Methods and systems for nonce generation in a token

US 8,332,637 B2
Filed: 06/06/2006
Issued: 12/11/2012
Est. Priority Date: 06/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a token that comprises a volatile memory, a password while the token is coupled to a computer system;

validating, by the token, the password;

generating, by the token, a first nonce and a second nonce after successfully validating the password, wherein the first nonce and the second nonce are associated with different security levels;

storing the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system; and

providing the first nonce to a first application process that runs on the computer system and the second nonce to a second application process that runs on the computer system, wherein the first application process uses the first nonce and the second application process uses the second nonce to perform one or more user privileged operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method, a client and a token for providing a nonce during a login associated with the token in a multi-user computer system. A login process is activated after token insertion by a request to execute a user privileged operation made by a client application process. If a password provided to the login process by an access requester associated with authorized use of the token is validated in the token, a nonce is generated in the token. The password is passed to the token in a command and the nonce is passed to the client application process in a response to the command. The nonce is used by the client application process or any other additional processes during execution of the user privileged operation. Additional nonces, including those based on security level can be generated and passed to additional client application processes as execution of user privileged operations is requested.

Citations

11 Claims

1. A method comprising:
- receiving, by a token that comprises a volatile memory, a password while the token is coupled to a computer system;
  
  validating, by the token, the password;
  
  generating, by the token, a first nonce and a second nonce after successfully validating the password, wherein the first nonce and the second nonce are associated with different security levels;
  
  storing the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system; and
  
  providing the first nonce to a first application process that runs on the computer system and the second nonce to a second application process that runs on the computer system, wherein the first application process uses the first nonce and the second application process uses the second nonce to perform one or more user privileged operations.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the one or more user privileged operations comprises at least one of:
    - access to a resource associated with the computer system, access to a user privileged data object in the token, or logout.
  - 3. The method of claim 1, wherein the first nonce and the second nonce are stored in a memory associated with the computer system.
  - 4. The method of claim 1, wherein the token includes one of a smartcard and a universal serial bus (USB) token.

5. An apparatus comprising:
- a memory; and
  
  a processor to;
  
  activate a login process in response to a request by a user to perform one or more user privileged operations;
  
  receive a password from the user during the login process;
  
  transmit the password to a token while the token is coupled to the apparatus;
  
  receive a first nonce and a second nonce from the token after the password is successfully validated by the token, wherein the first nonce and the second nonce are associated with different security levels; and
  
  execute a first application process that uses the first nonce and a second application process that uses the second nonce to perform the one or more user privileged operations;
  
  wherein the first nonce and the second nonce are stored in a volatile memory of the token until the token is de-coupled from the apparatus, and wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the apparatus.
- View Dependent Claims (6, 7)
- - 6. The apparatus of claim 5, wherein the one or more user privileged operations comprises at least one of:
    - access to a resource, access to a user privileged data object in the token, or logout.
  - 7. The apparatus of claim 5, wherein the processor is also to store the first nonce and the second nonce in the memory.

8. An apparatus comprising:
- a volatile memory; and
  
  a processor to;
  
  receive a password via a command issued by a first application process executing on a computer system while the apparatus is coupled to the computer system;
  
  generate a first nonce and a second nonce upon validation of the password, wherein the first nonce and the second nonce are associated with different security levels, and wherein the second nonce is generated based on a parameter associated with the command;
  
  return the first nonce and the second nonce to the computer system, a first application process uses the first nonce and a second application process uses the second nonce to perform the one or more user privileged operations; and
  
  store the first nonce and the second nonce in the volatile memory until the token is de-coupled from the computer system, wherein the first nonce and the second nonce are erased from the volatile memory when the token is de-coupled from the computer system.
- View Dependent Claims (9, 10, 11)
- - 9. The apparatus of claim 8 wherein the second nonce is returned to a second application process executing on the computer system.
  - 10. The apparatus of claim 9, wherein the second application process is selected from a plurality of application processes based on respective security levels of the plurality of application processes.
  - 11. The apparatus of claim 8, wherein the processor is also to:
    - receive a request to execute one or more user privileged operations; and
      
      execute the one or more user privileged operations when, and only when, a first value specified by the request matches the first nonce and a second value specified by the request matches the second nonce.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US11/447,176
Publication Number

US 20070283163A1
Time in Patent Office

2,380 Days
Field of Search

713/153, 713/159, 713/168, 713/172, 713/173, 713/184, 713/185, 726/2, 726/5, 726/9, 726/10, 726/14, 726/20, 726 27- 29
US Class Current

713/166
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/77   in smart cards

G06F 2221/2139   Recurrent verification

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Methods and systems for nonce generation in a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for nonce generation in a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links