System and method for restricting access to a terminal

US 20070067634A1
Filed: 12/13/2005
Published: 03/22/2007
Est. Priority Date: 08/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating data comprising the steps of:

providing data to a first device having at least two initial cryptographic keys;

generating authentication information required to authenticate the data utilizing the at least two initial cryptographic keys;

sending the data and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys; and

, authenticating the data in the second device utilizing the paired cryptographic keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating data comprising the steps of: providing data to a first device having at least two initial cryptographic keys; generating authentication information required to authenticate the data utilizing the at least two initial cryptographic keys; sending the data and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys; and authenticating the data in the second device utilizing the paired cryptographic keys.

87 Citations

View as Search Results

48 Claims

1. A method for authenticating data comprising the steps of:
- providing data to a first device having at least two initial cryptographic keys;
  
  generating authentication information required to authenticate the data utilizing the at least two initial cryptographic keys;
  
  sending the data and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys; and
  
  , authenticating the data in the second device utilizing the paired cryptographic keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. A method in accordance with claim 1, wherein the paired cryptographic keys are stored on a secure token.
  - 3. A method in accordance with claim 2, wherein the second device includes a token reader for reading the paired cryptographic keys.
  - 4. A method in accordance with claim 1, wherein the authenticated data is used in the operation of a transaction terminal.
  - 5. A method in accordance with claim 1, wherein the authentication data is used in the operation of a point of sale transaction terminal.
  - 6. A method in accordance with claim 1, further comprising sending the authenticated data to a third device in a secure transaction.
  - 7. A method in accordance with claim 1, wherein the paired cryptographic keys are stored in memory in the second device.
  - 8. A method in accordance with claim 1, wherein the paired cryptographic keys are stored in a mass storage unit in the second device.
  - 9. A method in accordance with claim 1, wherein the paired cryptographic keys are stored in a third device and transmitted to the second device.
  - 10. A method in accordance with claim 1, wherein the paired cryptographic keys are transmitted to the second device from the first device as a separate transmission.
  - 11. A method in accordance with claim 1, wherein the paired cryptographic keys are derived from other data.
  - 12. A method in accordance with claim 1, wherein the other data is resident in either the first or second device.
  - 13. A method in accordance with claim 1, wherein the other data is provided to the second device from the first device.
  - 14. A method in accordance with claim 1, wherein the paired cryptographic keys are communicated to the second device from a secure information entry device.
  - 15. A method in accordance with claim 1, wherein the paired cryptographic keys are communicated to the second device over a network.
  - 16. A method in accordance with claim 1, wherein the paired cryptographic keys are communicated to the second device over a secure network.
  - 17. A method in accordance with claim 1, wherein the paired cryptographic keys are communicated to the second device over a wired communications link.
  - 18. A method in accordance with claim 1, wherein the paired cryptographic keys are communicated to the second device over a wireless communications link.
  - 19. A method in accordance with claim 1, wherein the second device is configured to not execute, not interpret, not process and not allow transfer of data if the paired cryptographic keys have not been provided to the second device.
  - 20. A method in accordance with claim 1, wherein if the paired cryptographic keys are not properly associated with the initial cryptographic keys, the second device will not execute, interpret, process or allow transfer of data in the data file.
  - 21. A method in accordance with claim 1, wherein the second device includes firmware having access to the paired cryptographic keys.
  - 22. A method in accordance with claim 21, wherein the firmware is pre-authenticated before being installed onto the second device.
  - 23. A method in accordance with claim 1, wherein the data file comprises at least one of the following:
    - graphics;
      
      audio;
      
      multimedia;
      
      biometric;
      
      payment;
      
      access requests;
      
      identity;
      
      contracts;
      
      credit;
      
      debit;
      
      parameter;
      
      sampling;
      
      textual;
      
      executable programs;
      
      cryptographic;
      
      software;
      
      communications;
      
      random number; and
      
      initiation data.
  - 24. A method in accordance with claim 1, wherein both the first device and the second device are capable of sending data to be authenticated and authenticating data utilizing paired cryptographic keys.
  - 25. A method in accordance with claim 1, wherein the first device sends data and authenticating data files to a plurality of second devices.
  - 26. A method in accordance with claim 1, wherein the second device has at least two second device initial cryptographic keys, comprising the further steps of:
    - generating authentication data required for data authentication utilizing the at least two second device initial cryptographic keys;
      
      sending the data and authentication data to a third device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two second device initial cryptographic keys; and
      
      , authenticating the data in the third device utilizing the paired cryptographic keys.
  - 27. A method in accordance with claim 1, wherein the data includes information regarding which paired cryptographic keys are to be used for authenticating data.
  - 28. A method in accordance with claim 1, wherein the authentication data includes information regarding which paired cryptographic keys are to be used for authenticating data.
  - 29. A method in accordance with claim 1, wherein at least one of the initial cryptographic keys is generated by at least one of the following;
    - processing data from an source external to the device;
      
      a random number or pseudo random number generator; and
      
      extracting data present in the data.

30. A method for performing authenticated transactions comprising the steps of:
- generating authentication data required for transaction authentication using at least two initial cryptographic keys;
  
  transmitting the authentication data and transaction data to a second device; and
  
  authenticating the transmitted transaction data file in the second device using the at least two transmitted cryptographic keys wherein each paired cryptographic key is associated with one of the at least two initial cryptographic keys.

31. A method for authenticating files and performing authorized transactions comprising the steps of:
- providing a transaction to a first device having multiple initial cryptographic keys;
  
  validating two or more of the multiple initial cryptographic keys;
  
  generating authentication data required for transaction authentication utilizing two or more of the initial cryptographic keys that are validated;
  
  sending the transaction and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the valid initial cryptographic keys; and
  
  authenticating the transaction in the second device utilizing the paired cryptographic keys.

32. A method for authenticating files and performing authorized transactions comprising the steps of:
- providing data to a first device having multiple initial cryptographic keys;
  
  invalidating one or more of the multiple initial cryptographic keys;
  
  generating authentication data required for file authentication utilizing two or more of the initial cryptographic keys that are validated;
  
  sending the data file and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the valid initial cryptographic keys; and
  
  authenticating the data file in the second device utilizing the paired cryptographic keys.

33. A method for authenticating data comprising the steps of:
- providing data to a first device having multiple initial cryptographic keys;
  
  generating authentication data required for data authentication utilizing predetermined initial cryptographic keys which number less than all of the multiple initial cryptographic keys;
  
  sending the data and authentication data to a second device;
  
  pairing cryptographic keys in the second device to determine a paired cryptographic key associated for each of the predetermined initial cryptographic keys; and
  
  authenticating the digital data in the second device utilizing the paired cryptographic keys.

34. A system for authorizing digital data comprising:
- a first device having at least two initial cryptographic keys, wherein the first device generates authentication data required for digital data authentication utilizing the at least two initial cryptographic keys and transmits the digital data and authentication data; and
  
  a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys, wherein the second device authenticates the digital data in the second device utilizing the paired cryptographic keys.

35. A method for authenticating digital files and performing authorized transactions comprising the steps of:
- providing data to a first device;
  
  passing the data through a hash function to produce a hash value;
  
  encrypting the hash value using at least two initial cryptographic keys;
  
  sending data file and the encrypted hash value to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys;
  
  decrypting the digital signature using the at least two paired cryptographic keys;
  
  passing the data file thru the hash algorithm at the second device to generate a second device hash value;
  
  comparing the first device hash value to the second device hash value; and
  
  wherein the second device will not execute, interpret, process or allow transfer of data in the data file if the first device hash value differs from the second device hash value.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 36. A method in accordance with claim 35, wherein the multiple keys are used in pairs for data encryption.
  - 37. A method in accordance with claim 35, wherein the multiple keys are used in pairs for authenticating digital data.
  - 38. A method in accordance with claim 35, wherein the validation of one or more keys is initiated by a transaction sent from another device.
  - 39. A method in accordance with claim 35, wherein the validation of one or more keys is initiated by a command sequence directly entered on the device in which the keys reside.
  - 40. A method in accordance with claim 35, wherein the validation of one or more keys is initiated by a software program processing in the device in which the keys reside.
  - 41. A method in accordance with claim 35, wherein the invalidation of one or more keys is initiated by a transaction sent from another device.
  - 42. A method in accordance with claim 35, wherein the invalidation of one or more keys is initiated by a command sequence directly entered on the device in which the keys reside.
  - 43. A method in accordance with claim 35, wherein the invalidation of one or more keys is initiated by a software program processing in the device in which the keys reside.
  - 44. A method in accordance with claim 35, wherein the invalidation of keys is by removal of the keys from the device.
  - 45. A method in accordance with claim 35, wherein the invalidation of keys is by marking the keys as invalid.
  - 46. A method in accordance with claim 35, wherein initial device keys and their associated second device keys can be replaced with other keys and the replacement is initiated by a transaction from another device.
  - 47. A method in accordance with claim 35, wherein initial keys and their associated keys can be replaced.
  - 48. A method in accordance with claim 35, wherein initial keys and their associated keys can be replaced.

35-1. A method of key management of multiple cryptographic keys used in paired key authentication comprising the steps of:
- establishing multiple keys in an initial device;
  
  establishing multiple keys in a second device paired to the initial device keys;
  
  enabling the validation of keys in the initial device;
  
  enabling validation of keys in the second device;
  
  enabling the invalidation of keys in the initial device;
  
  enabling invalidation of keys in the second device;
  
  enabling replacement of keys in the initial device; and
  
  enabling replacement of keys in the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Original Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Inventors
Siegler, Thomas

Granted Patent

US 8,108,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0844   with user authentication or...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

System and method for restricting access to a terminal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for restricting access to a terminal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links