Communication method integrated with trusted measurement and apparatus
US-2024357360-A1 · Oct 24, 2024 · US
Hybrid authentication
US9240891B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9240891-B2 |
| Application number | US-86450104-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 10, 2004 |
| Priority date | Jun 11, 2003 |
| Publication date | Jan 19, 2016 |
| Grant date | Jan 19, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A hybrid authentication device that has a keypad, a display, an electronic communications interface and a processor and memory that can be removable, such as a Subscriber Identity Module. The device can operate in a stand-alone mode, in which a user enters a personal identification number and challenge using the keypad, and the device generates a response. The device can also function as a smartcard, and can be electronically coupled to an external device using the communications interface.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, at an authentication device from a user, wherein the authentication device is a mobile device, a first personal identification number; retrieving a first cryptographic key from a removable memory coupled to the authentication device, wherein the removable memory is a subscriber identity module (SIM) card; generating, at the authentication device, an authentication code based upon the first personal identification number and the first cryptographic key; providing the authentication code to an authentication server; receiving at the authentication device from the authentication server a second personal identification number through an electronic communication interface coupling the authentication device to the authentication server in response to a correct authentication code, wherein the second personal identification number is different from the first personal identification number; and replacing the entire first personal identification number with the second personal identification number at the authentication device, wherein the second personal identification number is later used to authenticate the user. 2. The method of claim 1 , further comprising: receiving a time from a clock, and wherein the authentication code is also based upon the time. 3. The method of claim 1 , further comprising: receiving a challenge, and wherein the authentication code is also based upon the challenge. 4. The method of claim 1 , further comprising: receiving a second cryptographic key if the authentication code is correct, and storing the second cryptographic key at the authentication device. 5. The method of claim 4 , wherein the second cryptographic key replaces the first cryptographic key at the authentication device. 6. The method of claim 1 , wherein the authentication code is not based on other data received from the user. 7. The method of claim 1 , wherein the authentication device comprises of a keypad and a display. 8. The method of claim 1 , wherein the authentication device comprises a processor. 9. A non-transitory computer readable medium storing instructions adapted to be executed by a processor to perform operations, the operations comprising: receiving, at an authentication device from a user, wherein the authentication device is a mobile device, a first personal identification number; retrieving a first cryptographic key from a removable memory coupled to the authentication device, wherein the removable memory is a subscriber identity module (SIM) card; generating, at the authentication device, an authentication code based upon the first personal identification number and the first cryptographic key, and wherein the authentication code is not based on other data received from the user; providing the authentication code to an authentication server; receiving at the authentication device from the authentication server a second personal identification number through an electronic communication interface coupling the authentication device to the authentication server, wherein the second personal identification number is different from the first personal identification number, and wherein the second personal identification number replaces the first personal identification number at the authentication device in response to a correct authentication code; and replacing the entire first personal identification number with the second personal identification number at the authentication device, wherein the second personal identification number is later used to authenticate the user. 10. The non-transitory computer readable medium of claim 9 , wherein the operations further comprise: receiving a time from a clock, and wherein the authentication code is also based upon the time. 11. The non-transitory computer readable medium of claim 9 , wherein the operations further comprise: receiving a challenge, and wherein the authentication code is also based upon the challenge. 12. The non-transitory computer readable medium of claim 9 , wherein the operations further comprise: receiving a second cryptographic key if the authentication code is correct, and storing the second cryptographic key at the authentication device. 13. The non-transitory computer readable medium of claim 9 , wherein the second personal identification number replaces the first personal identification number at the authentication device, and wherein the authentication code is not based on other data received from the user. 14. The non-transitory computer readable medium of claim 13 , wherein a second cryptographic key replaces the first cryptographic key at the authentication device. 15. A method comprising: providing, to an authentication token, a first personal identification number, wherein the first personal identification number is used in combination with a first cryptographic key extracted from a removable memory device coupled to the authentication token to authenticate a user with an authentication server and to activate a reader that is communicatively coupled to the authentication server wherein the reader is a mobile device, wherein the removable memory is a subscriber identity module (SIM) card; physically and electrically coupling the authentication token to electrical contacts of the reader; providing, to the reader, a second personal identification number, wherein the second personal identification number is different from the first personal identification number and replaces the entire first personal identification number at the reader; and authenticating the user using the second personal identification number. 16. The method of claim 15 , wherein the user is authenticated using the first personal identification number prior to authenticating the user using the second personal identification number. 17. The method of claim 15 , wherein the authenticating of the user using the first personal identification number uses a time-based or challenge-response authenticator. 18. The method of claim 15 , wherein the authenticating of the user using the second personal identification number includes providing a public key to the authentication server. 19. The method of claim 15 , wherein the authenticating of the user using the second personal identification number comprises generating an authentication code based upon the cryptographic key and the second personal identification number.
Assignees
Inventors
Classifications
Active cards, i.e. cards including their own processing means, e.g. including an IC or chip · CPC title
Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
Wireless · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9240891B2 cover?
- A hybrid authentication device that has a keypad, a display, an electronic communications interface and a processor and memory that can be removable, such as a Subscriber Identity Module. The device can operate in a stand-alone mode, in which a user enters a personal identification number and challenge using the keypad, and the device generates a response. The device can also function as a smar…
- Who is the assignee on this patent?
- Popp Nicolas, Bajaj Siddharth, Hallam-Baker Phillip Martin, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3271. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).