Method and system for authenticating a security device
First Claim
1. A method for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location, the method comprising:
- at the security device, having a UID (global unique identifier), a processor and a memory;
obtaining, from the remote network location, a private security software, and causing the private security software to obtain a user selectable PIN (personal identification number), and the UID of the security device, the UID uniquely identifying the security device and being permanently associated with the security device;
generating a device ID serial number corresponding to the UID;
forwarding the PIN, the device ID serial number, and the UID to the remote network location,at the remote location;
generating a seed;
generating a user-personalized credential code using the PIN, the UID, and the seed; and
generating, from the seed, an asymmetric encryption key pair including an encryption key and a decryption key;
storing the decryption key in a memory at the remote location; and
deleting the seed and the encryption key from any memory at the remote location, and at the security device;
obtaining the user-personalized credential code from the remote network location; and
verifying an authenticity of the user selectable PIN and the UID from the personalized credential code, without communicating over a network.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location are provided. A security device is registered by installing private security software on the security device that generates an asymmetrical encryption key pair including an encryption key and a decryption key. The encryption key is stored only on the security device and the decryption key is stored only on a remote server. Embodiments of the present invention provide increased security by not storing the encryption key on the remote server so that attackers stealing data from the server cannot pretend to a user having the registered security device. A corresponding system for authenticating a security device is also provided.
-
Citations
20 Claims
-
1. A method for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location, the method comprising:
-
at the security device, having a UID (global unique identifier), a processor and a memory; obtaining, from the remote network location, a private security software, and causing the private security software to obtain a user selectable PIN (personal identification number), and the UID of the security device, the UID uniquely identifying the security device and being permanently associated with the security device; generating a device ID serial number corresponding to the UID; forwarding the PIN, the device ID serial number, and the UID to the remote network location, at the remote location; generating a seed; generating a user-personalized credential code using the PIN, the UID, and the seed; and generating, from the seed, an asymmetric encryption key pair including an encryption key and a decryption key; storing the decryption key in a memory at the remote location; and deleting the seed and the encryption key from any memory at the remote location, and at the security device; obtaining the user-personalized credential code from the remote network location; and verifying an authenticity of the user selectable PIN and the UID from the personalized credential code, without communicating over a network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing a secure access from a local network location to a remote network location, the system comprising:
-
a remote server computer at the remote network location; and a security device at the local network location, the security device having a UID (global unique identifier) uniquely identifying the security device and permanently associated with the security device, a processor and a memory having computer readable instructions stored thereon, causing the processor to; obtain, from the remote server computer, a private security software; obtain, from the remote network location, a private security software, and causing the private security software to obtain a user selectable PIN (personal identification number), and the UID of the security device, the UID uniquely identifying the security device and being permanently associated with the security device; generate a device ID serial number corresponding to the UID; forward the PIN, the device ID serial number, and the UID to the remote network location, the remote server computer being configured to; generate a seed; generate a user-personalized credential code using the PIN, the UID, and the seed; and generate, from the seed, an asymmetric encryption key pair including an encryption key and a decryption key; store the decryption key in a memory at the remote location; and delete the seed and the encryption key from any memory at the remote location, and the computer readable instructions being further configured to cause the processor to; obtain the user-personalized credential code from the remote network location; and verify an authenticity of the user selectable PIN and the UID from the personalized credential code, without communicating over a network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification