System and Method for Securing a Credential via User and Server Verification

US 20120137128A1
Filed: 02/06/2012
Published: 05/31/2012
Est. Priority Date: 12/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing a credential during an attempt to access a network service, comprising:

transferring a credential from an authentication token to a secure processor using near field communication (NFC);

storing the credential in the secure processor;

authenticating an identity of an individual presenting the authentication token;

cryptographically authenticating a server associated with the network service; and

releasing the credential to the server if the identity of the individual is successfully authenticated and the server is successfully authenticated.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

Citations

20 Claims

1. A method for securing a credential during an attempt to access a network service, comprising:
- transferring a credential from an authentication token to a secure processor using near field communication (NFC);
  
  storing the credential in the secure processor;
  
  authenticating an identity of an individual presenting the authentication token;
  
  cryptographically authenticating a server associated with the network service; and
  
  releasing the credential to the server if the identity of the individual is successfully authenticated and the server is successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the transferring includes:
    - transferring a transaction identifier from the authentication token to the secure processor that includes a monotonically increasing value that corresponds to each transaction entered into by the authentication token.
  - 3. The method of claim 1, wherein the authenticating includes:
    - receiving authentication data for the individual.
  - 4. The method of claim 3, wherein the authentication data for the individual includes a password.
  - 5. The method of claim 3, wherein the authentication data for the individual includes a shared secret.
  - 6. The method of claim 3, wherein the authentication data for the individual includes a biometric template of the individual.
  - 7. The method of claim 1, wherein the cryptographically authenticating includes:
    - receiving a message including a digital certificate of the server, wherein the digital certificate includes a digital signature; and
      
      authenticating the received digital certificate by authenticating the digital signature with a public key of the server.
  - 8. The method of claim 1, wherein the cryptographically authenticating includes:
    - transmitting a random value as a challenge to the server;
      
      receiving a digital signature from the server, wherein the digital signature is a hash value encrypted using a private key of the server and the hash value includes a hash of a server identifier and the random value;
      
      decrypting the digital signature with a public key of the server to obtain the hash value;
      
      generating a hash value including a hash of the server identifier and the random value; and
      
      comparing the decrypted hash value and the generated hash value.
  - 9. The method of claim 1, wherein the cryptographically authenticating includes:
    - transmitting a client hello message to the server, wherein the client hello message includes a listing of cryptographic algorithms supported by the secure processor;
      
      receiving a server hello message in response to the client hello message, wherein the server hello message includes a selection of a cryptographic algorithm from the listing of cryptographic algorithms in the client hello message;
      
      receiving a digital certificate from the server;
      
      validating the digital certificate of the server; and
      
      transmitting a client key exchange message to the server, wherein the client exchange message sets a premaster secret to be used for communication between the server and the secure processor.

10. A method for securing a credential during an attempt to access a network service, comprising:
- establishing a secure connection between the secure processor and a computing device;
  
  receiving, in the secure processor, a credential from an authentication token via near field communication (NFC);
  
  receiving, in the secure processor, authentication data for an individual from the computing device via the secure connection, andverifying, in the secure processor, the identity of the individual and cryptographically verifying a server hosting the network service prior to releasing the credential for transmission to the server.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the receiving includes:
    - storing, in the secure processor, the credential received from the authentication token.
  - 12. The method of claim 10, wherein the receiving of the credential includes:
    - receiving a transaction identifier from the authentication token that includes a monotonically increasing value that corresponds to each transaction entered into by the authentication token.
  - 13. The method of claim 10, wherein the authentication data for the individual includes a password.
  - 14. The method of claim 10, wherein the authentication data for the individual includes a shared secret.
  - 15. The method of claim 10, wherein the authentication data for the individual includes a biometric template of the individual.

16. A system for securing a credential during an attempt to access a network service, comprising:
- a secure processor configured to;
  
  receive a credential from an authentication token using near field communication (NFC),authenticate an identity of an individual presenting the authentication token,cryptographically authenticate a server associated with the network service, andrelease the credential to the server if the identity of the individual is successfully authenticated and the server is successfully authenticated; and
  
  a secure memory configured to store the credential.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the credential is a transaction identifier from the authentication token that includes a monotonically increasing value that corresponds to each transaction entered into by the authentication token.
  - 18. The system of claim 16, wherein the secure processor is further configured to receive authentication data for the individual.
  - 19. The system of claim 16, wherein the authentication data includes a password.
  - 20. The system of claim 16, wherein the authentication data includes a biometric template of the individual.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
BUER, Mark

Granted Patent

US 8,689,290 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 9/32   including means for verifyi...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

System and Method for Securing a Credential via User and Server Verification

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Securing a Credential via User and Server Verification

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links