WO2000048064A1 - Security access and authentication token with private key transport functionality - Google Patents
Security access and authentication token with private key transport functionality Download PDFInfo
- Publication number
- WO2000048064A1 WO2000048064A1 PCT/US2000/003477 US0003477W WO0048064A1 WO 2000048064 A1 WO2000048064 A1 WO 2000048064A1 US 0003477 W US0003477 W US 0003477W WO 0048064 A1 WO0048064 A1 WO 0048064A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- private key
- otp
- value
- pkt
- token
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
Definitions
- This invention relates to security systems.
- the invention is more particularly related to the secure transfer of data, passwords, keys, and other private date, for secure transfer, user validation, authorization, etc.
- the invention is directed towards security systems that can be used in combination with computers .
- the background of the invention deals with security tokens and the like which are used for secure operations with respect to for example, a host computer.
- a number of patents presently describe the state of the art concerning such security systems.
- attention is drawn to the three Cargile patents and the prior art cited therein, all of which is incorporated herein by reference.
- the three Cargile patents include SOLID STATE KEY FOR CONTROLLING ACCESS TO COMPUTER SOFTWARE, U.S. Patent No. 4,599,489, SOLID STATE KEY FOR CONTROLLING ACCESS TO COMPUTER SOFTWARE, U.S. Patent No.
- the private key transport (PKT) feature allows an embodiment of the token of the invention to store an application's private encryption key and to securely "transport" the key when needed.
- the private encryption key is sent to an application without the encryption key being exposed to the user of the token nor is it exposed in transit to the application.
- the private encryption key can be used to lock or unlock, encrypt or decrypt other keys and other data. Environments exists where this feature greatly reduce risks associated with deploying private key based applications.
- the weakness in existing systems is the reliance on a user to enter his passwords to unlock or decrypt his asymmetric private keys (i.e. RSA private keys) that are resident on his hard disks or floppy disks.
- the passwords are effectively the encryption keys that encrypt the private key when it is created and stored on the hard drive.
- the passwords also then decrypt, or unlock, the private key when loaded into memory for use in private key functions such as client authentication or signing of documents/transactions .
- Fig. 1 is a block diagram showing information flow and processes of the present invention
- Fig. 2 is a diagram of a token and host processes, interactions, and information flow according to one embodiment of the present invention.
- Fig. 3 is a flow chart describing processes performed of an embodiment of a token having combined C/R, R/0 methods.
- the token of the invention is preferably a Data Encryption Standard (DES) based token device.
- DES Data Encryption Standard
- Table 1 The most powerful feature of the token is that it can support up to seven different input modes (see Table 1) that support both One Time Password (OTP) paradigms Challenge/Response and Response/Only.
- OTP One Time Password
- the token can securely transmit private keys to applications.
- the variable input can be internally and/or externally generated.
- the table below identifies the seven different OTP modes of operation for the token.
- the table also identifies the source of the variable input given to the token for generation of the response or OTP.
- the challenge variable could be a value that the token receives that is used to calculate the one-time password.
- the time variable could be, for example, the time the token was used.
- the event variable could be, for example, the number of time that the token was used. Further details about OTP generation can be obtained in the above incorporated by reference Cargile patents .
- All R/O modes simply require the user to turn the unit on and, if required, to enter their personal PIN to unlock the unit. When a PIN is required the token will prompt the user for a PIN.
- All C/R modes utilize an advanced optical protocol enabling the user to simply hold the device in front of their monitor to read the graphical challenge presented to them.
- the token has a high quality keypad for manual entry of the challenge, if the monitor is not capable of a graphical interface or the user is authenticating over a phone.
- PKT Private Key Transport
- Associative reading One of the more important capabilities of the token is the Private Key Transport (PKT) feature (referred by cryptographic experts as "associative reading") .
- PKT Private Key Transport
- the PKT feature enables installations, or users, to assign a private key to a token for use by encryption applications. Use of the token by an encryption application never discloses the private key to anyone, including the user, except for the encryption application itself. This is especially useful for applications that do not wish to be burdened with storing user's private keys. In addition, some installations do not even want users to know what their private keys are for encryption applications. Users mismanage their private secrets all the time and the result is the keys have to be changed periodically.
- the token can communicate the private key to an encryption application without having to disclose the private key during the communication (i.e. display or through a network) .
- the need to change keys are dramatically reduced.
- Figs. 1 and 2 depict a token working with a host system running an application that has a need to use a user's private key for encryption services.
- the token is capable of generating a OTP as described above.
- Fig. l depicts the OTP feature in continuation with the PKT feature, while Fig. 2 depicts the OTP feature in a single block in order to highlight the PKT feature.
- the mode used i.e. one of the seven modes of operation
- the mode used to generate the OTP or Token Response is immaterial - all of the modes can be used.
- the user When an application requests that a user supply their private key for accessing encryption services, the user operates the token in the same manner as used when authenticating (as described in the three Cargile patents incorporated herein by reference) .
- the user may need to input a challenge into the token.
- the token will generate a token response such as for example an OTP according to the mode of operation, but will perform an additional operation before displaying a response on the token screen.
- the operation is illustrated above as an "XOR”.
- the OTP 50 and the user's private key 40 are combined together (XORed) and the result is the Private Key Transport or PKT value 70. It is the PKT 70 that is displayed on the token display for the user to communicate to the host system running the encryption application.
- the resulting PKT 70 will also always be different. It should be noted that it is impossible to deduce the user's private key 40 with only the PKT value 70, hence the user's private key 40 is not in danger of being disclosed if the PKT 70 is disclosed.
- the Host system 101 is capable of also generating the OTP 51. This is what enables the Host system 101 to validate that a particular user is who they say they are when needing to authenticate users .
- the host is attempting to provide the encryption application with the user's private key 40 and therefore uses the same "XOR" operation 61 to extract the private key 40 from the PKT 70. Once the "XOR" operation is completed, the encryption application can then use the private key for encryption services. Note that even though the PKT is always different, the private key extracted from each PKT generated is always the same, a requirement for symmetric encryption algorithms. Once the encryption services have been completed the application simply erases the private key from memory, thereby protecting the private key from further disclosure.
- the secret OTP seed value does not have to be kept secret.
- the value can be openly distributed to any host system. This is not the case when using the token to authenticate user's via the token's OTP.
- Host systems can generate as many possible OTP's as they want, but until a physical token uses an OTP to generate a PKT, a private key cannot be generated.
- the token can be optically programmed in the field. This feature enables the token private keys to be altered if desired.
- Fig. 1 illustrates a clock 20 and seed value 30 input to the OTP generator 10.
- the clock 20 may be a timepiece synchronized (within any predetermined interval) with a clock 21 at a host device.
- the clock may take the form of any type of counting mechanism to provide a changing number for each or any set of OTP generations performed.
- the problem that PKT feature solves is this - How can I communicate my static private key to an encryption application without using a static value that is susceptible to being trapped? The above discussion explains how the inventive token provides the solution for this problem.
- Exclusive OR operation does the following. When two values are compared, if they are the same the result is a 0. If they are different the result is 1. Since we are dealing at the lowest level possible for computers the only two values possible are 0 and 1.
- the following table describes all possible combinations of and exclusive or operation:
- Fig. 3 illustrates a process flow of a token embodiment that responds to any of C/R and R/O paradigms.
- the token unit is powered up.
- a user inputs a password or other logon information to unlock the token (step 310) .
- Steps 320 and 330 illustrate decision making when the token is interrogated by a system and the token determines if C/R 325 or R/O 335 processing is required. The corresponding processes are performed and the token enters a wait state 340 for further action.
- the user powers down the unit (step 350) .
- the token includes a computing mechanism that may be initiated by a user. The following is an example of a process implemented by an initiation application resident on a token according to one embodiment of the present invention and performed by the computing mechanism. Each individual step has an associated part of the application that implements the individual step.
- the application prompts a first Challenge: enter it in the CP/700 and copy the Token response as First Dynamic Key in the application.
- the application prompts a second Challenge: enter it in the DP700 and copy the Token response as Second Dynamic Key in the application.
- the application prompts a Challenge: enter it in the DP700 and copy the Token response as Dynamic Key in the application.
- the Dynamic Keys is verified: if it produces an internal secret (referenced as SecretK2) that yields a Hash Code different from the stored Hash Code in context file userfile . txt, an error is generated.
- the program may be reset to its initial state of operation by removing the context file called userfile.txt.
- the present invention provides for an inventive private key transport feature, and having industrial applicability in a wide range of business, security, and other technical fields for secure transmission of data, encryption codes, passwords, keys, etc.
- Other features, aspects and objects of the invention can be obtained from a review of the figures .
- the present invention may be conveniently implemented using a conventional general purpose or a specialized digital computer or microprocessor programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the computer art.
- the present invention includes a computer program product which is a storage medium (media) having instructions stored thereon/in which can be used to control, or cause, a computer to perform any of the processes of the present invention.
- the storage medium can include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs) , RAID devices, remote data storage/archive/warehousing, or any type of media or device suitable for storing instructions and/or data.
- the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention.
- software may include, but is not limited to, device drivers, operating systems, and user applications.
- computer readable media further includes software for performing the present invention, as described above .
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000598917A JP2003524928A (en) | 1999-02-10 | 2000-02-10 | Security access and authentication token with private key transport function |
EP00911760A EP1151369A1 (en) | 1999-02-10 | 2000-02-10 | Security access and authentication token with private key transport functionality |
AU33605/00A AU776552B2 (en) | 1999-02-10 | 2000-02-10 | Security access and authentication token with private key transport functionality |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11953199P | 1999-02-10 | 1999-02-10 | |
US60/119,531 | 1999-02-10 | ||
US50055300A | 2000-02-09 | 2000-02-09 | |
US09/500,553 | 2000-02-09 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2000048064A1 true WO2000048064A1 (en) | 2000-08-17 |
WO2000048064A9 WO2000048064A9 (en) | 2001-09-27 |
Family
ID=26817444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/003477 WO2000048064A1 (en) | 1999-02-10 | 2000-02-10 | Security access and authentication token with private key transport functionality |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1151369A1 (en) |
JP (1) | JP2003524928A (en) |
AU (1) | AU776552B2 (en) |
WO (1) | WO2000048064A1 (en) |
Cited By (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004054196A1 (en) | 2002-12-09 | 2004-06-24 | Research In Motion Limited | System and method of secure authentication information distribution |
WO2007006689A1 (en) * | 2005-07-12 | 2007-01-18 | International Business Machines Corporation | Generating a secret key from an asymmetric private key |
EP1936530A2 (en) | 2004-08-17 | 2008-06-25 | Research In Motion Limited | Method, system and device for authenticating a handheld device to a computer |
WO2008107008A1 (en) * | 2007-03-07 | 2008-09-12 | C-Sigma S.R.L. | Authentication method and token using screen light for both communication and powering |
WO2009005860A1 (en) * | 2007-06-29 | 2009-01-08 | Rsa Security Inc. | Secure seed provisioning |
EP2040228A1 (en) * | 2007-09-20 | 2009-03-25 | Tds Todos Data System Ab | System, method and device for enabling secure and user-friendly interaction |
US7562218B2 (en) | 2004-08-17 | 2009-07-14 | Research In Motion Limited | Method, system and device for authenticating a user |
US20100280957A1 (en) * | 2007-09-20 | 2010-11-04 | Peter Gullberg | System, method and device for enabling interaction with dynamic security |
US7921209B2 (en) | 2004-09-22 | 2011-04-05 | Research In Motion Limited | Apparatus and method for integrating authentication protocols in the establishment of connections between computing devices |
US7992203B2 (en) | 2006-05-24 | 2011-08-02 | Red Hat, Inc. | Methods and systems for secure shared smartcard access |
US7994898B2 (en) | 2003-08-18 | 2011-08-09 | Bloomberg Finance L.P. | Portable access device |
US8074265B2 (en) | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
US8098829B2 (en) | 2006-06-06 | 2012-01-17 | Red Hat, Inc. | Methods and systems for secure key delivery |
US8180741B2 (en) | 2006-06-06 | 2012-05-15 | Red Hat, Inc. | Methods and systems for providing data objects on a token |
US8266441B2 (en) | 2005-04-22 | 2012-09-11 | Bank Of America Corporation | One-time password credit/debit card |
US8302167B2 (en) | 2008-03-11 | 2012-10-30 | Vasco Data Security, Inc. | Strong authentication token generating one-time passwords and signatures upon server credential verification |
US8307210B1 (en) | 2008-05-02 | 2012-11-06 | Emc Corporation | Method and apparatus for secure validation of tokens |
US8332637B2 (en) | 2006-06-06 | 2012-12-11 | Red Hat, Inc. | Methods and systems for nonce generation in a token |
US8356342B2 (en) | 2006-08-31 | 2013-01-15 | Red Hat, Inc. | Method and system for issuing a kill sequence for a token |
US8364952B2 (en) | 2006-06-06 | 2013-01-29 | Red Hat, Inc. | Methods and system for a key recovery plan |
US8381995B2 (en) | 2007-03-12 | 2013-02-26 | Visa U.S.A., Inc. | Payment card dynamically receiving power from external source |
US8412927B2 (en) * | 2006-06-07 | 2013-04-02 | Red Hat, Inc. | Profile framework for token processing system |
US8495380B2 (en) | 2006-06-06 | 2013-07-23 | Red Hat, Inc. | Methods and systems for server-side key generation |
US8589695B2 (en) | 2006-06-07 | 2013-11-19 | Red Hat, Inc. | Methods and systems for entropy collection for server-side key generation |
US8639940B2 (en) | 2007-02-28 | 2014-01-28 | Red Hat, Inc. | Methods and systems for assigning roles on a token |
US8707024B2 (en) | 2006-06-07 | 2014-04-22 | Red Hat, Inc. | Methods and systems for managing identity management security domains |
US8787566B2 (en) | 2006-08-23 | 2014-07-22 | Red Hat, Inc. | Strong encryption |
US8806219B2 (en) | 2006-08-23 | 2014-08-12 | Red Hat, Inc. | Time-based function back-off |
US8813243B2 (en) | 2007-02-02 | 2014-08-19 | Red Hat, Inc. | Reducing a size of a security-related data object stored on a token |
US8832453B2 (en) | 2007-02-28 | 2014-09-09 | Red Hat, Inc. | Token recycling |
GB2513669A (en) * | 2013-06-21 | 2014-11-05 | Visa Europe Ltd | Enabling access to data |
US8919643B2 (en) | 2006-11-15 | 2014-12-30 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US8977844B2 (en) | 2006-08-31 | 2015-03-10 | Red Hat, Inc. | Smartcard formation with authentication keys |
US9038154B2 (en) | 2006-08-31 | 2015-05-19 | Red Hat, Inc. | Token Registration |
US9081948B2 (en) | 2007-03-13 | 2015-07-14 | Red Hat, Inc. | Configurable smartcard |
US9769158B2 (en) | 2006-06-07 | 2017-09-19 | Red Hat, Inc. | Guided enrollment and login for token users |
EP3280110A1 (en) * | 2016-08-05 | 2018-02-07 | Gemalto Sa | A method for generating a modified one-time password allowing to authenticate the user for which it has been generated |
US20220239488A1 (en) * | 2020-10-05 | 2022-07-28 | Redcom Laboratories, Inc. | zkMFA: ZERO-KNOWLEDGE BASED MULTI-FACTOR AUTHENTICATION SYSTEM |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10574650B2 (en) | 2017-05-17 | 2020-02-25 | Bank Of America Corporation | System for electronic authentication with live user determination |
US10387632B2 (en) | 2017-05-17 | 2019-08-20 | Bank Of America Corporation | System for provisioning and allowing secure access to a virtual credential |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
US4819267A (en) * | 1984-02-22 | 1989-04-04 | Thumbscan, Inc. | Solid state key for controlling access to computer systems and to computer software and/or for secure communications |
EP0566811A1 (en) * | 1992-04-23 | 1993-10-27 | International Business Machines Corporation | Authentication method and system with a smartcard |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
-
2000
- 2000-02-10 WO PCT/US2000/003477 patent/WO2000048064A1/en not_active Application Discontinuation
- 2000-02-10 EP EP00911760A patent/EP1151369A1/en not_active Withdrawn
- 2000-02-10 AU AU33605/00A patent/AU776552B2/en not_active Ceased
- 2000-02-10 JP JP2000598917A patent/JP2003524928A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
US4819267A (en) * | 1984-02-22 | 1989-04-04 | Thumbscan, Inc. | Solid state key for controlling access to computer systems and to computer software and/or for secure communications |
EP0566811A1 (en) * | 1992-04-23 | 1993-10-27 | International Business Machines Corporation | Authentication method and system with a smartcard |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
Cited By (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004054196A1 (en) | 2002-12-09 | 2004-06-24 | Research In Motion Limited | System and method of secure authentication information distribution |
EP1574001B1 (en) * | 2002-12-09 | 2011-04-13 | Research In Motion Limited | System and method of secure authentication information distribution |
US8677138B2 (en) | 2002-12-09 | 2014-03-18 | Blackberry Limited | System and method of secure authentication information distribution |
US7809953B2 (en) | 2002-12-09 | 2010-10-05 | Research In Motion Limited | System and method of secure authentication information distribution |
US7994898B2 (en) | 2003-08-18 | 2011-08-09 | Bloomberg Finance L.P. | Portable access device |
US8203423B2 (en) | 2003-08-18 | 2012-06-19 | Bloomberg Finance L.P. | Portable access device |
EP1936530A3 (en) * | 2004-08-17 | 2008-08-06 | Research In Motion Limited | Method, system and device for authenticating a handheld device to a computer |
US7562218B2 (en) | 2004-08-17 | 2009-07-14 | Research In Motion Limited | Method, system and device for authenticating a user |
EP2284762A2 (en) | 2004-08-17 | 2011-02-16 | Research In Motion Limited | Method, system and device for authenticating a handheld device to a computer |
EP1936530A2 (en) | 2004-08-17 | 2008-06-25 | Research In Motion Limited | Method, system and device for authenticating a handheld device to a computer |
US8533329B2 (en) | 2004-09-22 | 2013-09-10 | Blackberry Limited | Apparatus and method for integrating authentication protocols in the establishment of connections between computing devices |
US7921209B2 (en) | 2004-09-22 | 2011-04-05 | Research In Motion Limited | Apparatus and method for integrating authentication protocols in the establishment of connections between computing devices |
US8266441B2 (en) | 2005-04-22 | 2012-09-11 | Bank Of America Corporation | One-time password credit/debit card |
WO2007006689A1 (en) * | 2005-07-12 | 2007-01-18 | International Business Machines Corporation | Generating a secret key from an asymmetric private key |
US7992203B2 (en) | 2006-05-24 | 2011-08-02 | Red Hat, Inc. | Methods and systems for secure shared smartcard access |
US8495380B2 (en) | 2006-06-06 | 2013-07-23 | Red Hat, Inc. | Methods and systems for server-side key generation |
US8098829B2 (en) | 2006-06-06 | 2012-01-17 | Red Hat, Inc. | Methods and systems for secure key delivery |
US8180741B2 (en) | 2006-06-06 | 2012-05-15 | Red Hat, Inc. | Methods and systems for providing data objects on a token |
US8332637B2 (en) | 2006-06-06 | 2012-12-11 | Red Hat, Inc. | Methods and systems for nonce generation in a token |
US8364952B2 (en) | 2006-06-06 | 2013-01-29 | Red Hat, Inc. | Methods and system for a key recovery plan |
US9450763B2 (en) | 2006-06-06 | 2016-09-20 | Red Hat, Inc. | Server-side key generation |
US8412927B2 (en) * | 2006-06-07 | 2013-04-02 | Red Hat, Inc. | Profile framework for token processing system |
US9769158B2 (en) | 2006-06-07 | 2017-09-19 | Red Hat, Inc. | Guided enrollment and login for token users |
US8707024B2 (en) | 2006-06-07 | 2014-04-22 | Red Hat, Inc. | Methods and systems for managing identity management security domains |
US8589695B2 (en) | 2006-06-07 | 2013-11-19 | Red Hat, Inc. | Methods and systems for entropy collection for server-side key generation |
US8806219B2 (en) | 2006-08-23 | 2014-08-12 | Red Hat, Inc. | Time-based function back-off |
US8787566B2 (en) | 2006-08-23 | 2014-07-22 | Red Hat, Inc. | Strong encryption |
US8977844B2 (en) | 2006-08-31 | 2015-03-10 | Red Hat, Inc. | Smartcard formation with authentication keys |
US9038154B2 (en) | 2006-08-31 | 2015-05-19 | Red Hat, Inc. | Token Registration |
US8356342B2 (en) | 2006-08-31 | 2013-01-15 | Red Hat, Inc. | Method and system for issuing a kill sequence for a token |
US8074265B2 (en) | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
US9762572B2 (en) | 2006-08-31 | 2017-09-12 | Red Hat, Inc. | Smartcard formation with authentication |
US9251637B2 (en) | 2006-11-15 | 2016-02-02 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US8919643B2 (en) | 2006-11-15 | 2014-12-30 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US9477959B2 (en) | 2006-11-15 | 2016-10-25 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US9501774B2 (en) | 2006-11-15 | 2016-11-22 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US8813243B2 (en) | 2007-02-02 | 2014-08-19 | Red Hat, Inc. | Reducing a size of a security-related data object stored on a token |
US8832453B2 (en) | 2007-02-28 | 2014-09-09 | Red Hat, Inc. | Token recycling |
US8639940B2 (en) | 2007-02-28 | 2014-01-28 | Red Hat, Inc. | Methods and systems for assigning roles on a token |
WO2008107008A1 (en) * | 2007-03-07 | 2008-09-12 | C-Sigma S.R.L. | Authentication method and token using screen light for both communication and powering |
US8381995B2 (en) | 2007-03-12 | 2013-02-26 | Visa U.S.A., Inc. | Payment card dynamically receiving power from external source |
US9081948B2 (en) | 2007-03-13 | 2015-07-14 | Red Hat, Inc. | Configurable smartcard |
US8060750B2 (en) | 2007-06-29 | 2011-11-15 | Emc Corporation | Secure seed provisioning |
WO2009005860A1 (en) * | 2007-06-29 | 2009-01-08 | Rsa Security Inc. | Secure seed provisioning |
EP2040228A1 (en) * | 2007-09-20 | 2009-03-25 | Tds Todos Data System Ab | System, method and device for enabling secure and user-friendly interaction |
US20100280957A1 (en) * | 2007-09-20 | 2010-11-04 | Peter Gullberg | System, method and device for enabling interaction with dynamic security |
US8302167B2 (en) | 2008-03-11 | 2012-10-30 | Vasco Data Security, Inc. | Strong authentication token generating one-time passwords and signatures upon server credential verification |
US8307210B1 (en) | 2008-05-02 | 2012-11-06 | Emc Corporation | Method and apparatus for secure validation of tokens |
GB2513669B (en) * | 2013-06-21 | 2016-07-20 | Visa Europe Ltd | Enabling access to data |
EP3011496A2 (en) * | 2013-06-21 | 2016-04-27 | Visa Europe Limited | Enabling access to data |
GB2513669A (en) * | 2013-06-21 | 2014-11-05 | Visa Europe Ltd | Enabling access to data |
US10445484B2 (en) | 2013-06-21 | 2019-10-15 | Visa Europe Limited | Enabling access to data |
US11275821B2 (en) | 2013-06-21 | 2022-03-15 | Visa Europe Limited | Enabling access to data |
US11868169B2 (en) | 2013-06-21 | 2024-01-09 | Visa Europe Limited | Enabling access to data |
EP3280110A1 (en) * | 2016-08-05 | 2018-02-07 | Gemalto Sa | A method for generating a modified one-time password allowing to authenticate the user for which it has been generated |
WO2018024603A1 (en) * | 2016-08-05 | 2018-02-08 | Gemalto Sa | A method for generating a modified one-time password allowing to authenticate the user for which it has been generated |
US20220239488A1 (en) * | 2020-10-05 | 2022-07-28 | Redcom Laboratories, Inc. | zkMFA: ZERO-KNOWLEDGE BASED MULTI-FACTOR AUTHENTICATION SYSTEM |
US11831778B2 (en) * | 2020-10-05 | 2023-11-28 | Redcom Laboratories, Inc. | zkMFA: zero-knowledge based multi-factor authentication system |
Also Published As
Publication number | Publication date |
---|---|
AU776552B2 (en) | 2004-09-16 |
EP1151369A1 (en) | 2001-11-07 |
WO2000048064A9 (en) | 2001-09-27 |
AU3360500A (en) | 2000-08-29 |
JP2003524928A (en) | 2003-08-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU776552B2 (en) | Security access and authentication token with private key transport functionality | |
US6230272B1 (en) | System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user | |
EP1248190B1 (en) | Enabling and disabling software features | |
US6816970B2 (en) | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same | |
US7502467B2 (en) | System and method for authentication seed distribution | |
EP0848315B1 (en) | Securely generating a computer system password by utilizing an external encryption algorithm | |
US6044155A (en) | Method and system for securely archiving core data secrets | |
EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
US6230269B1 (en) | Distributed authentication system and method | |
US20050050330A1 (en) | Security token | |
CN106664200B (en) | Method, computing device, and storage medium for controlling access to a resource | |
US20020059518A1 (en) | Method and apparatus for secure leveled access control | |
US7634665B2 (en) | Apparatus and method for secure field upgradability with unpredictable ciphertext | |
US7131001B1 (en) | Apparatus and method for secure filed upgradability with hard wired public key | |
US7076062B1 (en) | Methods and arrangements for using a signature generating device for encryption-based authentication | |
EP1501238B1 (en) | Method and system for key distribution comprising a step of authentication and a step of key distribution using a KEK (key encryption key) | |
TWI476629B (en) | Data security and security systems and methods | |
US20070208867A1 (en) | Portable voiceprint-lock remote transmitting system and operation method thereof | |
JP2003152716A (en) | Qualification authentication method employing variable authentication information | |
EP1059578A2 (en) | Secure backdoor access for a computer | |
JP2002247021A (en) | Method and device for displaying access limited contents | |
EP1166491A2 (en) | System, device and method for secure communication and access control | |
CN113162766B (en) | Key management method and system for key component | |
WO2023154419A2 (en) | Access control systems and methods for cryptowallets | |
EP1224766A2 (en) | Apparatus and method for secure field upgradability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2000 598917 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000911760 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 33605/00 Country of ref document: AU |
|
AK | Designated states |
Kind code of ref document: C2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
COP | Corrected version of pamphlet |
Free format text: PAGES 1/3-3/3, DRAWINGS, REPLACED BY NEW PAGES 1/3-3/3; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE |
|
WWP | Wipo information: published in national office |
Ref document number: 2000911760 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWG | Wipo information: grant in national office |
Ref document number: 33605/00 Country of ref document: AU |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000911760 Country of ref document: EP |