Method and system for state machine security device

US 8,924,713 B2
Filed: 11/20/2012
Issued: 12/30/2014
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a transaction or access via a security device, the method comprising:

communicating an authentication request by the security device to an authentication server;

for a sequence of information requests comprising a plurality of information requests;

receiving an information request in the plurality of information requests at the security device from the authentication server;

in response to the received information request, sending a response from the security device to the authentication server, the response comprising a value generated based on a current state in a plurality of states of an internal authentication state machine in the security device; and

repeating said receiving and said sending for each information request in the plurality of information requests to traverse the authentication state machine until sending a response to a last information request in the sequence of information requests, wherein the values sent to the authentication server comprise a sequence of reported values,wherein the security device is authenticated by the authentication server based on comparing of the sequence of reported values with a sequence of expected values used by the authentication server in uniquely identifying the security device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

16 Citations

View as Search Results

31 Claims

1. A method for authenticating a transaction or access via a security device, the method comprising:
- communicating an authentication request by the security device to an authentication server;
  
  for a sequence of information requests comprising a plurality of information requests;
  
  receiving an information request in the plurality of information requests at the security device from the authentication server;
  
  in response to the received information request, sending a response from the security device to the authentication server, the response comprising a value generated based on a current state in a plurality of states of an internal authentication state machine in the security device; and
  
  repeating said receiving and said sending for each information request in the plurality of information requests to traverse the authentication state machine until sending a response to a last information request in the sequence of information requests, wherein the values sent to the authentication server comprise a sequence of reported values,wherein the security device is authenticated by the authentication server based on comparing of the sequence of reported values with a sequence of expected values used by the authentication server in uniquely identifying the security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 30)
- - 2. The method of claim 1 further comprising generating each reported value in the sequence of reported values from a particular state in the internal authentication state machine during the generation of the sequence of reported values.
  - 3. The method of claim 1 further comprising configuring the security device to traverse the internal authentication state machine.
  - 4. The method of claim 3 further comprising configuring the security device to traverse the internal authentication state machine in single state increments or variable number of state increments.
  - 5. The method of claims 1 further wherein the security device is initialized by the authentication server, at the beginning of each authentication or some authentication to a particular state of the internal authentication state machine.
  - 6. The method of claim 1 further wherein one or both of the security device and the authentication server configures a state mapping used in generating the sequence of reported values based on the internal authentication state machine.
  - 7. The method of claim 6, wherein one or more of a number of states in the internal authentication state machine, a value associated with each state in the internal authentication state machine, and a starting state in the internal authentication state machine are set or adjusted when configuring the state mapping.
  - 8. The method of claim 1, wherein the authentication server reconfigures, at the end of each authentication or some authentications, the generation of the reported values by the security device and the sequence of expected values such that a subsequent authentication is validated by a different state mapping.
  - 9. The method of claim 1 further comprising encrypting messages communicated between the security device and the authentication server during the authentication of the security device.
  - 10. The method of claim 9 further comprising selecting by the security device, for the encryption of messages, a random private key associated with the security device, and communicating the selected random private key to the authentication server using public key encryption, the security device and the authentication device configured to switch to use the selected random private key after an exchange of the random private key.
  - 11. The method of claim 1 further comprising authenticating by the security device, an identity of the authentication server before sending said values to the authentication server, the authentication comprising requesting the authentication server to provide validation data for comparison with local data maintained by the security device.
  - 12. The method of claim 1 further comprising selectively activating and deactivating the security device based on an activation state machine associated with the security device.
  - 13. The method of claim 1 further comprising concurrently utilizing the security device for supporting multiple authentication sessions, the concurrent use comprising performing, independently and/or concurrently, multiple authentications of the security device with one or more authentication servers.
  - 30. The method of claim 8, wherein reconfiguring the generation of the reported values comprises at least one of changing a number of states in the internal authentication state machine, changing a value associated with each state in the internal authentication state machine, and a starting state in the internal authentication state machine.

14. A security device, comprising:
- one or more circuits configured to;
  
  communicate an authentication request to an authentication server;
  
  for a sequence of information requests comprising a plurality of information requests;
  
  receive an information request in the plurality of information requests at the security device from the authentication server;
  
  send, in response to the information request, a response in a sequence of responses to the authentication server, the response comprising a value generated based on a current state in a plurality of states of an internal authentication state machine in the security device; and
  
  repeat said receiving and said sending for each information request in the plurality of information requests to traverse the authentication state machine until sending a response to a last information request in the sequence of information requests, wherein the sequence of responses comprise a sequence of reported values; and
  
  communicate the sequence of responses to the authentication server to enable authenticating the security device by the authentication server by uniquely identifying the security device based on comparison in the authentication server of the sequence of reported values with a sequence of expected values.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The security device of claim 14, wherein the one or more circuits are further configured to generate each reported value in each of the sequence of responses from a particular state in the internal authentication state machine during a generation of the sequence of responses.
  - 16. The security device of claim 14, wherein the one or more circuits are further configured to set the sequence of reported values in the sequence of responses based on traversal of the internal authentication state machine.
  - 17. The security device of claim 16, wherein the security device is configured to traverse the internal authentication state machine in single state increments or variable number of state increments.
  - 18. The security device of claim 14, wherein the one or more circuits are further configured to encrypt or decrypt messages communicated between the security device and the authentication server during the authentication of the security device.
  - 19. The security device of claim 18, wherein the one or more circuits are further configured to select, for the encryption of messages, a random private key associated with the security device, and communicate the selected random private key to the authentication server using public key encryption, the security device and the authentication device configured to switch to use the selected random private key after an exchange of the random private key.
  - 20. The security device of claim 14, wherein the one or more circuits are further configured to authenticate by the security device, an identity of the authentication server before sending said values to the authentication server, the authentication comprising requesting the authentication server to provide validation data for comparison with local data maintained by the security device.
  - 21. The security device of claim 14, wherein the one or more circuits are further configured to selectively activate or deactivate the security device based on an activation state machine associated with the security device.
  - 22. The security device of claim 14, wherein the one or more circuits are further configured to support multiple authentication sessions using the security device, the concurrent use comprising performing, independently and/or concurrently, multiple authentications of the security device with one or more authentication servers.

23. An authentication server, comprising:
- one or more circuits configured to;
  
  receive an authentication request sent by a security device;
  
  generate, in response to the authentication request, a sequence of information requests comprising a plurality of information requests;
  
  for each request in the plurality of requests;
  
  send the information request to the security device;
  
  receive from the security device a response that is generated in response to the information request, the response comprising a value generated based on a current state in a plurality of states of an internal authentication state machine in the security device;
  
  repeat said sending and said receiving for each information request in the plurality of information requests in the sequence of information requests to traverse the authentication state machine of the security device until receiving a response to a last information request in the sequence of information requests, wherein the responses received at the authentication server comprise a sequence of reported values; and
  
  authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values used by the authentication server in uniquely identifying the security device.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 31)
- - 24. The authentication server of claim 23, wherein the one or more circuits are further configured to initialize the security device at the beginning of each authentication or some authentications to a particular state of an internal authentication state machine used by the security device in generating the responses.
  - 25. The authentication server of claim 23, wherein the one or more circuits are further configured to configure a state mapping used in generating the sequence of reported values by the security device based on an internal authentication state machine used by the security device.
  - 26. The authentication server of claim 25, wherein configuring the state mapping comprises setting or adjusting one or more of number of states in the internal authentication state machine, a value associated with each state in the internal authentication state machine, a starting state in the internal authentication state machine, and traversal path in the internal authentication state machine during the sequence of reported values.
  - 27. The authentication server of claim 23, wherein the one or more circuits are further configured to reconfigure, at the end of each authentication or some authentications, the generation of the reported values by the security device and the sequence of expected values such that a subsequent authentication is validated by a different state mapping.
  - 28. The authentication server of claim 23, wherein the one or more circuits are further configured to encrypt or decrypt messages communicated between the security device and the authentication server during the authentication of the security device.
  - 29. The authentication server of claim 28, wherein the one or more circuits are further configured to receive from the security device a selected random private key, the selected random private key communicated using public key encryption, the security device and the authentication device configured to switch to use the selected random private key after an exchange of the random private key.
  - 31. The authentication server of claim 27, wherein reconfiguring the generation of the reported values comprises at least one of changing a number of states in the internal authentication state machine, changing a value associated with each state in the internal authentication state machine, and a starting state in the internal authentication state machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Golba LLC
Original Assignee
Golba LLC
Inventors
Moshfeghi, Mehran
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
An, Wayne

Application Number

US13/681,667
Publication Number

US 20130262856A1
Time in Patent Office

770 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 9/0625   with splitting of the data ...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/065   Encryption by serially and ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3271   using challenge-response

H04L 9/3273   for mutual authentication n...

Method and system for state machine security device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for state machine security device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links