System and method for acoustic two factor authentication
First Claim
1. A method for authentication, comprising:
- receiving an acoustic signal at a receiver transmitted from a hand-held token, the acoustic signal represents a signature signal generated by the hand-held token utilizing a private key;
receiving a user inputted personal identification number (PIN) at the receiver, including receiving the user inputted PIN separately from the acoustic signal via a data entry device at the receiver and communicating the acoustic signal from the hand-held token to the receiver;
transforming the acoustic signal to the signature signal at the receiver;
encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and
sending the encrypted signature signal from the receiver to an authorizing computer via a communication link to decrypt the encrypted signature signal utilizing a provisioned PIN to render the signature signal and verify the signature signal employing a provisioned confidential public key.
1 Assignment
0 Petitions
Accused Products
Abstract
A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.
-
Citations
20 Claims
-
1. A method for authentication, comprising:
-
receiving an acoustic signal at a receiver transmitted from a hand-held token, the acoustic signal represents a signature signal generated by the hand-held token utilizing a private key; receiving a user inputted personal identification number (PIN) at the receiver, including receiving the user inputted PIN separately from the acoustic signal via a data entry device at the receiver and communicating the acoustic signal from the hand-held token to the receiver; transforming the acoustic signal to the signature signal at the receiver; encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and sending the encrypted signature signal from the receiver to an authorizing computer via a communication link to decrypt the encrypted signature signal utilizing a provisioned PIN to render the signature signal and verify the signature signal employing a provisioned confidential public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for two-factor authentication over a link not constrained to be secure, comprising:
a receiver that separately receives an acoustic signal generated from a portable token representing a digitally signed message and a user entered personal identification number (PIN), wherein the acoustic signal is communicated from the portable token to the receiver and the user entered PiN is entered via a data entry device at the receiver, the receiver transforms the acoustic signal to the digitally signed message, and encrypts the digitally signed message with the user entered PiN to render an encrypted signed message for transmission over the link, the receiver sends the encrypted signed message to an authorizing computer to decrypt the encrypted signed message with a retained PN to yield the digitally signed message and verify the digitally signed message with a retained confidential public key. - View Dependent Claims (10, 11, 12, 13, 19)
-
14. A system for authentication including an authorizing computer that accesses a provisioned personal identification number (PIN) and a provisioned confidential public key and communicates over a link with a receiver remote from the authorizing computer, the communication link not being constrained to be secure, the system comprising:
-
means for receiving an acoustic signal at the receiver from a hand-held device, the acoustic signal represents a signature signal produced from a private key, the receiver transforms the acoustic signal to a signature signal; means for receiving a user inputted PIN at the receiver, the user inputted PIN is received separately from the acoustic signal, wherein the user inputted PIN is received via a data entry device at the receiver and the acoustic signal is communicated from the hand-held device to the receiver; means for encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and means for transmitting the encrypted signature signal from the receiver to the authorizing computer over the link, the authorizing computer decrypts the encrypted signature signal utilizing the provisioned PIN to yield the signature signal and verifies the signature signal using the provisioned confidential public key. - View Dependent Claims (15, 16, 17, 18, 20)
-
Specification