shared between said removable security device and said server and said verification of said server credential information being performed using a second secret shared between said removable security device or said apparatus and said server.
Specification