Method and system for smartcard emulation
First Claim
Patent Images
1. A method comprising:
- receiving, by a security agent on a client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device;
validating, by the security agent on the client device, the container PIN;
sending, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user;
receiving, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container;
combining the cloud portion of the private key with the container portion of the private key to construct the private key;
sending, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device;
receiving, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and
exporting, from the security agent on the client device to the second device, the container portion of the private key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for emulating a smartcard which includes receiving a one time password and a container PIN for a container, validating the container PIN, upon validating the container PIN, and sending a request to validate the one time password to an authentication server based on a credential ID and a user ID, wherein the request includes the credential ID, the user ID, and the one time password. Upon validation of the one time password by the authentication server, a response is received from the authentication server, and the response includes at least one of: at least a portion of a private key or an authorization to access a at least a portion of the private key stored locally.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving, by a security agent on a client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validating, by the security agent on the client device, the container PIN; sending, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receiving, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combining the cloud portion of the private key with the container portion of the private key to construct the private key; sending, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receiving, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and exporting, from the security agent on the client device to the second device, the container portion of the private key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a hardware memory; and a security agent on a client device coupled to or containing the hardware memory, the security agent configured to; receive, by the security agent on the client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validate, by the security agent on the client device, the container PIN; send, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receive, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combine the cloud portion of the private key with the container portion of the private key to construct the private key; send, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receive, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and export, from the security agent on the client device to the second device, the container portion of the private key. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable storage medium comprising instructions that, when executed by a security agent on a client device, cause the security agent to perform a set of operations comprising:
-
receiving, by the security agent on the client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validating, by the security agent on the client device, the container PIN; sending, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receiving, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combining the cloud portion of the private key with the container portion of the private key to construct the private key; sending, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receiving, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and exporting, from the security agent on the client device to the second device, the container portion of the private key. - View Dependent Claims (12, 13, 14, 15)
-
Specification