GB2513669A - Enabling access to data - Google Patents

Enabling access to data Download PDF

Info

Publication number
GB2513669A
GB2513669A GB1311120.8A GB201311120A GB2513669A GB 2513669 A GB2513669 A GB 2513669A GB 201311120 A GB201311120 A GB 201311120A GB 2513669 A GB2513669 A GB 2513669A
Authority
GB
United Kingdom
Prior art keywords
module
modules
passcode
seed value
proximity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1311120.8A
Other versions
GB201311120D0 (en
GB2513669B (en
Inventor
Boris Taratine
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa Europe Ltd
Original Assignee
Visa Europe Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa Europe Ltd filed Critical Visa Europe Ltd
Priority to GB1311120.8A priority Critical patent/GB2513669B/en
Publication of GB201311120D0 publication Critical patent/GB201311120D0/en
Priority to EP14742569.8A priority patent/EP3011496A2/en
Priority to PCT/GB2014/051905 priority patent/WO2014203004A2/en
Priority to MX2015017684A priority patent/MX2015017684A/en
Priority to CN201480041271.XA priority patent/CN105393254B/en
Priority to KR1020217007304A priority patent/KR102332437B1/en
Priority to KR1020167001852A priority patent/KR102229116B1/en
Priority to AU2014282982A priority patent/AU2014282982A1/en
Priority to CN202310066732.XA priority patent/CN116028954A/en
Priority to CA2916085A priority patent/CA2916085A1/en
Publication of GB2513669A publication Critical patent/GB2513669A/en
Priority to US14/977,400 priority patent/US10445484B2/en
Application granted granted Critical
Publication of GB2513669B publication Critical patent/GB2513669B/en
Priority to US16/575,795 priority patent/US11275821B2/en
Priority to US17/592,239 priority patent/US11868169B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01FMEASURING VOLUME, VOLUME FLOW, MASS FLOW OR LIQUID LEVEL; METERING BY VOLUME
    • G01F23/00Indicating or measuring liquid level or level of fluent solid material, e.g. indicating in terms of volume or indicating by means of an alarm
    • G01F23/14Indicating or measuring liquid level or level of fluent solid material, e.g. indicating in terms of volume or indicating by means of an alarm by measurement of pressure
    • G01F23/18Indicating, recording or alarm devices actuated electrically
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • G06F21/725Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Abstract

An apparatus and method for enabling access to secure data comprises; a first module 21 that generates a limited use passcode (such as a one time password or OTP) and provide it to the user 90; as second module 12 arranged to communicate and detect the proximity of a third module 33; and a fourth module 14 able to receive user input; wherein the apparatus enables access to secure data when the fourth module receives a valid password and the third module is near the second module. The limited use password might be generated by a time dependent seed value, generated by clocks present in some of the modules. The modules might exist in various combinations of separate components or elements. Also an apparatus and method comprising two modules, where the first is able to detect the proximity of the second by sharing a secret uniquely assigned during manufacture.

Description

ENABLING ACCESS TO DATA
Technical Field
A system for enabling access to data, and in particular a system for enabling access to data stored on, or accessible using, a user device.
Background
User devices, such as mobile telephones, tablet computers, laptop computers and desktop computers are increasingly being used to provide access to secure data.
Such devices may be provided with a secure element, for example a Subscriber Identity Module (SIM) in a cellular device (i.e. telephone or tablet), or a Trusted Platform Module (TPM) in a computing device. The secure element is tamper resistant and may store secure data (which may itself comprise credentials enabling access to further secure data). In such eases, it is important to ensure that access to the secure data is adequately controlled to prevent unauthorized users attacking the system and gaining access.
Many security features have been proposed in relation to mobile devices. One proposed method is to use a proximity system to control access to the secure data, such as the system described in granted US patent number 8112066. Here, a mobile telephone is paired with a BluetoothtM device. When the mobile telephone and the BluetoothTM device are in proximity, the secure data is accessible. This thus provides security in a relatively convenient manner to the user.
It would be desirable to increase the security of data on a device, whilst maintaining relative convenience to the user.
Summary
In accordance with at least one embodiment, methods, devices, systems and software are provided for supporting or implementing functionality to transmit credentials.
This is achieved by a combination of features recited in each independent claim.
Accordingly, dependent claims prescribe further detailed implementations of various embodiments.
According to a first aspect of the invention, there is provided apparatus for enabling access to secure data, the apparatus comprising: a first module arranged to generate a limited use passcode and make the passcode available to a user; a second module and a third module arranged to communicate whereby to enable detection of the third module being in proximity to the second module; and a fourth module arranged to receive a passcode via user input; wherein the apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module bcing in proximity to the second module.
In addition to using a proximity system to prevent access to the secure data in case of theft, a limited use passeode system is also used to enable access to the secure data. Since the limited usc passcode is provided as user input, the receipt by the fourth modulc of a valid limitcd use passcode indicatcs that a local user is present. This in turn indicates that the device is not being controlled by an unauthorized remote user (who would be unable to receive the passeode and provide it as user input). Consequently, by providing the apparatus as described above, embodiments are able to enable access to secure data based on two security functions, the first determining whether an authorized user is in proximity, and the second determining that the user is a local to the apparatus. This increases the security with which access to the data is enabled.
The passcode is limited use in that there is a limit on its validity. For example, the passcode may only be used once (after which becomes invalid). Alternatively or additionally, the passcode may be valid for a limited duration. One example of a limited use passeode is a "one-time passeode" or OTP. One advantage of using a generated, limited use, passeode is that the opportunities for replay attacks, where the passcode is stored and then used by an unauthorized party at a later time, are reduced. In another words, embodiments according to the above description, provide a passcode which is non-reusable and non-replicable.
Embodiments according to the above description, also provide advantages over a system which uses only a limited use passcode (without proximity). Such a system (using only a passeode) could not prevent unauthorized access to the secure data should the passcodc generator device be stolen. It will be noted that due to the first module making the passcode available to a user so as to be transfer the passcode via user input, the passcode is prevented from being surreptitiously stolen via, e.g. the internet.
The apparatus may be arranged to make a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules. The first module may be arranged to use the seed value to generate the limited use passcode. The fourth module may be arranged to validate a received passcode using the seed value.
In systems where a limited use passcode is generated, a seed value may be used as an input for the passcode generation. This seed value changes, thereby ensuring that the passcode changes (and thus has limited use). For such a system to work, both passeode generator and the passcode validator (i.e. the first and fourth modules) need a given seed value to be concurrently available to them. Typically the seed value cannot be directly communicated between the first and fourth modules, since this could make the system vulnerable as both modules (being in communication) may be accessed by a remote user. Consequently, in many systems the seed value is time based; that is the seed value is, or is derived from, a value of current time.
If the seed value is time based, both the first and fourth modules require access to a trusted source of time. Here, a trusted source of time is one which can be relied upon to be unaltered. By way of example, time determined by a secure clock, internal or connected to the module, can be trusted, whereas time provided by a user input, or from a clock which may be altered, cannot be trusted. Relying on a source of time which can be altered may enable replay attacks, where the time available to one modules is altered. This may make the fourth module accept a passcode generated in the past, or make the first module generate a passcode which will be valid in the future.
In some situations, one or both of the first and fourth modules may not have access to a trusted source of time. This may be because, due to manufacturing considerations, the relevant module cannot be provided with an internal clock. To exemplify this, the relevant module may be a part of a Subscriber Identity Module (SIM) of a mobile telephone or a part of a smartcard (that is a card with a chip, such as a banking card or identity card). Such devices typically do not have internal clocks, and therefore may not have access to a trusted source of time.
Advantageously, by providing the modules as described above, the proximity detection modules (the second and third modules) can be provided with a secondary use -that of enabling that the seed value to be made concurrently available to both the first and fourth modules using a secure communications protocol. This means that there is no requirement for both first and fourth modules to have access to a trusted source of time. In some embodiments, there is no use for a time based seed value at all as one module may randomly generate a seed value, and the other may receive the same seed value via the second and third modules as described above. By removing the need for a clock, the apparatus may therefore be simplified.
The first module and the third module may comprise synchronized clocks. The seed value may be determined by the first and third modules using an indication of time from respective clocks. Alternatively, the first and third modules may be communicatively connected, and may be arranged cooperate whereby to generate and have the seed value concurrently available. The second and fourth modules may also be communicatively connected, and the second module may be arranged to provide the seed value received from the third module to the fourth module.
In thc above, the first and third modules have access to the same seed value, either by being communicatively connected or having access to synchronized clocks.
In the latter case, the first and third modules may be physically separated. The third module provides the seed value to the second module, which in turn makes the seed value available to the fourth module. Therefore, the fourth module is able to receive the seed value, without needing a clock synchronized with the first module.
The third and fourth modules may be communicatively connected, and may be arranged to cooperate whereby to generate and have the seed value concurrently available. The first and second modules may be communicatively connected, and the second module may be arranged to provide the seed value received from the third module to the first module. In this alternative embodiment, the third and fourth modules are connected, and between them generate the seed value. Therefore the seed value is available to the fourth module. The third module provides the seed value to the first module via the second module.
The third and fourth modules may be communicatively connected, and the fourth module may be arranged to provide data indicative of the passcode received via user input to the third module. The third module may be arranged to transfer data indicative of the passcode to the second module. The first and second modules may be communicatively connected. The apparatus may be arranged to determine whether the generated passcode made available to the user by the first module was received via user input at the fourth module. In this embodiment, the limited use passcode is returned and validated against the originally generated passcode using the proximity detecting modules. This therefore allows enabling of access using the two factors mentioned above, but with the benefit of a simple system, where clocks and seed values are not required.
The second and third modules may share a secret which has been uniquely assigncd thcreto for usc in detcrmining whethcr thc third moduic is in proximity to the second module. The first and fourth modules may also share a secret which has been uniquely assigned thereto for use in generating and validating the passcode.
Alternatively, the first, second, third and fourth modules may all share a secret which has been uniquely assigned thereto for use in determining whether thc third module is in proximity to the second module and for generating and validating the passcode.
The various modules may be uniquely assigned a secret. Different secrets may be separately assigned to the two pairs of modules, i.e. the second and third modules, and the first and fourth modules; however in some cases, the samc secret may be assigned to all four modules. Here, uniquely assigning a secret means that the secret is not ayailable to any external system, for example on a remote server. By contrast, the secret may be assigned to, or bui It into, the modules during manufacture. This increases the sccurity of thc system, sincc no external system can be compromiscd to access the secret. Moreover, if the modules themselves are compromised, then only the secret or secrets assigned thereto are compromised and other, similar, modules associated with a different apparatus are not affected.
The third module may be arranged to generate a secure signal and to cause the secure signal to be wirelessly transmitted. The second module may be arranged to receiye and yalidate a said secure signal whereby to detect whether the third module is in proximity to the second module. The second and third modules may be arranged to cooperate with wircless communications cquipment whereby to cause the signal to be transmitted and to receive a said signal. The shared secret may be used for generating and validating the secure signal.
The first modulc may be arrangcd to bc conncctcd to a user intcrface, and to cause the passcode to be madc availabic to a user via thc uscr intcrface. Thc fourth module may be arranged to be connected to a further user interface, and to receive a passcodc providcd by a user to thc furthcr user intcrfacc. The first moduic may be arranged to limit the provision of the passcode to the user interface. The first module may be connected to other modules, for example to receive a seed value as described above. However, by limiting the provision of the passcode to the user interface, the apparatus can ensure that any attack on the system will not gain access to a generated passcode. In other words, the first module will only make the passcode available through the user interface. One method of doing this is to ensurc that the first module comprises a secure element, and that the secure element has only a single output, that arranged to drive the user interface.
The first and fourth modules maybe communicatively unconnected. By being communicatively unconnected, the passcode can only be transferred between the first and fourth modules via a user, thus ensuring a local user is present.
The apparatus may comprise: a first clement comprising the second and fourth modules; a second element, communicatively unconnected to the first element, comprising the first module; and a third element, physically separate from the first element, comprising the third module. The first element may be arranged to enable access to the secure data. The second and third elements may be physically connected.
The apparatus may comprise: a first element comprising the fourth module; a second element, communicatively unconnected to the first element, comprising the first and second modules; and a third element, physically separate from the second element, comprising the third module. The first element may be arranged to enable access to the secure data. The first module may be arranged to generate the passcode in dependence on the second module detecting that the third module is in proximity to the second module.
The apparatus may comprise: a first element comprising the second and fourth modules; and a second element, physically separate from the first element, comprising the first and third modules. The first and third modules may be arranged within the second element such that the third module is prevented from receiving a generated passcode from the first module.
The apparatus may comprise: a first element comprising the third and fourth modules; and a second element, physically separate from the first element, comprising the first and second modules. The first and second modules may be arranged within the second element such that the second module is prevented from receiving a generated passcode from the first module.
The apparatus may comprise a memory arranged to store the secure data.
Alternatively, at least a part of the apparatus may be arranged to be connected to a memory arranged to store the secure data. The secure data may comprise credentials for enabling access to a system remote from the apparatus. The secure data may comprise one or more of: at least one cryptographic key or shared secret; a public key certificate; at least one username; and at least one passcode.
According to a second aspect of the invention there is provided apparatus for enabling access to secure data, the apparatus comprising: at least one module arranged to provide a first security function based on a limited use passcode which is made available to a user of the apparatus, at least one further module arranged to provide a second security function based on proximity sensing; and wherein the apparatus is arranged to enable access to secure data in dependence on the both the first and second security functions.
The at least one module may comprise a first module arranged to generate a limited use passcode and make the passeode available to a user of the apparatus. The at least one module may comprise a fourth module arranged to receive a passcode via user input from the user of the apparatus, and validate the passcode whereby to provide the first security function.
The at least one further module may comprise a second module arranged to detect a third module being in proximity to the second module. The at least one further module may comprise the said third module.
The second module may be configured to receive a seed value from the third module, the seed value having been used to generate the limited use passcode. The second module may be configured to receive a seed value from the third module, and to provide the seed value to the at least one module for use in generating the limited use passeode.
At least two of the modules share a secret which is uniquely assigned thereto for usc in providing the security functions.
According to a third aspect of the invention there is provided apparatus for enabling access to secure data, the apparatus comprising: a first module; and a second module, wherein the first and second modules are arranged to communicate whereby to enable detection of the second module being in proximity to the first module, and the first and second modules share a secret which has been uniquely assigned thereto during manufacture of the modules for use in determining whether the second module is in proximity to the first module.
The two modules may be uniquely assigned a secret during manufacture. Here, uniquely assigning a secret means that the secret is not available to any external system, for example on a remote server. By contrast, the secret is assigned to, or built into, the modules during manufacture. This increases the security of the system, since no external system can be compromised to access the secret. Moreover, if the modules themselves are compromised, then only the secret or secrets assigned thereto are compromised and other, similar, modules associated with a different apparatus are not affected. It will be appreciated that the first and second modules described here correspond to the second and third modules described throughout the remainder of this document.
According to a fourth aspect of the invention there is provided a method for enabling access to secure data, the method comprising: generating a limited use passeode and making the passcode available to a user; communicating between a second module and a third module whereby to enable detection of the third module being in proximity to the second module; receiving a passcode via user input; and enabling access to secure data in dependence on receiving a valid passcode and the third module being in proximity to the second module.
A first module may generate the limited use passcode, and a fourth module may receive the passeode. The method may comprise: making a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules; using the seed value to generate the limited use passcode; and validating a received passcode using the seed value.
The first module and the third module may comprise synchronized clocks and the method may comprise determining the seed value using an indication of time from respective clocks. The first and third modules may be communicatively connected and the method may comprise cooperating between the first and third modules whereby to generate and have the seed value concurrently available. The second and fourth modules may be communicatively connected and the method may comprise providing, from the second module to the fourth module, the seed value received from the third module.
The third and fourth modules may be communicatively connected, the first and second modules may be communicatively connected, and the method may comprise: cooperating between the third and fourth modules whereby to generate and have the seed value concurrently available; and, providing, from the second module, the seed value received from the third module to the first module.
The third and fourth modules may be communicatively connected, the first and second modules may be communicatively connected, and the method may comprise: providing, from the fourth module to the third module, data indicative of the passcode received via user input; transferring, from the third module to the second module, data indicative of the received passcode; and determining whether the generated passcode made available to the user by the first module was received via user input at the fourth module.
The second and third modules may share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module. The first and fourth modules may share a secret which has been uniquely assigned thereto for use in generating and validating the passcode.
Alternatively, the first, second, third and fourth modules may share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and for generating and validating the passcode.
The method may comprise: generating a secure signal and causing the secure signal to be wirelessly transmitted; and receiving and validating a received secure signal whereby to detect whether the third module is in proximity to the second module. The second and third modules may be arranged to cooperate with wireless communications equipment whereby to cause the signal to be transmitted and to receive a said signal.
The method may comprise using the shared secret for generating and validating the secure signal.
The first module may be arranged to be connected to a user interface, the fourth module may be arranged to be connected to a further user interface, and the method may comprise: causing the passeode to be made available to a user via the user interface; and receiving a passcode provided by a user to the further user interface. The method may comprise limiting the provision of the passcode to the user interface. The first and fourth modules may be communicatively unconnected.
A first element may comprise the second and fourth modules; a second element, communicatively unconnected to the first element, may comprise the first module; and a third element, physically separate from the first element, may comprise the third module. The method may comprise enabling access to the secure data at the first element. The second and third elements may be physically connected.
A first element may comprise the fourth module; a second element, communicatively unconnected to the first element, may comprise the first and second modules; and a third element, physically separate from the second element, may comprise the third module. The method may comprise enabling access to the secure data at the first element. The method may comprise generating the passcode in dependence on the detecting that the third module is in proximity to thc second module.
A first element may comprise the second and fourth modules; and a second clement, physically separate from the first clement, may comprise the first and third modules. The method may comprise preventing the third module from receiving a generated passcode from the first module.
A first element may comprise third and fourth modules; and a second element, physically separate from the first clement, may comprise the first and second modules.
The method may comprise preventing the second module from receiving a generated passcodc from the first module.
The method may comprise storing the secure data. The method may comprise connecting to a memory arranged to storc the secure data. The secure data may comprise credentials for enabling access to a system remote from the method. The secure data may comprise one or more of: at least one cryptographic key or shared secret; a public key certificate; at least one usemame; and at least one passcode.
According to a fifth aspect of the invention, there is provided a method for enabling access to secure data, the method comprising: providing a first security function based on a limited use passcode which is made available to a user, providing a second security function based on proximity sensing; and enabling access to secure data in dependence on the both the first and second security functions.
The method may comprise generating a limited use passcode and making the passcodc available to a user. The method may comprise receiving a passcodc via user input, and validating the passcode whereby to provide the first security function. The method may comprisc detecting a third module being in proximity to a second module.
The method may comprise receiving a seed value, the seed value having been used to generate the limited use passcode. The method may comprise receiving a seed value, and providing the seed value for usc in generating the limited use passcodc. The method may comprise uniquely assigning a shared secret for usc in providing the first and second security functions.
According to a sixth aspect of the invention, there is provided a method for enabling access to secure data, the method comprising: uniquely assigning a shared secret to a first and second module during manufacture of the modules; communicating between the first and second modules using the shared secret whereby to enable detection of the second module being in proximity to the first module.
According to further aspects of the invention, there is provided a computer program arranged to perform the mcthods dcscribcd above.
Further features and advantages will become apparent from the following description of preferred embodiments, given by way of example only, which is made with reference to the accompanying drawings.
Brief Description of the Drawin2s
Systems, apparatuses and methods will now be described as embodiments, by way of example only, with reference to the accompanying figures in which: Figure 1 shows a schematic diagram of an apparatus I according to an embodiment; Figurc 2 shows a schcmatic diagram of an apparatus 2 according to a frirthcr embodiment; Figures 3a, 3b and 3c show the arrangement of modules and data flows in apparatus 2 according to various embodiments; and Figure 4 shows a schematic diagram of an apparatus 3 according to another embodiment.
Some parts, components and/or steps of the embodiments appear in more than one Figure; for the sake of clarity the same reference numeral will be used to refer to the same part, component or step in all of the Figures.
Detailed Description of Illustrative Embodiments
Figure 1 shows a schematic diagram of an apparatus I for enabling access to sccurc data according to an embodiment. In general terms the apparatus comprises at least one module arranged to provide a first security function based on a limited use passeode which is made available to a user of the apparatus, and at least one further module arranged to provide a second security function based on proximity sensing. The apparatus enables access to secure data in dependence on the both the first and second security functions.
Tn detail, according to this embodiment, the apparatus I comprises a device 40.
The device 40 is provided with a first element 10, which itself comprises a second module 12 and a fourth module 14. The first element 10 may further comprise a memory 15, which may store secure data, one or more keys, as well as computer executable instructions. The second and/or fourth modules 12 and 14 may retrieve the computer instructions and the one or more keys from the memory 15, execute the computer instructions and usc the one or more keys to enable access to the secure data. The device may further comprise a user interface 48, wireless communications equipment 47; and furthcr ancillary hardwarc and/or softwarc 49 such as thc devicc's main proccssor and memory.
By way of context, the device 40 may, for example, be a portable communications device, such as a mobile telephone, tablet computer or laptop computcr and the first element 10 may bc a Subscribcr Identity Module (SIM) within the mobile phone.
The apparatus in this cmbodimcnt comprises a sccond clement 20 which may be communicatively unconnected to the first element 10 (and thus from the second and fourth modules 12 and 14). Thc sccond clement 20 comprises a first module 21. The second element 20 may further comprise a memory 25, a clock 26 and a user interface 28. The memory 25, as with memory 15, may store computer executable instructions and one or more keys for execution and use respectively by the first module 21. The first module 21 may also receive an indication of time from the clock 26.
The apparatus in this embodiment comprises a third element 30, which may be physically separate from the first element 10 and comprising a third module 33. The third element may comprise a memory 35, a clock 36 and wireless communications equipment 37. Again, as with memory 15, the memory 35 may store computer executable instructions and one or more keys to be executed and used respectively by the third module 33. Similarly the third module 33 may receive an indication of time from the clock 36.
The clocks 26 and 36 of the second and third modules may be synchronized clocks. The output of one of the clocks may be determined using the output of the other of the clocks, or the clocks may be synchronized using some other mechanism, for example with reference to a third time source.
To continue the example above, to put the second and third elements 20 and 30 into context, the second and third modules may be small, self-contained devices, often termed fobs or dongles. These self-contained devices may be adapted to fit on a keychain, for example.
In use, access may be requested, via the device 40, to secure data stored in memory 15. This access may be requested through the ancillary hardware/software 49 -which may be taken to represent, for example, the main processor and operating system of device 40. The access may be requested in response to user interactions with the device 40. A request for access to the secure data may trigger the process described below, however any other event may trigger the process.
In this embodiment, in response to a trigger, the second and third modules 12 and 33 communicate to provide a security function based on proximity sensing. In detail, the third module 33 of the third element 30 generates a secure signal and cooperates with wireless communications equipment 37 to cause the secure signal to be wirelessly transmitted, as shown by arrow 39. The second module 12 cooperates with wireless communications equipment 47 of the device 40 to receive the signal. The second module 12 then validates the received signal as being generated by the third module 33. The signal may be generated and validated using the one or more keys stored in the memories 15 and 35. This transmitting and receiving of the signal performs a proximity sensing function. That is, it enables the second module 12 to identify the third module 33, and to detect whether the third module 33 is in proximity to the second module 12. It will be appreciated that proximity as described here is physical proximity.
While not shown, the communication between the second and third modules 12 and 33 may be two way communications. For example, the second module 12 may transmit a signal, such as a challenge code, to the third module 33 via the mobile communications equipment 47 and 37. The third module 33 may then respond to this challenge code, for example by signing the challenge code using the one or more keys stored in memory 35 and a known cryptographic function.
In this embodiment, the first and fourth modules 21 and 14 may provide a security function based on a limited usc passcodc which is madc available to a uscr of the apparatus. In detail, the first module 21 generates a limited use passcode. This may be done using the one or more keys stored in memory 25, and a seed value, which may be, for example, an indication of time from the clock 26. The passcode is limited use in that there is a limit on its validity. For example, the passcode may only be used once (after which it becomes invalid). Alternatively or additionally, the passcode may be valid for a limited duration. One example of a limited use passcode is a "one-time passcode" or OTP. It will be appreciated that a passcode is equivalent to a password, and that passcode or password may be used interchangeably. One advantage of using a generated, limited use, passcode is that the opportunities for replay attacks, where the passcodc is stored and then used by an unauthorized party at a later time, are reduced or eliminated. The use of an indication of time from a clock as a seed value ensures that a diffcrcnt passcodc is generated at diffcrcnt points in timc. It will be apparent that a fixed passcode can be stored and later used by an unauthorized party in a replay attack, and therefore the entry of a fixed passcode cannot be taken as indicative of a user being present.
The first module is connected to the user interftce 28, and causes the passeode tobemadeavailabletoauser9oviatheuserinterface28,asshownbydashedarrow 91. One method of pmviding the passcode to the user 90 is to output the passcode on a display device. As such, the user interfitce 28 may comprise a display device. However, this is not the only method, and audio, tactile (e.g. Braille) or any other form of output may be used to provide the passcode to the user 90.
Thc user subsequently provides the passcodc as user input to the user intcrfacc 48 of the device 40, as represented by dashed arrow 92. To enable the passeode to be entered, the user interface 48 may comprise buttons, a keypad or a touchscreen; however any other suitable user interface may be used, for example a voice entry interface.
The fourth module 14 is connected to the user interface 48 and therefore is able to receive the passcode provided by the user 90 to the user interface 48. The fourth module 14, having received the passcode via user input 92, validates the passcode as being generated by the first module 21. This validation of the pa.sscode may be done using an indication of time as a seed value and the one or more keys from the memory 15.
To use an indication of time as a seed value, the fourth module preferably has access to a trusted source of time. Here, a trusted source of time is one which can be relied upon to be unaltered. By way of example, time determined by a secure clock, internal to the module, can be trusted, whereas time provided by a user input cannot be trusted. Relying on a source of time which can be altered may enable replay attacks, where the time available to one modules is altered. This may make the fourth module accept a passcode generated in the past, or make the first module generate a passcode which will be valid in the figure.
The fourth module may not have access to a trusted source of time. This may be because, due to manuflicturing considerations, the relevant module cannot be provided with an internal clock. For example, a Subscriber Identity Module (SN) of a mobile telephone does not have a trusted internal clock as it has no continuous source of power (the clock will stop if the SN is removed, or the telephone switched off).
In this embodiment, a seed value may be determined by the third module 33 using an indication of time from clock 36. This seed value may then be provided by the third module 33 to the second module 12 in signal 39 -i.e. as part of the proximity sensing security function. As the clock 36 is internal to the third element 30, it may be considered a trusted source of time. It may be possible to construct the third element 30 with a clock as it may not be subject to the same manufacturing limitations as the first element 10. For example, a self-contained keychain fob may be used as a third element containing the third module. The keychain fob may be provided with an internal battery, and have a clock which will maintain time wherever the keychain fob is located. By contrast, a SIM typically does not contain a battery, and therefore may not contain a clock which will operate when the SIM is disconnected from a portable device.
The seed value provided by the third module 33 can further be trusted by the fourth module 14. This is because the seed value is provided in a secure manner from the third module 33 to the second module 12 -for example it may be signed and/or encrypted and decrypted and/or verified using the one or more keys in memories 35 and 15. Moreover, since the second and fourth modules 12 and 14 are communicatively connected, the seed value can be securely provided from the second module 12 to the fourth module 14. Thus the fourth module 14 is able to validate the limited use passeode received as user input 92 without requiring separate access to a trusted source of time or other source of a seed value. In effect, the second and third modules 12 and 33 can be provided with a secondary use -that of enabling the seed value to be available to the fourth module 14.
The apparatus may subsequently enable access to the secure data in dependence on both the fourth module 14 validating a received passcode and the second module 12 detecting that the third module 33 is in proximity to the second module 12. In this embodiment, this enabling may be performed by one or both of the second and modules 12 and 14.
It will be apparent that the at least one module arranged to provide a first security function based on a limited use passcode which is made available to a user of the apparatus, may comprise the first and fourth modules 21 and 14. The at least one further module arranged to provide a second security function based on proximity sensing may comprise the second and third modules 12 and 31.
Therefore, embodiments are able to enable access to the data to situations when a local user is present, so as to be able to provide the user input 92, and when the correct proximity device, i.e. third element 30, is in proximity. This has the effect of ensuring that first the device 40 has not been compromised and accessed by an unauthorised user (for example a remote user, who has remotely access the device), as this unauthorised user would not be able to provide the user input 92; and second that the device is in proximity to the third element 30 meaning that the device is in proximity to an authorized user, and therefore is unlikely to have been lost or stolen.
To improve security, the first module 21 may limit the provision of the passcode to the user interface 28. For example the first module 21 may be prevented from providing any output, other than the passeode to the user interface 28. Alternatively the first module 21 may be configured that the passcodc, as an output, can only be provided to the user interface 28, and not to any other circuitry which may be connected directly or indirectly to the first module 21. In some embodiments, the first and fourth modules 21 and 14 may be communicatively unconnected.
Each of the modules described above had access to one or more cryptographic keys. These keys may be considered to be one or more shared secrets. In particular embodiments, the shared secrets may be uniquely assigned to a given pair of modules.
For example, the second and third modules may share a secret which has been uniquely assigned thereto; alternatively or additionally, the first and fourth modules may share a secret which has been uniquely assigned thereto. In some embodiments, the first, second, third and fourth modules all share a secret which has been uniquely assigned thereto. The shared secret or secrets may be used to generate and validate the passcode, and to generate and validate any secure signals sent between wireless communications equipment 37 and 47.
Here, the secret being uniquely assigned may include an arrangement in which the secret is not available to any other device or system. For instance, the secret may be unavailable on a remote server. This presents three advantages, firstly the modules operate as described above without needing to contact a remote server or the like.
Secondly, there is no remote server which can be compromised to obtain the shared secrets (i.e. the keys), thus increasing the security of the apparatus. Thirdly, if a given apparatus is compromised, then other, similar, apparatuses (in a larger system of many apparatuses) remain unaffected, as any keys and secure data are local to, and thus limited to, the given apparatus. The modules may be provided with the shared secret upon manufacture, meaning the modules are sold as a set, each module already storing the keys required to communicate with the others modules within the set. This means that there is no requirement to initialize the apparatus by installing keys.
While the second and third elements 20 and 30 have been shown as separate entities, in embodiments these two elements may be physically connected, without being communicatively connected. That is, they form part of the same device, but are functionally separate. In such embodiments, the elements may share, for example, a battery or other power supply. Alternatively, the second element 20 may be physically connected to the device 40, and may likewise share a power supply with the device 40.
Figures 2, 3a, 3b and 3c show apparatus 2 for enabling access to secure data according to further embodiments. These cmbodimcnts share many features with thc embodiment described above in Figure 1, which will be given the same reference numerals. Equally, many of the functions of these embodiments will be the same as described above, and therefore will not be described again in detail. The apparatus 2, like the apparatus 1, comprises at least one module arranged to provide a first security function based on a limited use passeode which is made available to a user of the apparatus, and at least one further module arranged to provide a second security function based on proximity sensing. The apparatus enables access to secure data in dependence on the both the first and second security functions.
The embodiments which will now be described differ in two aspects from the embodiment described in Figure 1. First, the second and third elements 20 and 30 have been combined into a single element 50. Second, while the modules will still be referred to as thc first to fourth modules, and will have thc same functionality as described above, the choice of which modules are within which element may be different. For example, in one embodiment below, the third and fourth modules are present within a first element 60, in contrast to the embodiment above, where the second and third modules 12 and 14 were present within first element 10. Figure 2 shows a generalized view of the apparatus 2, while Figures 3A, 3B and 3C show variations according to embodiments.
Referring to Figure 2, a device 40 comprises a user interfltce 48, wireless communications equipment 47, and further ancillary hardware and/or software 49 such as the device's main processor and memory. The device 40 also comprises a first element 60, which itself comprises two modules 61 and 62 and a memory 65, which may store secure data, one or more keys, as well as computer executable instructions.
The apparatus 2 further comprises a second element 50 which is physically unconnected to the first element 60. This is effectively a combination of the second and third elements described above in Figure 1, where similar elements, such as a clock, have been combined. As such, the second element 50 comprises two modules 51 and 52, a memory 55, clock 56, wireless communications equipment 57 and user interface 58.
Where a single element comprises more than one module, it will be apparent that the modules arc communicatively connected and will be able to, at least, communicate to provide information to, or receive information from, the other of the modules within thc clement.
In use, information is transferred (possibly via the user) between the modules 51 and 52 in the second element 50 and the modules 61 and 62 in the first element 60.
These transfers are represented as arrow 59, representing the wireless, proximity sensing, communications, and arrows 91 and 92 representing the provision of a passcode to a user 90, and the user 90 providing the passcode as user input. The arrows 59, 91 and 92 are all double-headed, as the communications may be either or both ways, depending on the embodiment. The detail of the information transfer will be described below.
Figures 3A, 3B and 3C show variations of the arrangement of modules within the elements. A description of how these arrangements enable these modules operate to provide a first security frmnction based on a limited use passcode which is made available to a user of the apparatus, and a second security function based on proximity sensing will be provided with reference to these figures. For clarity, within these figures, the features other than the modules 51, 52, 61 and 62, elements 50 and 60, and memory 65 have been omitted.
Figure 3A shows a first arrangement of the modules within the first and second elements 60 and 50. The first element 60a, from within device 40, is given reference 60a. The first clement comprises second and fourth modules 62a and 61 a, and memory 65a. The second element is given reference SOa, and comprises first and third modules 51a and 52a.
The embodiment shown in Figure 3A illustrates an embodiment in which the first and third modules Sla and 52a, located within the second element 50a, provide both a passcode and a seed to the first element SOa. This embodiment is, in effect, an adaptation of the embodiment of Figure 1, where the first and third modules 51 a and 52a are located within the same element. However, in this embodiment, the first and third modules 5 la and 52a are communicatively connected.
In use, in step Si a, the first and third modules 51 a and 52a cooperate to generate and have a seed value concurrently available. The seed value may take many foims, for example being the value of a counter (incrementing, for example, every time a passcode is generated), an indication of time, ora randomized number. The cooperation between the first and third modules 5 la and 52a may be done in a number of ways, for example: the first module 51 a may generate the seed value, and provide the seed value to the third module 52a; the third module 52a may generate the seed value, and provide the seed value to the first module Ma; a further module, not shown, may generate the seed value and provide the seed value to both the first and third modules 51 a and 52a; and/or both of the first and third modules 51 a and 52a may receive an indication of iS time from clock 56 (shown in Figure 2, omitted from Figure 3a), and may use this indication of time directly as the seed value, or calculate the seed value from the indication of time (in this last example the two modules may comprise, or be connected to, a single clock, or different synchronized clocks).
Following step Sla, the third module 52a provides the seed value to the second module 62a as illustrated by step S2a. This step also provides the proximity sensing function, i.e. sensing that the third module 52a (and thus the second element 50a) is in proximity to the second module 62a (and thus the first element 60a).
The first module 51 a uses the seed value mentioned in step S Ia to generate a limited use passcode which, in step S3a, is provided to a user, and thus is provided as user input to the fourth module 61a. In addition, the second module 62a, having received the seed value from the third module 52a in step S2a, provides the seed value to the fourth module 61a in step S4a.
The fourth module 61a has therefore received the seed value and the received passcode. Consequently, the fourth module uses the seed value to validate the received passcode. If the passcode is validated, and since the receipt of the seed may be taken as in indication of proximity, the fourth module 61a may allow access to the secure data in memory 65a as represented by step S5a. It will be appreciated that the fourth module 61a may not be solely involved in enabling access to the secure data, and thus the first element 60a in general may be configured to enable access to the secure data.
An alternative embodiment is shown in Figure 3B. In this embodiment the first clement 60b comprises the fourth and third modules 6ib and 62b and memory 65b. The second element SOb comprises the first and second modules Sib and 52b. As with the embodiment in Figure 3a, the pairs of modules within a given element are communicatively connected.
In a step Sib, the third and fourth modules 61b and 62b cooperate whereby to generate and have a seed value concunently available. This may be done using any of the methods described above in relation to the first and third modules 51a and 52a of Figure 3A.
Instep S2b, the third module 62b providcs the seed valuc to the second module 52b as part of the proximity sensing function. The second module 52b then provides the seed value received from the third module 62b to the first module Sib in step S3b.
The first module Sib, having received the seed value in step S3b, generates a passeode using the seed value. This passcode is then provided to the user and, as shown by step S4b, is provided as user input from the user to the fourth module Mb.
The fourth module 61b, which already has access to the seed value (having generated or received it in step Sib) is able to validated the received passcode, and based on the validation allow access to the secure data from memory 65b as shown by step SSb.
Another embodiment is shown in Figure 3C. This embodiment contrasts with the above embodiments in that the first element 60c comprises the first and second modules 61c and 62c, as well as the memory 65c. Accordingly, the second clement SOc comprises the fourth and third modules Sic and 52c. As the first element 60c (which stores the data in memory 65c) is the element which provides the passcode, this embodiment is suited to situations where the data is stored in an element which has limited capability for a user interface. For example, a small element, such as one contained in a fob or smartcard may have a display (for displaying a passcode to a user) but may not have a keypad or the like which would be required to provide a passcode as user input.
In use, a passcode is generated by the first module 61c. A seed value may be used to generate the passcode, however the passcode may simply be a random number or the like.
The passcode is provided to the user, and from the user, as user input Sic, to the fourth module 51 c. The fourth module Sic provides thc passcodc to the third module 52c in step S2c. The third module then transmits the passcode to the second module 62c as part of a proximity sensing process. Finally, the passcode is provided from the second module 62c to the first module 61c in step S4c. This enables the first module 61c to determine whether the generated passcode was the same as the one returned to it. If the passcode is the same, then the first module 61c may allow access to the data from the memory 65e, as represented by step S5e. It will be appreciated that the user input passcode may not itself be communicated from the fourth module back to the first module; that is, steps S2c, S3c and S4c may not involve transfer of the passeode.
Instead, a representation of the passcode, for example an encrypted or hashed version may be transfened. Alternatively, the passeode received by the fourth module may be used to set up a secure session between the second and third modules 62e and 52c.
An apparatus 3 according to an alternative embodiment will now be described with reference to Figure 4. This embodiment is similar to the first embodiment shown in Figure 1; however, in this embodiment, while the passcode is generated by a module within a second element 80 and provided to a first element 70, the proximity sensing function operates between the second element 80 and a third element 30.
The apparatus 3 comprises a device 40. Device 40, is similar to device 40 described above, and comprises a first element 70, a user interface 48 and ancillary hardware and/or software 49 such as the device's main processor and memory. The device 40 does not require wireless communications equipment 47, hence this feature is shown with a dotted line.
The first element 70 comprises a fourth module 74 and a memory 75, which may store secure data, one or more keys, as well as computer executable instructions.
The fourth module 74 may retrieve the computer instructions and the one or more keys from the memory 75, execute the instructions, and use the one or more keys to enable access to the secure data. The first element 70 may also comprise clock 76.
The apparatus 3 further comprises a second element 80. This second element 80 comprises first and second modules 81 and 82, a memory 85, clock 86, wireless communications equipment 87 and user interface 88. The second element is similar to the second element 50 described above.
The apparatus 3 comprises a third element 30, physically separate from the second element 80 and comprising a third module 33. The third element may comprise a memory 35, a clock 36 and wireless communications equipment 37. The third element described here may be the same as the third element 30 described above.
In use, the third module 33 of the third element 30 communicates with the sccond modulc 82 of thc sccond clcmcnt 80 to provide a proximity sensing function.
Based on the detection of the third module being in proximity to the second module, the second module causes the first module 81 to generate a limited use passcode -that is the passcode is generated in dependdilce on the third module being in proximity to the second module. Both the sensing and the generating of the passcode may be performed substantially as described above, and will not be described in detail here. In some embodiments, the clock 86 of the second element may be omitted, and a seed value, for example time, may be received from the third module 30.
The passcode is then made available to the user 90 via the user interface 88. The user in turn provides the passcode as user input to the user interface 48 of the device 40 and thereby to the fourth module 74. The fourth module 74 may therefore yalidate the passeode and allow access to the data based on the passcode being valid. To validate the passcode, thc fourth module 74 may usc an indication of timc from the clock 76.
The receipt by the fourth module 74 of a valid the passcode may be taken as indicative that the proximity sensing security function has been satisfied, and therefore a valid passcode completes the two security functions, proximity and passcode.
Additional Details and Modifications In embodiments, the secure data may comprise credentials for enabling access to a system remote from the apparatus 1. Such credentials may include encryption keys, usemames, passwords or passcodes, digital ccrtificatcs and the like.
The first, second, third and fourth modules have been described separately.
However, it will be apparent that this is for clarity, and where a single element (such as sccond clcmcnt 50) compriscs more than one module (such as modulcs 51 and 52) thcse modulcs may be providcd as a single physical unit. In othcr words, thc description of different modules is to be taken as an illdication of different functional capabilities which may bc provided to a givcn elcmcnt, and not that scparatc hardwarc and/or software is required. Furthermore, the memories and clocks have been described separately within any given element -however these may be incorporated within any or each module as required.
Any module, or combination of modules, within an element may be embodied by a processing system, memory, software and hardware as known in the art to be able to achieve the desired functionality. Equally, the modules and/or the elements may be tamper resistant. That is they may be embodied by or within so called secure elements.
A single module (typically the fourth module) has been described as allowing access. This is not a requirement, and as a result of the operations described above, any module, whether illustrated or an additional, unillustrated, module may enable access to the secure data.
In the embodiments described above, the first element, within the device 40, lacks a clock. 1-lowever this is not a requirement, and a suitable clock may be provided within the first element as required.
In somc embodiments, a plurality of one or more of the first, second, third and fourth modules may be provided in a given apparatus. Different modules may therefore serve to identify different users, or different accounts for the same user. For example, in an embodiment similar to that shown in Figure IA, a single first element 60a may be provided along with a plurality of second elements 50a. The fourth and second modules ôla and 62a in the fir st element ôOa may store keys or shared secrets corresponding to all of the plurality of the second elements SOa -as such, the keys or shared secrets may still be uniquely provided to the apparatus as a whole. Similar arrangements will be possible for the other embodiments described above.
In some embodiments, various elements may be activated by a physical act by a user. For example, the user may press a button to cause a passeode to be generated.
In some embodiments, the proximity sensing frmnctionality may serve to activate a device. For example, the embodiments illustrated by Figures 3A and 3B may be triggered by the act of bringing one element into close proximity to the other -sensed by the proximity functionality. During the proximity sensing security functionality, the current seed value may be transferred, and receipt, or transmission of the seed value may cause the first module to generate a passeode.
In the embodiments described above, the first element has been shown as a part of the device 40. However in ifirther embodiments, the device 40 may be distributed, that is various elements of the device 40 may be provided in separate physical units, which are arranged to be connected. For example, the first element and the wireless communications equipment may be provided in an add-on case for a mobile telephone.
The case can be connected to the mobile telephone. When connected, the first element within the case is capable of communicating with the mobile telephone, which provides the user interface, and ancillary hardware and software.
The proximity sensing security functionality, and equally the transfer ofthe seed value may be performed by any known wireless system. For example Near Field Communications (NFC), Radio Frequency ID (REID), BluetoothTM, WiFiTM (02. 11) or other short-range wireless communications systems. In alternative embodiments, the proximity sensing may be provided by a non-radio-frequency system; for example, direct coupling via contacts, inductive or capacitive coupling, audio or ultrasonic communication, mechanical coupling, including the use of vibrations such as Piezo vibrators, and visual or infrared (IR) communications, including the use of barcodes or QR codes displayed on a screen. Alternative method of providing a proximity sensing function, and for thc transfer of data if applicablc, will bc apparcnt to thc skilled person.
Likewise the communications between the second and third modules, and in particular communications arranged to ensure security may be enabled using known methods, such as the use of two-way communications involving a challenge code and challenge response, or one way communications using a rolling code (such as is used for unlocking a vehicle).
The ancillary hardware and/or software 49 of the device may be considered to cover features of the device which are not explicitly described above. For example, a typical mobile telephone will have a central processing system, memory, graphics processing system, various network interfaces (cellular, WiFi etc.) and the like. Thus the device 40, in general, will be recognized as being able to perform in a manner such that a user may request access to secure data -for example by selecting an option on a screen, or selecting and activating an application. Therefore, a request for secure data may be received from or via the ancillary hardware and/or software 49.
The seed values described above may be randomly generated numbers, or an indication of time. Where time is used, it will be apparent that this does not need to be a human recognizable time. As such, the synchronized clocks described above may simply be counters, started at the same time and with the same value, and configured to increment at a fixed interval.
The limited use passcode has been described as having a limited validity period.
The nature of the limited use passcode may be selected based on the security level desired. For example, the first module and clock may be arranged such that the passcode changes after a predetermined period. To enable this, the seed value may be a counter, providing an indication of time, which increments every minute. It will be appreciated that an indication of time does not need to correspond to a human readable time, such as universal time, and that the indication of time may simply be a counter value, incrementing every period -in such cases, the clocks may be synchronized by setting the counters to the same value at a particular time. The period, after which the passcode changes, may be for example 1 minute, however, other periods, from seconds to hours are envisaged for the period.
To ensure that, for example, drift in synchronized clocks or variations in internal counters do not render the system inoperative, the fourth module may accept a range of passeodes. For example, where the seed value is time, the fourth module may accept any of three passcodes corresponding to the current, previous and next time periods (i.e. T, T+1 and T-1 where T is an indication of time which increments by 1 each period).
This may mean that, in the example above, the passcode will have a validity between 2 and 3 minutes, depending on when in a given period it is provided to and by the user.
Alternatively, the seed value may be derived from a counter, which increments each time a password is generated (for example in a rolling code system). In such a system, the fourth module may accept passcodes corresponding to the next N values of the counter, where N may be a predetermined value ranging from 2 to many thousand.
It will be appreciated that the selection of what range of passeodes to accept may be selected based on the balance between user convenience and security, since an attacker may generate passeodes in advance in an attempt at circumventing the system, and having a large value for N provides an attacker with greater opportunities for attack.
The counters may be synchronized when a valid password is received, such that the counter value in the fourth module corresponds to the counter valuc used to gencrate the passcode in the first module.
While the above has been described in terms of a series of modules, performing certain steps, it will be appreciated that embodiments may be practised by any suitably configured apparatus of system. In particular, in some embodiments there may be provided apparatus comprising at least one processor and at least one memory including computer program instructions, where the at least one memory and the computer program instructions are configured to, with the at least one processor, cause the apparatus at least to perform one or more of steps described above. In other embodiments, there may be provided a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform one or more of the steps above.
It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.
The features of the claims may be combined in combinations other than those specified in the claims.

Claims (79)

  1. Claims 1. Apparatus for enabling access to secure data, the apparatus comprising: a first module arranged to generate a limited use passcode and make the passeode available to a user; a second module and a third module arranged to communicate whereby to enable detection of the third module being in proximity to the second module; and a fourth module arranged to receive a passcode via user input; wherein the apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.
  2. 2. The apparatus of claim 1, wherein: the apparatus is arranged to make a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules; the first module is arranged to use the seed value to generate the limited use passcode; and the fourth module is arranged to validate a received passeode using the seed value.
  3. 3. The apparatus of claim 2, wherein the first module and the third module comprise synchronized clocks, the seed value being determined by the first and third modules using an indication of time from respective clocks.
  4. 4. The apparatus of claim 2, wherein the first and third modules are communicatively connected, and arc arranged cooperate whereby to generate and have the seed value concurrently available.
  5. 5. The apparatus of claim 3 or claim 4, wherein the second and fourth modules are communicatively connected, and the second module is arranged to provide the seed value received from the third module to the fourth module.
  6. 6. The apparatus of claim 2, wherein: the third and fourth modules are communicatively connected, and are arranged to eooperatc whereby to gcncrate and have the seed value concurrently available; and the first and second modules are communicatively connected, and the second module is arranged to provide the seed value received from the third module to the first module.
  7. 7. The apparatus of claim I, wherein: the third and fourth modules are communicatively connected, and the fourth module is arranged to provide data indicative of the passcode received via user input to the third module; the third module is arranged to transfer data indicative of the passcode to the second module; the first and second modules are communicatively connected; and the apparatus is arranged to determine whether the generated passeode made available to the user by the first module was received via user input at the fourth module.
  8. 8. The apparatus of any of the preceding claims, wherein the second and third modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module.
  9. 9. The apparatus of any of the preceding claims, wherein the first and fourth modules share a secret which has been uniquely assigned thereto for use in generating and validating the passcode.
  10. 10. The apparatus of any of the preceding claims, wherein the first, second, third and fourth modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and for generating and validating the passcode.
  11. 11. The apparatus of any of the preceding claims, wherein the third module is arranged to generate a secure signal and to cause the secure signal to be wirclcssly transmitted, and the second module is arranged to receive and validate a said secure signal whereby to detect whether the third module is in proximity to the second module.
  12. 12. The apparatus of claim 11, wherein the second and third modules are arranged to cooperate with wireless communications equipment whereby to cause the signal to be transmitted and to receive a said signal.
  13. 13. The apparatus of claim 11 or 12 when dcpcndent on claim 8 or 10, wherein the shared secret is used for generating and validating the secure signal.
  14. 14. The apparatus of any of the preceding claims, wherein: thc first module is arrangcd to bc connected to a uscr intcrfacc, and to cause the passcode to be made available to a user via the user interface; and the fourth module is arranged to be connected to a further user interface, and to receive a passcode provided by a user to the further user interface.
  15. 15. The apparatus of claim 14, wherein the first module is arranged to limit the provision of the passcode to the user interface.
  16. 16. The apparatus of any of the preceding claims, wherein the first and fourth modules are communicatively unconnected.
  17. 17. The apparatus of any of the preceding claims, comprising: a first elcment comprising thc sccond and fourth modules; a second element, communicatively unconnected to the first element, comprising the first module; and a third element, physically separate from the first element, comprising the third module.
  18. 18. The apparatus of claim 17, wherein the first clement is arranged to enable access to the secure data.
  19. 19. The apparatus of claim 17 or claim 18, wherein the second and third elements arc physically connected.
  20. 20. The apparatus of any of claims ito 16, comprising: a first element comprising the fourth module; a second clement, communicatively unconnected to the first element, comprising the first and second modules; and a third element, physically separate fix,m the second element, comprising the third module.
  21. 21. The apparatus of claim 20, wherein the first element is arranged to enable access to the secure data.
  22. 22. Thc apparatus of claim 20 or claim 21, wherein the first modulc is arranged to generate the passcode in dependence on the second module detecting that the third module is in proximity to the second module.
  23. 23. The apparatus of any of claims ito 16, comprising: a first element comprising the second and fburth modules; and a second element, physically separate from the first element, comprising the first and third modules.
  24. 24. The apparatus of claim 23, wherein the first and third modules are arranged within the second element such that the third module is prevented from receiving a generated passeode from the first module.
  25. 25. The apparatus of any of claims 1 to 16, comprising: a first element comprising the third and fourth modules; and a second element, physically separate from the first element, comprising the first and second modules.
  26. 26. The apparatus of claim 25, wherein the first and second modules are arranged within the second element such that the second module is prevented from receiving a generated pa.sscode from the first module.
  27. 27. The apparatus of any of the preceding claims, wherein the apparatus comprises a memory arranged to store the secure data.
  28. 28. The apparatus of any of claims I to 26, wherein at least a part of the apparatus is arranged to be connected to a memory arranged to store the secure data.
  29. 29. The apparatus of any of the preceding claims, wherein the secure data comprises credentials for enabling access to a system remote from the apparatus.
  30. 30. The apparatus of any of the preceding claims, wherein the secure data comprises one or more of: at least one cryptographic key or shared secret; a public key certificatc; at least one username; and at least one passcode.
  31. 31. Apparatus for enabling access to secure data, the apparatus comprising: at least one module arranged to provide a first security function based on a limited use passeode which is made available to a user of the apparatus, at least one further module arranged to provide a second security function based on proximity sensing; and wherein the apparatus is arranged to enable access to secure data in dependence on the both the first and second security functions.
  32. 32. The apparatus of claim 31, wherein the at least onc module comprises a first module arranged to generate a limited use passcode and make the passeode available to a user of the apparatus.
  33. 33. The apparatus of claim 31 or claim 32, wherein the at least one module comprises a fourth module arranged to receive a passcode via user input from the user of the apparatus, and validate the passcode whereby to provide the first security function.
  34. 34. The apparatus of any of claims 31 to 33, wherein the at least one further module comprises a second module arranged to detect a third module being in proximity to the second module.
  35. 35. The apparatus of claim 34, wherein the at least one further module comprises the said third module.
  36. 36. The apparatus of claim 34 or claim 35, wherein the second module is configured to receive a seed value from the third module, the seed value having been used to generate the limited use passeode.
  37. 37. The apparatus of claim 34 or claim 35, wherein the second module is configured to receive a seed value from the third module, and to provide the seed value to the at least one module for usc in generating the limited usc passcodc.
  38. 38. The apparatus of any ofclaims 31 to 37, wherein the at least two of the modules share a secret which is uniquely assigned thereto for use in providing the security functions.
  39. 39. Apparatus for enabling access to secure data, the apparatus comprising: a first module; and a second module, wherein the first and second modules are arranged to communicate whereby to enable detection of the second module being in proximity to the first module, and the first and second modules share a secret which has been uniquely assigned thereto during manufacture of the modules for use in determining whether the second module is in proximity to the first module.
  40. 40. A method for enabling access to secure data, the method comprising: generating a limited use passcode and making the passcodc available to a user; communicating between a second module and a third module whereby to enable detection of the third module being in proximity to the second module; receiving a passcode via user input; and enabling access to secure data in dependence on receiving a valid passcode and the third module being in proximity to the second module.
  41. 41. The method of claim 40, wherein a first module generates the limited use passcodc, and a fourth module receives the passcodc.
  42. 42. The method of claim 41, comprising: making a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules; using the seed value to generate the limited use passcode; and validating a received passeode using the seed value.
  43. 43. The method of claim 42, wherein the first module and the third module comprise synchronized clocks and the method comprises determining the seed value using an indication of time from respective clocks.
  44. 44. The method of claim 42, wherein the first and third modules are communicatively connected and the method comprises cooperating between the first and third modules whereby to generate and have the seed value concurrently available.
  45. 45. The method of claim 43 or claim 44, wherein the second and fourth modules are conmiunicatively connected and the method comprises providing, from the second module to the fourth module, the seed value received from the third module.
  46. 46. The method of claim 42, wherein the third and fourth modules are communicatively connected, the first and second modules are communicatively connected, and the method comprises: cooperating between the third and fourth modules whereby to generate and have the seed value concurrently available; and, providing, from the second module, the seed value received from the third module to the first module.
  47. 47. The method of claim 41, wherein the third and fourth modules are communicatively connected, the first and second modules are communicatively connected, and the method comprises: providing, from the fourth module to the third module, data indicative of the passcodc received via user input; transferring, from the third module to the second module, data indicative of the received passcode; and determining whether the generated passcode made available to the user by the first module was received via user input at the fourth module.
  48. 48. The method of any of claims 41 to 47, wherein the second and third modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module.
  49. 49. The method of any of claims 41 to 48, wherein the first and fourth modules share a secret which has been uniquely assigned thereto for use in generating and validating the passeode.
  50. 50. The method of any of claims 41 to 49,rherein the first, second, third and fourth modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and for generating and validating the passcode.
  51. 51. The method of any of claims 40 to 50, comprising: generating a secure signal and causing the secure signal to be wirelessly transmitted; and receiving and validating a received secure signal whereby to detect whether the third module is in proximity to the second module.
  52. 52. The method of claim 51, wherein the second and third modules are arranged to cooperate with wireless communications equipment whereby to cause the signal to be transmitted and to receive a said signal.
  53. 53. The method of claim 51 or 52 when dependent on claim 48 or 50, comprising using the shared secret for generating and validating the secure signal.
  54. 54. The method of any of claims 41 to 53, wherein the first module is arranged to be connected to a user interface, the fourth module is arranged to be connected to a further user interface, and the method comprises: causing the passcode to be made available to a user via the user interface; and receiving a passcode provided by a user to the ifirther user interface.
  55. 55. The method of claim 54, comprising limiting thc provision of the passeode to the user interface.
  56. 56. The method of any of claims 41 to 55, wherein the first and fourth modules are communicatively unconnected.
  57. 57. The method of any of claims 41 to 56, wherein: a first clement comprises the second and fourth modules; a second element, communicatively unconnected to the first element, comprises the first module; and a third element, physically separate from the first element, comprises the third module.
  58. 58. The method of claim 57, comprising enabling access to the secure data at the first element.
  59. 59. The method of claim 57 or claim 58, wherein the second and third elements are physically connected.
  60. 60. The method of any of claims 40 to 56, wherein: a first element comprises the fourth module; a second element, communicatively unconnected to the first element, comprises the first and second modules; and a third clement, physically separate from the second element, comprises the third module.
  61. 61. The method of claim 60, comprising enabling access to the secure data at the first element.
  62. 62. The method of claim 60 or claim 61, comprising generating the passcode in dependence on the detecting that the third module is in proximity to the second module.
  63. 63. The method of any of claims 40 to 56, wherein: a first element comprises the second and fourth modules; and a second element, physically separate from the first element, comprises the first and third modules.
  64. 64. The method of claim 63, comprising preventing the third module from receiving a generated passcode from the first module.
  65. 65. The method of any of claims 40 to 56, wherein: a first clement comprises third and fourth modules; and a second element, physically separate from the first element, comprises the first and second modules.
  66. 66. The method of claim 65, comprising preventing the second module from receiving a generated passcode from the first module.
  67. 67. The method of any of claims 40 to 66, comprising storing the secure data.
  68. 68. The method of any of claims 40 to 66, comprising connecting to a memory arranged to store the secure data.
  69. 69. The method of any of claims 40 to 68, wherein the secure data comprises credentials for enabling access to a system remote from the method.
  70. 70. The method of any of claims 40 to 69, wherein the secure data comprises one or more of: at least one cryptographic key or shared secret; a public key certificate; at least one username; and at least one passcode.
  71. 71. A method for enabling access to secure data, the method comprising: providing a first security function based on a limited use passeode which is made available to a user, providing a second security function based on proximity sensing; and enabling access to secure data in dependence on the both the first and second security functions.
  72. 72. The method of claim 71, comprising generating a limited use passcode and making the passeode available to a user.
  73. 73. The method of claim 71 or claim 72, comprising receiving a passcode via user input, and validating the passcode whereby to provide the first security function.
  74. 74. The method of any of claims 71 to 73, comprising detecting a third module being in proximity to a second module.
  75. 75. The method of claim 74, comprising receiving a seed value, the seed value having been used to generate the limited use passcode.
  76. 76. The method of claim 74, comprising receiving a seed value, and providing the seed value for use in generating the limited use passcode.
  77. 77. The method of any of claims 71 to 76, comprising uniquely assigning a shared secret for use in providing the first and second security functions.
  78. 78. A method for enabling access to secure data, the method comprising: uniquely assigning a shared secret to a first and second module during manufacture of the modules; communicating between the first and second modules using the shared secret whereby to enable detection of the second module being in proximity to the first module.
  79. 79. A computer program arranged to perform the method of any of claims to 78.AMENDMENT TO CLAIMS HAVE BEEN FILED AS FOLLOWSClaims 1. Apparatus for enabling access to secure data, the apparatus comprising: a first module arranged to generate a limited use passcode and make the passcode available to a user; a second module and a third module arranged to communicate whereby to enable detection of the third module being in proximity to the second module; and a fourth module arranged to receive a passcode via user input; wherein the apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.2. The apparatus of claim 1, wherein: the apparatus is arranged to make a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules; the first module is arranged to use the seed value to generate the limited use passcode; and o the fourth module is arranged to validate a received passcode using the seed value, (\J 20 3. The apparatus of claim 2, wherein the first module and the third module comprise synchronized clocks, the seed value being determined by the first and third modules using an indication of time from respective clocks.4. The apparatus of claim 2, wherein the first and third modules are communicatively connected, and are arranged cooperate whereby to generate and have the seed value concurrently available.5. The apparatus of claim 3 or claim 4, wherein the second and fourth modules are communicatively connected, and the second module is arranged to provide the seed value received from the third module to the fourth module, 6. The apparatus of claim 2, wherein: the third and fourth modules are communicatively connected, and are arranged to cooperate whereby to generate and have the seed value concurrently available; and the first and second modules are communicatively connected, and the second module is arranged to provide the seed value received from the third module to the first module.7. The apparatus of claim 1, wherein: the third and fourth modules are communicatively connected, and the fourth module is arranged to provide data indicative of the passcode received via user input to the third module; the third module is arranged to transfer data indicative of the passcode to the second module; the first and second modules are communicatively connected; and the apparatus is arranged to determine whether the received passcode is valid based on determining whether the generated passcode made available to the user by the first module was received via user input at the fourth module based on the data indicative of the passcode transferred to the second module from the fourth module via o the third module.(\,j 20 8. The apparatus of any of the preceding claims, wherein the second and third modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module.9, The apparatus of any of the preceding claims, wherein the first and fourth modules share a secret which has been uniqu&y assigned thereto for use in generating and validating the passcode.10. The apparatus of any of the preceding claims, wherein the first, second, third and fourth modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and for generating and validating the passcode.11. The apparatus of any of the preceding claims, wherein the third module is arranged to generate a secure signal and to cause the secure signal to be wirelessly transmitted, and the second module is arranged to receive and validate a said secure signal whereby to detect whether the third module is in proximity to the second module.12. The apparatus of claim 11, wherein the second and third modules are arranged to cooperate with wireless communications equipment whereby to cause the signal to be transmitted and to receive a said signal.13. The apparatus of claim 11 or 12 when dependent on claim 8 or 10, wherein the shared secret is used for generating and validating the secure signal.14. The apparatus of any of the preceding claims, wherein: the first module is arranged to be connected to a user interface, and to cause the passcode to be made available to a user via the user interface; and the fourth module is arranged to be connected to a further user interface, and to receive a passcode provided by a user to the further user interface.0) 15, The apparatus of claim 14, wherein the first module is arranged to limit o the provision of the passcode to the user interface.(\,j 20 16. The apparatus of any of the preceding claims, wherein the first and fourth modules are communicatively unconnected.17. The apparatus of any of the preceding claims, comprising: a first element comprising the second and fourth modules; a second element, communicatively unconnected to the first element, comprising the first module; and a third element, physically separate from the first element, comprising the third module.18. The apparatus of claim 17, wherein the first element is arranged to enable access to the secure data.19. The apparatus of claim 17 or claim 18, wherein the second and third elements are physically connected.20. The apparatus of any of claims ito 16, comprising: a first element comprising the fourth module; a second element, communicatively unconnected to the first element, comprising the first and second modules; and a third element, physically separate from the second element, comprising the third module.21. The apparatus of claim 20, wherein the first element is arranged to enable access to the secure data.22. The apparatus of claim 20 or claim 21, wherein the first module is arranged to generate the passcode in dependence on the second module detecting that the third module is in proximity to the second module.23. The apparatus of any of clthms Ito 16, comprising: a first element comprising the second and fourth modules; and o a second element, physically separate from the first element, comprising the first and third modules.(\J 20 24. The apparatus of claim 23, wherein the first and third modules are arranged within the second element such that the third module is prevented from receiving a generated passcode from the first module.25. The apparatus of any of claims ito 16, comprising: a first element comprising the third and fourth modules; and a second element, physically separate from the first element, comprising the first and second modules.26. The apparatus of claim 25, wherein the first and second modules are arranged within the second element such that the second module is prevented from receiving a generated passcode from the first module.27. The apparatus of any of the preceding claims, wherein the apparatus comprises a memory arranged to store the secure data.28, The apparatus of any of claims 1 to 26, wherein at least a part of the apparatus is arranged to be connected to a memory arranged to store the secure data.29. The apparatus of any of the preceding claims, wherein the secure data comprises credentials for enabling access to a system remote from the apparatus.30. The apparatus of any of the preceding claims, wherein the secure data comprises one or more of at least one cryptographic key or shared secret; a public key certificate; at least one username; and at least one passcode.0) 31. A method for enabling access to secure data, the method comprising: o generating, by a first module, a limited use passcode and making the passcode available to a user; (\,j 20 communicating between a second module and a third module whereby to enable detection of the third module being in proximity to the second module; receiving, at a fourth module, a passcode via user input; and enabling access to secure data in dependence on receiving a valid passcode and the third module being in proximity to the second module, 32. The method of claim 31, comprising: making a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules; using the seed value to generate the limited use passcode; and validating a received passcode using the seed value.33. The method of claim 32, wherein the first module and the third module comprise synchronized docks and the method comprises determining the seed value using an indication of time from respective clocks.34. The method of claim 32, wherein the first and third modules are communicatively connected and the method comprises cooperating between the first and third modules whereby to generate and have the seed value concurrently available.35. The method of claim 33 or claim 34, wherein the second and fourth modules are communicatively connected and the method comprises providing, from the second module to the fourth module, the seed value received from the third module.36. The method of claim 32, wherein the third and fourth modules are communicatively connected, the first and second modules are communicatively connected, and the method comprises: cooperating between the third and fourth modules whereby to generate and have the seed value concurrently available; and, providing, from the second module, the seed value received from the third __ module to the first module.o 37. The method of claim 31, wherein the third and fourth modules are communicatively connected, the first and second modules are communicatively C\J 20 connected, and the method comprises: providing, from the fourth module to the third module, data indicative of the passcode received via user input; transferring, from the third module to the second module, data indicative of the received passcode; and determining whether the received passcode is valid based on determining whether the generated passcode made available to the user by the first module was received via user input at the fourth module based on the data indicative of the passcode transferred to the second module from the fourth module via the third module.38. The method of any of claims 31 to 37, wherein the second and third modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module.39, The method of any of claims 31 to 38, wherein the first and fourth modules share a secret which has been uniquely assigned thereto for use in generating arid validating the passcode.40, The method of any of claims 31 to 39, wherein the first, second, third and fourth modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and for generating and validating the passcode.41. The method of any of claims 31 to 40, comprising: generating a secure signal and causing the secure signal to be wirelessly transmitted; and receiving and validating a received secure signal whereby to detect whether the third module is in proximity to the second module.42. The method of claim 41, wherein the second and third modules are 0) arranged to cooperate with wireless communications equipment whereby to cause the o signal to be transmitted and to receive a said signal.(\J 20 43. The method of claim 4] or 42 when dependent on claim 38 or 40, comprising using the shared secret for generating and validating the secure signal.44. The method of any of claims 31 to 43, wherein the first module is arranged to be connected to a user interface, the fourth module is arranged to be connected to a further user interface, and the method comprises: causing the passcode to be made available to a user via the user interface; and receiving a passcode provided by a user to the further user interface.45. The method of claim 44, comprising limiting the provision of the passcode to the user interface.46. The method of any of claims 31 to 45, wherein the first and fourth modules are communicatively unconnected.47, The method of any of claims 3] to 46, wherein: a first element comprises the second and fourth modules; a second element, communicatively unconnected to the first element, comprises the first module; and a third element, physically separate from the first element, comprises the third module.48. The method of claim 47, comprising enabling access to the secure data at the first element.49. The method of claim 47 or claim 48, wherein the second and third elements are physically connected.50. The method of any of claims 31 to 46, wherein: a first element comprises the fourth module; a second element, communicatively unconnected to the first element, comprises the first and second modules; and o a third element, physically separate from the second element, comprises the third module.(\J 20 51. The method of claim 50, comprising enabling access to the secure data at the first element.52. The method of claim 50 or claim 5], comprising generating the passcode in dependence on the detecting that the third module is in proximity to the second module.53. The method of any of claims 3] to 46, wherein: a first element comprises the second and fourth modules; and a second element, physically separate from the first element, comprises the first and third modules.54. The method of claim 53, comprising preventing the third module from receiving a generated passcode from the first module.55. The method of any of claims 31 to 46, wherein: a first element comprises third and fourth modules; and a second element, physically separate from the first element, comprises the first arid second modules.56. The method of claim 55, comprising preventing the second module from receiving a generated passcode from the first module.57. The method of any of claims 31 to 56, comprising storing the secure data.58, The method of any of claims 31 to 56, comprising connecting to a memory arranged to store the secure data.59. The method of any of claims 31 to 58, wherein the secure data comprises credentials for enabling access to a system remote from the method.60. The method of any of claims 31 to 59, wherein the secure data comprises (\J 20 one or more of: at least one cryptographic key or shared secret; a public key certificate; at least one username; and at least one passcode.61. A computer program arranged to perform the method of any of claims 31 to 60.
GB1311120.8A 2013-06-21 2013-06-21 Enabling access to data Active GB2513669B (en)

Priority Applications (13)

Application Number Priority Date Filing Date Title
GB1311120.8A GB2513669B (en) 2013-06-21 2013-06-21 Enabling access to data
MX2015017684A MX2015017684A (en) 2013-06-21 2014-06-20 Enabling access to data.
PCT/GB2014/051905 WO2014203004A2 (en) 2013-06-21 2014-06-20 Enabling access to data
EP14742569.8A EP3011496A2 (en) 2013-06-21 2014-06-20 Enabling access to data
CN201480041271.XA CN105393254B (en) 2013-06-21 2014-06-20 Allowing access to data
KR1020217007304A KR102332437B1 (en) 2013-06-21 2014-06-20 Enabling access to data
KR1020167001852A KR102229116B1 (en) 2013-06-21 2014-06-20 Enabling access to data
AU2014282982A AU2014282982A1 (en) 2013-06-21 2014-06-20 Enabling access to data
CN202310066732.XA CN116028954A (en) 2013-06-21 2014-06-20 Device allowing access to secure data
CA2916085A CA2916085A1 (en) 2013-06-21 2014-06-20 Enabling access to data
US14/977,400 US10445484B2 (en) 2013-06-21 2015-12-21 Enabling access to data
US16/575,795 US11275821B2 (en) 2013-06-21 2019-09-19 Enabling access to data
US17/592,239 US11868169B2 (en) 2013-06-21 2022-02-03 Enabling access to data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1311120.8A GB2513669B (en) 2013-06-21 2013-06-21 Enabling access to data

Publications (3)

Publication Number Publication Date
GB201311120D0 GB201311120D0 (en) 2013-08-07
GB2513669A true GB2513669A (en) 2014-11-05
GB2513669B GB2513669B (en) 2016-07-20

Family

ID=48950297

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1311120.8A Active GB2513669B (en) 2013-06-21 2013-06-21 Enabling access to data

Country Status (9)

Country Link
US (3) US10445484B2 (en)
EP (1) EP3011496A2 (en)
KR (2) KR102229116B1 (en)
CN (2) CN105393254B (en)
AU (1) AU2014282982A1 (en)
CA (1) CA2916085A1 (en)
GB (1) GB2513669B (en)
MX (1) MX2015017684A (en)
WO (1) WO2014203004A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2513669B (en) 2013-06-21 2016-07-20 Visa Europe Ltd Enabling access to data
US11741214B2 (en) * 2021-06-29 2023-08-29 Western Digital Technologies, Inc. Passcode authentication based data storage device
US20230046788A1 (en) * 2021-08-16 2023-02-16 Capital One Services, Llc Systems and methods for resetting an authentication counter

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998007249A1 (en) * 1996-08-09 1998-02-19 California Wireless, Inc. Controlled access system and method
WO2000048064A1 (en) * 1999-02-10 2000-08-17 Vasco Data Security, Inc. Security access and authentication token with private key transport functionality
US20030050009A1 (en) * 2001-09-12 2003-03-13 Kurisko Mark A. Security apparatus and method during BLUETOOTH pairing
US20090222910A1 (en) * 2008-02-29 2009-09-03 Spansion Llc Memory device and chip set processor pairing
US20110138192A1 (en) * 2009-12-04 2011-06-09 Kocher Paul C Verifiable, Leak-Resistant Encryption and Decryption
US8396452B1 (en) * 2012-05-04 2013-03-12 Google Inc. Proximity login and logoff
GB2495704A (en) * 2011-10-12 2013-04-24 Technology Business Man Ltd Authenticating a user of computer equipment by use of a separate device
WO2014011571A1 (en) * 2012-07-13 2014-01-16 Apple Inc. Method to send payment data through various air interfaces without compromising user data

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1195275C (en) * 1999-09-17 2005-03-30 芬格罗克股份公司 Security arrangement
US20040203592A1 (en) * 2000-11-15 2004-10-14 Motorola, Inc. Introduction device, smart appliance and method of creating a federation thereof
US20020172633A1 (en) * 2001-03-06 2002-11-21 Koermer Gerald S. Vehicular atmosphere cleansing system
US7519989B2 (en) * 2003-07-17 2009-04-14 Av Thenex Inc. Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions
BRPI0513195A (en) * 2004-07-09 2008-04-29 Matsushita Electric Ind Co Ltd systems for administering user authentication and authorization, and for user support, methods for administering user authentication and authorization, for accessing services from multiple networks, for the authentication controller to process an authentication request message, to select the combination of authentication controllers. search result authentication, authenticating a user, and finding the way to a domain having business relationship with the home domain, for the authorization controller to process the service authorization request message, and perform service authorization for a domain controller. authentication and authorization perform authentication and service authorization, to protect the user token, and for the user's home domain access control authority to provide the authentication controller with a limited user signature profile information, to achieve authentication and authorize fast access, and to achieve single registration to access multiple networks, and formats for subscription capability information, for a user symbol, for a domain having business relationship with a user's home domain to request authentication and authorization assertion , and for a user terminal to indicate their credentials for accessing multiple networks across multiple administrative domains.
CN100492966C (en) * 2004-11-26 2009-05-27 王小矿 Identity certifying system based on intelligent card and dynamic coding
WO2006069082A2 (en) * 2004-12-20 2006-06-29 Bionopoly Llc Access keys
US20090158049A1 (en) * 2005-04-06 2009-06-18 Michael Stephen Fiske Building a security access system
WO2008074342A1 (en) * 2006-12-19 2008-06-26 Telecom Italia S.P.A. Method and arrangement for secure user authentication based on a biometric data detection device
US20080307237A1 (en) 2007-06-08 2008-12-11 Michael Holtzman Method for improving accuracy of a time estimate used to authenticate an entity to a memory device
KR20070072463A (en) * 2007-06-14 2007-07-04 이상곤 Advanced protection method for licensed digital certificate using one-time password
GB2458470A (en) 2008-03-17 2009-09-23 Vodafone Plc Mobile terminal authorisation arrangements
US8594333B2 (en) * 2008-09-05 2013-11-26 Vixs Systems, Inc Secure key access with one-time programmable memory and applications thereof
PT2387627E (en) * 2009-01-15 2016-06-03 Adaptive Biotechnologies Corp Adaptive immunity profiling and methods for generation of monoclonal antibodies
HUP0900322A2 (en) 2009-05-26 2011-01-28 Ibcnet Uk Ltd Method and device for establishing secure connection on a communication network
US8112066B2 (en) 2009-06-22 2012-02-07 Mourad Ben Ayed System for NFC authentication based on BLUETOOTH proximity
EP2315465A1 (en) * 2009-10-20 2011-04-27 ETH Zurich Method for secure communication between devices
US9443071B2 (en) 2010-06-18 2016-09-13 At&T Intellectual Property I, L.P. Proximity based device security
US8249556B2 (en) * 2010-07-13 2012-08-21 Google Inc. Securing a mobile computing device
AU2011200445B8 (en) * 2011-02-03 2013-03-07 Idondemand Pty Ltd Method and apparatus for dynamic authentication
US8640214B2 (en) * 2011-03-07 2014-01-28 Gemalto Sa Key distribution for unconnected one-time password tokens
US8819445B2 (en) * 2012-04-09 2014-08-26 Mcafee, Inc. Wireless token authentication
US8819802B2 (en) * 2012-04-10 2014-08-26 The Boeing Company User authentication
GB2513669B (en) 2013-06-21 2016-07-20 Visa Europe Ltd Enabling access to data

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998007249A1 (en) * 1996-08-09 1998-02-19 California Wireless, Inc. Controlled access system and method
WO2000048064A1 (en) * 1999-02-10 2000-08-17 Vasco Data Security, Inc. Security access and authentication token with private key transport functionality
US20030050009A1 (en) * 2001-09-12 2003-03-13 Kurisko Mark A. Security apparatus and method during BLUETOOTH pairing
US20090222910A1 (en) * 2008-02-29 2009-09-03 Spansion Llc Memory device and chip set processor pairing
US20110138192A1 (en) * 2009-12-04 2011-06-09 Kocher Paul C Verifiable, Leak-Resistant Encryption and Decryption
GB2495704A (en) * 2011-10-12 2013-04-24 Technology Business Man Ltd Authenticating a user of computer equipment by use of a separate device
US8396452B1 (en) * 2012-05-04 2013-03-12 Google Inc. Proximity login and logoff
WO2014011571A1 (en) * 2012-07-13 2014-01-16 Apple Inc. Method to send payment data through various air interfaces without compromising user data

Also Published As

Publication number Publication date
CN105393254A (en) 2016-03-09
CN105393254B (en) 2023-01-31
US10445484B2 (en) 2019-10-15
US20220155127A1 (en) 2022-05-19
US20160110534A1 (en) 2016-04-21
MX2015017684A (en) 2016-04-04
EP3011496A2 (en) 2016-04-27
GB201311120D0 (en) 2013-08-07
AU2014282982A1 (en) 2016-02-11
KR20160022906A (en) 2016-03-02
US11275821B2 (en) 2022-03-15
CN116028954A (en) 2023-04-28
GB2513669B (en) 2016-07-20
KR102229116B1 (en) 2021-03-17
CA2916085A1 (en) 2014-12-24
US11868169B2 (en) 2024-01-09
KR20210031542A (en) 2021-03-19
US20200012774A1 (en) 2020-01-09
WO2014203004A2 (en) 2014-12-24
WO2014203004A3 (en) 2015-02-19
KR102332437B1 (en) 2021-12-01

Similar Documents

Publication Publication Date Title
EP3657370B1 (en) Methods and devices for authenticating smart card
EP3241335B1 (en) Method and apparatus for securing a mobile application
US11868169B2 (en) Enabling access to data
US9240891B2 (en) Hybrid authentication
US11443024B2 (en) Authentication of a client
US20210070252A1 (en) Method and device for authenticating a user to a transportation vehicle
WO2017085545A1 (en) Security systems and methods with identity management for access to restricted access locations
US20140068744A1 (en) Surrogate Secure Pairing of Devices
WO2013123453A1 (en) Data storage devices, systems, and methods
US11799649B2 (en) Tamper-proof data processing device
JP2017045192A (en) Authentication system, authentication device, information terminal, and program
KR20170073843A (en) The system and method to authenticate online-user under Trusted Execution Environment
CN106874793A (en) The processing method and processing device of database
TW201821317A (en) Bicycle security system and bicycle unlocking method
CN116032504A (en) Data decryption method, device and storage medium
WO2021229584A1 (en) System and method to support message authentication
CN117616658A (en) Charging method and device for electronic equipment, electronic equipment and storage medium
CN115333733A (en) Unlocking method and device, electronic equipment and readable storage medium
KR20200127310A (en) The Method to conveniently and safely authenticate a User
WO2007146771B1 (en) Universal secure registry