DEVICE AND METHOD FOR IDENTIFICATION AND AUTHENTICATION

US 20100199334A1
Filed: 04/23/2007
Published: 08/05/2010
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A device for identification and authentication of a remote holder of the device connecting to a service over a network, wherein the device comprises a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a variant and unique authentication code as a sequence of emulated keystrokes through the keyboard input of a client terminal, said code being transmitted only by an explicit command of the holder of the device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user.

85 Citations

View as Search Results

28 Claims

1. A device for identification and authentication of a remote holder of the device connecting to a service over a network, wherein the device comprises a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a variant and unique authentication code as a sequence of emulated keystrokes through the keyboard input of a client terminal, said code being transmitted only by an explicit command of the holder of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. A device in accordance with claim 1, wherein said authentication code is encrypted with a cryptographic key prior to being sent, said cryptographic key being stored in the device in a way that it cannot be retrieved from the outside.
  - 3. A device in according with claim 1, wherein said authentication code is sent in conjunction with a static identification code, uniquely identifying the holder of the device.
  - 4. A device in accordance with claim 3, wherein additional data being stored in the device is transmitted in conjunction with said authentication code.
  - 5. A device in accordance with claim 1, wherein the device comprises input means to receive a command code from the holder of the device and a reference command code is stored in the device, where upon completion of entry of said command code, said command code is compared with said stored reference command code and if found to be equal, the device is enabled to transmit said authentication code.
  - 6. A device in accordance with claim 5, wherein said input means comprises a single trigger key only, said key being an integral part of the device.
  - 7. A device in accordance with claim 5, wherein said input means comprises a biometric scanner capable to record biometric data from the holder of the device.
  - 8. A device in accordance with claim 5, wherein said device comprises a keypad and the command code comprises a Personal Identification Number (PIN).
  - 9. A device in accordance with claim 5, where said input means comprises a plurality of oriental sensitive switches and said command code comprises a motional stimulus to said switches, known to the device holder only.
  - 10. A device in accordance with claim 5, where said input means comprises certain keystrokes entered on a default keyboard, where said keystrokes generates output messages that can be intercepted by the device.
  - 11. A device in accordance with claim 7, wherein said input means comprises a holding reference biometric template, said reference biometric template being used to determine if the user is authentic.
  - 12. A device in accordance with claim 1, wherein said code comprises a non-volatile linear counter which is incremented each time an identification process is initiated.
  - 13. A device in accordance with claim 1, wherein said authentication code comprises a free-running time counter which is being captured and transmitted as a part of said authentication code.
  - 14. A device in accordance with claim 5, wherein the device is made an integral part of a keyboard peripheral.
  - 15. A device in accordance with claim 5, wherein the device is made an integral part of a pointing device peripheral.
  - 16. A device in accordance with claim 5, wherein the device further comprises a non-volatile memory which emulates a traditional detachable memory token where access to said memory is disabled until a valid command code has been entered.
  - 17. A device in accordance with claim 1, wherein the device comprises a non-volatile memory bank which is identified by the host computer as a memory peripheral, known as a Mass Storage Device.
  - 18. A device in accordance with claim 17, wherein access to said memory is restricted and controlled by said input means.
  - 19. A device in accordance with claim 17, wherein the device comprises a contact-less interface which is being used to configure the device prior to deployment to the holder of the device.
  - 20. A device in accordance with claim 17, wherein the device comprises a Radio Frequency IDentification (RFID) interface, said interface being used to identify said device in an RFID infrastructure.
  - 21. A device in accordance with claim 17, wherein the device is pre-programmed to allow connection to a plurality of independent services.
  - 22. A device in accordance with claim 17, wherein the device comprises means to generate an authentication code by a software command sent over the network from a computer it is connected to.
  - 23. A device in accordance with claim 17, wherein the device comprises means for at least one cryptographic operation on data sent to the device, where a result of said cryptographic operation can be read back.
  - 24. A device in accordance with claim 1, where said device further comprises means to perform at least one cryptographic operation on data that is sent to the device, where the result of said cryptographic operation can be read back.
  - 25. A device in accordance with claim 1, being used to authenticate a user connecting to a service over a computer network where an additional user-supplied secret code is used to further strengthen the authentication process if the device is lost.
  - 26. A device in accordance with claim 1, where the device is divided into two separate parts where one part comprises the interface to said client terminal and the second part said processing means.
  - 27. A device in accordance with claim 26 where communication between said two parts is performed with Radio Frequency (RF) telemetry.
  - 28. A device in accordance with claim 26 where said first part is a reader peripheral emulating a keyboard and the second part a Smart Card conforming to any of the standards ISO 7816 or ISO 14443.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yubico AB
Original Assignee
Cypak AB
Inventors
Ehrensvärd, Stina, Ehrensvärd, Jakob

Granted Patent

US 8,806,586 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3236   using cryptographic hash fu...

DEVICE AND METHOD FOR IDENTIFICATION AND AUTHENTICATION

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE AND METHOD FOR IDENTIFICATION AND AUTHENTICATION

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links