Method and system for effecting secure communication over a network

US 9,094,213 B2
Filed: 10/24/2008
Issued: 07/28/2015
Est. Priority Date: 10/24/2007
Status: Active Grant

First Claim

Patent Images

1. A method of effecting secure communication over a network, comprising:

interfacing a hardware token with a computer host, the hardware token comprising security software and communication software stored thereon, the security software configured to determine an authenticity of the communication software stored on the hardware token, wherein the security software comprises computer-executable instructions pre-stored in a memory of the hardware token, the computer host comprising a memory distinct from the hardware token memory;

on the hardware token, determining an authenticity of the security software that is pre-stored in the memory of the hardware token wherein the hardware token comprises a hash code stored in the hardware token memory, the hash code comprising a one-way hash of the security software, and the security software authenticity determining comprises at the hardware token computing a one-way hash of the security software and comparing the computed one-way hash against the stored hash code;

upon successful validation of the authenticity of the security software on the hardware token, loading the security software from the hardware token memory into the computer host memory;

the computer host executing the loaded security software from the computer host memory to determine authenticity of the communication software stored on the hardware token wherein the hardware token comprises a second hash code stored in the hardware token memory, the second hash code comprising a one-way hash of the communication software, and the communication software authenticity determining comprises at the computer host computing a one-way hash of the communication software and comparing the computed communication software hash against the second hash code; and

after successful validation of the authenticity of the communication software using the security software, facilitating communication, via the computer host, between the hardware token and a remote computer remote from the computer host, by executing the communication software from the computer host memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of effecting secure communication over a network begins by interfacing a hardware token with a computer host. The hardware token includes security software and communication software stored thereon. The security software is stored in a memory of the hardware token. The computer host has a memory distinct from the hardware token memory. The authenticity of the security software is determined on the hardware token. Upon successful validation of the authenticity of the security software on the hardware token, the authenticity of the communication software is determined by loading the security software from the hardware token memory into the computer host memory and executing the loaded security software from the computer host memory. After successful validation of the authenticity of the communication software, the computer host facilitates communication between the hardware token and a remote computer by executing the communication software from the computer host memory.

Citations

18 Claims

1. A method of effecting secure communication over a network, comprising:
- interfacing a hardware token with a computer host, the hardware token comprising security software and communication software stored thereon, the security software configured to determine an authenticity of the communication software stored on the hardware token, wherein the security software comprises computer-executable instructions pre-stored in a memory of the hardware token, the computer host comprising a memory distinct from the hardware token memory;
  
  on the hardware token, determining an authenticity of the security software that is pre-stored in the memory of the hardware token wherein the hardware token comprises a hash code stored in the hardware token memory, the hash code comprising a one-way hash of the security software, and the security software authenticity determining comprises at the hardware token computing a one-way hash of the security software and comparing the computed one-way hash against the stored hash code;
  
  upon successful validation of the authenticity of the security software on the hardware token, loading the security software from the hardware token memory into the computer host memory;
  
  the computer host executing the loaded security software from the computer host memory to determine authenticity of the communication software stored on the hardware token wherein the hardware token comprises a second hash code stored in the hardware token memory, the second hash code comprising a one-way hash of the communication software, and the communication software authenticity determining comprises at the computer host computing a one-way hash of the communication software and comparing the computed communication software hash against the second hash code; and
  
  after successful validation of the authenticity of the communication software using the security software, facilitating communication, via the computer host, between the hardware token and a remote computer remote from the computer host, by executing the communication software from the computer host memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the hardware token memory comprises a passcode stored thereon, and the communication software executing comprises prompting for entry of a passcode, determining a validity of the entered passcode at the hardware token by comparing the entered passcode against the stored passcode, and executing the communication software from the computer host memory after successful validation of the entered passcode and the authenticity of the communication software.
  - 3. The method according to claim 2, wherein the computer host is configured for communication with a software update server over a network, and the communication software authenticity determining comprises downloading a reference copy of the communication software from the software server over the network to the hardware token memory upon unsuccessful validation of the authenticity of the communication software.
  - 4. The method according to claim 1, wherein the hardware token comprises a hash code stored in the hardware token memory, the hash code comprising a one-way hash of the communication software, and the communication software authenticity determining comprises at the hardware token computing a one-way hash of the communication security software and comparing the computed one-way hash against the stored hash code.
  - 5. The method according to claim 1, wherein the hardware token memory comprises a read-only memory and a read-write memory, the security software comprises an integrity check procedure and an application loader procedure, the integrity check procedure being stored in the read-only memory and being configured to determine the authenticity of the application loader procedure, the application loader procedure being configured to determine the authenticity of the communication software, the hardware token comprises a hash code comprising a one-way hash of the integrity check procedure, and the security software authenticity determining comprises the integrity check procedure computing a one-way hash of the loader program and effecting loading of the application loader procedure into the computer host memory after a match between the computed one-way hash and the stored hash code.
  - 6. The method according to claim 5, wherein the hardware token comprises a second hash code comprising a one-way hash of the communication software, the communication software being stored in the read-write memory of the hardware token, and the communication software authenticity determining comprises the application loader procedure computing a one-way hash of the communication software and loading the communication software into the computer host memory after a match between the communication software hash and the second hash code.
  - 7. The method according to claim 6, wherein the hardware token memory comprises a passcode stored thereon, and the communication software executing comprises prompting for entry of a passcode, determining a validity of the entered passcode at the hardware token by comparing the entered passcode against the stored passcode, and executing the communication software from the computer host memory after a match between the entered passcode and the stored passcode and a match between the communication software hash and the second hash code.
  - 8. The method according to claim 1, further comprising at the hardware token verifying an identity of the remote computer by receiving a digital signature purporting to be signed by the remote computer and determining whether the received digital signature was signed by the remote computer.
  - 9. The method according to claim 1, further comprising interfacing a Smartcard with the hardware token, and at the Smartcard verifying an identity of the remote computer and the hardware token by receiving at the Smartcard digital signatures each purporting to be signed respectively by the remote computer and the hardware token and determining whether each received respective digital signature was signed by the remote computer and the hardware token.
  - 10. The method according to claim 1, further comprising interfacing a Smartcard with the hardware token, and at the hardware token verifying on behalf of the Smartcard an identity of the remote computer by receiving at the hardware token the digital signatures purporting to be signed by the remote computer and determining whether the received digital signature was produced by the remote computer.

11. A hardware token comprising:
- an interface configured for interfacing the hardware token with a computer host; and
  
  a memory coupled to the interface and pre-storing communication software and security software, the security software configured to determine an authenticity of the communication software stored in the memory, wherein the security software comprises computer-executable instructions pre-stored in the memory,the hardware token configured to;
  
  determine an authenticity of the security software that is pre-stored in the memory wherein the memory stores a hash code comprising a one-way hash of the security software, and the security software is configured to determine an authenticity thereof by causing the hardware token to compute a one-way hash of the security software and compare the computed one-way hash against the stored hash code;
  
  upon successful validation of the authenticity of the security software on the hardware token, load the security software from the hardware token memory into the computer host memory;
  
  cause the computer host to execute the loaded security software from the computer host memory to determine authenticity of the communication software stored on the hardware token wherein the memory stores a second hash code comprising a one-way hash of the communication software, and the security software is configured to determine the authenticity of the communication software by causing the computer host to compute a one-way hash of the communication software and compare the computed communication software hash against the second hash code; and
  
  after successful validation of the authenticity of the communication software using the security software, communicate, via the computer host executing the communication software, with a remote computer remote from the computer host.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The hardware token according to claim 11, wherein the memory comprises passcode stored thereon, and the security software is configured to prompt for entry of a passcode at the hardware token, determine a validity of the entered passcode at the hardware token by comparing the entered passcode against the stored passcode, and load the communication software into the computer host after successful validation of the entered passcode and the authenticity of the communication software.
  - 13. The hardware token according to claim 12, wherein the security software is configured to cause the computer host to download a reference copy of the communication software from a software update computer to the memory upon unsuccessful validation of the authenticity of the communication software.
  - 14. The hardware token according to claim 11, wherein the memory stores a hash code comprising a one-way hash of the communication software, and the security software is configured to determine an authenticity of the communication software by causing the hardware token to compute a one-way hash of the communication software and compare the computed one-way hash against the stored hash code.
  - 15. The hardware token according to claim 11, wherein the memory comprises a read-only memory and a read-write memory, the security software comprises an integrity check procedure and an application loader procedure, the integrity check procedure being stored in the read-only memory and being configured to determine the authenticity of the application loader procedure, the application loader procedure being configured to determine the authenticity of the communication software, the memory comprises a hash code comprising a one-way hash of the integrity check procedure, and the integrity check procedure is configured to compute a one-way hash of the loader program and to effect loading of the application loader procedure into the computer host memory after a match between the computed one-way hash and the stored hash code.
  - 16. The hardware token according to claim 15, wherein the memory comprises a second hash code comprising a one-way hash of the communication software, the communication software being stored in the read-write memory, and the application loader procedure is configured to compute a one-way hash of the communication software and load the communication software into the computer host memory after a match between the communication software hash and the second hash code.
  - 17. The hardware token according to claim 11, further comprising a wireless card reader coupled to the interface and configured for communication with a RFID device.
  - 18. The hardware token according to claim 11, wherein the interface is configured for removably interfacing the hardware token with the computer host, and the hardware token further comprises a data port coupled to the interface and configured for communication with a keyboard device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureKey Technologies, Inc. (Gen Digital Inc.)
Original Assignee
SecureKey Technologies, Inc. (Gen Digital Inc.)
Inventors
Roberge, Pierre Antoine, Engel, Patrick Hans, Wolfond, Gregory Howard
Primary Examiner(s)
Reza, Mohammad W

Application Number

US12/739,225
Publication Number

US 20100318801A1
Time in Patent Office

2,468 Days
Field of Search

713/172
US Class Current

1/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/123   received data contents, e.g...

H04L 9/3234   involving additional secure...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Method and system for effecting secure communication over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for effecting secure communication over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links