Token for securing communication

US 8,959,350 B2
Filed: 03/25/2010
Issued: 02/17/2015
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for performing a command on a token, comprising:

receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;

making a first determination that the sender is allowed to send commands to the token;

based on the first determination;

generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), wherein the ACAS is obtained from a portion of a message digest, wherein the message digest is generated using a challenge, and an administrator secret, and an n-bit generator, and wherein the administrator secret is distinct from the ACAS;

making a second determination that the first CAMD and the second CAMD match; and

based on the second determination, performing the command by the token, wherein performing the command by the token comprises;

obtaining an input for the command from the scrambled data using the ACAS.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token.

58 Citations

View as Search Results

35 Claims

1. A method for performing a command on a token, comprising:
- receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), wherein the ACAS is obtained from a portion of a message digest, wherein the message digest is generated using a challenge, and an administrator secret, and an n-bit generator, and wherein the administrator secret is distinct from the ACAS;
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token, wherein performing the command by the token comprises;
  
  obtaining an input for the command from the scrambled data using the ACAS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 3. The method of claim 2, wherein the input comprises a secret value.
  - 4. The method of claim 1, wherein the ACAS is generated on the token.
  - 5. The method of claim 1, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 6. The method of claim 5, wherein the second OTP is obtained from the message digest wherein the token generates the challenge.
  - 7. The method of claim 6, wherein the challenge is sent to the sender as a scrambled challenge.
  - 8. The method of claim 7, wherein the scrambled challenge is generated using the administrator secret.
  - 9. The method of claim 1, wherein the sender is an administrator.

10. A token, comprising:
- a processor; and
  
  a non-transitory computer readable medium comprising computer readable program code embodied therein which, when executed by the processor, performs a method, the method comprising;
  
  receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), wherein the ACAS is obtained from a portion of a message digest, wherein the message digest is generated using a challenge, and an administrator secret, and an n-bit generator, and wherein the administrator secret is distinct from the ACAS;
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token, wherein performing the command by the token comprises;
  
  obtaining an input for the command from the scrambled data using the ACAS.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The token of claim 10, further comprising:
    - secure persistent storage configured to store the administrator secret;
      
      a tamper detection module configured to determine whether the token has been tampered with and erase the secure persistent storage when tampering is detected.
  - 12. The token of claim 10, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 13. The token of claim 12, wherein the input comprises a secret value.
  - 14. The token of claim 10, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 15. The token of claim 14, wherein the second OTP is obtained from the message digest, wherein the token generates the challenge.
  - 16. The token of claim 15, wherein the challenge is sent to the sender as a scrambled challenge.
  - 17. The token of claim 16, wherein the scrambled challenge is generated using the administrator secret.
  - 18. The token of claim 10, wherein the sender is an administrator.
  - 19. The token of claim 10, wherein the token is one selected from a group consisting of a mobile phone, a smart phone, a personal digital assistant, and a gaming device.

20. A token, comprising:
- integrated circuits configured to perform a method, the method comprising;
  
  receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), wherein the ACAS is obtained from a portion of a message digest, wherein the message digest is generated using a challenge, and an administrator secret, and an n-bit generator, and wherein the administrator secret is distinct from the ACAS;
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token, wherein performing the command by the token comprises;
  
  obtaining an input for the command from the scrambled data using the ACAS.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The token of claim 20, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 22. The token of claim 21, wherein the input comprises a secret value.
  - 23. The token of claim 20, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 24. The token of claim 23, wherein the second OTP is obtained from the message digest.
  - 25. The token of claim 24, wherein the challenge is sent to the sender as a scrambled challenge.
  - 26. The token of claim 25, wherein the scrambled challenge is generated using the administrator secret.
  - 27. The token of claim 20, wherein the token complies with at least one selected from a group consisting of ISO/IEC 7810, ISO/IEC 7813, ISO/IEC 7811, and ISO/IEC 7816.

28. A non-transitory computer readable medium comprising computer readable program code embodied therein for causing a token to perform a method, the method comprising:
- receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender;
  
  making a first determination that the sender is allowed to send commands to the token;
  
  based on the first determination;
  
  generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), wherein the ACAS is obtained from a portion of a message digest, wherein the message digest is generated using a challenge, and an administrator secret, and an n-bit generator, and wherein the administrator secret is distinct from the ACAS;
  
  making a second determination that the first CAMD and the second CAMD match; and
  
  based on the second determination, performing the command by the token, wherein performing the command by the token comprises;
  
  obtaining an input for the command from the scrambled data using the ACAS.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The non-transitory computer readable medium of claim 28, wherein an XOR function is applied to the ACAS and the scrambled data to obtain the input.
  - 30. The non-transitory computer readable medium of claim 29, wherein the input comprises a secret value.
  - 31. The non-transitory computer readable medium of claim 28, wherein making the first determination comprises determining whether the sender provided the token a first one-time password (OTP) that matches a second OTP on the token.
  - 32. The non-transitory computer readable medium of claim 31, wherein the second OTP is obtained from the message digest, wherein the token generates the challenge.
  - 33. The non-transitory computer readable medium of claim 32, wherein the challenge is sent to the sender as a scrambled challenge.
  - 34. The non-transitory computer readable medium of claim 33, wherein the scrambled challenge is generated using the administrator secret.
  - 35. The non-transitory computer readable medium of claim 28, wherein the sender is an administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
POTRATZ, DANIEL B

Application Number

US13/203,388
Publication Number

US 20110307699A1
Time in Patent Office

1,790 Days
Field of Search

726/9, 726/20, 713/170, 713/172, 713/181, 713/182, 713184-186
US Class Current

713/172
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/0869   for achieving mutual authen...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

Token for securing communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Token for securing communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links