Method of generating access keys

US 7,979,716 B2
Filed: 05/17/2005
Issued: 07/12/2011
Est. Priority Date: 11/18/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method comprising:

after a registration session is complete, performing a process that includes at least storing an access key in long term memory in a secure area of a portable device;

at the portable device, receiving a passcode from a host system, the passcode generated by a method of generating passcodes;

at the portable device, verifying the passcode was generated by the method of generating passcodes;

the portable device supplying the access key to the host system to perform a task, the host being separate from the secure area; and

erasing the access key from the host system after the supplying;

wherein the process is repeated every session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.

Citations

26 Claims

1. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at least storing an access key in long term memory in a secure area of a portable device;
  
  at the portable device, receiving a passcode from a host system, the passcode generated by a method of generating passcodes;
  
  at the portable device, verifying the passcode was generated by the method of generating passcodes;
  
  the portable device supplying the access key to the host system to perform a task, the host being separate from the secure area; and
  
  erasing the access key from the host system after the supplying;
  
  wherein the process is repeated every session.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21, 22, 23, 24, 25, 26)
- - 3. The method of claim 1, wherein the secure area includes at least a storage area storing embedded software, the portable device implementing the embedded software, and the implementing of the embedded software by the portable device causes the portable device to generate the access key.
  - 4. The method of claim 1, further comprising:
    - at the portable device, generating the access key by applying a one-way function to at least a portion of a fingerprint.
  - 5. The method of claim 1, further comprising:
    - at the portable device, generating a passcode by applying a one-way function to the access key.
  - 6. The method of claim 1, further comprising:
    - at the portable device, generating a passcode by applying a one-way function to biometric information.
  - 7. The method of claim 1, further comprisingat the portable device, receiving a request from the host for the access key;
    - andauthenticating the passcode at the portable device, via the comparing, prior to the supplying.
  - 8. The method of claim 1, further comprising encrypting the access key at the portable device before the supplying of the access key.
  - 9. The method of claim 1, further comprising:
    - at the portable device acquiring user data.
  - 10. The method of claim 9, further comprising:
    - at the portable device, comparing the user data to stored user information.
  - 11. The method of claim 10, comprising:
    - if the user data and the user information do not match, at the portable device, terminating the method.
  - 12. The method of claim 10, comprising:
    - if the user data and the user information do match, at the portable device, requesting the host to perform an action.
  - 19. The method of claim 1, wherein the portable device having a processor associated with the secure area, the long term memory does not have an operating system, the processor operating without an operating system.
  - 20. The method of claim 1, wherein the portable device having a processor associated with the secure area, the portable device does not have an operating system, the processor operating without an operating system.
  - 21. The method of claim 1, wherein all memory of the portable device is included within the secure area.
  - 22. The method of claim 1, wherein the secure area does not store licensing information.
  - 23. The method of claim 1, wherein the portable device being configured so that it is difficult to access the processor and memory.
  - 24. The method of claim 1, wherein all memory of the portable device is included in the secure area, and the memory of the portable device stores only a combination of one or more of any of user information, one or more encryption keys, and machine instructions.
  - 25. The method of claim 1, the portable device being a Universal Serial Bus (USB) device.
  - 26. The method of claim 25, the portable device having dimensions that fit into a volume having a length of between 2 and 6 inches and a diameter of less than a half inch.

2. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at least storing an access key in long term memory in a secure area of a portable device;
  
  at the portable device, receiving a passcode from a host system, the passcodegenerated by a method of generating passcodes;
  
  at the portable device, verifying the passcode was generated by the method of generating passcodes;
  
  the portable device supplying the access key to the host system to perform a task;
  
  anderasing the access key from the host after the supplying;
  
  wherein the portable device does not have an operating system; and
  
  wherein the process is repeated every session.

13. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at leastat a portable module, receiving a passcode from a host system, the passcode generated by a method of generating passcodes;
  
  at the portable module, verifying the passcode was generated by the method of generating passcodes; and
  
  andif the passcode matches the method for generating passcodes, sending an access key from the portable module to the host system;
  
  wherein the process is repeated every session.

14. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at leastat a module, receiving a passcode from a system, the passcode generated by a method of generating passcodes;
  
  at the module, verifying the passcode was generated by the method of generating passcodes; and
  
  andif the passcode matches the method for generating passcodes, sending an access key from the module to the system, further comprising;
  
  as part of each session, at the module, if a determination is made that the passcode matches the method for generating passcodes, in response to the determination that the passcode matches, automatically generating a new passcode; and
  
  wherein the process is repeated every session.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, further comprising:
    - if the passcode matches the method for generating passcodes, generating a new passcode,after the generating of the new passcode, automatically sending the new passcode from the module to the system.
  - 16. The method of claim 14, wherein the new passcode is not stored at the module.

17. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at leastacquiring user data at a portable module;
  
  at the portable module, comparing the user data to user information stored at the portable module;
  
  if the user data and the user information do not match, terminating the method;
  
  if the user data and the user information do match, sending a request from the portable module to an unsecured system to perform encryption;
  
  at the portable module, in response to the sending of the request, receiving a passcode from the unsecured system, the passcode generated by a method of generating passcodes;
  
  at the portable module, verifying the passcode that was received was generated by the method of generating passcodes; and
  
  if the passcode matches the method for generating passcodes,sending an encryption key from the portable module to the unsecured system,at the portable module, generating a new passcode,sending the new passcode to the unsecured device, wherein the new passcode is not stored at a module that performed the sending;
  
  wherein the process is repeated every session.

18. A machine-implemented method comprising:
- after a registration session is complete, performing a process that includes at leastat a portable module, acquiring user data;
  
  at the portable module, comparing the user data to stored user information;
  
  if the user data and the user information do not match, at the portable module, terminating the method; and
  
  if the user data and the user information do match, the portable module requesting an unsecured system to perform encryption,generating a new passcode,receiving a passcode from the unsecured system, the passcode generated by a method of generating passcodes,verifying the passcode that was received was generated by the method of generating passcodes,encrypting the encryption key with the passcode received from the unsecure system, andsending the encrypted encryption key to the unsecured device;
  
  wherein the process is repeated every session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biogy, Inc.
Original Assignee
Biogy, Inc.
Inventors
Fiske, Michael
Primary Examiner(s)
Abrishamkar; Kaveh
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US11/131,652
Publication Number

US 20060107068A1
Time in Patent Office

2,247 Days
Field of Search

713/184
US Class Current

713/184
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

G07C 9/33   by means of a password

G07C 9/37   using biometric data, e.g. ...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/081   applying self-generating cr...

H04L 63/083   using passwords cryptograph...

H04L 9/0891   Revocation or update of sec...

Method of generating access keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method of generating access keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links