Receiving an access key

US 8,209,751 B2
Filed: 06/20/2008
Issued: 06/26/2012
Est. Priority Date: 11/18/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method comprising:

receiving a first access key from a secure module at a host system having a processor system including at least one processor and memory unit including at least one computer readable medium;

performing, by at least one processor of the host system, a first action that requires the access key as a part of performing the action for the action to be performed properly;

erasing, the processor system of the host system, the access key from the host system prior to receiving a second access key;

andreceiving, at the host system, a second access key from the secure module, the second access key being different than the first access key;

each access key is derived from a prior access key, the first access key being based on biometric information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment a secure module is provided that provides access keys to an unsecured system. In an embodiment the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.

70 Citations

View as Search Results

25 Claims

1. A machine-implemented method comprising:
- receiving a first access key from a secure module at a host system having a processor system including at least one processor and memory unit including at least one computer readable medium;
  
  performing, by at least one processor of the host system, a first action that requires the access key as a part of performing the action for the action to be performed properly;
  
  erasing, the processor system of the host system, the access key from the host system prior to receiving a second access key;
  
  andreceiving, at the host system, a second access key from the secure module, the second access key being different than the first access key;
  
  each access key is derived from a prior access key, the first access key being based on biometric information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - prior to receiving the first access key, receiving from the secure module a request for the host system to perform the action.
  - 3. The method of claim 2, further comprising:
    - in response to the receiving of the request to perform the first action, sending a stored copy of a passcode from the host system to a module from which the request originated for authentication at the secure module;
      
      the receiving of the first access key occurring as a result of the passcode being authenticated.
  - 4. The method of claim 3, further comprising:
    - at the host system generating a new passcode, based on the first access key, for authenticating the host system at the secure module.
  - 5. The method of claim 4, further comprising:
    - storing the new passcode in the memory unit of the host system.
  - 6. The method of claim 4, the generating occurring automatically in response to receiving the encryption key.
  - 7. The method of claim 4, the generating including at least applying a function to the access key, therein obtaining the new passcode.
  - 8. The method of claim 3, wherein the receiving of the access key at the host system is in response to the sending of the stored passcode to the secure system for authentication at the secure system.
  - 9. The method of claim 1, wherein the performing of the first action includes at least executing one or more encryption instructions based on the first access key.
  - 10. The method of claim 1, wherein the first access key received is encrypted, and the method further comprises decrypting the first access key received.
  - 11. The method of claim 10, the received first access key being encrypted only with the passcode further comprising decrypting the first access key with only the passcode.
  - 12. The method of claim 10, the received first access key being encrypted with the passcode further comprising decrypting the first access key with the passcode.
  - 13. The method of claim 1, no personal data is stored by the method other than a passcode.
  - 14. The method of claim 1, the method does not store keys other than access keys, and the access key is only kept during a period of time in which the access key is in use.
  - 15. The method of claim 1, the receiving includes at least receiving the access key from a self-contained user device.
  - 16. The method claim 1, the method does not require the use of a public-private key pair.
  - 17. The method of claim 1, the first access key being based on user information, and each subsequent access key being derived from a prior access key, and thereby being based on the user information.

18. A machine-implemented method comprising:
- receiving from a secure module a request to execute one or more encryption instructions at a host system;
  
  in response, sending a stored passcode to the secure module from which the request originated;
  
  receiving at the host system an access key from the secure module if the passcode is authenticated at the secure module;
  
  generating, by a processor system of the host system, a new passcode based on the access key;
  
  executing, by the host system, the one or more encryption instructions based on the access key;
  
  erasing the access key from the host system;
  
  erasing the stored passcode from the host system; and
  
  storing the new passcode at the host system.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, the receiving of the access key being in reply to the sending of the stored passcode.
  - 20. The method of claim 18, the erasing of the access key being performed after using the access key for the executing.

21. A machine-implemented method comprising:
- after a host system is set up, receiving from a user device a request to perform an action that requires an access key, the host system including at least a memory system and a processor system having at least one processor;
  
  in response the request, sending a passcode for authentication;
  
  receiving the access key from the user device at the host system if the passcodes is authenticated by the user device;
  
  performing, by the processor system, the action that requires the access key; and
  
  erasing the access key from the memory system.

22. A method comprising:
- after an unsecured device and a secured module are set up,receiving at the unsecured device from the secured module a request to perform an action that requires authorization;
  
  in response to the receiving, the unsecured system sends a first passcode to the secure module;
  
  in reply to the sending of the first passcode, if the first passcode is correct, receiving at the unsecured system a first encryption key from the secure module;
  
  in response to receiving at the unsecured system the first encryption key,encrypting or decrypting data with the first encryption key, andgenerating a second passcode, that is different from the first passcode, by at least applying a function to the first encryption key;
  
  at the unsecured system, erasing the first passcode and replacing the first passcode with the second passcode;
  
  andafter the encrypting or decrypting of the data is complete and before a second encryption key is received at the unsecured device, erasing the first encryption key at the unsecured system;
  
  the first encryption key and second encryption key are different values that are based on one or more values that results from applying a function to biometric information, the function being one for which computing an inverse is computationally intractable.
- View Dependent Claims (23)
- - 23. The method of claim 22, the encryption key received is encrypted, and the method further comprising decrypting the encryption key received.

24. A machine-implemented method comprising:
- receiving an access key, at a host system, from a secure module;
  
  performing, by a processor system of the host system, an action that requires the access key as a part of performing the action for the action to be performed properly, the processor system having at least one processor; and
  
  erasing the access key from the host system prior to receiving a next access key;
  
  the access key is based on a value that results from applying a function to user information that is expected to be unique to the user, the function being one for which computing an inverse is computationally intractable;
  
  each access key is derived from a prior access key, the first access key being based on biometric information.

25. A method comprising:
- after an unsecured device and a secured module are set up,receiving at the unsecured device from the secured module a request to perform an action that requires authorization;
  
  in response to the receiving, the unsecured system sends a first passcode to the secure module;
  
  in reply to the sending of the first passcode either a first encryption key is received from the secure module indicating that the first passcode was correct or the first encryption key is not received from the secure module indicating that the first passcode is not correct;
  
  if a first encryption key is received at the unsecure system from the secure module, in response toreceiving at the unsecured system the first encryption key,encrypting or decrypting data with the first encryption key, andgenerating a second passcode, that is different from the first passcode, by at least applying a function to the first encryption key;
  
  at the unsecured system, erasing the first passcode and replacing the first passcode with the second passcode;
  
  andafter the encrypting or decrypting of the data is complete and before a second encryption key is received at the unsecured device, erasing the first encryption key at the unsecured system;
  
  the first encryption key and second encryption key are different values that are based on one or more values that results from applying a function to biometric information, the function being one for which computing an inverse is computationally intractable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biogy, Inc.
Original Assignee
Biogy, Inc.
Inventors
Fiske, Michael Stephen
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US12/214,883
Publication Number

US 20090178115A1
Time in Patent Office

1,467 Days
Field of Search

726/18, 380/278, 713/186
US Class Current

726/18
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

Receiving an access key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Receiving an access key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links