System and method for restricting access to a terminal

US 8,108,317 B2
Filed: 12/13/2005
Issued: 01/31/2012
Est. Priority Date: 08/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating data comprising the steps of:

selecting at least two initial cryptographic keys from within a larger set of N cryptographic keys stored in a first device;

providing data to the first device;

generating authentication information required to authenticate the data utilizing the selected initial cryptographic keys;

sending the data and authentication information to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys;

authenticating the data in the second device utilizing the paired cryptographic keys; and

,selecting at least one other cryptographic key from the set of N cryptographic keys if one of the selected initial cryptographic keys has been compromised.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating data comprising the steps of: providing data to a first device having at least two initial cryptographic keys; generating authentication information required to authenticate the data utilizing the at least two initial cryptographic keys; sending the data and authentication data to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys; and authenticating the data in the second device utilizing the paired cryptographic keys.

10 Citations

View as Search Results

30 Claims

1. A method for authenticating data comprising the steps of:
- selecting at least two initial cryptographic keys from within a larger set of N cryptographic keys stored in a first device;
  
  providing data to the first device;
  
  generating authentication information required to authenticate the data utilizing the selected initial cryptographic keys;
  
  sending the data and authentication information to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys;
  
  authenticating the data in the second device utilizing the paired cryptographic keys; and
  
  ,selecting at least one other cryptographic key from the set of N cryptographic keys if one of the selected initial cryptographic keys has been compromised.

2. A method for authenticating data comprising the steps of:
- providing data to a first device having at least two initial cryptographic keys;
  
  generating authentication information required to authenticate the data utilizing the at least two initial cryptographic keys;
  
  sending the data and authentication information to a second device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two initial cryptographic keys; and
  
  ,authenticating the data in the second device utilizing the paired cryptographic keys.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 3. A method in accordance with claim 2, wherein the paired cryptographic keys are stored on a secure token.
  - 4. A method in accordance with claim 3, wherein the second device includes a token reader for reading the paired cryptographic keys.
  - 5. A method in accordance with claim 2, wherein the authenticated data is used in the operation of a transaction terminal.
  - 6. A method in accordance with claim 2, wherein the authentication data is used in the operation of a point of sale transaction terminal.
  - 7. A method in accordance with claim 2, further comprising sending the authenticated data to a third device in a secure transaction.
  - 8. A method in accordance with claim 2, wherein the paired cryptographic keys are stored in memory in the second device.
  - 9. A method in accordance with claim 2, wherein the paired cryptographic keys are stored in a mass storage unit in the second device.
  - 10. A method in accordance with claim 2, wherein the paired cryptographic keys are stored in a third device and transmitted to the second device.
  - 11. A method in accordance with claim 2, wherein the paired cryptographic keys are transmitted to the second device from the first device as a separate transmission.
  - 12. A method in accordance with claim 2, wherein the paired cryptographic keys are derived from other data.
  - 13. A method in accordance with claim 2, wherein the other data is resident in either the first or second device.
  - 14. A method in accordance with claim 2, wherein the other data is provided to the second device from the first device.
  - 15. A method in accordance with claim 2, wherein the paired cryptographic keys are communicated to the second device from a secure information entry device.
  - 16. A method in accordance with claim 2, wherein the paired cryptographic keys are communicated to the second device over a network.
  - 17. A method in accordance with claim 2, wherein the paired cryptographic keys are communicated to the second device over a secure network.
  - 18. A method in accordance with claim 2, wherein the paired cryptographic keys are communicated to the second device over a wired communications link.
  - 19. A method in accordance with claim 2, wherein the paired cryptographic keys are communicated to the second device over a wireless communications link.
  - 20. A method in accordance with claim 2, wherein the second device is configured to not execute, not interpret, not process and not allow transfer of data if the paired cryptographic keys have not been provided to the second device.
  - 21. A method in accordance with claim 2, wherein if the paired cryptographic keys are not properly associated with the initial cryptographic keys, the second device will not execute, interpret, process or allow transfer of data in the data file.
  - 22. A method in accordance with claim 2, wherein the second device includes firmware having access to the paired cryptographic keys.
  - 23. A method in accordance with claim 22, wherein the firmware is pre-authenticated before being installed onto the second device.
  - 24. A method in accordance with claim 2, wherein the data file comprises at least one of the following:
    - graphics;
      
      audio;
      
      multimedia;
      
      biometric;
      
      payment;
      
      access requests;
      
      identity;
      
      contracts;
      
      credit;
      
      debit;
      
      parameter;
      
      sampling;
      
      textual;
      
      executable programs;
      
      cryptographic;
      
      software;
      
      communications;
      
      random number; and
      
      initiation data.
  - 25. A method in accordance with claim 2, wherein both the first device and the second device are capable of sending data to be authenticated and authenticating data utilizing paired cryptographic keys.
  - 26. A method in accordance with claim 2, wherein the first device sends data and authenticating data files to a plurality of second devices.
  - 27. A method in accordance with claim 2, wherein the second device has at least two second device initial cryptographic keys, comprising the further steps of:
    - generating authentication data required for data authentication utilizing the at least two second device initial cryptographic keys;
      
      sending the data and authentication data to a third device having paired cryptographic keys wherein each paired cryptographic key is associated to one of the at least two second device initial cryptographic keys; and
      
      ,authenticating the data in the third device utilizing the paired cryptographic keys.
  - 28. A method in accordance with claim 2, wherein the data includes information regarding which paired cryptographic keys are to be used for authenticating data.
  - 29. A method in accordance with claim 2, wherein the authentication data includes information regarding which paired cryptographic keys are to be used for authenticating data.
  - 30. A method in accordance with claim 2, wherein at least one of the initial cryptographic keys is generated by at least one of the following;
    - processing data from an source external to the device;
      
      a random number or pseudo random number generator; and
      
      extracting data present in the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Original Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Inventors
Siegler, Thomas Arthur
Primary Examiner(s)
Elisca, Pierre E.
Assistant Examiner(s)
Kamal, Shahid

Application Number

US11/301,633
Publication Number

US 20070067634A1
Time in Patent Office

2,240 Days
Field of Search

705 51- 65, 380/25, 713/167, 713/187, 713/193
US Class Current

705/65
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0844   with user authentication or...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

System and method for restricting access to a terminal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

System and method for restricting access to a terminal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others