Authentication device and method

US 7,882,553 B2
Filed: 03/06/2007
Issued: 02/01/2011
Est. Priority Date: 02/20/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, incompatible cryptographic scheme for generating a password, the apparatus comprising:

a communications interface for communicating with a said device; and

a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to;

generate a dynamic password according to the first cryptographic scheme; and

generate intermediate cryptogram data from said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second, incompatible cryptographic scheme to generate a password, the said device outputs said dynamic password generated according to the first cryptographic scheme.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, different cryptographic scheme, the apparatus including: a communications interface for communicating with a said device; and a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to: generate a dynamic password according to the first cryptographic scheme; and generate intermediate cryptogram data corresponding to said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password.

Citations

21 Claims

1. An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, incompatible cryptographic scheme for generating a password, the apparatus comprising:
- a communications interface for communicating with a said device; and
  
  a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to;
  
  generate a dynamic password according to the first cryptographic scheme; and
  
  generate intermediate cryptogram data from said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second, incompatible cryptographic scheme to generate a password, the said device outputs said dynamic password generated according to the first cryptographic scheme.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. An apparatus according to claim 1, wherein the dynamic password comprises a one-time password.
  - 3. An apparatus according to claim 1, wherein the first cryptographic scheme comprises an Open Authentication scheme.
  - 4. An apparatus according to claim 1, wherein the first cryptographic scheme comprises RSA SecureID.
  - 5. An apparatus according to claim 1, wherein the second cryptographic scheme comprises a Chip Authentication Program (CAP) scheme.
  - 6. An apparatus according to claim 1, wherein code to control the processor to generate intermediate cryptogram data comprises code to:
    - generate decimal dynamic password data corresponding to said dynamic password;
      
      generate reverse decimal dynamic password data corresponding to said decimal dynamic password data; and
      
      pad said reverse decimal dynamic password data to produce said intermediate cryptogram data.
  - 7. An apparatus according to claim 6, wherein code to pad said reverse decimal dynamic password data includes code to insert bits according to a CAP Issuer Proprietary Bitmap.
  - 8. An apparatus according to claim 6, wherein code to pad said reverse decimal dynamic password data includes code to incorporate check digit data corresponding to one or more check digits.
  - 9. An apparatus according to claim 1, wherein a portion of possible dynamic passwords in the first cryptographic scheme cannot be displayed using the said device, and wherein code to generate a dynamic password comprises code to generate dynamic passwords repeatedly until a dynamic password is found which can be displayed using the said device.
  - 10. An apparatus according to claim 9, wherein said portion of possible dynamic passwords comprises dynamic passwords having leading zeros.
  - 11. An apparatus according to claim 9, wherein the said device, when running, generates a check digit for display, and wherein code to generate dynamic passwords further comprises code to determine the check digit generated by the said device.
  - 12. An apparatus according to claim 1, wherein the said device processes synchronisation data in addition to said intermediate cryptogram data, and wherein code to generate intermediate cryptogram data further comprises code to generate synchronisation data for outputting to the said device so that, when the said device processes said synchronisation data and said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password.
  - 13. An apparatus according to claim 12, wherein said synchronisation data comprises an Application Transaction Counter (ATC).
  - 14. An apparatus according to claim 1, wherein the device comprises a CAP-compatible reader.
  - 15. An integrated circuit including the apparatus of claim 1.
  - 16. A card carrying the integrated circuit of claim 15.

17. A method of generating intermediate cryptogram data corresponding to a cryptogram according to a first cryptographic scheme, the data being suitable for display on a device designed for a second, incompatible cryptographic scheme for generating a password, the method comprising:
- generating, by a computer processor, a dynamic password according to the first cryptographic scheme; and
  
  generating, by a computer processor, intermediate cryptogram data from said dynamic password, said intermediate cryptogram data being suitable for outputting to a said device so that, when the said device processes said intermediate cryptogram data according to the second, incompatible cryptographic scheme to generate a password, the said device outputs said dynamic password generated according to the first cryptographic scheme.
- View Dependent Claims (18, 19)
- - 18. A method according to claim 17, wherein the device comprises a CAP-compatible reader.
  - 19. A method according to claim 17, wherein generating the dynamic password comprises generating an HMAC-SHA1 cryptogram.

20. A method of generating intermediate cryptogram data corresponding to a cryptogram according to a first cryptographic scheme, the data being suitable for display on a device designed for a second, incompatible cryptographic scheme for generating a password, the method comprising:
- generating, by a computer processor, a dynamic password according to the first cryptographic scheme;
  
  generating, by a computer processor, intermediate cryptogram data from said dynamic password, such that when a said device processes said intermediate cryptogram data according to the second, incompatible cryptographic scheme to generate a password, the said device outputs said dynamic password generated according to said first cryptographic scheme; and
  
  transmitting said intermediate cryptogram data through a communications interface to said device.

21. An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, incompatible cryptographic scheme for generating a password, the apparatus comprising:
- a communications interface for communicating with the device; and
  
  a processor coupled to a memory, the memory storing processor control code to control the processor, when executed, to;
  
  generate a dynamic password according to the first cryptographic scheme;
  
  apply a decimalization process to the dynamic password to generate a decimal dynamic password;
  
  apply a reverse decimalization process of the second, incompatible cryptographic scheme to the decimal dynamic password to generate binary data; and
  
  apply a reverse compression process of the second, incompatible cryptographic scheme to the binary data to generate intermediate cryptogram data corresponding to the dynamic password, the intermediate cryptogram data being suitable for outputting to the device so that, when the device processes the intermediate cryptogram data according to the second, incompatible cryptographic scheme, the device generates data suitable for displaying the dynamic password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptomathic A/S
Original Assignee
Cryptomathic A/S
Inventors
Tuliani, Jonathan Roshan
Primary Examiner(s)
Cervetti; David García

Application Number

US11/682,773
Publication Number

US 20080201577A1
Time in Patent Office

1,428 Days
Field of Search

713/182, 713/184, 713/185, 713/169, 726/9
US Class Current

726/9
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G07C 9/22   in combination with an iden...

G07F 7/1008   Active credit-cards provide...

Authentication device and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication device and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links