Authentication token

US 7,865,738 B2
Filed: 06/20/2002
Issued: 01/04/2011
Est. Priority Date: 05/10/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for generating secure passwords for use by at least one authentication server in authenticating a user of an authentication token and an authentication token interface device, in response to the user seeking access to protected computer resources of at least one server, comprising:

said authentication token interface device operable to interact with said authentication token to generate said secure passwords in response to input of a unique consumer code by the user into said authentication token interface device and upon authenticating of said unique consumer code by said authentication token;

said authentication token interface device having;

a processor, firmware, a user interface, an I/O interface compatible with said authentication token, and a dynamic variable generator;

said authentication token having;

a processor, firmware, an operating system, a data store, an I/O interface compatible with said authentication token interface device, a key generation algorithm, and a password application;

said authentication token storing at least;

(i) a secret key, (ii) a changing register value, (iii) a seed value and (iv) said unique consumer code;

said password application generating said secure passwords by;

(i) combining said changing register value with a dynamic variable generated by said dynamic variable generator to produce a payload, (ii) encrypting said payload with said secret key to produce an encrypted payload and, (iii) combining least significant bits of said encrypted payload with least significant bits of said dynamic variable to produce a new secure password; and

said key generation algorithm;

(i) generating a new secret key and a new seed value following the generation of a first of said secure passwords and of said new secure password, said new secret key being derived from said secret key, said changing register value, and said seed value, and said new seed value being derived from said secret key, said changing register value, and said seed value, (ii) replacing said secret key and said seed value with said new secret key and said new seed value in storage of said authentication token, and (iii) changing said changing register value by a change value to result in a new changing register value after generation of said new secret key and said new seed value;

wherein, after generation of said first of said secure passwords and of said new secure password, said dynamic variable is changed to a new dynamic variable by said dynamic variable generator.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.

69 Citations

View as Search Results

23 Claims

1. A system for generating secure passwords for use by at least one authentication server in authenticating a user of an authentication token and an authentication token interface device, in response to the user seeking access to protected computer resources of at least one server, comprising:
- said authentication token interface device operable to interact with said authentication token to generate said secure passwords in response to input of a unique consumer code by the user into said authentication token interface device and upon authenticating of said unique consumer code by said authentication token;
  
  said authentication token interface device having;
  
  a processor, firmware, a user interface, an I/O interface compatible with said authentication token, and a dynamic variable generator;
  
  said authentication token having;
  
  a processor, firmware, an operating system, a data store, an I/O interface compatible with said authentication token interface device, a key generation algorithm, and a password application;
  
  said authentication token storing at least;
  
  (i) a secret key, (ii) a changing register value, (iii) a seed value and (iv) said unique consumer code;
  
  said password application generating said secure passwords by;
  
  (i) combining said changing register value with a dynamic variable generated by said dynamic variable generator to produce a payload, (ii) encrypting said payload with said secret key to produce an encrypted payload and, (iii) combining least significant bits of said encrypted payload with least significant bits of said dynamic variable to produce a new secure password; and
  
  said key generation algorithm;
  
  (i) generating a new secret key and a new seed value following the generation of a first of said secure passwords and of said new secure password, said new secret key being derived from said secret key, said changing register value, and said seed value, and said new seed value being derived from said secret key, said changing register value, and said seed value, (ii) replacing said secret key and said seed value with said new secret key and said new seed value in storage of said authentication token, and (iii) changing said changing register value by a change value to result in a new changing register value after generation of said new secret key and said new seed value;
  
  wherein, after generation of said first of said secure passwords and of said new secure password, said dynamic variable is changed to a new dynamic variable by said dynamic variable generator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein said data store stores said unique consumer code which is compared with said unique consumer code input by the user to authenticate said user'"'"'s input.
  - 3. The system of claim 2, wherein said unique consumer code is a color code.
  - 4. The system of claim 1, wherein said authentication token is personalized by initializing at least one of said seed value and said secret key.
  - 5. The system of claim 1, wherein said dynamic vatiable is a function of time.
  - 6. The system of claim 5, wherein said function of time is derived from a source external to said authentication token.
  - 7. The system of claim 5, wherein said function of time is derived from a source internal to said authentication token.
  - 8. The system of claim 1, wherein said authentication token derives power from an external source.
  - 9. The system of claim 1, wherein said authentication token derives power from an internal source.
  - 10. The system of claim 1, wherein said authentication token interface device derives power from an internal source.
  - 11. The system of claim 1, wherein said authentication token interface device and said authentication token are combined into a single device.

12. A method of generating secure passwords for use by at least one authentication server in authenticating a user of an authentication token and an authentication token interface device, in response to the user seeking access to protected computer resources of at least one server, the method comprising:
- storing, by the authentication token;
  
  (i) a unique consumer code (ii) a changing register value (iii) a secret key and, (iv) a seed value;
  
  generating, by the authentication token interface device, a dynamic variable;
  
  forwarding, by the authentication token interface device, the unique consumer code to the authentication token;
  
  authenticating, by the authentication token, the unique consumer code forwarded by the authentication token interface device;
  
  forwarding, by the authentication token interface device, the dynamic variable to the authentication token, in response to the authenticating;
  
  combining, by the authentication token, the dynamic variable with the changing register value to produce a payload;
  
  encrypting, by the authentication token, the payload using the secret key to produce an encrypted payload;
  
  combining, by the authentication token, least significant bits of the encrypted payload with least significant bits of the dynamic variable to produce a new secure password;
  
  executing, by the authentication token, a key generating algorithm to;
  
  (i) produce a new secret key derived from the changing register value, the secret key, and the seed value, and produce a new seed value derived from the changing register value, the secret key, and the seed value, (ii) replace the secret key and the seed value with the new secret key and the new seed value stored in the authentication token, and (iii) change the changing register value by a change value to result in a new changing register value after generation of the new secret key and the new seed value; and
  
  changing, after producing the new secure password, the dynamic variable to a new dynamic variable.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method of claim 12, further comprising inputting the unique consumer code by the user into the authentication token interface device.
  - 14. The method of claim 12, wherein the authenticating, by the authentication token, includes comparing the unique consumer code forwarded by the authentication token interface device with the unique consumer code stored by the authentication token.
  - 15. The method of claim 12, wherein the unique consumer code is a color code.
  - 16. The method of claim 12, further comprising personalizing the authentication token by initializing the seed value.
  - 17. The method of claim 12, wherein the dynamic variable is a function of time.
  - 18. The method of claim 17, wherein the function of time is derived from a source external to said authentication token.
  - 19. The method of claim 17, wherein the function of time is derived from a source internal to said authentication token.
  - 20. The method of claim 12, further comprising passing the secure password to a third party for use in authenticating the user.
  - 21. The method of claim 20, wherein the passing of the secure password to the third party includes communicating the secure password by at least one of a phone, a PC device, and a voice.
  - 22. The method of claim 12, further comprising personalizing the authentication token by initializing at least one of the seed value and the secret key.
  - 23. The method of claim 12, further comprising providing a single device combining the authentication token interface device and the authentication token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auth Token LLC (Jeffrey M. Gross)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Buck, Peter, Newport, Peter
Primary Examiner(s)
PATEL, NIRAV B

Application Number

US10/176,974
Publication Number

US 20030212894A1
Time in Patent Office

3,120 Days
Field of Search

713/159, 713168-173, 713/189, 713/161, 713182-185, 380 44- 47, 380 28- 29, 380/249, 235/375, 235/380, 235/382, 705 65- 67, 726/9, 726/20, 726/2, 726/5, 726/10, 726/19, 340/5.81, 340/5.85
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/385   using an alias or single-us...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

Authentication token

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication token

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links