System and method for encryption

US 9,705,681 B2
Filed: 06/06/2014
Issued: 07/11/2017
Est. Priority Date: 06/12/2013
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of generating a digital signature on behalf of a user, the method comprising:

receiving, via an input-output system, a request from a first user device of said user to create a digital signature for a first message M to verify its authenticity;

generating, using a processor, a validation challenge using a second message M′

which is based on the first message M and a first secret shared with said user, wherein said validation challenge is generated by encrypting said second message M′

using said first shared secret;

sending, via the input-output system, said validation challenge to said user to enable a second user device of said user to regenerate said second message M′

;

accessing a first shared secret from a database;

receiving, via the input-output system, a validation code from said second user device, said validation code confirming the request to create the digital signature and said validation code being generated following confirmation from the user that the second message M′

as displayed on the second user device corresponds to the first message M, wherein the second message M′

displayed on the second user device is generated by decrypting said validation challenge using said first shared secret; and

generating, using said processor, the digital signature for the user for the first message M based on a successful verification of the validation code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for generating a signature for a user are described. The system comprises a signature server, an initial transaction device for a user and a validation device for a user. The initial transaction device is configured to display a first message M and send a request to the signature server to create a signature for said first message M. The signature server is configured to generate a validation challenge using a second message M′ which is based on said first message M′ and a first secret shared between said user and said signature server and send said validation challenge to the validation device. The validation device is configured to regenerate said second message M′ using said first shared secret, display said second message M′, receive user confirmation that the displayed second message M′ corresponds to said first message M, generate a validation code confirming the request to create a signature; and send said validation code to said signature server. Thereafter, said signature server generates the signature for the user for the first message M.

Citations

18 Claims

1. A computer implemented method of generating a digital signature on behalf of a user, the method comprising:
- receiving, via an input-output system, a request from a first user device of said user to create a digital signature for a first message M to verify its authenticity;
  
  generating, using a processor, a validation challenge using a second message M′
  
  which is based on the first message M and a first secret shared with said user, wherein said validation challenge is generated by encrypting said second message M′
  
  using said first shared secret;
  
  sending, via the input-output system, said validation challenge to said user to enable a second user device of said user to regenerate said second message M′
  
  ;
  
  accessing a first shared secret from a database;
  
  receiving, via the input-output system, a validation code from said second user device, said validation code confirming the request to create the digital signature and said validation code being generated following confirmation from the user that the second message M′
  
  as displayed on the second user device corresponds to the first message M, wherein the second message M′
  
  displayed on the second user device is generated by decrypting said validation challenge using said first shared secret; and
  
  generating, using said processor, the digital signature for the user for the first message M based on a successful verification of the validation code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said second message M′
    - is identical to said first message M.
  - 3. The method of claim 1, further comprising reformatting the validation challenge as a barcode which is readable by the second user device and sending the reformatted validation challenge to the user.
  - 4. The method of claim 1, further comprising verifying the validation code prior to generating the digital signature.
  - 5. The method of claim 1, wherein the validation code is verified using a second shared secret.
  - 6. The method of claim 5, wherein the second shared secret is different to the first shared secret.
  - 7. The method of claim 1, further comprising preregistering with the second user device to obtain the first shared secret and/or second shared secret.

8. A computer implemented method of generating a digital signature on behalf of a user, the method comprising:
- displaying a first message M on a display of a first user device of said user;
  
  sending a request from said first user device to a signature server to create a digital signature for said first message M to verify its authenticity;
  
  creating a second message M′
  
  which is based on the first message M;
  
  accessing a first shared secret from a database;
  
  generating a validation challenge, using a processor on said signature server, using said second message M′ and
  
  a first secret shared between said user and said signature server, wherein said validation challenge is generated by encrypting said second message M′
  
  using said first shared secret;
  
  sending said validation challenge via an input-output system on said signature server to a second user device of said user;
  
  regenerating said second message M′
  
  on said second user device using said first shared secret wherein said second message M′
  
  is generated by decrypting said validation challenge using said first shared secret;
  
  displaying said second message M′
  
  on a display of said second user device;
  
  receiving user confirmation via a user interface on said second user device that the displayed second message M′
  
  corresponds to said first message M;
  
  generating a validation code confirming the request to create the digital signature;
  
  sending said validation code from said second user device to said signature server; and
  
  generating, using said processor, the digital signature for the user for the first message M based on a successful verification of the validation code.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising verifying the validation code prior to generating the digital signature.

10. A signature server for creating a digital signature on behalf of a user, the server being configured to:
- receive, via an input-output system, a request from a first user device of said user to create a digital signature for a first message M to verify its authenticity;
  
  generate, using a processor, a validation challenge using a second message M′
  
  which is based on the first message M and a first secret shared with said user, wherein said validation challenge is generated by encrypting said second message M′
  
  using said first shared secret;
  
  send, via the input-output system, said validation challenge to said user to enable a second user device of said user to regenerate said second message M′
  
  ;
  
  access a first shared secret from a database;
  
  receive, via the input-output system, a validation code from said second user device, said validation code confirming the request to create the digital signature and said validation code being generated following confirmation from the user that the second message M′
  
  as displayed on the second user device corresponds to the first message M, wherein the second message M′
  
  displayed on the second user device is generated by decrypting said validation challenge using said first shared secret; and
  
  generate, using said processor, the digital signature for the user for the first message M based on a successful verification of the validation code.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The signature server according to claim 10, comprising a signature creation device to generate the digital signature for the user.
  - 12. The signature server according to claim 11, wherein the signature creation device is local to the user.
  - 13. The signature server according to claim 11, wherein the signature creation device generates the validation challenge.
  - 14. The signature server according to claim 13, wherein the signature creation device and the second user device both store the first shared secret.
  - 15. The signature server according to claim 10, comprising an authentication and validation server to generate the validation challenge.
  - 16. The signature server according to claim 15, wherein the authentication and validation server and the second user device both store the first shared secret.
  - 17. The signature server according to claim 15, wherein the authentication and validation server is remote from the user.

18. A system comprising a signature server, an initial transaction device and a validation device, the initial transaction device being configured to:
- display a first message M on a display on said initial transaction device of a user; and
  
  send, via an input-output system, a request to the signature server to create a digital signature for said first message M to verify its authenticity;
  
  the signature server being configured to;
  
  generate, using a processor on said signature server, a validation challenge using a second message M′
  
  which is based on said first message M and a first secret shared between said user and said signature server, wherein said validation challenge is generated by encrypting said second message M′
  
  using said first shared secret; and
  
  send, via said input-output system, said validation challenge to the validation device of the user;
  
  the validation device being configured to;
  
  regenerate, using a processor on said validation device, said second message M′
  
  using said first shared secret wherein said second message M′
  
  is generated by decrypting said validation challenge using said first shared secret;
  
  display said second message M′
  
  on a display on said validation device;
  
  receive, via said input-output system, user confirmation that the displayed second message M′
  
  corresponds to said first message M;
  
  generate, via said processor on said validation device, a validation code confirming the request to create the digital signature; and
  
  send, via said input-output system, said validation code to said signature server;
  
  whereby said signature server generates, via said processor on said signature server, the digital signature for the user for the first message M based on a successful verification of the validation code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptomathic Ltd (Cryptomathic A/S)
Original Assignee
Cryptomathic Ltd (Cryptomathic A/S)
Inventors
Forget, Guillaume, Pedersen, Torben Pryds, Landrock, Peter
Primary Examiner(s)
ARANI, TAGHI T
Assistant Examiner(s)
Naghdali, Khalil

Application Number

US14/896,911
Publication Number

US 20160134424A1
Time in Patent Office

1,131 Days
Field of Search

713180
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 63/18   using different networks or...

H04L 9/06   the encryption apparatus us...

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

System and method for encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links