Method and system for remotely authenticating identification devices

US 9,219,708 B2
Filed: 09/22/2003
Issued: 12/22/2015
Est. Priority Date: 03/22/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating, using an authentication server, the use of an authentication device by at least a first user over a communication network via an intermediate communication device at a vendor location, comprising:

receiving an interaction request to communicate with said intermediate device by said intermediate device from said first user;

responding to said interaction request by said intermediate device, to said first user;

receiving an authentication datagram by said intermediate device, said authentication datagram including data from the first user, in response to said responding;

protecting said datagram by said intermediate device, by at least one of changing, adding to, encrypting and signing of said datagram prior to said authenticating;

adding a vendor-associated information item to said protected datagram by said intermediate device to link together said vendor-associated information and said protected datagram, prior to said authenticating;

forwarding said linked vendor-associated information item and said protected datagram to said authentication server via the communication network, by said intermediate device, for authentication of at least one of the vendor and of the first user;

comparing said datagram or a hash thereof to a hash table at said server;

generating a binary validation answer having only a single bit by said server without an associated explanation;

outputting said binary validation answer for authentication of the vendor;

providing to at least one of the vendor and the user, by said authentication server, an indication of said authentication of at least one of the vendor and the user; and

continuing interacting with said first user by said intermediate device in response to said authentication,wherein said intermediate device and said authentication server are separated from one another.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating, using an authentication server, the use of an authentication device over a communication network via an intermediate communication device, comprising:

- receiving an authentication datagram by the intermediate device;
- protecting the datagram by the intermediate device, by at least one of changing, adding to, encrypting and signing of the datagram; and
- forwarding the datagram to the authentication server for authentication.

390 Citations

53 Claims

1. A method of authenticating, using an authentication server, the use of an authentication device by at least a first user over a communication network via an intermediate communication device at a vendor location, comprising:
- receiving an interaction request to communicate with said intermediate device by said intermediate device from said first user;
  
  responding to said interaction request by said intermediate device, to said first user;
  
  receiving an authentication datagram by said intermediate device, said authentication datagram including data from the first user, in response to said responding;
  
  protecting said datagram by said intermediate device, by at least one of changing, adding to, encrypting and signing of said datagram prior to said authenticating;
  
  adding a vendor-associated information item to said protected datagram by said intermediate device to link together said vendor-associated information and said protected datagram, prior to said authenticating;
  
  forwarding said linked vendor-associated information item and said protected datagram to said authentication server via the communication network, by said intermediate device, for authentication of at least one of the vendor and of the first user;
  
  comparing said datagram or a hash thereof to a hash table at said server;
  
  generating a binary validation answer having only a single bit by said server without an associated explanation;
  
  outputting said binary validation answer for authentication of the vendor;
  
  providing to at least one of the vendor and the user, by said authentication server, an indication of said authentication of at least one of the vendor and the user; and
  
  continuing interacting with said first user by said intermediate device in response to said authentication,wherein said intermediate device and said authentication server are separated from one another.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 2. A method according to claim 1, wherein said intermediate device comprises a vendor World Wide Web site.
  - 3. A method according to claim 2, wherein protecting comprises adding a signature associated with said vendor to said datagram.
  - 4. A method according to claim 2, wherein protecting comprises encrypting said datagram.
  - 5. A method according to claim 1, wherein said intermediate device comprises a user computing device.
  - 6. A method according to claim 5, wherein said computing device adds a time stamp to said datagram.
  - 7. A method according to claim 5, wherein said computing device encrypts said datagram.
  - 8. A method according to claim 7, wherein said encryption uses a one time code.
  - 9. A method according to claim 7, wherein said one time code is provided by a vendor for a particular session with said user.
  - 10. A method according to claim 5, wherein said user computing device uses an embedded software component for said protecting.
  - 11. A method according to claim 10, wherein said embedded software comprises an ActiveX component.
  - 12. A method according to claim 10, wherein said component is cached on said user device.
  - 13. A method according to claim 10, wherein said component requires a property value provided by a vendor to operate.
  - 14. A method according to claim 1, wherein communication between said intermediate device and said server uses a secure connection.
  - 15. A method according to claim 1, wherein different communication paths are used for said authentication and for transaction details from said user.
  - 16. A method according to claim 1, wherein different communication paths are used for said authentication and for transaction details from a vendor to said authentication server.
  - 17. A method according to claim 4, said encrypted datagram including data from at least a first user;
    - said method including, after said forwarding, receiving said encrypted datagram by said remote authentication server;
      
      searching, at said server, for a hash value matching said datagram or a hash thereof;
      
      generating a validation answer by said remote authentication server, responsive to said search,wherein, said datagram includes a secret code and wherein said secret code exists only on said authentication device; and
      
      outputting said validation answer for authentication of the first user.
  - 18. A method according to claim 17, wherein said authentication device includes a plurality of secret codes that are generated to appear unrelated.
  - 19. A method according to claim 1, further comprising:
    - generating a code set for the authentication device;
      
      providing a code generating software;
      
      providing at least one seed code for the first user for said software;
      
      generating said code set using said software and said seed;
      
      destroying said seed immediately after generating said code set;
      
      forwarding a first copy of said code set to the first user; and
      
      storing a second copy said code set or an indication thereof on said authentication device;
      
      prior to said authentication, forwarding said first copy to said remote authentication server for authentication of the user; and
      
      authenticating the first user by matching between said first copy and said second copy or said indication thereof.
  - 20. A method according to claim 19, comprising generating hash values for said code set.
  - 21. A method according to claim 20, comprising generating a second set of hash values for said code set, using a different hash function for said second set.
  - 22. A method according to claim 8 wherein said receiving an authentication datagram includes receiving an authentication datagram from at least said user by an intermediate device of a vendor prior to said authentication;
    - wherein said includes forwarding said authentication datagram to the authentication server for authentication of the vendor when at least an indication of said one time code that matches the vendor is provided with said datagram and forwarding said authentication datagram to the authentication server for authentication of the user when at least an indication of said one time code that matches said user is provided with said authentication datagram.
  - 23. A method according to claim 22, comprising signing said datagram using said one time code by said user.
  - 24. A method according to claim 1 wherein, after said forwarding, said method further comprises:
    - for each datagram received by the authentication server, matching said datagram or a hash of said datagram to a corresponding table;
      
      for each datagram received, calculating a corresponding counter value from a matching position in said corresponding table; and
      
      for each datagram received, if said authentication datagram is valid, increasing said corresponding counter over a previous counter, within a certain limit; and
      
      for each datagram received, outputting a validation signal for the first user, in response to said corresponding counter value.
  - 25. A method according to claim 24, comprising:
    - failing said authentication based on said increase being too large; and
      
      allowing a subsequent authentication based on a further increase of said subsequent validation being below a second threshold.
  - 26. A method according to claim 25, wherein said thresholds are the same.
  - 27. A method according to claim 25, wherein said second threshold is smaller than said certain threshold.
  - 28. A method according to claim 24, wherein said counter comprises an ordinal position in said table that is not apparently related to a series of generated random numbers.
  - 29. A method according to claim 1, wherein said authentication datagram additionally includes data from a second user;
    - andwherein said forwarding includes forwarding said datagram to said authentication server for authentication of the second user.
  - 30. A method according to claim 1, wherein said encrypted datagram additionally includes data from a second user;
    - and wherein said outputting additionally includes outputting said validation answer for authentication of the second user.
  - 31. A method according to claim 17, wherein said encrypted datagram additionally includes data from a second user;
    - andwherein said outputting additionally includes outputting said validation answer for authentication of the second user.
  - 32. A method according to claim 19, wherein said remote device is additionally configured for authentication of a second user;
    - and wherein said providing at least one seed code additionally includes providing at least one seed code for the second user for said software.
  - 33. A method according to claim 24, wherein said method is additionally for remote validation of a second user;
    - wherein said receiving additionally includes, from the second user, receiving an authentication datagram by an authentication server from a remote authentication device; and
      
      wherein said outputting additionally includes outputting a validation signal for the second user.
  - 34. A method according to claim 2, carried out as part of a commercial interaction between said first user and said vendor, wherein said authentication does not require said first user to interact with a different web server.
  - 35. A method according to claim 1, wherein said receiving, protecting and forwarding is secured by a software component which is downloaded to a computing device associated with said first user and used by said user for sending an interaction request.
  - 36. A method according to claim 2, wherein said forwarded datagram includes payment instructions to said vendor.
  - 37. A method according to claim 35, wherein said forwarding comprises forwarding by said software component.
  - 38. A method according to claim 1, wherein said authentication comprises a single bit authentication answer without an associated explanation.
  - 39. A method according to claim 19, comprising:
    - storing said code set or an indication thereof on an authentication server; and
      
      at a later time,authenticating said authenticating device by said authentication server by comparing a datagram from said authentication device against said storage at said authentication server.
  - 40. A method according to claim 1, wherein said authentication device comprises a card and wherein said use of an authentication device includes activating the card by pressing a button located on the card.
  - 41. A method according to claim 1, said method further comprising authenticating, using the authentication server, at least the first user by a technique wherein the at least first user is required to input data, the data selected from a PIN, a password, a secret question, voice verification, and a digital signature.
  - 42. A method according to claim 1, wherein said forwarding includes forwarding said protected datagram to said authentication server via the communication network, by said intermediate device, for verification of the intermediate device.
  - 43. A method according to claim 42, wherein said authentication of the first users and said verification of the intermediate device are performed simultaneously.
  - 44. A method according to claim 1, further comprising, before said receiving an interaction request, transmitting an acoustic signal by said authentication device to said intermediate communication device.
  - 45. A method according to claim 1 wherein, after said forwarding, said authentication server transmits an indication of user authentication if said vendor-associated information is verified.
  - 46. A method according to claim 1, wherein said user authentication and said vendor authentication are simultaneously provided.
  - 47. A method according to claim 1, wherein said forwarding includes forwarding said protected datagram for authentication of the vendor.
  - 48. A method according to claim 1, wherein said forwarding includes forwarding said protected datagram for authentication of the user.
  - 49. A method according to claim 1, wherein said forwarding includes forwarding said protected datagram for authentication of both the vendor and the user.
  - 50. A method according to claim 1, wherein said providing includes providing said indication to the vendor.
  - 51. A method according to claim 1, wherein said providing includes providing said indication to the user.
  - 52. A method according to claim 1, wherein said providing includes providing said indication to both the vendor and the user.
  - 53. A method according to claim 1, wherein said authentication of at least one of the vendor and the user includes authentication of both the vendor and the user, and wherein said authentication of both the vendor and the user is performed simultaneously.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dialware Incorporated
Original Assignee
Dialwareinc
Inventors
Anati, Ram, Glukhov, Maxim, Atsmon, Dan, Speyer, Gavriel
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US10/668,109
Publication Number

US 20040236819A1
Time in Patent Office

4,474 Days
Field of Search

380/241, 709/231, 713/155, 713/156, 713/182, 713/185, 713/201, 713/159, 713/153, 726/2, 726/5, 329/300, 382/100, 235/492, 455/558
US Class Current

1/1
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2129   Authenticate client device ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4097   using mutual authentication...

G07F 7/1008   Active credit-cards provide...

H04L 63/0218   Distributed architectures, ...

H04L 63/0853   using an additional device,...

H04L 63/12   Applying verification of th...

Method and system for remotely authenticating identification devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

390 Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for remotely authenticating identification devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

390 Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links