KEY CAMOUFLAGING METHOD USING A MACHINE IDENTIFIER

US 20110113237A1
Filed: 11/03/2010
Published: 05/12/2011
Est. Priority Date: 11/06/2009
Status: Active Grant

First Claim

Patent Images

1. A method of generating a user one-time passcode (OTP) for a provider account, the method comprising:

providing a passcode application to a user device;

providing a cardstring to the passcode application, wherein;

the cardstring is defined by the provider account, andthe cardstring is defined by at least one key that is camouflaged with at least one of a personal identification number (PIN) and a machine effective speed calibration (MESC);

providing the at least one of the PIN and the MESC to the passcode application;

wherein the passcode application is configured to generate a passcode configured as the user OTP for the provider account using the cardstring and the at least one of the PIN and the MESC; and

generating the user OTP on the user device using the passcode application and the cardstring.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine.

Citations

20 Claims

1. A method of generating a user one-time passcode (OTP) for a provider account, the method comprising:
- providing a passcode application to a user device;
  
  providing a cardstring to the passcode application, wherein;
  
  the cardstring is defined by the provider account, andthe cardstring is defined by at least one key that is camouflaged with at least one of a personal identification number (PIN) and a machine effective speed calibration (MESC);
  
  providing the at least one of the PIN and the MESC to the passcode application;
  
  wherein the passcode application is configured to generate a passcode configured as the user OTP for the provider account using the cardstring and the at least one of the PIN and the MESC; and
  
  generating the user OTP on the user device using the passcode application and the cardstring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - providing a fingerprint code (FPC) to the user device using a provisioning server;
      
      collecting FPC information from the user device using the FPC;
      
      generating the MESC using the FPC information and a MESC generator;
      
      camouflaging the at least one key with the at least one of the PIN and the MESC to provide at least one camouflaged key; and
      
      generating the cardstring using the at least one camouflaged key and the provisioning server.
  - 3. The method of claim 2, wherein camouflaging the at least one key further comprises:
    - generating the at least one key, wherein the at least one key is defined by the provider account;
      
      modifying the at least one key to create a modified key;
      
      encrypting the at least one modified key with the at least one of the PIN and the MESC to create the at least one camouflaged key; and
      
      generating the cardstring using the at least one camouflaged key.
  - 4. The method of claim 2, wherein collecting FPC information from the user device further comprises:
    - measuring a runtime of one or more iterations of a portion of the FPC on the user device; and
      
      counting a number of iterations completed by a portion of the FPC in a fixed amount of time on the user device.
  - 5. The method of claim 2, wherein generating the MESC further comprises:
    - determining an average or other statistical parameter of a portion of the FPC information; and
      
      applying a clustering algorithm to a portion of the FPC information.
  - 6. The method of claim 1, further comprising:
    - providing the user OTP to an authenticating server;
      
      generating an authenticating OTP using the authenticating server;
      
      comparing the authenticating OTP and the user OTP; and
      
      providing an authorization result to one of a provider system and the user.
  - 7. The method of claim 6, further comprising:
    - wherein the provider system is one of a payment system, a transaction system, an authentication system, a secure access system, and a secure data repository; and
      
      wherein the authorization result is one of a payment authorization, a transaction authorization, an authentication authorization, a system access authorization, and a data access authorization.
  - 8. The method of claim 1, further comprising:
    - providing a data element to the passcode application; and
      
      generating the user OTP on the user device using the data element.
  - 9. The method of claim 8,wherein the data element is one of a challenge and the MESC.
  - 10. The method of claim 1, wherein the key is one of a symmetric key, a Data Encryption Standard (DES) key, an Advanced Encryption Standard (AES) key, a secret, a secret byte array, a seed, and a controlled datum.
  - 11. The method of claim 1,wherein the cardstring is configured as one of an Eurocard, MasterCard and Visa (EMV) cardstring and an OTP cardstring;
    - andwherein the key is configured as one of a Unique DEA Key A (UDKA), a Unique DEA Key B (UDKB) key, and a secret configured to generate one of a standardized counter-based OTP (HOTP), a time-based OTP (TOTP), and a counter-based OTP.
  - 12. The method of claim 1, further comprising:
    - providing another cardstring to the passcode application, wherein the passcode application is configured to generate another passcode configured as another user OTP for another provider account using the another cardstring;
      
      wherein the another cardstring is defined by at least another key, wherein the at least another key is camouflaged with at least one of another PIN and another MESC;
      
      providing the at least one of the another PIN and the another MESC to the passcode application; and
      
      generating the another user OTP for the another provider account on the user device using the another cardstring.
  - 13. The method of claim 12, further comprising:
    - providing a plurality of passcode generating algorithms to the passcode application;
      
      providing a plurality of cardstrings to the passcode application, wherein;
      
      each respective one of the plurality of cardstrings is defined by a respective one of a plurality of provider accounts, andeach respective one of the plurality of cardstrings is defined by at least one respective key that is camouflaged with at least one of a respective PIN and a respective MESC;
      
      wherein the passcode application is configured to generate a respective passcode configured as a respective user one time passcode (OTP) for the respective one of the plurality of provider accounts, using one of the plurality of passcode generating algorithms and the respective one of the plurality of cardstrings;
      
      selecting one of the plurality of provider accounts;
      
      providing the at least one of the respective PIN and the respective MESC for the selected one of the plurality of provider accounts to the passcode application; and
      
      generating the respective user OTP for the selected one of the plurality of provider accounts on the user device using the respective one of the plurality of cardstrings and the respective one of the plurality of passcode generating algorithms.

14. A system for providing a one-time passcode (OTP), for a provider account, the system comprising:
- a user device configured to receive a passcode application, a fingerprint code (FPC);
  
  a cardstring, and a personal identification number (PIN);
  
  wherein the FPC is configured to collect FPC information from the user device;
  
  a machine effective speed calibration (MESC) generator configured to generate a MESC using the FPC information; and
  
  a provisioning server configured to provide a cardstring to the user device;
  
  wherein the cardstring is defined by at least one camouflaged key that is camouflaged with at least one of the PIN and the MESC; and
  
  wherein the passcode application is configured to generate a passcode configured as a user OTP for the provider account using the cardstring.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the FPC is configured to collect FPC information by one of:
    - measuring a runtime of one or more iterations of a portion of the fingerprint code on the user device; and
      
      counting a number of iterations completed by a portion of the fingerprint code in a fixed amount of time on the user device.
  - 16. The system of claim 14, wherein the MESC generator is configured to generate a MESC by one of:
    - determining an average or other statistical parameter of a portion of the FPC information; and
      
      applying a clustering algorithm to a portion of the FPC information.
  - 17. The system of claim 14,wherein the passcode application is configured to execute at least one passcode generating algorithm;
    - wherein the at least one passcode generating algorithm is configured to generate one of an Europay, MasterCard, and Visa (EMV) OTP, a standardized counter-based OTP (HOTP), a time-based OTP (TOTP), and a counter-based OTP; and
      
      wherein the passcode application executes the at least one passcode generating algorithm to generate the user OTP for the provider account.
  - 18. The system of claim 14,wherein the passcode application is configured to receive a data element;
    - andwherein the passcode application uses the data element to generate the user OTP for the provider account.
  - 19. The system of claim 14, further comprising:
    - an authenticating server configured to receive the user OTP;
      
      wherein the authenticating server is configured to provide an authenticating OTP and an authorization result to one of a provider system and the user.
  - 20. The system of claim 14, wherein the at least one camouflaged key is configured as a modified key encrypted with the at least one of the PIN and the MESC;
    - andwherein the modified key is defined by the provider account, and is configured as one of;
      
      a symmetric key, a Data Encryption Standard (DES) key, an Advanced Encryption Standard (AES) key, a secret, a secret byte array, a seed, and a controlled datum.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Arcot Systems, Inc. (Broadcom, Inc.)
Inventors
Varadarajan, Rammohan, Hird, Geoffrey

Granted Patent

US 8,533,460 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/602   Providing cryptographic fac...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/0866   involving user or device id...

H04L 9/3228   One-time or temporary data,...

KEY CAMOUFLAGING METHOD USING A MACHINE IDENTIFIER

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

KEY CAMOUFLAGING METHOD USING A MACHINE IDENTIFIER

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links