A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE48541
Priority
Apr 24 2006
Filed
Aug 31 2017
Issued
Apr 27 2021
Expiry
Apr 23 2027
Inventors
Ehrensvär…
Assg.orig
YUBICO INC
Assg.curr
ACQ BURE AB
Yubico AB
Entity
Small
Referenced by
1
References
40
Maint.:
currently ok
16. A non-transitory computer readable storage device storing computer program modules executable to perform steps comprising:
receiving an explicit command to generate an output code, wherein the explicit command is triggered by a holder of a user device;
generating, in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises:
comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
responsive to the holder being verified explicit command, generating a dynamic authentication code associated with an identifier of the holder of the user device;
wherein the dynamic authentication code comprises at least one of a session identifier, a session counter and a timestamp of a plurality of variant fields, the dynamic authentication code further comprises a secret user identity for identifying an approved user of the user device to verify that the holder of the user device is the approved user of the user device, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device, the generated output code including the dynamic authentication code;
translating the generated output code into a plurality of emulated keystrokes; and
outputting the plurality of emulated keystrokes from the user device to an input of a client device.
1. A method for generating an output code from by a user device, comprising:
receiving, by the user device, an explicit command to generate the output code, wherein the explicit command is triggered by a holder of the user device;
generating, by the user device in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises:
comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
responsive to the holder being verified explicit command, generating a dynamic authentication code associated with an identifier of the holder of the user device;
wherein the dynamic authentication code comprises at least one of a session identifier, a session counter and a timestamp of a plurality of variant fields, the dynamic authentication code further comprises a secret user identity identifying an approved user of the user device to enable verification that the holder of the user device is the approved user of the user device, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device, the generated output code including the dynamic authentication code;
translating the generated output code into a plurality of emulated keystrokes; and
outputting the plurality of emulated keystrokes from the user device to an input of a client device.
7. A user device for providing an output code, comprising:
a computer processor for executing computer program modules; and
a non-transitory computer readable storage device storing the computer program modules executable to perform steps comprising:
receiving an explicit command to generate the output code, wherein the explicit command is triggered by a holder of the user device;
generating, in response to the explicit command, the output code using a cryptographic key, wherein generating the output code comprises:
comparing an identifier of the holder of the user device with information identifying one or more holders of the user device, the identifier uniquely identifying the holder of the user device;
responsive to the identifier of the holder of the user device matching the information identifying one or more holders of the user device, indicating that the holder of the user device is verified; and
responsive to the holder being verified explicit command, generating a dynamic authentication code associated with an identifier of the holder of the user device;
wherein the dynamic authentication code comprises at least one of a session identifier, a session counter and a timestamp of a plurality of variant fields, the dynamic authentication code further comprises a secret user identity identifying an approved user of the user device to enable verification that the holder of the user device is the approved user of the user device, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device, the generated output code including the dynamic authentication code;
translating the generated output code into a plurality of emulated keystrokes; and
outputting the plurality of emulated keystrokes from the user device to an input of a client device.
2. The method of claim 1, wherein the cryptographic key used in generating the output code is stored in the user device and is uniquely associated with the user device.
3. The method of claim 1, further comprising:
concatenating the identifier with the dynamic authentication code to generate a concatenated code sequence; and
applying the cryptographic key to the concatenated dynamic authentication code sequence to generate an alphanumeric representation as the output code.
4. The method of claim 1, wherein the plurality of variant fields comprise:
a random number; and
a checksum indicating whether a valid encryption key is used to generate the dynamic authentication code.
0. 5. The method of claim 1, wherein the identifier identifying the holder of the user device comprises at least one of:
a personal identification number;
a combination of user name and password;
a key sequence comprising a plurality of keystrokes of a keyboard;
a fingerprint of the holder of the device;
a sample of voice of the holder of the device; and
a sample of biometric scanning data from the holder of the device.
0. 6. The method of claim 1, further comprising:
intercepting an output message comprising a plurality of keystrokes entered by the holder of the user device on a keyboard in communication with the user device; and
using the intercepted output message as the identifier of the holder.
8. The device of claim 7, wherein the cryptographic key used in generating the output code is stored in the user device and is uniquely associated with the user device.
9. The device of claim 7, further comprising executable computer program modules for:
concatenating the identifier of the holder of the device with the dynamic authentication code to generate a concatenated code sequence; and
applying the cryptographic key to the concatenated code sequence to generate an alphanumeric representation as the output code.
10. The device of claim 7, wherein the plurality of variant fields comprise:
a random number; and
a checksum indicating whether a valid encryption key is used to generate the dynamic authentication code.
0. 11. The device of claim 7, wherein the identifier identifying the holder of the user device comprises at least one of:
a personal identification number;
a combination of user name and password;
a key sequence comprising a plurality of keystrokes of a keyboard;
a fingerprint of the holder of the device;
a sample of voice of the holder of the device; and
a sample of biometric scanning data from the holder of the device.
0. 12. The method of claim 1, wherein the information identifying one or more holders of the user device is stored in a pre-determined template.
0. 13. The method of claim 12, wherein the pre-determined template is a pre-stored fingerprint template stored on the user device and the information stored on the user device identifying a holder of the user device is based on a fingerprint associated with the holder of the user device.
0. 14. The device of claim 7, wherein the information identifying one or more holders of the user device is stored in a pre-determined template.
0. 15. The device of claim 14, wherein the pre-determined template is a pre-stored fingerprint template stored on the user device and the information stored on the user device identifying a holder of the user device based on a fingerprint associated with the holder of the user device.
0. 17. The device of claim 7, the user device further comprising a Universal Serial Bus (USB) interface for outputting the plurality of emulated keystrokes from the user device to a USB input of the client device.
0. 18. The device of claim 17, wherein the USB interface is configured to receive power supplied by the USB input of the client device.

FIG. 2 is an exemplary flowchart illustrating an embodiment of the invention. FIG. 2 is an exemplary flowchart illustrating an embodiment of the invention. Process 200 begins with the user device receiving 202 an explicit command to generate the output code, wherein the explicit command is triggered by a holder of the user device. The user device generates 204 in response to the explicit command the output code using a cryptographic key, wherein generating the output code comprises: responsive to the explicit command, generating a dynamic authentication code with an identifier of the holder of the user device, wherein the dynamic authentication code comprises at least one of a session identifier, a session counter, and a timestamp of a plurality of variant fields, the dynamic authentication code further comprises a secret user identity identifying an approved user of the user device, and the dynamic authentication code is variant and unique from other dynamic authentication codes generated by the user device and has characteristics that provide an indicator of potentially fraudulent usage of the user device. The user device translates 206 the generated output code into a plurality of emulated keystrokes. The user device outputs 208 the plurality of emulated keystrokes from the user device to an input of a client device.

INVENTORS:

Ehrensvärd, Jakob, Ehrensvärd, Stina

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
RE49745, Apr 24 2006 ACQ BURE AB; Yubico AB Device and method for identification and authentication
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
4799258, Feb 13 1984 British Technology Group Limited Apparatus and methods for granting access to computers
4916738, Nov 05 1986 International Business Machines Corp. Remote access terminal security
5604801, Feb 03 1995 IBM Corporation Public key data communications system under control of a portable security device
5778071, Jul 12 1994 SAFENET, INC Pocket encrypting and authenticating communications device
5887131, Dec 31 1996 HEWLETT-PACKARD DEVELOPMENT COMPANY, L P Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password
5933497, Dec 14 1990 International Business Machines Corporation Apparatus and method for controlling access to software
6244462, Feb 19 1997 Sony Corporation Medicament dispense sensing device
6374145, Dec 14 1998 HANGER SOLUTIONS, LLC Proximity sensor for screen saver and password delay
6616035, Feb 18 2000 Cypak AB Method and device for identification and authentication
6704824,
6714921, Nov 23 1994 ContentGuard, Inc. System for controlling the distribution and use of digital works using digital tickets
7080244, Mar 24 2003 Intel Corporation System and method for configuring hardware devices using a menu for platforms with EFI and legacy option-ROMs
7412722, Aug 08 2002 PALO ALTO NETWORKS, INC Detection of softswitch attacks
7669236, Dec 20 2004 BIOGY, INC Determining whether to grant access to a passcode protected system
8739277, Dec 18 2003 ACQ BURE AB; Yubico AB Process for releasing the access to a computer system or to a program
8806586, Apr 24 2006 ACQ BURE AB; Yubico AB Device and method for identification and authentication
20020046342,
20030046588,
20030048173,
20040075642,
20040098596,
20040111631,
20040123127,
20050091367,
20050109841,
20050182971,
20050193199,
20060208066,
20060279413,
20080192933,
20100093334,
20100191951,
20120265988,
EP1783660,
EP2063400,
FR2938094,
JP2009187502,
WO42491,
WO2005050384,
WO2007023473,
ASSIGNMENT RECORDS    Assignment records on the USPTO
//////
Executed onAssignorAssigneeConveyanceFrameReelDoc
Mar 22 2014EHRENSVÄRD, JAKOBYUBICO INC ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0434950310 pdf
Mar 22 2014EHRENSVÄRD, STINAYUBICO INC ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0434950310 pdf
Aug 31 2017Yubico AB(assignment on the face of the patent)
Jan 31 2020YUBICO INC Yubico ABASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0517100868 pdf
Sep 20 2023Yubico ABACQ BURE ABMERGER SEE DOCUMENT FOR DETAILS 0657130908 pdf
Sep 20 2023ACQ BURE ABYubico ABCHANGE OF NAME SEE DOCUMENT FOR DETAILS 0657240321 pdf
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events
Aug 31 2017BIG: Entity status set to Undiscounted (note the period is included in the code).
Sep 27 2017SMAL: Entity status set to Small.
Feb 15 2023M2552: Payment of Maintenance Fee, 8th Yr, Small Entity.


Date Maintenance Schedule
Apr 27 20244 years fee payment window open
Oct 27 20246 months grace period start (w surcharge)
Apr 27 2025patent expiry (for year 4)
Apr 27 20272 years to revive unintentionally abandoned end. (for year 4)
Apr 27 20288 years fee payment window open
Oct 27 20286 months grace period start (w surcharge)
Apr 27 2029patent expiry (for year 8)
Apr 27 20312 years to revive unintentionally abandoned end. (for year 8)
Apr 27 203212 years fee payment window open
Oct 27 20326 months grace period start (w surcharge)
Apr 27 2033patent expiry (for year 12)
Apr 27 20352 years to revive unintentionally abandoned end. (for year 12)