Multi-factor authentication using a smartcard
First Claim
1. A method for performing multi-factor authentication in a processor using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
- (a) requesting access to a device;
(b) receiving at least one request for authentication using at least two authentication factors;
(c) receiving authentication data associated with a first authentication factor;
(d) receiving authentication data associated with a second authentication factor from a smartcard, wherein step (d) includes;
(i) establishing communication between the processor and the smartcard,(ii) simulating a financial payment transaction request with the smartcard to cause the smartcard to generate a transaction code, wherein the simulated financial payment transaction request includes a monetary transaction amount of zero, and(iii) receiving the transaction code from the smartcard, wherein the transaction code monotonically increases each time a financial payment transaction is attempted with the smartcard;
(e) communicating both the authentication data associated with the first authentication factor and a one-time password determined based on the transaction code as the authentication data associated with the second authentication factor to the device; and
(f) receiving authorization to access the requested device if the first authentication data and the second authentication data were verified.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.
188 Citations
21 Claims
-
1. A method for performing multi-factor authentication in a processor using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
-
(a) requesting access to a device; (b) receiving at least one request for authentication using at least two authentication factors; (c) receiving authentication data associated with a first authentication factor; (d) receiving authentication data associated with a second authentication factor from a smartcard, wherein step (d) includes; (i) establishing communication between the processor and the smartcard, (ii) simulating a financial payment transaction request with the smartcard to cause the smartcard to generate a transaction code, wherein the simulated financial payment transaction request includes a monetary transaction amount of zero, and (iii) receiving the transaction code from the smartcard, wherein the transaction code monotonically increases each time a financial payment transaction is attempted with the smartcard; (e) communicating both the authentication data associated with the first authentication factor and a one-time password determined based on the transaction code as the authentication data associated with the second authentication factor to the device; and (f) receiving authorization to access the requested device if the first authentication data and the second authentication data were verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for performing multi-factor authentication in a remote computer using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
-
(a) receiving a request from a device to access the remote computer; (b) requesting authentication using at least two authentication factors from the requesting device; (c) receiving authentication data associated with a first authentication factor; (d) receiving a one-time password, determined based on a transaction code for a simulated financial payment transaction from the smartcard, as the authentication data associated with a second authentication factor, wherein the simulated financial payment transaction includes a monetary transaction amount of zero; (e) verifying the authentication data associated with the first authentication factor; (g) verifying the authentication data associated with the second authentication factor; and (f) authorizing access to the remote computer if the authentication data associated with the first authentication factor and the authentication data associated with the second authentication factor are successfully verified. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A device for performing multi-factor authentication using a non-cryptographic capability of a smartcard as an authentication factor, comprising:
-
a smartcard reader for receiving a one-time password determined based on a transaction code for a simulated financial payment transaction from a smartcard, wherein the smartcard reader is within a secure boundary and wherein the simulated financial payment transaction request includes a monetary transaction amount of zero; a processor for establishing a secure communications session with a remote computing device and for securely transmitting the received one-time password as an additional authentication factor to the remote computing device. - View Dependent Claims (19, 20, 21)
-
Specification