Dynamic challenge-response authentication and verification of identity of party sending or receiving electronic communication
First Claim
1. A method for securely transmitting information between a first device and a second device, comprising the steps of:
- storing a primary key at the first device and at the second device;
encrypting a selected string of characters to generate a secondary key using the primary key at the first device;
transmitting the secondary key from the first device to the second device;
selecting, by a user of the first device, a subset of the characters in the selected string of characters;
entering, by the user, an input code to the first device, the input code representing the selected subset of characters;
reproducing the selected string of characters at the second device by applying the primary key to the secondary key; and
transmitting the input code from the first device to the second device.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for verifying and authenticating the identity of participants in electronic communication. The identity of a recipient communication device, such as a computer, can be verified. A primary key generated from a master key is stored at a sending device and the recipient device. Based on the primary key, the sending device generates a passphrase and an associated secondary key, which includes an encrypted form of the recreation process the passphrase. The secondary key is transmitted to the recipient device, which can reconstruct the passphrase by decrypting the secondary key using the primary key. By reconstructing the passphrase, the secondary key verifies that it has used the correct primary key. The identity of a user of a communication device can be verified and authenticated, as well. The user is issued an authorization key, a copy of which is stored at a remote communication device with respect to the user. Using the authorization code, the user selects specified character positions of the passphrase and enters the resulting input code to the local communication device. The input code is transmitted to the remote communication device. Entering the appropriate input code verifies that the user possesses the authorization code.
-
Citations
21 Claims
-
1. A method for securely transmitting information between a first device and a second device, comprising the steps of:
-
storing a primary key at the first device and at the second device;
encrypting a selected string of characters to generate a secondary key using the primary key at the first device;
transmitting the secondary key from the first device to the second device;
selecting, by a user of the first device, a subset of the characters in the selected string of characters;
entering, by the user, an input code to the first device, the input code representing the selected subset of characters;
reproducing the selected string of characters at the second device by applying the primary key to the secondary key; and
transmitting the input code from the first device to the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
transmitting, from the first device to the second device, information having been encoded in a form such that the first device can access the information only by applying the selected string of characters to the information; and
at the second device, applying the selected string of characters to the information so as to access the encoded information.
-
-
4. A method as defined claim 3, wherein the step of applying the selected string of characters comprises the step of entering a passphrase including the selected string of characters to a password entry field at the second device, the password entry field being associated with software for encoding the information.
-
5. A method as defined in claim 1, further comprising the step of comparing, at the second device, the transmitted input code to an expected input code, wherein, a match between the transmitted input code and the expected input code indicates to the second device that the user of the first device is authorized to access resources.
-
6. A method as defined in claim 1, wherein the step of selecting a subset of the characters in the string of characters comprises the step of applying an ordered series of character positions specified in an authentication code possessed by the user to the characters in the string of characters.
-
7. A method as defined in claim 1, further comprising the step of iteratively conducting the steps of:
-
storing a new primary key at the first device and at the second device;
encrypting, at the first device, a new string of characters to generate a new secondary key;
transmitting the new secondary key from the first device to the second device; and
reproducing the new string of characters at the second device by applying the new primary key to the new secondary key.
-
-
8. A method as defined in claim 1, further comprising the steps of:
-
storing a second primary key at the first device and at another second device;
encrypting, at the first device, a second string of characters to generate a second secondary key;
transmitting the second secondary key from the first device to the second device; and
reproducing the second string of characters at the second device by applying the second primary key to the second secondary key.
-
-
9. A method as defined in claim 1, wherein the step of storing the primary key at the first device and at the second device comprises the steps of:
-
generating the primary key using a master key; and
distributing the primary key to both the first device and the second device.
-
-
10. A method of securely transmitting information over a communication network from a first device to a second device at a remote location with respect to the first device, comprising the steps of:
-
storing a primary key at the first device and at the second device;
generating a secondary key at the first device using the primary key, the secondary key representing a passphrase in an encrypted form, the passphrase including of a selected string of characters;
transmitting, from the first device to the second device;
information having been encoded in a form such that the first device can access the information only by use of the passphrase in an unencrypted form; and
the secondary key;
applying, at the second device, the primary key to the secondary key so as to reproduce the passphrase in the unencrypted form; and
accessing the encoded information at the second device using the passphrase, wherein the step of accessing the encoded information comprises the step of entering the reproduced passphrase to a password entry field at the second device, the password entry field being associated with software for accessing the encoded information. - View Dependent Claims (11, 12)
-
-
13. A method for verifying the identity of a party participating in transmission of information, comprising the steps of:
-
assigning an authorization code to the party, the authorization code specifying an ordered series of one or more character positions of a passphrase, wherein the passphrase includes a plurality of characters;
displaying the passphrase to the party;
selecting, by the party, characters of the passphrase that reside in the one or more character positions specified by the authorization code;
entering, by the party, an input code representing the selected characters; and
in response to the input code, determining that the identity of the party is recognized and granting the party access to resources. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. In a communication system including a first device and a second device, the first device and second device capable of communicating one with another over a communication network, a method for verifying the identity of a person engaging in communication over the network, comprising the steps of:
-
storing a primary key at the second device;
at the first device, encrypting a selected string of characters included in a passphrase to generate a secondary key using a copy of the primary key;
transmitting the secondary key from the first device to the second device;
reproducing the selected string of characters at the second device to generate a secondary key by applying the primary key to the secondary key;
displaying at least a portion of the passphrase to the person;
selecting, by the person, characters of the passphrase that reside at character positions of the passphrase, the character positions being specified by an authorization code assigned to the person, a copy of the authorization code being accessible by the second device;
entering, by the person, an input code to the first device, the input code being derived by the person based on the selected characters;
transmitting the input code from the first device to the second device;
comparing, by the second device, the transmitted input code to an expected input code generated by the second device by applying the copy of the authorization code to the reproduced selected string of characters; and
if the transmitted input code is the same as the expected input code, then granting the person access to resources. - View Dependent Claims (20, 21)
-
Specification