Virtual smart card system and method

US 7,085,931 B1
Filed: 09/03/1999
Issued: 08/01/2006
Est. Priority Date: 09/03/1999
Status: Expired due to Term

First Claim

Patent Images

1. A public key authentication system for use in a computer system having a plurality of users, the system comprising:

a virtual smart card server;

storage connected to the virtual smart card server, wherein the storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key; and

a virtual smart card agent connected to the virtual smart card server, wherein the virtual smart card agent includes a user authentication interface for use by a user in entering a one-time password, wherein the virtual smart card agent authenticates the user using the one-time password and accesses the authenticated user'"'"'s virtual smart card to obtain the user'"'"'s private key.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user'"'"'s virtual smart card to obtain the user'"'"'s private key.

259 Citations

14 Claims

1. A public key authentication system for use in a computer system having a plurality of users, the system comprising:
- a virtual smart card server;
  
  storage connected to the virtual smart card server, wherein the storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key; and
  
  a virtual smart card agent connected to the virtual smart card server, wherein the virtual smart card agent includes a user authentication interface for use by a user in entering a one-time password, wherein the virtual smart card agent authenticates the user using the one-time password and accesses the authenticated user'"'"'s virtual smart card to obtain the user'"'"'s private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The public key authentication system according to claim 1, wherein the virtual smart card agent includes an interface to a smart-card-enabled application.
  - 3. The public key authentication system according to claim 2, wherein the virtual smart card server performs encryption in response to a remote call from the interface.
  - 4. The public key authentication system according to claim 2, wherein the virtual smart card server performs signing in response to a remote call from the interface.
  - 5. The public key authentication system according to claim 2, wherein the virtual smart card server performs key management functions in response to a remote call from the interface.
  - 6. The public key authentication system according to claim 1, wherein the public key authentication system further includes an authentication server connected to the virtual smart card agent and wherein the virtual smart card agent authenticates the user through interaction with the authentication server.
  - 7. The public key authentication system according to claim 1, wherein the public key authentication system further includes an authentication server connected to the virtual smart card server, wherein the authentication server includes means for authenticating a user using a one-time password authentication token.
  - 8. The public key authentication system according to claim 1, wherein the virtual smart card agent communicates with the virtual smart card server over an agent-server transport layer.
  - 9. The public key authentication system according to claim 1, wherein the virtual smart card agent communicates with the virtual smart card server over a secure TCP/IP session.
  - 10. The method of claim 1, wherein entering a one-time password includes displaying the one-time password on an authentication token.

11. A method of authenticating users, including a first user, attempting to access a computer system, the method comprising:
- assigning first and second keys to each user, wherein the first and second key form a public/private key pair;
  
  issuing a digital certificate to the first user, wherein the digital certificate is associated with the second key assigned to the first user;
  
  entering a one-time password;
  
  encrypting the one-time password with the first key assigned to the first user to form an encrypted one-time password;
  
  verifying that the digital certificate issued to the first user was signed by a recognized certificate authority;
  
  accessing, via the digital certificate, the second key assigned to the first user;
  
  decrypting the encrypted one-time password with the second key associated with the digital certificate to recover the one-time password; and
  
  comparing the one-time password against an expected one-time password.
- View Dependent Claims (12, 13, 14)
- - 12. The method according to claim 11, wherein the first key is a private key and the second key is a public key.
  - 13. The method according to claim 11, wherein verifying that the digital certificate issued to the first user was signed by a recognized certificate authority includes accessing a CRL to determine if the certificate has been revoked.
  - 14. A computer-readable medium comprising program code which executes the method of claim 11.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Data Security (Israel) Ltd.
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Levenberg, Richard, Smith, Lawrence
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/389,540
Time in Patent Office

2,524 Days
Field of Search

380/25, 713168-173, 713/175, 713/176, 713182-186, 713200-202
US Class Current

713/182
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2103   Challenge-response

G06Q 20/351   Virtual cards

H04L 63/0442   wherein the sending and rec...

H04L 63/0838   using one-time-passwords

H04L 63/126   the source of the received ...

Virtual smart card system and method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

259 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual smart card system and method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

259 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links