Receiving an access key
First Claim
1. A machine-implemented method comprising:
- receiving a first access key from a secure module at a host system having a processor system including at least one processor and memory unit including at least one computer readable medium;
performing, by at least one processor of the host system, a first action that requires the access key as a part of performing the action for the action to be performed properly;
erasing, the processor system of the host system, the access key from the host system prior to receiving a second access key;
andreceiving, at the host system, a second access key from the secure module, the second access key being different than the first access key;
each access key is derived from a prior access key, the first access key being based on biometric information.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment a secure module is provided that provides access keys to an unsecured system. In an embodiment the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.
70 Citations
25 Claims
-
1. A machine-implemented method comprising:
-
receiving a first access key from a secure module at a host system having a processor system including at least one processor and memory unit including at least one computer readable medium; performing, by at least one processor of the host system, a first action that requires the access key as a part of performing the action for the action to be performed properly; erasing, the processor system of the host system, the access key from the host system prior to receiving a second access key; and receiving, at the host system, a second access key from the secure module, the second access key being different than the first access key;
each access key is derived from a prior access key, the first access key being based on biometric information.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A machine-implemented method comprising:
-
receiving from a secure module a request to execute one or more encryption instructions at a host system; in response, sending a stored passcode to the secure module from which the request originated; receiving at the host system an access key from the secure module if the passcode is authenticated at the secure module; generating, by a processor system of the host system, a new passcode based on the access key; executing, by the host system, the one or more encryption instructions based on the access key; erasing the access key from the host system; erasing the stored passcode from the host system; and storing the new passcode at the host system. - View Dependent Claims (19, 20)
-
-
21. A machine-implemented method comprising:
-
after a host system is set up, receiving from a user device a request to perform an action that requires an access key, the host system including at least a memory system and a processor system having at least one processor; in response the request, sending a passcode for authentication; receiving the access key from the user device at the host system if the passcodes is authenticated by the user device; performing, by the processor system, the action that requires the access key; and erasing the access key from the memory system.
-
-
22. A method comprising:
-
after an unsecured device and a secured module are set up, receiving at the unsecured device from the secured module a request to perform an action that requires authorization; in response to the receiving, the unsecured system sends a first passcode to the secure module; in reply to the sending of the first passcode, if the first passcode is correct, receiving at the unsecured system a first encryption key from the secure module; in response to receiving at the unsecured system the first encryption key, encrypting or decrypting data with the first encryption key, and generating a second passcode, that is different from the first passcode, by at least applying a function to the first encryption key; at the unsecured system, erasing the first passcode and replacing the first passcode with the second passcode; and after the encrypting or decrypting of the data is complete and before a second encryption key is received at the unsecured device, erasing the first encryption key at the unsecured system; the first encryption key and second encryption key are different values that are based on one or more values that results from applying a function to biometric information, the function being one for which computing an inverse is computationally intractable. - View Dependent Claims (23)
-
-
24. A machine-implemented method comprising:
-
receiving an access key, at a host system, from a secure module; performing, by a processor system of the host system, an action that requires the access key as a part of performing the action for the action to be performed properly, the processor system having at least one processor; and erasing the access key from the host system prior to receiving a next access key; the access key is based on a value that results from applying a function to user information that is expected to be unique to the user, the function being one for which computing an inverse is computationally intractable;
each access key is derived from a prior access key, the first access key being based on biometric information.
-
-
25. A method comprising:
-
after an unsecured device and a secured module are set up, receiving at the unsecured device from the secured module a request to perform an action that requires authorization; in response to the receiving, the unsecured system sends a first passcode to the secure module; in reply to the sending of the first passcode either a first encryption key is received from the secure module indicating that the first passcode was correct or the first encryption key is not received from the secure module indicating that the first passcode is not correct; if a first encryption key is received at the unsecure system from the secure module, in response to receiving at the unsecured system the first encryption key, encrypting or decrypting data with the first encryption key, and generating a second passcode, that is different from the first passcode, by at least applying a function to the first encryption key; at the unsecured system, erasing the first passcode and replacing the first passcode with the second passcode; and after the encrypting or decrypting of the data is complete and before a second encryption key is received at the unsecured device, erasing the first encryption key at the unsecured system; the first encryption key and second encryption key are different values that are based on one or more values that results from applying a function to biometric information, the function being one for which computing an inverse is computationally intractable.
-
Specification