What technology area does this patent fall under?

Primary CPC classification H04L63/0838. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Method and system for smartcard emulation

US9787672B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9787672-B1
Application number	US-201313918326-A
Country	US
Kind code	B1
Filing date	Jun 14, 2013
Priority date	Mar 15, 2013
Publication date	Oct 10, 2017
Grant date	Oct 10, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method and system for emulating a smartcard which includes receiving a one time password and a container PIN for a container, validating the container PIN, upon validating the container PIN, and sending a request to validate the one time password to an authentication server based on a credential ID and a user ID, wherein the request includes the credential ID, the user ID, and the one time password. Upon validation of the one time password by the authentication server, a response is received from the authentication server, and the response includes at least one of: at least a portion of a private key or an authorization to access a at least a portion of the private key stored locally.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, by a security agent on a client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validating, by the security agent on the client device, the container PIN; sending, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receiving, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combining the cloud portion of the private key with the container portion of the private key to construct the private key; sending, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receiving, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and exporting, from the security agent on the client device to the second device, the container portion of the private key. 2. The method of claim 1 further comprising: executing an initial key generation function; and sending the cloud portion of the private key to the authentication server. 3. The method of claim 1 , further comprising: sending a request to the authentication server to validate a third one-time password for importation of the container portion of the private key from a device into the container; and receiving a response from the authentication server indicating that the third one-time password for importation of the container portion of the private key is valid, wherein importation of the container portion of the private key from the device is permitted upon receipt of the response. 4. The method of claim 1 , wherein the key ID is one of a plurality of key IDs associated with the user ID. 5. The method of claim 1 , wherein a pin policy defining requirements for the pin is exported with the container portion of the private key. 6. A system comprising: a hardware memory; and a security agent on a client device coupled to or containing the hardware memory, the security agent configured to: receive, by the security agent on the client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validate, by the security agent on the client device, the container PIN; send, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receive, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combine the cloud portion of the private key with the container portion of the private key to construct the private key; send, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receive, by the security agent on the client device, a response from the authentication server indicating that the second one-time password is valid, wherein exportation of the container portion of the private key to the second device is permitted upon receipt of the response; and export, from the security agent on the client device to the second device, the container portion of the private key. 7. The system of claim 6 , wherein the security agent is further configured to: execute an initial key generation function; and send the cloud portion of the private key to the authentication server. 8. The system of claim 6 , wherein the processing device security agent is further configured to: send a request to the authentication server to validate a third one-time password for importation of the container portion of the private key from a device into the container; and receive a response from the authentication server indicating that the third one-time password for importation of the container portion of the private key is valid, wherein importation of the container portion of the private key from the device is permitted upon receipt of the response. 9. The system of claim 6 , wherein the key ID is one of a plurality of key IDs associated with the user ID. 10. The system of claim 6 , wherein a pin policy defining requirements for the pin is exported with the container portion of the private key. 11. A non-transitory computer readable storage medium comprising instructions that, when executed by a security agent on a client device, cause the security agent to perform a set of operations comprising: receiving, by the security agent on the client device, a one-time password and a container PIN for a container, wherein the one-time password is generated at a device registered with the client device and entered into the security agent on the client device; validating, by the security agent on the client device, the container PIN; sending, by the security agent on the client device upon validation of the container PIN, a request to validate the one-time password to an authentication server, wherein the request comprises the one-time password, a credential ID associated with the registered device, a key ID associated with a private key, and a user ID associated with a user; receiving, by the security agent on the client device upon validation of the one-time password by the authentication server, a response from the authentication server, the response comprising a cloud portion of the private key identified via the key ID and an authorization to access a container portion of the private key stored locally in the container; combining the cloud portion of the private key with the container portion of the private key to construct the private key; sending, by the security agent on the client device to the authentication server, a request to validate a second one-time password, wherein validation of the second one-time password by the authentication server authorizes exportation of the container portion of the private key from the container to a second device; receiving, by the security agent on the client device, a response from the authentication server indicating that t

Assignees

Symantec Corp

Inventors

Classifications

H04L9/321
involving a third party or a trusted authority · CPC title
H04L9/0897
involving additional devices, e.g. trusted platform module [TPM], smartcard or USB · CPC title
H04L9/3228
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
H04L63/0838Primary
using one-time-passwords · CPC title
H04L9/3247
involving digital signatures · CPC title

Patent family

Related publications grouped by family.

View patent family 59929234

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9787672B1 cover?: A method and system for emulating a smartcard which includes receiving a one time password and a container PIN for a container, validating the container PIN, upon validating the container PIN, and sending a request to validate the one time password to an authentication server based on a credential ID and a user ID, wherein the request includes the credential ID, the user ID, and the one time pa…
Who is the assignee on this patent?: Symantec Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/0838. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).