System and method for acoustic two factor authentication

US 7,966,497 B2
Filed: 05/06/2002
Issued: 06/21/2011
Est. Priority Date: 02/15/2002
Status: Active Grant

First Claim

Patent Images

1. A method for authentication, comprising:

receiving an acoustic signal at a receiver transmitted from a hand-held token, the acoustic signal represents a signature signal generated by the hand-held token utilizing a private key;

receiving a user inputted personal identification number (PIN) at the receiver, including receiving the user inputted PIN separately from the acoustic signal via a data entry device at the receiver and communicating the acoustic signal from the hand-held token to the receiver;

transforming the acoustic signal to the signature signal at the receiver;

encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and

sending the encrypted signature signal from the receiver to an authorizing computer via a communication link to decrypt the encrypted signature signal utilizing a provisioned PIN to render the signature signal and verify the signature signal employing a provisioned confidential public key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.

Citations

20 Claims

1. A method for authentication, comprising:
- receiving an acoustic signal at a receiver transmitted from a hand-held token, the acoustic signal represents a signature signal generated by the hand-held token utilizing a private key;
  
  receiving a user inputted personal identification number (PIN) at the receiver, including receiving the user inputted PIN separately from the acoustic signal via a data entry device at the receiver and communicating the acoustic signal from the hand-held token to the receiver;
  
  transforming the acoustic signal to the signature signal at the receiver;
  
  encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and
  
  sending the encrypted signature signal from the receiver to an authorizing computer via a communication link to decrypt the encrypted signature signal utilizing a provisioned PIN to render the signature signal and verify the signature signal employing a provisioned confidential public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving a request to perform a transaction at the receiver; and
      
      executing the transaction with the receiver only if the encrypted signature signal is successfully decrypted and verified by the authorizing computer.
  - 3. The method of claim 2, further comprising receiving an authorization signal at the receiver from the authorizing computer via the communication link in response to sending the encrypted signature signal, the authorization signal one of authorizes execution of the transaction by the receiver when the encrypted signature signal is successfully decrypted and verified or denies execution of the transaction by the receiver when the encrypted signature signal is unsuccessfully decrypted and verified.
  - 4. The method of claim 1, wherein the hand-held token generates the signature signal by combining at least one message with the private key.
  - 5. The method of claim 3, wherein the at least one message includes at least a portion of at least one timestamp.
  - 6. The method of claim 4, wherein the portion of the timestamp is a predetermined number of least significant bits of a timestamp having more bits than the predetermined number.
  - 7. The method of claim 1, wherein the receiver is an automatic teller machine (ATM) and the authorizing computer is a bank computer.
  - 8. The method of claim 1, wherein the acoustic signal further represents at least one of a confidential public key identifier (ID) or a pre-signed message, the method further comprising:
    - transforming the acoustic signal to the signature signal and the at least one of the confidential public key ID or the pre-signed message at the receiver; and
      
      sending the encrypted signature signal along with the at least one of the confidential public key ID or the pre-signed message from the receiver to the authorizing computer via the communication link, the at least one of the confidential public key ID or the pre-signed message being utilized by the authorizing computer to retrieve the provisioned confidential public key.

9. A system for two-factor authentication over a link not constrained to be secure, comprising:
- a receiver that separately receives an acoustic signal generated from a portable token representing a digitally signed message and a user entered personal identification number (PIN), wherein the acoustic signal is communicated from the portable token to the receiver and the user entered PiN is entered via a data entry device at the receiver, the receiver transforms the acoustic signal to the digitally signed message, and encrypts the digitally signed message with the user entered PiN to render an encrypted signed message for transmission over the link, the receiver sends the encrypted signed message to an authorizing computer to decrypt the encrypted signed message with a retained PN to yield the digitally signed message and verify the digitally signed message with a retained confidential public key.
- View Dependent Claims (10, 11, 12, 13, 19)
- - 10. The system of claim 9, wherein the acoustic signal also represents at least an identifier (ID) of a confidential public key and a message that was signed by a private key corresponding to the retained confidential public key to render the digitally signed message.
  - 11. The system of claim 10, wherein the receiver sends the encrypted signed message, the ID, and the message that was signed to the authorizing computer.
  - 12. The system of claim 10, wherein the authorizing computer decrypts the encrypted signed message using the retained PIN and then verifies the digitally signed message by retrieving the retained confidential public key corresponding to the ID and using the retrieved, retained confidential public key.
  - 13. The system of claim 9, wherein the receiver obtains a request to execute a transaction and selectively executes the transaction based upon an authentication signal received from the authorizing computer that indicates one of successful or unsuccessful verification of the digitally signed message.
  - 19. The system of claim 10, wherein the acoustic signal represents the signature signal produced from the private key and one or more of a confidential public key identifier (ID) or a pre-signed message, the one or more of the confidential public key ID or the pre-signed message being utilized by the authorizing computer to identify the provisioned confidential public key.

14. A system for authentication including an authorizing computer that accesses a provisioned personal identification number (PIN) and a provisioned confidential public key and communicates over a link with a receiver remote from the authorizing computer, the communication link not being constrained to be secure, the system comprising:
- means for receiving an acoustic signal at the receiver from a hand-held device, the acoustic signal represents a signature signal produced from a private key, the receiver transforms the acoustic signal to a signature signal;
  
  means for receiving a user inputted PIN at the receiver, the user inputted PIN is received separately from the acoustic signal, wherein the user inputted PIN is received via a data entry device at the receiver and the acoustic signal is communicated from the hand-held device to the receiver;
  
  means for encrypting the signature signal with the user inputted PIN at the receiver to render an encrypted signature signal; and
  
  means for transmitting the encrypted signature signal from the receiver to the authorizing computer over the link, the authorizing computer decrypts the encrypted signature signal utilizing the provisioned PIN to yield the signature signal and verifies the signature signal using the provisioned confidential public key.
- View Dependent Claims (15, 16, 17, 18, 20)
- - 15. The system of claim 14, further comprising means for receiving a request to execute a transaction at the receiver, the authorizing computer authorizing the receiver to execute the transaction only if the signature signal is successfully verified.
  - 16. The system of claim 14, wherein the hand-held device generates the signature signal by combining at least one message with the private key.
  - 17. The system of claim 16, wherein the at least one message includes at least a portion of at least one timestamp.
  - 18. The system of claim 16, wherein the at least one message is further combined with a pseudorandom number.
  - 20. The system of claim 14, wherein the receiver is an automatic teller machine (ATM) and the authorizing computer is a bank computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Gantman, Alexander, Rose, Gregory G.
Primary Examiner(s)
Thomas; Joseph
Assistant Examiner(s)
PAN, JOSEPH T

Application Number

US10/139,873
Publication Number

US 20030159050A1
Time in Patent Office

3,333 Days
Field of Search

713/1, 713/2, 713/188, 713/194, 713/184, 380/255, 380/277, 380/200, 380/201, 380/30, 380/258, 380/270, 726/2, 726/9, 705 66- 67, 705/71, 705/76, 382115-116, 382118-119
US Class Current

713/184
CPC Class Codes

G06Q 20/3272   using an audio code

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/346   Cards serving only as infor...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/4014   Identity check for transact...

G06Q 20/40975   using encryption therefor

G07F 19/20   Automatic teller machines [...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/1025   Identification of user by a...

H04L 2209/80   Wireless

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04W 12/069   using certificates or pre-s...

H04W 12/65 : Environment-dependent, e.g....

View All

System and method for acoustic two factor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for acoustic two factor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links