System and methods for maintaining and distributing personal security devices

US 7,111,172 B1
Filed: 07/19/1999
Issued: 09/19/2006
Est. Priority Date: 07/19/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for securely providing information comprising the steps of:

(a) at a storage server, receiving from a client information identifying a personal security device;

(b) in response to receiving said information identifying said personal security device, sending from the storage server to the client said personal security device;

(c) at an authentication server, receiving authentication information from the client; and

(d) responsive to said authentication information, sending from a key server to the client decryption information for decrypting said personal security device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to methods and apparatus for securely accessing and providing information including the use of a personal security device on a client where the client is subject to compromise.

310 Citations

47 Claims

1. A method for securely providing information comprising the steps of:
- (a) at a storage server, receiving from a client information identifying a personal security device;
  
  (b) in response to receiving said information identifying said personal security device, sending from the storage server to the client said personal security device;
  
  (c) at an authentication server, receiving authentication information from the client; and
  
  (d) responsive to said authentication information, sending from a key server to the client decryption information for decrypting said personal security device.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising implementing the storage server and the authentication server on the same computer.
  - 3. The method of claim 1, further comprising implementing the authentication server and the key server on the same computer.

4. A method for enabling a client to access secure information contained in a personal security device, said method comprising:
- at a storage server, receiving from the client a request identifying the personal security device containing secure information;
  
  in response to receiving said request, sending the personal security device from the storage server to the client;
  
  at an authentication server, receiving from the client a key query that includes authentication information;
  
  at the authentication server, authenticating the client based on the received authentication information; and
  
  as a consequence of authenticating the client, sending a key from a key server to the client, said key for decrypting the personal security device to access the secure information.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 5. The method of claim 4, wherein the personal security device contains information necessary to make a secure network connection between a network client and a network server.
  - 6. The method of claim 4, wherein the personal security device contains information necessary to make a secure virtual private network connection.
  - 7. The method of claim 4, wherein authenticating involves validating said authentication information.
  - 8. The method of claim 4, wherein the received authentication information includes a time-based authentication code.
  - 9. The method of claim 4, wherein the key query identifies the personal security device.
  - 10. The method of claim 4, wherein authenticating the client involves:
    - in response to receiving the key query, sending the client an authentication challenge; and
      
      receiving at the authentication server a response from the client to the authentication challenge, said response including said authentication information.
  - 11. The method of claim 4, further comprising implementing the storage server and the authentication server on the same computer.
  - 12. The method of claim 4, further comprising implementing the authentication server and the key server on the same computer.
  - 13. The method of claim 4, wherein the personal security device contains a cryptographic key.
  - 14. The method of claim 4, wherein the personal security device contains a password.
  - 15. The method of claim 4, wherein the personal security device contains private or secret information selected from a group consisting of a medical record, contact information, a personal identification number, biometric information, a transaction record, and a map revealing a location of a resource.
  - 16. The method of claim 4, wherein sending the key to the client involves transmitting the key through a connection to a computer network.
  - 17. The method of claim 16, wherein the network connection is unencrypted.
  - 18. The method of claim 16, wherein the network connection is encrypted.
  - 19. The method of claim 16, wherein the computer network is the Internet.
  - 20. The method of claim 4, wherein the received authentication information includes a single-use code.
  - 21. The method of claim 4, wherein the received authentication information includes a event-based code.
  - 22. The method of claim 4, wherein the received authentication information includes biometric information.

23. A method implemented by a client for accessing secure information, said method comprising:
- receiving a personal security device from a third party, said personal security device containing the secure information;
  
  sending a key request including authentication information to an authentication server;
  
  in response to sending the authentication information to the authentication server, receiving from a key server a key for decrypting the personal security device; and
  
  with the received key, decrypting the personal security device to access the secure information.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 24. The method of claim 23, wherein the personal security device contains information necessary to make a secure network connection between a network client and a network server.
  - 25. The method of claim 23, wherein the personal security device contains information necessary to make a secure virtual private network connection.
  - 26. The method of claim 23, wherein receiving the personal security device involves receiving a smartcard that contains the personal security device stored thereon.
  - 27. The method of claim 23, further comprising storing the received key in a volatile memory.
  - 28. The method of claim 23, wherein said key request identifies the personal security device.
  - 29. The method of claim 23, further comprising sending information to a storage server identifying the personal security device, and wherein receiving the personal security device from the third party involves receiving the identified personal security device from the storage server.
  - 30. The method of claim 23, wherein sending the key request and authentication information comprises, in response to sending the key request, receiving from the authentication server an authentication challenge and responding to the authentication challenge with the authentication information.
  - 31. The method of claim 23, further comprising, after decrypting the personal security device, completely erasing the received key from all client memory.
  - 32. The method of claim 23, further comprising, after accessing the secure information, completely erasing the decrypted personal security device and the secure information from all client memory.
  - 33. The method of claim 23, wherein the personal security device contains a cryptographic key.
  - 34. The method of claim 23, wherein the personal security device contains a password.
  - 35. The method of claim 23, wherein receiving the key from the key server involves receiving the key through a connection to a computer network.
  - 36. The method of claim 35, wherein the network connection is unencrypted.
  - 37. The method of claim 35, wherein the network connection is encrypted.
  - 38. The method of claim 35, wherein the computer network is the Internet.
  - 39. The method of claim 23, further comprising generating a single-use code and wherein the authentication information comprises the single-use code.
  - 40. The method of claim 23, further comprising generating a event-based code and wherein the authentication information comprises the event-based code.
  - 41. The method of claim 23, further comprising generating biometric information and wherein the authentication information comprises the biometric information.
  - 42. The method of claim 23, further comprising using an authentication token to generate the authentication information.
  - 43. The method of claim 42, wherein the authentication token is a hardware device independent of the client.
  - 44. The method of claim 42, wherein the authentication token is connected to the client.
  - 45. The method of claim 42, wherein the authentication token is software running on the client.
  - 46. The method of claim 42, wherein the authentication token is software running on a processor independent of the client.
  - 47. The method of claim 23, wherein receiving the encrypted personal security device involves receiving the personal security device as an electronic communication over a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Röstin, Peter, Duane, William
Primary Examiner(s)
Arani, Taghi T.

Application Number

US09/356,600
Time in Patent Office

2,619 Days
Field of Search

713/201, 713/193, 713/185, 713/168, 713/170, 713/182, 713/194, 380/23, 380/25, 380/30, 380/277, 380/278, 726/2, 726/8, 726/9, 726/15, 726/18, 726/26
US Class Current

713/182
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0853   using an additional device,...

System and methods for maintaining and distributing personal security devices

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

310 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for maintaining and distributing personal security devices

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

310 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links