Universal secure messaging for remote security tokens
First Claim
1. A method for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising the steps of:
- a. performing a first security transaction which authenticates said security token to said security token enabled computer system;
b. establishing a secure communications connection between said security token and said security token enabled computer system which incorporates a shared symmetric key set generated during said first security transaction;
c. assigning at least one key from said shared symmetric key set to a dedicated communications channel accessible to said security token; and
d. performing a second security transaction which authenticates a user to said security token, the second security transaction being different from the first security transaction and performed after the first security transaction, and wherein, after successfully completing the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established.
3 Assignments
0 Petitions
Accused Products
Abstract
An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.
119 Citations
52 Claims
-
1. A method for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising the steps of:
-
a. performing a first security transaction which authenticates said security token to said security token enabled computer system; b. establishing a secure communications connection between said security token and said security token enabled computer system which incorporates a shared symmetric key set generated during said first security transaction; c. assigning at least one key from said shared symmetric key set to a dedicated communications channel accessible to said security token; and d. performing a second security transaction which authenticates a user to said security token, the second security transaction being different from the first security transaction and performed after the first security transaction, and wherein, after successfully completing the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising:
-
said security token enabled computer system including; a first security transaction section for at least authenticating said security token to said security token enabled computer system in a first security transaction; a first secure communications connection section for at least establishing a cryptographically encoded link between said security token enabled computer system and said security token, wherein said first secure communications connection section includes a symmetric key set generation section and a secure symmetric key exchange section; said intelligent remote device including; a security token interface section for at least operatively coupling said security token to said intelligent remote device; a user interface section for at least receiving and routing a critical security parameter provided by said user to said security token interface section; said security token including; a second secure communications connection section for at least establishing said cryptographically encoded link in conjunction with said first secure communications connection section; a dedicated communications channel section for preventing a concurrent cryptographically encoded link from being established with said security token; and a second security transaction section for at least authenticating said user to said security token using at least said critical security parameter in a second security transaction, the second security transaction being different from the first security transaction and performed after the first security transaction, and wherein, after successfully completing the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A system for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising:
-
said security token enabled computer system including; a first processor; a first memory coupled to said first processor; at least one remote authentication application operatively stored in a first portion of said first memory having logical instructions executable by said first processor to; authenticate said security token to the security token enabled computer system in a first security transaction; establish a secure end-to-end communications connection with said security token; said intelligent remote device including; a second processor; a second memory coupled to said second processor; a security token interface coupled to said second processor; a user interface coupled to said second processor; and
,at least one remote device interface application operatively stored in a portion of said second memory having logical instructions executable by said second processor to; emulate a security token device interface locally coupled to at least said security token enabled computer system; and
,conditionally receive and route a critical security parameter provided by said user via said user interface to said security token; and said security token including; at least a third processor; a third memory coupled to said at least a third processor; a communications and electromagnetic power interface coupled to said at least a third processor and said security token interface; at least one token remote authentication application operatively stored in a second portion of said third memory having logical instructions executable by said at least a third processor to; establish said secure end-to-end communications connection in conjunction with said security token enabled computer system; restrict said secure end-to-end communications connection to a single wireless communications channel; and authenticate said user to the security token based at least in part on said critical security parameter in a second security transaction, the second security transaction being different from the first security transaction and performed after the first security transaction, and wherein, after successfully completing the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A non-transitory computer readable medium storing computer software for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device, said computer software comprising:
-
executable instructions for causing said security token processor to; utilize one or more security token emulation services provided by an intelligent remote device processor; establish a secure end-to-end communications connection in conjunction with a security token enabled computer system processor; restrict said secure end-to-end communications connection to a single wireless secure communications channel, and authenticate a user; executable instructions for causing said intelligent remote device processor to; provide said one or more security token emulation services to said security token processor; and receive and route a critical security parameter provided by said user via said user interface to said security token to authenticate the user to the security token in a first security transaction; and executable instructions for causing said security token enabled computer system processor to; authenticate said security token to the security token enabled computer system processor in a second security transaction, wherein the second security transaction is performed after the first security transaction, and wherein after successful completion of the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established. - View Dependent Claims (49, 50, 51)
-
-
52. A method for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device, the method comprising:
-
performing a first security transaction which authenticates said security token to said security token enabled computer system; establishing a secure communications connection between said security token and said security token enabled computer system according to a result of the first security transaction; and performing a second security transaction which authenticates a user to said security token, the second security transaction being different from the first security transaction, wherein the second security transaction is performed after successfully completing the first security transaction and includes authenticating the user to said security token using a critical security parameter received from the user via said intelligent remote device, and wherein, after successfully completing the first security transaction and then the second security transaction, the secure end-to-end communications connection between the security token enabled computer system and the security token is established.
-
Specification