TOKEN FOR SECURING COMMUNICATION

US 20110307699A1
Filed: 03/25/2010
Published: 12/15/2011
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for performing a command on a token, comprising:

receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;

making a first determination that the sender is allowed to send commands to the token;

based on the first determination;

generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS);

making a second determination that the first CAMD and the second CAMD match; and

based on the second determination, performing the command by the token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token.

44 Citations

View as Search Results

42 Claims

1. A method for performing a command on a token, comprising:
- receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS);
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein performing the command by the token comprises:
    - obtaining an input for the command from the scrambled data using the ACAS.
  - 3. The method of claim 2, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 4. The method of claim 3, wherein the input comprises a secret value.
  - 5. The method of claim 1, wherein the ACAS is generated on the token using a challenge, an administrator secret, and an n-bit generator.
  - 6. The method of claim 1, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 7. The method of claim 6, wherein the second OTP is obtained from a portion of a message digest generated using a challenge, and an administrator secret, and an n-bit generator, wherein the token generates the challenge.
  - 8. The method of claim 7, wherein the challenge is sent to the sender as a scrambled challenge.
  - 9. The method of claim 8, wherein the scrambled challenge is generated using the ACAS.
  - 10. The method of claim 1, wherein the sender is an administrator.

11. A token, comprising:
- a processor; and
  
  a computer readable medium comprising computer readable program code embodied therein, which when executed by the processor, perform a method, the method comprising;
  
  receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS);
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The token of claim 11, further comprising:
    - secure persistent storage configured to store an administrator secret, wherein the administrator secret is used to generate to ACAS;
      
      a tamper detection module configured to determine whether the token has been tampered with and erase the secure persistent storage when tampering is detected.
  - 13. The token of claim 11, wherein performing the command by the token comprises:
    - obtaining an input for the command from the scrambled data using the ACAS.
  - 14. The token of claim 13, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 15. The token of claim 14, wherein the input comprises a secret value.
  - 16. The token of claim 11, wherein the ACAS is generated on the token using a challenge, an administrator secret, and an n-bit generator.
  - 17. The token of claim 11, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 18. The token of claim 17, wherein the second OTP is obtained from a portion of a message digest generated using a challenge, and an administrator secret, and an n-bit generator, wherein the token generates the challenge.
  - 19. The token of claim 18, wherein the challenge is sent to the sender as a scrambled challenge.
  - 20. The token of claim 19, wherein the scrambled challenge is generated using the ACAS.
  - 21. The token of claim 11, wherein the sender is an administrator.
  - 22. The token of claim 11, wherein the token is one selected from a group consisting of a mobile phone, a smart phone, a personal digital assistant, and a gaming device.

23. A token, comprising:
- integrated circuits configured to perform a method, the method comprising;
  
  receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS);
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The token of claim 23, wherein performing the command by the token comprises:
    - obtaining an input for the command from the scrambled data using the ACAS.
  - 25. The token of claim 24, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 26. The token of claim 25, wherein the input comprises a secret value.
  - 27. The token of claim 23, wherein the ACAS is generated on the token, using a challenge, an administrator secret, and an n-bit generator.
  - 28. The token of claim 23, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 29. The token of claim 28, wherein the second OTP is obtained from a portion of a message digest generated using a challenge, and an administrator secret, and an n-bit generator, wherein the token generates the challenge.
  - 30. The token of claim 29, wherein the challenge is sent to the sender as a scrambled challenge.
  - 31. The token of claim 30, wherein the scrambled challenge is generated using the ACAS.
  - 32. The token of claim 23, wherein the token complies with at least one selected from a group consisting of ISO/IEC 7810, ISO/IEC 78 SO/IEC 7811, and ISO/IEC 7816.

33. A computer readable medium comprising computer readable program code embodied therein for causing a token to perform a method, the method comprising:
- receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS);
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The computer readable medium of claim 33, wherein performing the command by the token comprises:
    - obtaining an input for the command from the scrambled data using the ACAS.
  - 35. The computer readable medium of claim 34, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 36. The computer readable medium of claim 35, wherein the input comprises a secret value.
  - 37. The computer readable medium of claim 33, wherein the ACAS is generated on the token using a challenge, an administrator secret, and an n-bit generator.
  - 38. The computer readable medium of claim 33, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 39. The computer readable medium of claim 38, wherein the second OTP is obtained from portion of a message digest generated using a challenge, and an administrator secret, and an n-bit generator, wherein the token generates the challenge.
  - 40. The computer readable medium of claim 39, wherein the challenge is sent to the sender as a scrambled challenge.
  - 41. The computer readable medium of claim 40, wherein the scrambled challenge is generated using the ACAS.
  - 42. The computer readable medium of claim 33, wherein the sender is an administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy

Granted Patent

US 8,959,350 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/0869   for achieving mutual authen...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

TOKEN FOR SECURING COMMUNICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

TOKEN FOR SECURING COMMUNICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links