Method for personalizing an authentication token
DC
First Claim
Patent Images
1. A method for personalizing an authentication token comprising:
- entering by the authentication token into personalization mode;
requesting from the authentication token, by a personalization device in communication with the authentication token, a serial number of the authentication token;
encrypting by the personalization device the serial number using a personalization key, and forwarding the encrypted serial number to the authentication token from the personalization device;
decrypting by the authentication token of the encrypted serial number, and validating by the authentication token that the personalization key is correct;
establishing an encrypted session between the authentication token and the personalization device using a transport key;
sending to the authentication token, by the personalization device, an initial seed value and an initial secret key using the transport key to encrypt the initial seed value and the initial secret key, the initial seed value and the initial secret key for facilitating an initial interaction between the authentication token and an interface device; and
storing by the authentication token the initial seed value and the initial secret key after decryption thereof by the authentication token using the transport key, wherein, once the authentication token is personalized with the initial seed value and the initial secret key, the authentication token can no longer enter the personalization mode.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
An authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.
-
Citations
4 Claims
-
1. A method for personalizing an authentication token comprising:
-
entering by the authentication token into personalization mode; requesting from the authentication token, by a personalization device in communication with the authentication token, a serial number of the authentication token; encrypting by the personalization device the serial number using a personalization key, and forwarding the encrypted serial number to the authentication token from the personalization device; decrypting by the authentication token of the encrypted serial number, and validating by the authentication token that the personalization key is correct; establishing an encrypted session between the authentication token and the personalization device using a transport key; sending to the authentication token, by the personalization device, an initial seed value and an initial secret key using the transport key to encrypt the initial seed value and the initial secret key, the initial seed value and the initial secret key for facilitating an initial interaction between the authentication token and an interface device; and storing by the authentication token the initial seed value and the initial secret key after decryption thereof by the authentication token using the transport key, wherein, once the authentication token is personalized with the initial seed value and the initial secret key, the authentication token can no longer enter the personalization mode. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
Litigation Data
-
Current AssigneeAuth Token LLC (Jeffrey M. Gross)
-
Original AssigneePrism Technologies LLC (Prism Technologies Group, Inc.)
-
InventorsBuck, Peter, Newport, Peter
-
Primary Examiner(s)Patel, Nirav B
-
Application NumberUS12/978,754Publication NumberTime in Patent Office778 DaysField of Search713168-173, 713181-184, 705 65- 67, 726/9, 726/10, 726/20, 235/380, 235/382, 340/5.81, 340/5.85US Class Current713/173CPC Class CodesG06F 21/34 involving the use of extern...G06F 21/46 by designing passwords or c...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/385 using an alias or single-us...G06Q 20/40975 using encryption thereforG07F 7/1008 Active credit-cards provide...H04L 9/0863 involving passwords or one-...H04L 9/0869 involving random numbers or...
