HANDHELD MULTIPLE ROLE ELECTRONIC AUTHENTICATOR AND ITS SERVICE SYSTEM

US 20100241850A1
Filed: 03/17/2009
Published: 09/23/2010
Est. Priority Date: 03/17/2009
Status: Abandoned Application

First Claim

Patent Images

1. A handheld electronic multi-role identification authenticator providing a plurality of dynamic authentication codes associated with a plurality of service providers comprising:

a keypad unit operable to receive key inputs;

a display unit operable to display codes;

a plurality of foils, each foil storing a first secret key, a first communication key, and a plurality of dynamic variables; and

a computing unit operable to generate a plurality of dynamic authentication codes in accordance with a predetermined algorithm, each dynamic authentication code generated based on the first secret key and the dynamic variables stored on one of said foils.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a handheld electronic authenticator and its service system that provide multiple dynamic authentication codes for authenticating with multiple service providers. The authenticator provides multiple dynamic authentication codes (e.g., including electronic signatures) for the multiple service providers, using an algorithm, secret key and dynamic variables chosen and maintained by the service provider.

34 Citations

View as Search Results

41 Claims

1. A handheld electronic multi-role identification authenticator providing a plurality of dynamic authentication codes associated with a plurality of service providers comprising:
- a keypad unit operable to receive key inputs;
  
  a display unit operable to display codes;
  
  a plurality of foils, each foil storing a first secret key, a first communication key, and a plurality of dynamic variables; and
  
  a computing unit operable to generate a plurality of dynamic authentication codes in accordance with a predetermined algorithm, each dynamic authentication code generated based on the first secret key and the dynamic variables stored on one of said foils.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The handheld electronic multi-role identification authenticator of claim 1, wherein the service provider provides the first secret key encrypted using a second communication key corresponding to the first communication key according to a first cryptology scheme, andwherein the authenticator decrypts the first secret key using the first communication key and stores the first secret key in the foil associated with the service provider.
  - 3. The handheld electronic multi-role identification authenticator of claim 1, further comprising:
    - a storage unit operable to store a second secret key and a third communication key, wherein the second secret key and the third communication key are predetermined by a manufacturer of the authenticator and known by a server of the authenticator.
  - 4. The handheld electronic multi-role identification authenticator of claim 3,wherein the server of the authenticator provides maintenance information encrypted using a fourth communication key corresponding to the third communication key according to a second cryptology scheme, andwherein the authenticator decrypts the maintenance information using the third communication key and stores the maintenance information in the storage unit.
  - 5. The handheld electronic multi-role identification authenticator of claim 2, wherein the first cryptology scheme is a symmetric scheme, wherein the first communicate key is identical to the second communication key.
  - 6. The handheld electronic multi-role identification authenticator of claim 2, wherein the first cryptology scheme is an asymmetric scheme, wherein the first communicate key is a private key of the asymmetric scheme and the second communication key is a public key of the asymmetric scheme.
  - 7. The handheld electronic multi-role identification authenticator of claim 3, wherein the second cryptology scheme is a symmetric scheme, wherein the third communicate key is identical to the fourth communication key.
  - 8. The handheld electronic multi-role identification authenticator of claim 3, wherein the second cryptology scheme is an asymmetric scheme, wherein the third communication key is a private key of the asymmetric scheme and the fourth communication key is a public key of the asymmetric scheme.
  - 9. The handheld electronic multi-role identification authenticator of claim 3, wherein the manufacturer provides the server of the authenticator.
  - 10. The handheld electronic multi-role identification authenticator of claim 1, wherein the storage unit is further operative to store a public name of the authenticator, wherein the public name of the authenticator is maintained by a server of the authenticator.
  - 11. The handheld electronic multi-role identification authenticator of claim 1, further comprising:
    - a communication unit operable to communicate over a communication channel;
  - 12. The handheld electronic multi-role identification authenticator of claim 1, further comprising:
    - a biometric unit operable to receive biometric information for authentication.
  - 13. The handheld electronic multi-role identification authenticator of claim 1, wherein one of the dynamic variables is a trace variable.
  - 14. The handheld electronic multi-role identification authenticator of claim 13, wherein the trace variable is a time-based variable updated periodically when a predetermined time has elapsed according to a predetermined method.
  - 15. The handheld electronic multi-role identification authenticator of claim 13, wherein the trace variable is an event-based variable updated when a predetermined event has occurred according to a predetermined method.
  - 16. The handheld electronic multi-role identification authenticator of claim 1, wherein one of the dynamic variables is an action variable updated when the authenticator performs a predetermined action according to a predetermined method.
  - 17. The handheld electronic multi-role identification authenticator of claim 16, wherein each foil is further operable to store a plurality of static data maintained by the service provider.
  - 18. The handheld electronic multi-role identification authenticator of claim 16, wherein one of the static data is a public name of the foil.
  - 19. The handheld electronic multi-role identification authenticator of claim 16, wherein one of the static data is a PIN of the foil.

20. A method of a service provider authenticating using a handheld electronic multi-role authenticator associated with a plurality of service providers, comprising:
- receiving from the authenticator a first dynamic authentication code generated based on a plurality of dynamic variables and a secret key using a predetermined algorithm;
  
  generating a first dynamic verification code generated based on the dynamic variables and the secret key using the predetermined algorithm;
  
  comparing the first dynamic authentication code to the first dynamic verification code; and
  
  determining authenticity based on a result of the comparison,wherein the secret key is generated by the service provider and the plurality of dynamic variables is maintained by the service provider.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of claim 20, wherein the determining comprises:
    - authenticating if the first dynamic authentication code is identical to the first dynamic verification code.
  - 22. The method of claim 21, wherein the determining comprises:
    - a) varying the dynamic variables in a first predetermined range if the first dynamic authentication code is not identical to the first dynamic verification code;
      
      b) generating a new authentication code based on the varied dynamic variables and the secret key using the predetermined algorithm;
      
      c) comparing the first dynamic authentication code to the new dynamic verification code;
      
      d) authenticating if the first dynamic authentication code is identical to the new dynamic verification code;
      
      e) repeating steps a)-d) if the first dynamic authentication code is not identical to the new dynamic verification code;
      
      f) rejecting if the first dynamic authentication code is outside a second predetermined range; and
      
      g) requesting a second dynamic authentication code from the authenticator if the first dynamic authentication code is not identical to all new dynamic verification codes generated in the first predetermined range.
  - 23. The method of claim 22, wherein the requesting comprises:
    - sending by the service provider a request for the second dynamic authentication code to the authenticator, said request containing command and data for setting the dynamic variables maintained by the service provider;
      
      setting the dynamic variables in the authenticator based on the command and data contained in the request;
      
      generating the second dynamic authentication code based on the set dynamic variables and sending the new dynamic authentication code to the service provider; and
      
      determining authenticity of the second dynamic authentication code by the service provider.
  - 24. The method of claim 23, wherein the determining authenticity of the second dynamic authentication code comprises:
    - receiving from the authenticator the second dynamic authentication code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      generating a second dynamic verification code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      comparing the second dynamic authentication code to the second dynamic verification code;
      
      authenticating if the second dynamic authentication code is identical to the second dynamic verification code; and
      
      rejecting if the second dynamic authentication code is not identical to the second dynamic verification code.
  - 25. The method of claim 21, wherein the authenticating is with respect to authenticating an identity of the user of the authenticator and wherein the predetermined algorithm is an identity authenticating algorithm.
  - 26. The method of claim 21, wherein the authenticating is with respect to the authenticating an electronic signature of the user of the authenticator and wherein the predetermined algorithm is a signature authenticating algorithm.

27. A method of authentication for conducting a transaction using a handheld electronic multi-role authenticator associated with a plurality of service providers, comprising:
- providing a dynamic authentication code associated with a service provider;
  
  providing a public name associated with the authentication code;
  
  identifying a server of the service provider based on the public name; and
  
  authenticating the dynamic authentication code with the identified server of the service provider.
- View Dependent Claims (28, 29, 33, 34)
- - 28. The method of claim 27, wherein the authenticating comprising:
    - receiving from the authenticator a first dynamic authentication code generated based on a plurality of dynamic variables and a secret key using a predetermined algorithm;
      
      generating a first dynamic verification code generated based on the dynamic variables and the secret key using the predetermined algorithm;
      
      comparing the first dynamic authentication code to the first dynamic verification code; and
      
      determining authenticity based on a result of the comparison,wherein the secret key is generated by the service provider and the plurality of dynamic variables is maintained by the service provider.
  - 29. The method of claim 28, wherein the determining comprises:
    - authenticating if the first dynamic authentication code is identical to the first dynamic verification code.
  - 33. The method of claim 28, wherein the authenticating is with respect to authenticating an identity of the user of the authenticator and wherein the predetermined algorithm is an identity authenticating algorithm.
  - 34. The method of claim 28, wherein the authenticating is with respect to the authenticating an electronic signature of the user of the authenticator and wherein the predetermined algorithm is a signature authenticating algorithm.

30. The method of 28, wherein the determining comprises:
- a) varying the dynamic variables in a first predetermined range if the first dynamic authentication code is not identical to the first dynamic verification code;
  
  b) generating a new authentication code based on the varied dynamic variables and the secret key using the predetermined algorithm;
  
  c) comparing the first dynamic authentication code to the new dynamic verification code;
  
  d) authenticating if the first dynamic authentication code is identical to the new dynamic verification code;
  
  e) repeating steps a)-d) if the first dynamic authentication code is not identical to the new dynamic verification code;
  
  f) rejecting if the first dynamic authentication code is outside a second predetermined range; and
  
  g) requesting a second dynamic authentication code from the authenticator if the first dynamic authentication code is not identical to all new dynamic verification codes generated in the first predetermined range.

31. The method of 30, wherein the requesting comprises:
- sending by the service provider a request for the second dynamic authentication code to the authenticators said request containing command and data for setting the dynamic variables maintained by the service provider;
  
  setting the dynamic variables in the authenticator based on the command and data contained in the request;
  
  generating the second dynamic authentication code based on the set dynamic variables and sending the new dynamic authentication code to the service provider; and
  
  determining authenticity of the second dynamic authentication code by the service provider.
- View Dependent Claims (32)
- - 32. The method of claim 31, wherein the determining authenticity of the second dynamic authentication code comprises:
    - receiving from the authenticator the second dynamic authentication code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      generating a second dynamic verification code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      comparing the second dynamic authentication code to the second dynamic verification code; and
      
      authenticating if the second dynamic authentication code is identical to the second dynamic verification code; and
      
      rejecting if the second dynamic authentication code is not identical to the second dynamic verification code.

35. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method of a service provider authenticating using a handheld electronic multi-role authenticator associated with a plurality of service providers, comprising:
- receiving from the authenticator a first dynamic authentication code generated based on a plurality of dynamic variables and a secret key using a predetermined algorithm;
  
  generating a first dynamic verification code generated based on the dynamic variables and the secret key using the predetermined algorithm;
  
  comparing the first dynamic authentication code to the first dynamic verification code; and
  
  determining authenticity based on a result of the comparison,wherein the secret key is generated by the service provider and the plurality of dynamic variables is maintained by the service provider.
- View Dependent Claims (36, 37, 38, 39, 40, 41)
- - 36. The program storage device of claim 35, wherein the determining comprises:
    - authenticating if the first dynamic authentication code is identical to the first dynamic verification code.
  - 37. The program storage device of claim 36, wherein the determining comprises:
    - a) varying the dynamic variables in a first predetermined range if the first dynamic authentication code is not identical to the first dynamic verification code;
      
      b) generating a new authentication code based on the varied dynamic variables and the secret key using the predetermined algorithm;
      
      c) comparing the first dynamic authentication code to the new dynamic verification code;
      
      d) authenticating if the first dynamic authentication code is identical to the new dynamic verification code;
      
      e) repeating steps a)-d) if the first dynamic authentication code is not identical to the new dynamic verification code;
      
      f) rejecting if the first dynamic authentication code is outside a second predetermined range; and
      
      g) requesting a second dynamic authentication code from the authenticator if the first dynamic authentication code is not identical to all new dynamic verification codes generated in the first predetermined range.
  - 38. The program storage device of claim 37, wherein the requesting comprises:
    - sending by the service provider a request for the second dynamic authentication code to the authenticator, said request containing command and data for setting the dynamic variables maintained by the service provider;
      
      setting the dynamic variables in the authenticator based on the command and data contained in the request;
      
      generating the second dynamic authentication code based on the set dynamic variables and sending the new dynamic authentication code to the service provider; and
      
      determining authenticity of the second dynamic authentication code by the service provider.
  - 39. The program storage device of claim 38, wherein the determining authenticity of the second dynamic authentication code comprises:
    - receiving from the authenticator the second dynamic authentication code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      generating a second dynamic verification code generated based on the reset dynamic variables and the secret key using the predetermined algorithm;
      
      comparing the second dynamic authentication code to the second dynamic verification code;
      
      authenticating if the second dynamic authentication code is identical to the second dynamic verification code; and
      
      rejecting if the second dynamic authentication code is not identical to the second dynamic verification code.
  - 40. The program storage device of claim 36, wherein the authenticating is with respect to authenticating an identity of the user of the authenticator and wherein the predetermined algorithm is an identity authenticating algorithm.
  - 41. The program storage device of claim 36, wherein the authenticating is with respect to the authenticating an electronic signature of the user of the authenticator and wherein the predetermined algorithm is a signature authenticating algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chuyu Xiong
Original Assignee
Chuyu Xiong
Inventors
Xiong, Chuyu

Application Number

US12/405,707
Publication Number

US 20100241850A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 21/35 communicating wirelessly

HANDHELD MULTIPLE ROLE ELECTRONIC AUTHENTICATOR AND ITS SERVICE SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

HANDHELD MULTIPLE ROLE ELECTRONIC AUTHENTICATOR AND ITS SERVICE SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links