Methods and systems for verifying a location factor associated with a token

US 8,074,265 B2
Filed: 08/31/2006
Issued: 12/06/2011
Est. Priority Date: 08/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method for verifying a token, the method comprising:

receiving, from a server, a challenge encrypted with a key commonly shared by the server and the token;

decrypting the challenge with the commonly shared key;

performing an exclusive or (“

XOR”

) operation on the decrypted challenge and a public key to obtain a manipulated challenge, wherein the public key is stored on or generated by the token;

signing the manipulated challenge with a private key associated with the public key; and

returning the signed manipulated challenge to the server as a reply to the challenge for verification at the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server, method and/or computer-readable medium verifies a location factor associated with a token. The server generates a challenge and encrypts the challenge by a key commonly shared by the server and the token, and transmits the encrypted challenge to the token. The token decrypts the encrypted challenge by the commonly shared key and manipulates the challenge by an elliptic curve cryptography (ECC) procedure so that the server can verify that the signed manipulated challenge was generated at the token based upon the ECC public key.

209 Citations

18 Claims

1. A method for verifying a token, the method comprising:
- receiving, from a server, a challenge encrypted with a key commonly shared by the server and the token;
  
  decrypting the challenge with the commonly shared key;
  
  performing an exclusive or (“
  
  XOR”
  
  ) operation on the decrypted challenge and a public key to obtain a manipulated challenge, wherein the public key is stored on or generated by the token;
  
  signing the manipulated challenge with a private key associated with the public key; and
  
  returning the signed manipulated challenge to the server as a reply to the challenge for verification at the server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the public key is an Elliptic Curve Cryptography (ECC) public key and the private key is an ECC private key.
  - 3. The method of claim 1, wherein the returning of the signed manipulated challenge further includes returning the signed manipulated challenge and the public key.
  - 4. The method of claim 1, wherein the public key and the private key are dynamically generated at the token.
  - 5. A non-transitory computer readable storage medium comprising computer executable instructions for performing the method of claim 1.

6. A method of verifying a token by a server, the method comprising:
- generating, at the server, a challenge encrypted with a key commonly shared by the server and the token;
  
  sending the encrypted challenge to the token;
  
  receiving a signed manipulated challenge and a public key from the token, the signed manipulated challenge having been manipulated by the token decrypting the challenge, performing an exclusive or (“
  
  XOR”
  
  ) operation on the decrypted challenge and the public key to obtain a manipulated challenge, and signing the manipulated challenge with a private key associated with the public key; and
  
  verifying that the signed manipulated challenge was generated at the token based upon the public key.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - manipulating the challenge with the public key at the server,wherein the verifying is based upon a comparison between the signed manipulated challenge received from the token and the challenge manipulated at the server.
  - 8. The method of claim 6, wherein the public key is an Elliptic Curve Cryptography (ECC) public key.
  - 9. The method of claim 6, further comprising generating a certificate for the token if the signed manipulated challenge is verified to be generated at the token.
  - 10. A non-transitory computer readable storage medium comprising computer executable instructions for performing the method of claim 6.

11. A server for verifying a token, the server comprising:
- a processor configured to;
  
  generate a challenge encrypted with a key commonly shared by the server and the token;
  
  send the encrypted challenge to the token;
  
  receive a signed manipulated challenge and a public key from the token, the signed manipulated challenge having been manipulated by the token decrypting the challenge, performing an exclusive or (“
  
  XOR”
  
  ) operation on the decrypted challenge and the public key to obtain a manipulated challenge, and signing the manipulated challenge with a private key associated with the public key; and
  
  verify that the signed manipulated challenge was generated at the token based upon the public key.
- View Dependent Claims (12, 13, 14)
- - 12. The server of claim 11, wherein the processor is further configured to generate a certificate for the token if the signed manipulated challenge is verified to be generated at the token.
  - 13. The server of claim 11, wherein the processor is further configured to manipulate the challenge with the public key at the server, wherein the verifying is based upon a comparison between the signed manipulated challenge received from the token and the challenge manipulated at the server.
  - 14. The server of claim 11, wherein the public key is an Elliptic Curve Cryptography (ECC) public key.

15. A security token comprising:
- a processor configured to;
  
  receive, from a server, a challenge encrypted with a key commonly shared by the server and the token;
  
  decrypt the challenge with the commonly shared key;
  
  performing an exclusive or (“
  
  XOR”
  
  ) operation on the decrypted challenge and a public key to obtain a manipulated challenge, wherein the public key is stored on or generated by the token;
  
  sign the manipulated challenge with a private key associated with the public key; and
  
  return the signed manipulated challenge to the server as a reply to the challenge for verification at the server.
- View Dependent Claims (16, 17, 18)
- - 16. The security token of claim 15, wherein the public key is an Elliptic Curve Cryptography (ECC) public key and the private key is an ECC private key.
  - 17. The security token of claim 15, wherein the returning of the signed manipulated challenge includes returning the signed manipulated challenge and the public key.
  - 18. The token of claim 15, wherein the public key and the private key are dynamically generated at the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US11/469,441
Publication Number

US 20080069338A1
Time in Patent Office

1,923 Days
Field of Search

713/172, 726/9, 380/30
US Class Current

726/9
CPC Class Codes

H04L 9/3066   involving algebraic varieti...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Methods and systems for verifying a location factor associated with a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

209 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for verifying a location factor associated with a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links