Device and method for identification and authentication

US 9,122,860 B2
Filed: 06/19/2014
Issued: 09/01/2015
Est. Priority Date: 04/24/2006
Status: Expired

First Claim

Patent Images

1. A method for generating an output code from a user device, comprising:

receiving, by the user device, an explicit command to generate the output code;

generating, by the user device in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises;

comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;

responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and

responsive to the holder being verified, generating a dynamic authentication code associated with an identifier of the holder of the user device;

wherein the dynamic authentication code comprises a session identifier, a session counter and a timestamp of a plurality of variant fields, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device;

translating the generated output code into a plurality of emulated keystrokes; and

outputting the plurality of emulated keystrokes from the user device to an input of a client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user.

Citations

16 Claims

1. A method for generating an output code from a user device, comprising:
- receiving, by the user device, an explicit command to generate the output code;
  
  generating, by the user device in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises;
  
  comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
  
  responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
  
  responsive to the holder being verified, generating a dynamic authentication code associated with an identifier of the holder of the user device;
  
  wherein the dynamic authentication code comprises a session identifier, a session counter and a timestamp of a plurality of variant fields, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device;
  
  translating the generated output code into a plurality of emulated keystrokes; and
  
  outputting the plurality of emulated keystrokes from the user device to an input of a client device.
- View Dependent Claims (2, 3, 4, 5, 6, 12, 13)
- - 2. The method of claim 1, wherein the cryptographic key used in generating the output code is stored in the user device and is uniquely associated with the user device.
  - 3. The method of claim 1, further comprising:
    - concatenating the identifier with the dynamic authentication code to generate a concatenated code sequence; and
      
      applying the cryptographic key to the concatenated code sequence to generate an alphanumeric representation as the output code.
  - 4. The method of claim 1, wherein the plurality of variant fields comprise:
    - a random number; and
      
      a checksum indicating whether a valid encryption key is used to generate the dynamic authentication code.
  - 5. The method of claim 1, wherein the identifier identifying the holder of the user device comprises at least one of:
    - a personal identification number;
      
      a combination of user name and password;
      
      a key sequence comprising a plurality of keystrokes of a keyboard;
      
      a fingerprint of the holder of the device;
      
      a sample of voice of the holder of the device; and
      
      a sample of biometric scanning data from the holder of the device.
  - 6. The method of claim 1, further comprising:
    - intercepting an output message comprising a plurality of keystrokes entered by the holder of the user device on a keyboard in communication with the user device; and
      
      using the intercepted output message as the identifier of the holder.
  - 12. The method of claim 1, wherein the information identifying one or more holders of the user device is stored in a pre-determined template.
  - 13. The method of claim 12, wherein the pre-determined template is a pre-stored fingerprint template stored on the user device and the information stored on the user device identifying a holder of the user device is based on a fingerprint associated with the holder of the user device.

7. A user device for providing an output code, comprising:
- a computer processor for executing computer program modules; and
  
  a non-transitory computer readable storage device storing computer program modules executable to perform steps comprising;
  
  receiving an explicit command to generate the output code;
  
  generating, in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises;
  
  comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
  
  responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
  
  responsive to the holder being verified, generating a dynamic authentication code associated with an identifier of the holder of the user device;
  
  wherein the dynamic authentication code comprises a session identifier, a session counter and a timestamp of a plurality of variant fields, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device;
  
  translating the generated output code into a plurality of emulated keystrokes; and
  
  outputting the plurality of emulated keystrokes from the user device to an input of a client device.
- View Dependent Claims (8, 9, 10, 11, 14, 15)
- - 8. The device of claim 7, wherein the cryptographic key used in generating the output code is stored in the user device and is uniquely associated with the user device.
  - 9. The device of claim 7, further comprising executable computer program modules for:
    - concatenating the identifier with the dynamic authentication code to generate a concatenated code sequence; and
      
      applying the cryptographic key to the concatenated code sequence to generate an alphanumeric representation as the output code.
  - 10. The device of claim 7, wherein the plurality of variant fields comprise:
    - a random number; and
      
      a checksum indicating whether a valid encryption key is used to generate the dynamic authentication code.
  - 11. The device of claim 7, wherein the identifier identifying the holder of the user device comprises at least one of:
    - a personal identification number;
      
      a combination of user name and password;
      
      a key sequence comprising a plurality of keystrokes of a keyboard;
      
      a fingerprint of the holder of the device;
      
      a sample of voice of the holder of the device; and
      
      a sample of biometric scanning data from the holder of the device.
  - 14. The device of claim 7, wherein the information identifying one or more holders of the user device is stored in a pre-determined template.
  - 15. The device of claim 14, wherein the pre-determined template is a pre-stored fingerprint template stored on the user device and the information stored on the user device identifying a holder of the user device based on a fingerprint associated with the holder of the user device.

16. A non-transitory computer readable storage device storing computer program modules executable to perform steps comprising:
- receiving an explicit command to generate an output code;
  
  generating, in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises;
  
  comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
  
  responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
  
  responsive to the holder being verified, generating a dynamic authentication code associated with an identifier of the holder of the user device;
  
  wherein the dynamic authentication code comprises a session identifier, a session counter and a timestamp of a plurality of variant fields, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device;
  
  translating the generated output code into a plurality of emulated keystrokes; and
  
  outputting the plurality of emulated keystrokes from the user device to an input of a client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yubico AB
Original Assignee
Yubico, Inc. (Yubico AB)
Inventors
Ehrensvrd, Jakob, Ehrensvrd, Stina
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/309,061
Publication Number

US 20150012981A1
Time in Patent Office

439 Days
Field of Search

726/5, 713/168, 713/182
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3236   using cryptographic hash fu...

Device and method for identification and authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for identification and authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links