Methods and systems for nonce generation in a token
First Claim
1. A method comprising:
- receiving, by a token that comprises a volatile memory, a password while the token is coupled to a computer system;
validating, by the token, the password;
generating, by the token, a first nonce and a second nonce after successfully validating the password, wherein the first nonce and the second nonce are associated with different security levels;
storing the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system; and
providing the first nonce to a first application process that runs on the computer system and the second nonce to a second application process that runs on the computer system, wherein the first application process uses the first nonce and the second application process uses the second nonce to perform one or more user privileged operations.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method, a client and a token for providing a nonce during a login associated with the token in a multi-user computer system. A login process is activated after token insertion by a request to execute a user privileged operation made by a client application process. If a password provided to the login process by an access requester associated with authorized use of the token is validated in the token, a nonce is generated in the token. The password is passed to the token in a command and the nonce is passed to the client application process in a response to the command. The nonce is used by the client application process or any other additional processes during execution of the user privileged operation. Additional nonces, including those based on security level can be generated and passed to additional client application processes as execution of user privileged operations is requested.
-
Citations
11 Claims
-
1. A method comprising:
-
receiving, by a token that comprises a volatile memory, a password while the token is coupled to a computer system; validating, by the token, the password; generating, by the token, a first nonce and a second nonce after successfully validating the password, wherein the first nonce and the second nonce are associated with different security levels; storing the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system; and providing the first nonce to a first application process that runs on the computer system and the second nonce to a second application process that runs on the computer system, wherein the first application process uses the first nonce and the second application process uses the second nonce to perform one or more user privileged operations. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
-
a memory; and a processor to; activate a login process in response to a request by a user to perform one or more user privileged operations; receive a password from the user during the login process; transmit the password to a token while the token is coupled to the apparatus; receive a first nonce and a second nonce from the token after the password is successfully validated by the token, wherein the first nonce and the second nonce are associated with different security levels; and execute a first application process that uses the first nonce and a second application process that uses the second nonce to perform the one or more user privileged operations; wherein the first nonce and the second nonce are stored in a volatile memory of the token until the token is de-coupled from the apparatus, and wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the apparatus. - View Dependent Claims (6, 7)
-
-
8. An apparatus comprising:
-
a volatile memory; and a processor to; receive a password via a command issued by a first application process executing on a computer system while the apparatus is coupled to the computer system; generate a first nonce and a second nonce upon validation of the password, wherein the first nonce and the second nonce are associated with different security levels, and wherein the second nonce is generated based on a parameter associated with the command; return the first nonce and the second nonce to the computer system, a first application process uses the first nonce and a second application process uses the second nonce to perform the one or more user privileged operations; and store the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system. - View Dependent Claims (9, 10, 11)
-
Specification