EFFICIENT TWO-FACTOR AUTHENTICATION

US 20100235900A1
Filed: 03/03/2010
Published: 09/16/2010
Est. Priority Date: 03/13/2009
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method, comprising:

receiving a card challenge;

receiving a user-provided credential;

combining the card challenge with the user-provided credential; and

transforming the combination of the card challenge and user-provided credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are provided for an efficient two-factor authentication process. In particular, a card challenge is combined with a user-provided password or similar user-based credential before a transformation of the data is performed. Once the combined challenge and user-provided credential have been transformed, the transformed data is used as a basis for authentication verification.

Citations

20 Claims

1. An authentication method, comprising:
- receiving a card challenge;
  
  receiving a user-provided credential;
  
  combining the card challenge with the user-provided credential; and
  
  transforming the combination of the card challenge and user-provided credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the user-provided credential includes one or more of a PIN, a fingerprint scan, a facial scan, a retinal scan, and a voice sample.
  - 3. The method of claim 2, wherein the card challenge includes or is calculated based on one or more of a card identification number, a card serial number, a seed value, a counter value, and a site code.
  - 4. The method of claim 3, wherein combining the card challenge with the user-provided credential comprises calculating an XOR value of the card challenge and the user-provided credential and wherein transforming the combination of the card challenge and user-provided credential comprises encrypting the calculated XOR value with a secret encryption key to create a transformed value.
  - 5. The method of claim 4, further comprising:
    - providing the transformed value from a first authenticating entity which performed the combining and transforming steps to a second authenticating entity;
      
      comparing, by the second authenticating entity, the transformed value with an expected transformed value; and
      
      subsequent to the comparing step, applying the following rule set;
      
      in the event that the transformed value matches the expected transformed value, permitting a holder of the first or second authenticating entity to access an asset secured by the other of the first or second authenticating entity; and
      
      in the event that the transformed value does not match the expected transformed value, restricting a holder of the first or second authenticating entity to access an asset secured by the other of the first or second authenticating entity.
  - 6. The method of claim 5, wherein, in the event that the transformed value matches the expected transformed value, the second authenticating entity authenticates both the first authenticating entity and a holder of the first or second authenticating entity at substantially the same time.
  - 7. The method of claim 5, wherein the second authenticating entity comprises a card and wherein the first authenticating entity comprises one of a terminal and authentication server.
  - 8. The method of claim 7, wherein the card comprises one or more of an RFID, an ICC, a key fob, a mobile phone, and a PDA.

9. A secure access system, comprising:
- a card being assigned to an authorized card holder and being carried by an actual card holder;
  
  a terminal adapted to communicate with the card via a communication link, wherein one or both of the card and terminal are adapted to verify an authenticity of the other of the card and terminal as well as verify that the actual card holder is the authorized card holder by analyzing a combined authentication value that includes a combination of card authentication information and user authentication information, wherein the card authentication information is obtained from the card, wherein the user authentication information is obtained from the actual card holder, and wherein the combined authentication value comprises a single number that was calculated based on the card authentication information and the user authentication information.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the user authentication information includes one or more of a PIN, a fingerprint scan, a facial scan, a retinal scan, and a voice sample.
  - 11. The system of claim 10, wherein the card authentication information includes or is calculated based on one or more of a card identification number, a card serial number, a seed value, a counter value, and a site code.
  - 12. The system of claim 11, wherein the combined authentication value comprises an XOR value calculated based on the card authentication information and the user authentication information.
  - 13. The system of claim 12, wherein the combined authentication value is further encrypted with a secret encryption key and transferred from one of the card and terminal to the other of the card and terminal for analysis.
  - 14. The system of claim 13, wherein one or both of the card and terminal are capable of applying the following rule set based on an analysis of the combined authentication value:
    - in the event that the combined authentication value, or an encryption thereof, matches an expected value, permitting the actual card holder to access an asset secured by the terminal; and
      
      in the event that the combined authentication value, or an encryption thereof, does not match the expected value, restricting the actual card holder to access an asset secured by the terminal.
  - 15. The system of claim 9, wherein the card comprises one or more of an RFID, an ICC, a key fob, a mobile phone, and a PDA.

16. A computer program product comprising computer executable instructions stored onto a computer readable medium which, when executed by a processor of a computer, cause the processor to execute a method, the method comprising:
- receiving card authentication information;
  
  receiving user authentication information;
  
  determining a combined authentication value by combining the card authentication information with the user authentication information; and
  
  transmitting the combined authentication value to one of a card and terminal such that the combined authentication value, or a transformation thereof, can be analyzed by an analyzing device, thereby enabling the analyzing device to confirm a trusted relationship exists between the card and terminal and an actual holder of the card is an authorized holder of the card.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the card comprises the analyzing device.
  - 18. The method of claim 16, wherein the terminal comprises the analyzing device.
  - 19. The method of claim 16, further comprising:
    - encrypting the combined authentication value with a secret encryption key prior to transmission of the combined authentication value to one of the card and terminal.
  - 20. The method of claim 16, wherein the user authentication information includes one or more of a PIN, a fingerprint scan, a facial scan, a retinal scan, and a voice sample, wherein the card authentication information includes or is calculated based on one or more of a card identification number, a card serial number, a seed value, a counter value, and a site code, and wherein the combined authentication value comprises an XOR value calculated based on the card authentication information and the user authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Guthery, Scott B., Robinton, Mark

Application Number

US12/716,845
Publication Number

US 20100235900A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/34 involving the use of extern...

EFFICIENT TWO-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT TWO-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links