IL185795A - Authentication method and device with encryption capability against malicious access to local computer - Google Patents
Authentication method and device with encryption capability against malicious access to local computerInfo
- Publication number
- IL185795A IL185795A IL185795A IL18579507A IL185795A IL 185795 A IL185795 A IL 185795A IL 185795 A IL185795 A IL 185795A IL 18579507 A IL18579507 A IL 18579507A IL 185795 A IL185795 A IL 185795A
- Authority
- IL
- Israel
- Prior art keywords
- user
- computer
- local computer
- local
- data
- Prior art date
Links
Landscapes
- Small-Scale Networks (AREA)
Description
maun ηϊ7ΐ3> oy JIIO'N * VD» AUTHENTICATION DEVICE WITH ENCRYPTION CAPABILITY Human Interface Security Ltd. o»i)3 υ ΐ> ο tma-iWN i>n Inventors: Lior Frenkel and Amir Zilberstein • ovy-utm " ow -ns TiN : owsno C: 63080 62505S AUTHENTICATION DEVICE WITH ENCRYPTION CAPABILITY FIELD OF THE INVENTION The present invention ' relates generally to information security, and specifically to devices and methods for enhancing the security of data communications.
BACKGROUND OF THE INVENTION Data encryption is widely used in preventing unauthorized access to data. Various methods of data encryption are known in the art. In general, these methods use a key to convert data to a form that is unintelligible to a reader (human or machine) , and require an appropriate key in order to decrypt the data. Symmetric encryption methods use the same key for both encryption and decryption. Such symmetric methods include the well-known DES (Data Encryption Standard) and AES (Advanced Encryption Standard) algorithms. In asymmetric encryption methods, such as the RSA (Rivest Shamir Adelman) algorithm, a computer that is to receive encrypted data generates complementary public and private keys and transmits the public key to the sender. After the sender has encrypted the data using the public key, only the holder of the private key can decrypt it. 62505S SUMMARY OF THE INVENTION Modern methods of encryption make it very difficult for a malicious party who intercepts an encrypted message to decrypt the message contents. On the other hand, within the computer that sends or receives the message, the message contents are typically held in clear (unencrypted) form, at least temporarily A malicious party who gains access to the memory of the computer (using a "Trojan horse" or other "spyware" program, for example) may be able to intercept the user's password or otherwise read and tamper with secret message contents.
Some embodiments of the present invention that are described hereinbelow use a novel authentication device to enhance data security. The device has an input transducer (such as a keypad) and comprises an encryption processor. In order to conduct a secure communication session with a remote computer, such as a server, the user connects the authentication device to his or her. local computer by a short-range wired or wireless link, and initiates network communication between the local computer and the remote computer. The remote computer transmits an encryption key (typically its own public key) to the local computer, which passes the key to the authentication device. The user inputs an access code, such as a password, via the input transducer of the authentication device, which then encrypts the access code using the encryption key that it received from the remote computer. The local computer passes the encrypted access code to the remote computer, which decrypts the access code using the corresponding private key, and thus authenticates the user. 62505S In this manner, the local computer itself receives the user's access code only in an encrypted form, which only the remote computer can decrypt. Therefore, even if a malicious party were to gain access to the local computer, that party would not be able to discover the actual access code. The remote computer may change the key from session to session, so that an encrypted access code that is intercepted by a malicious user in one session is useless for any subsequent session.
In other embodiments of the present invention, a similar sort of device, connected to the local computer, may be used as a data security device during a communication session with a remote computer. When it is necessary to transmit secret information, such as a credit card number, to the remote computer, the user inputs the information via the input transducer of the data security device. The device encrypts the information and transmits it via a secure tunnel through the local computer to the remote computer.
{Claim summary will be inserted here in the final version.} The present invention will be more fully understood from the . following detailed description of the embodiments thereof, taken together with the drawings in which: 62505S BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a schematic pictorial illustration of a system for secure data communications, in accordance with an embodiment of the present invention; Fig. 2 is a schematic pictorial illustration- of an authentication device, in accordance with an embodiment of the present invention; Fig. 3A is a schematic pictorial illustration of an authentication device, in accordance with another embodiment of the present invention; Fig. 3B is a" block diagram that schematically shows functional components of the device of Fig. 3A, in accordance with an embodiment of the present invention; Fig. 4 is . a flow chart that schematically illustrates a method · for secure communications, in accordance with an embodiment of the present invention; Fig. 5 is a schematic pictorial illustration showing physical and logical communication paths in a secure communication system, in accordance with an embodiment of the present invention; and Fig. 6 is a flow chart that schematically illustrates a method for secure transmission of secret data, in accordance with an embodiment of the present invention . 62505S DETAILED DESCRIPTION OF EMBODIMENTS Fig. 1 is a schematic pictorial illustration of a system 20 for secure data communications, in accordance with an embodiment of the present invention. In a typical scenario, a user 22 operates a personal computer 28 to establish a communication session with a remote server 24 over a network 26, such as the Internet. Computer 28 comprises user interface components, such as a display 30 and a keyboard 32, which user 22 employs in the communication session. Personal computer 28 and remote server 24 are examples, respectively, of a local computer and a remote computer that may be used in this embodiment, but the principles of the present invention may similarly be implemented using any suitable types of computing devices that communicate over substantially any type of network. For example, the "local computer" may comprise a mobile telephone or personal digital assistant (PDA) with suitable computing and communication capabilities, while the network comprises a cellular network .
In preparation for establishing the communication session, user 22 couples an authentication device 34 via a local interface to computer 28. In this case, the local interface comprises a mating receptacle 36, such as a Universal Serial Bus (USB) port in computer 28, and the user couples device 34 to computer 28 by making a physical connection with the port. Alternatively, any other suitable sort of local interface may be used, including both wired interfaces (such as the USB or other port) and wireless interfaces, such as a Bluetooth™ or other radio interface or an infrared interface. The term "local" in this context is used to refer to interfaces 62505S that operate over short ranges, in the sense that both computer 28 and device 34 are in physical reach of user 22 simultaneously.
In operation of system 20, as described in greater detail hereinbelow, server 24 sends an encryption key over network 26 to computer 28, which then passes the key to an encryption processor in device 34. Typically, this encryption key is a public key, for which the server holds the corresponding private key, although other types of encryption keys may also be used. To deter hackers, the server may generate and transmit a new key for each communication session or set of sessions. User 22 inputs a designated password (or other access code) to device 34, which encrypts the password using the key and passes the encrypted password back via computer 28 to server 24.
In the server, an authentication mediator 38 component is responsible for communicating with device 34, including transmission of the public key and decryption of the user password using the corresponding private key. Optionally, device 34 may comprise a unique token (typically in the form of a secret numerical code, stored in read-only memory in the device) that identifies user 22, and the authentication mediator may also check this token to verify that it is valid and matches the user password. If server 24 belongs to an organization that maintains a central user authentication server 40, authentication mediator 38 may communicate with this server, over a local area network (LAN) 42, for example, in order to exchange information and sign user 22 in for access to organization resources. Alternatively, server 24 may operate on a standalone basis, with or without a dedicated authorization mediator. 62505S In order to prevent malicious parties from interacting with device 34 (by spoofing the identity of server 24, for example), a certification server 44 may be used to verify the identity of the party supplying the public key to computer 28. For this purpose, server 24 is required to present a digital certificate, which is verified by server 44 before user 22 inputs the password to device 34. Typically, when a verification message is received from server 44, it causes device 34 to output a sign or message to the user in order to indicate that the computer requesting the encrypted password is bona fide, whereupon the user may input the password. These functions are described in greater detail hereinbelow.
Typically, computer 28 and server 24 are general- purpose computers, which are programmed in software to carry out the functions that are described herein. This software may be downloaded to the appropriate computer in electronic form, over a network, for example, or it may alternatively be provided on tangible media, such as magnetic, optical or electronic memory media.
Fig. 2 is a schematic, pictorial . illustration showing details of authentication device 34, in accordance with an embodiment of the present invention. In this version, the authentication device comprises a housing 52 with a USB connector 54, at least one output transducer in the form of an indicator lamp, such as a light -emitting diode (LED) 56, and an input transducer in the form of a keypad 58. The user of authentication device 34 uses the keypad, as explained above, to input the appropriate access code. The user may also operate the keypad during a secure communication session to input other information, such as a credit card number, that, is 62505S to be encrypted by the authentication device before being transmitted via computer 28 to server 24.
LED 56 (or another output transducer) may serve several functions, including indicating to the user that he or she should input the appropriate number via the keypad. The LED may flash green, for example, to indicate that certification server 44 has verified the entity requesting the user's access code. Alternatively or additionally, the output transducer may comprise an alphanumeric or graphical display, such as a flat -panel liquid crystal display (LCD) , or an audio output device, or any other suitable type of output device that is known in the art. Similarly, the input transducer may comprise additional keys, a tactile pointing device, an audio input device, a biometric sensor (as shown in Fig. 3A) , or any other suitable type of input device that is known in the art .
Reference is now made to Figs. 3A and 3B, which schematically illustrate an authentication device 60, which may be used in system 20 in place of device 34, in accordance with another embodiment of the present invention. Fig. 3A is a pictorial illustration of device 60, while Fig. 3B is a block diagram showing functional components of the device. Similar functional components are used, mutatis mutandis, in device 34. Although Figs. 2, 3A and 3B show examples of authentication devices with certain specific combinations of features, other authentication devices for use in system 20 may have different combinations and implementations of such features, as will be apparent to those skilled in the art . 8 62505S 9/6/2007 2:05 PM YS 62505S Authentication device 60 comprises a housing 62, which may comprise a laminated coating with the shape and form factor of a credit card or smart card. The output transducer in this embodiment comprises a flat panel display 64, such as a LCD, while the input transducers include a keypad 68 and a b ometric sensor 70, such as the type of optical fingerprint sensor that is used for user authentication on many personal computers . A radio- frequency (RF) antenna 72, which is typically embedded in housing, serves a short-range wireless communication interface 76, such as a Bluetooth™ interface, over which device 60 communicates with computer 28.
As shown in Fig. 3B, authentication device 60 comprises an embedded encryption processor 74, which operates in accordance with program instructions that are stored in read-only memory (ROM) 80 within housing 62. Processor 74 may comprise a general-purpose microprocessor or microcontroller device. Additionally or alternatively, processor 74 may comprise a special-purpose processor, such as a reduced-instruction-set computer (RISC) device or a hardware accelerator for encryption functions. ROM 80 may comprise a programmable type of ROM, such as Flash ROM, to permit the software to be updated from time to time. Device also comprises a random-access memory (RAM) 82, in which processor 74 holds the public key that it receives from server 24, as well as other data used in the processes of communication and authentication.
Optionally, a token 78 may be stored in ROM within housing 62, either within ROM 80 or-in-a separate memory. Token 78 is a unique identifier, similar to the security key that is stored in subscriber identity module (SIM) 62505S devices . This key is associated with user 22 and is used by server 24 in authenticating the user, as described hereinbelow. Alternatively, in some embodiments, no such token is used.
Although device 60 is shown in Fig. 3B, for the sake of conceptual clarity, as comprising certain distinct functional blocks, the blocks do not necessarily reflect the physical components that are used in actual implementations of the device. Rather, certain blocks may be combined within a single integrated circuit (IC) component. On the other hand, certain blocks may be implemented using two or more different components. All such implementations are considered to be within the scope of the present invention. {it seems to me that your idea could be implemented using a cell phone with Bluetooth capability as the authentication device. Have you considered this idea (or are you aware that someone else has implemented something similar using a cell phone)? Is there something we should say about it?} Fig. 4 is a flow chart that schematically illustrates a method for secure communications, in accordance with an embodiment of the present invention. The method is described below, by way of example, with reference to authentication device 60 (rather than device 34) and the other components of system 20 (Fig. 1) . Alternatively, the method may be implemented in substantially any sort of computer system in which the user of a local computer is to be authenticated by a remote computer, and using any sort of authentication device that has the properties set forth hereinabove. 62505S To initiate communications with server 20, user 22 couples authentication device 60 to communicate locally with computer 28, at a device linking step 90. The coupling may take the form of physically plugging the authentication device into the computer or simply bringing the authentication device into proximity with the computer so that a short-range wireless link may be established. A suitable driver program is typically pre- installed in computer 28, which causes the computer to recognize and interact with device 60 in the appropriate manner during the steps of the method described hereinbelow. Alternatively, the authentication device may contain a program in memory that runs automatically on computer 28 when the device is plugged into the computer, so that the computer can interact with the device in the desired manner without previous software installation.
User 22 operates computer 28 to access server 24, at an access step 92. For example, the user may navigate to a Web site run by the server using the browser program on computer 28. Assuming server 24 to belong to a bank, for instance, the user might access the bank's Web site, and then click an on-screen button to log into banking services for the user's personal account. In response, server 24 transmits a public key over network 26 to computer 28, at a key transmission step 94. Computer 28 passes the public key to authentication device 60 via the local interface for use as described hereinbelow.
In addition to transmitting the public key at step 94, server 24 may also transmit a digital certificate, attesting to the authenticity of the server, i.e., that this server really does belong to the user's bank, for 62505S instance, rather than to a hacker masquerading as the bank. Computer 28 and/or authorization device 60 may then take one or more steps to verify that the certificate is valid, at a certification checking step 96. For example, computer 28 may pass the certificate to device 60, which then extracts the name and owner information from the certificate and outputs the information to display 64. User 22 checks that the information appearing on the display conforms with the details of the proper Web site and organization before proceeding to input any personal data. Because the certificate is processed and displayed by device 60, rather than computer 28, it is less likely to be corrupted by a malicious program that may have been installed in the computer unbeknownst to the user.
Additionally or alternatively, the certificate sent by server 24 may be verified at step 96 by communication between computer 28 and certification server 44. Server 44 typically belongs to a certification authority (CA) , which issues the certificate to server 24 (and to other sites) and maintains up-to-date information regarding the validity or revocation of the certificate. Certification server 44 may communicate with the browser program on computer 28 using standard certification protocols that are known in the art. Alternatively or additionally, the certification server may communicate with authentication device 60 (via computer 28) using a proprietary protocol, so that the verification of certification is conveyed directly to the authentication device. In either case, upon successful verification of the certificate by server 44, device 60 displays a message or other indication that server 24 has been verified. In the case of device 34, 62505S for example, the indication may take the form of lighting LED 56 in a prescribed manner, as noted above.
Optionally, processor 74 in device 60 may lock output communications from the device until the certificate of server 24 has been verified. User 22 may be able to override the lock, however, by entering a certain sequence of keystrokes, for example, if necessary.
Typically, once server 24 has been satisfactorily verified, processor 74 in authentication device 60 transmits an indication of token 78 to server 24, at a token transmission step 98. This indication may be transmitted in various ways. For example, device 60 may simply transmit the token itself, or may encrypt the token for transmission using the public key that it received at step 94. As another alternative, processor 74 may use the token in a challenge-response authentication procedure, such as the " type of procedure that is used for subscriber authentication in cellular networks .
In addition to or instead of transmitting the token at step 98, processor 74 may prompt the user to input biometric data via sensor 70. The processor may then transmit this data via computer 28 to the authentication mediator as another means for verifying the identity of user 22.
Alternatively, as noted earlier, step 98 may be omitted entirely. In such cases, server 24 may identify the user solely on the basis of a user name or other identity data, which may be input via computer 28.
User 22 keys in his or her password via keypad 68, at a password entry step 100. This step likewise follows 62505S verification of server 24 at step 96 and may take place in parallel with or before step 98. Typically, processor 74 prompts the user to input the password by outputting a suitable message to display 64. Additionally or alternatively, a suitable message may appear on display 30 of computer 28. Processor 74 encrypts the password using the public key that it received at step 94. The processor then conveys the encrypted password via interface 76 to computer 28. Thus, computer 28 is never exposed to the password in unencrypted form and does not have access to the private key that is needed to decrypt the password.
Server 24 receives the encrypted password, at a user authentication step 104. Authentication mediator 38 decrypts the password and checks that it matches the user identity. Assuming that a token indication was transmitted at step 98, the authentication mediator may check the token against a list of issued tokens in order to identify the user and to verify that the token is authentic and has not been revoked. Additionally or alternatively, the authentication mediator may check the user's biometric data. Further alternatively or additionally, server 24 may check the decrypted password against the user name or other identity data provided by computer 28, in addition to or instead of checking the token and/or biometric data.
Upon verifying the user's identity and password, authentication mediator 38 may sign the user in to authentication server 40, and will then proceed to conduct a secure communication session with computer 28. Such sessions are commonly conducted over the Internet using the Secure Socket Layer (SSL) protocol, which 62505S provides for secure encryption of all data transmitted between computer 28 and server 24.
SSL and other encrypted communication solutions, however, do not solve the problem of unencrypted data within computer 28. Thus, for example, when user 22 is prompted to input a credit card number, personal identification number (PIN) , or other secret account information to computer 28 via keyboard 32, a malicious party may be able to gain access to this information before it is encrypted, by means such as "phishing," a Trojan horse, or other spyware planted on the computer.
In order to prevent this sort of exposure of secret information, processor 74 in authentication device 60 may establish a secure tunnel for transmission of encrypted data to server 24, at a tunneling step 106. At this step, user 22 keys in secret information via keypad 68, and processor 74 encrypts the information before passing it to computer 28 for transmission to the server. Therefore, a malicious party who may intercept the information on computer 28 will still be unable to decrypt and make use of the information. The encryption at step 106 may use the public key that was received at step 94, or it may alternatively use any other suitable key and encryption technique. Details of step 106 are described hereinbelow with reference to Figs . 5 and 6.
Fig. 5 is a schematic pictorial illustration showing physical and logical communication paths used for SSL tunneling in system 20, in accordance with an embodiment of the present invention. Communications between authentication device 60 and server 24 are carried over a physical communication path 110 between computer 28 and server 24 via network 26. In order to convey secret 62505S information over physical path 110 without exposing the information on computer 28, processor 74 on device 60 opens a secure logical path 112 directly from device 60 to server 24. Although logical path 112 is carried physically via interface 76 to computer 28, and through the computer over physical path 110 to the server, the information transmitted over the logical path is encrypted in a manner inaccessible to computer 28. For example, logical path 112 may comprise a SSL connection between device 60 and server 24, which "tunnels" transparently through computer 28. Computer 28 merely relays the packets transmitted over path 112, without being able to read or alter the higher-level protocol headers and payload data in these packets .
Because of the limited display and data input capabilities of authentication device 60, it is still desirable that user 22 be able to see information (such as Web pages) on display 30 and to input non-secret information via keyboard 32 of computer 28. For this purpose, processor 74 may open a second logical path 114, which may also be a SSL connection, between device 60 and computer 28 via interface 76. Processor 74 then passes information over path 114 for display by computer 28. Thus, device 60 can serve as a sort of SSL proxy between computer 28 and server 24. When device 60 encounters a Web page containing a field for secret data (such as a credit card number or PIN) , for example, it prompts the user to input the required information via keypad 68 and blanks out the field on display 30. Other than such fields, Web pages are displayed and behave in the normal fashion on computer 28. 62505S In order 'to reduce the computational load on device 60, which might otherwise be a bottleneck in communications between computer 28 and server 24, computer 28 may open a separate socket directly to server 24 (not shown in Fig. 5) . This direct socket may then be used, for example, for Web pages that do not contain fields for secret data. In the course of a communication session with computer 28 over this direct socket, server 24 may direct computer 28 to transfer the session to device 60 before transmitting a page containing a field for secret data. In such a case, computer 28 will pass the session information (such as any relevant cookies) to device 60. The device will use the session information in opening new SSL sessions over logical paths 112 and 114 in order to continue the interaction between server 24 and computer 28. Opening the new SSL session (rather than simply continuing the previous session between the computer and the server) ensures that the information carried over path 112 will be encrypted in a manner that is unintelligible to computer 28.
In an alternative embodiment, the secure tunnel that is provided by logical path 112 between device 60 and server 24 may be used without the addition of logical path 114. This configuration may provide a less convenient' and less intuitive user interface, but it can still be effective as long as the user is conscious of the need to input secret" information via keypad 68, rather than keyboard 32.
The techniques of SSL tunneling that are shown in Figs. 5 and 6 are described herein, for the sake of convenience, with reference to the same system 20 and authentication device 60 as in the method of Fig. 4. 62505S Indeed, the data security that is provided by SSL tunneling is a natural complement to the techniques of authentication security that are described above. On the other hand, the methods of Figs. 5 and 6 are not dependent on any particular method of authentication and may be carried out independently of the method of Fig. 4. Thus, in the context of Figs. 5 and 6, device 60 may be viewed as a data security device, rather than strictly as an authentication device.
Fig. 6 is a flow chart that schematically illustrates a method for secure transmission of secret data in the scenario of Fig. 5, in accordance with an embodiment of the present invention. The method is initiated when a requirement to establish a secure session is detected in communications between server 24 and computer 28, at a session detection step 120. For example, computer 28 may detect a request from server 24 for Hypertext Transfer Protocol (HTTP) communication over SSL (commonly referred to as HTTPS) . Such a request may be detected by a suitable agent or other program installed on computer 28, such as a browser plug-in or a Layered Service Provider (LSP) type of dynamic-link library (DLL). Alternatively or additionally, after login and authentication using device 60, as described above, server 24 may prompt computer 28 directly to transfer the session to the device.
Before opening the requested session, processor 74 in device 60 verifies that the request is authentic. Such verification is typically based on a certificate presented by server 24, as at steps 94 and 96 in Fig. 4. Alternatively, if processor 74 already verified the 62505S server at login, it may not be necessary to repeat the procedure following step 120.
After verifying the session request, processor 74 opens a secure session with the server, at a server session establishment step 122. As explained above, this session tunnels through computer 28 over logical path 112. Processor 74 also opens a secure session with computer 28 over logical path 114, at a local session establishment step 124. As explained above, this latter session will enable computer 28 to receive and display the Web pages transmitted by server 24 over path 112. To avoid problems in displaying the pages using the browser on computer 28, processor 74 may generate and convey to computer 28 a temporary certificate indicating that the source of the Web pages is a recognized, secure site. For this purpose, it is desirable that the browser on computer 28 be configured to recognize device 60 as a trusted certification authority.
Communications between computer 28 and server 24 proceed normally via device 60 until processor 74 recognizes a field in a form transmitted by the server that is to be filled in with secret information, at a field - detection step 126. The server may mark such fields, for example, with a suitable identifying flag, which is recognized by processor 74 in the course of receiving and transmitting the pages. Alternatively or additionally, the processor and/or an agent on computer 28 may recognize such fields automatically, possibly on the basis of the field names in the Web page. Further alternatively or additionally, the user of computer 28 may recognize and mark such fields. 62505S Processor 74 substitutes a dummy field for the field that is to be filled in with secret information, at a field substitution step 128. The field is marked with an identification code, which is recognized by the agent running on computer 28. The dummy field may contain a message or other indicator reminding the user to enter the information in this field via the keypad of device 60. Additionally or alternatively, device 60 may output a prompt on display 64.
The user inputs the required information via keypad 68, at a secret data input step 130. Processor 74 saves the information in memory 82 with an index corresponding to the identification code that was assigned to the field. ■ Optionally, this information may be encrypted using a key provided for this purpose by server 24,. such as the public key that was transmitted at step 94 (Fig. 4) . Alternatively, the native encryption provided by SSL may provide sufficient data security without additional encryption. As the user keys in the data to keypad 68, the processor may instruct the agent on computer 28 to fill in the corresponding field on display 30 with dummy characters, such as asterisks, as though the user had typed in the information on keyboard 32. If there are other, non-secret fields on the same page, the user may enter the required data into these fields in the normal way using keyboard 32. When the user clicks on the appropriate control (such as "OK" or "SEND"), computer 28 passes these data to device 60.
Processor 74 transmits the encrypted secret information to server 24 over path 112, together with the data (if any) from the same page that was passed to device 60 by computer 28, at a data return step 132. The 62505S data returned to the device by the computer contains the identification code indicating the field of secret information that was entered via keypad 68. Before transmitting the data to server 24, processor 74 uses the identification code to retrieve the appropriate secret information and substitutes it for the code in the message to the server. As noted earlier, although path 112 passes through computer 28, the information carried over the path is encrypted in a way that is unintelligible to the computer.
In some cases, server 24 may echo secret information back to computer 28 via device 60. For example, the server may send instructions to display a credit card number that the user has keyed in, and to present the question, "Are you sure this credit card number is correct?" The occurrence of such an echoed field (or any other field containing secret information transmitted by the server) may be detected by device 60 and/or computer 28 in the manner described above. Upon detecting such a field, processor 74 substitutes an identification code for the contents of the field, and computer 28 shows a dummy field on display 30, which does not contain the secret information. When the user selects this field, the agent on computer 28 notifies processor 74, which then outputs the secret information to display 64.
Although certain methods are described above with specific reference to device 60, the principles of these methods may be implemented, mutatis mutandis, using the more limited feature set of device 34, or using other authentication devices with other suitable combinations of features. It will thus be appreciated that the embodiments described above are cited by way of example, 62505S and that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and subcombinations of the various features described hereinabove, as well as variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art .
Claims (50)
1. A method for communication, comprising: coupling an authentication device to communicate via a local interface with a local computer operated by a user, the authentication device comprising an input transducer; conveying an encryption key from a remote computer over a network to the local computer and from the local computer over the local interface to the authentication device ; receiving in the authentication device an access code input by the user via the input transducer; encrypting the access code in the authentication device using the encryption key; conveying the encrypted access code from the authentication device over the local interface to the local computer and from the local computer to the remote computer over the network; and authenticating the user at the remote computer by decrypting the encrypted access code.
2. The method according to claim 1, and comprising conveying, from the authentication device over the local interface to the local computer and from the local computer to the remote computer over the network, an indication of an authentication token stored by the authentication device, wherein authenticating the user comprises verifying an identity of the user responsively to the indication.
3. The method according to claim 1, and comprising receiving in the authentication device a biometric input by the user via a biometric sensor of the authentication device, and conveying an indication of the biometric input from the authentication device over the local interface to the local computer and from the local computer to the remote computer over the network, wherein authenticating the user comprises verifying an identity of the user responsively to the indication.
4. The method according to claim 3, wherein receiving the biometric input comprises sensing a fingerprint of the user.
5. The method according to claim 1, wherein the input transducer comprises a keypad.
6. The method according to claim 1, wherein the authentication device comprises an output transducer, for prompting the user to input the access code.
7. The method according to claim 6, wherein the output transducer is selected from a group of transducers consisting of an indicator lamp and a flat panel display.
8. The method according to claim 6, and comprising conveying a certificate from the remote computer over the network to the local computer and verifying that the certificate is valid, wherein prompting the user comprises outputting via the output transducer an indication that the certificate is valid.
9. The method according to claim 1, wherein conveying the encryption key comprises transmitting the encryption key upon initiation of a communication session between the local computer and the remote computer, wherein the method comprises, after authenticating the user, receiving information from the user via a user interface of the local computer for transmission from the local computer to the remote computer in the communication session .
10. The method according to claim 1, and comprising, after authenticating the user, receiving in the authentication device further information that is input by the user via the input transducer, and transmitting the further information in an encrypted form from the authentication device to the remote computer via a tunneled logical path through the local computer.
11. The method according to claim 1, wherein coupling the authentication device comprises plugging the authentication device into a receptacle in the local computer.
12. The method according to claim 1, wherein coupling the authentication device comprises establishing a short- range wireless link between the authentication device and the local computer.
13. A method for communication, comprising: coupling a data security device to communicate via a local interface with a local computer operated by a user, the data security device comprising an input transducer; establishing a physical communication link over a network between the local computer a remote computer over a network; setting up a secure tunnel between the remote computer and the data security device via the physical communication link and through the local computer, such that information transmitted through the secure tunnel is encrypted and can be decrypted only using a key that is unavailable to the local computer; 25 62505S receiving data input by the user to the data security device via the input transducer; and encrypting and transmitting the data from the data security device to the remote computer via the secure tunnel .
14. The method according to claim 13, wherein coupling the data security device comprises plugging the data security device into a receptacle in the local computer.
15. The method according to claim 13, wherein coupling the data security device comprises establishing a short- range wireless link between the data security device and the local computer.
16. The method according to claim 13, wherein the data input by the user via the input transducer comprise first data, and wherein the method comprises receiving second data input by the user via a user interface of the local computer, and transmitting the second data together with the first data to the remote computer via the physical communication link in a single communication session.
17. The method according to claim 16, wherein the input transducer comprises a keypad, and wherein the user interface comprises a keyboard.
18. The method according to claim 16, wherein the secure tunnel comprises a first secure socket connection, and wherein transmitting the second data comprises setting up a second secure socket connection between the data security device and the local computer, and conveying the second data from the local computer through the second secure socket connection to the data security device and 62505S from the data security device through the first secure socket connection to the remote computer.
19. The method according to claim 13, wherein receiving the data comprises presenting a page provided by the remote computer on a display of the local computer, the page comprising a field to be filled in with the data input by the user .
20. The method according to claim 19, wherein the secure tunnel comprises a first secure socket connection, and wherein presenting the page comprises setting up a second secure socket connection between the data security device, and the local computer, and conveying the page from the remote computer through the first secure socket connection to the data security device and from the data security device through the second secure socket connection to the local computer.
21. The method according to claim 20, wherein presenting the page comprises generating an indication on the display that the field is to be filled in by the user by means of the input transducer of the data security device .
22. The method according to claim 13, wherein the data security device comprises an output transducer, for prompting the user to input the data.
23. The method according to claim 22, wherein the output transducer is selected from a group of transducers consisting of an indicator lamp and a flat panel display.
24. The method according to claim 22, and comprising conveying a certificate from the remote computer over the network to the local computer and verifying that the 62505S certificate . is valid, wherein prompting the user comprises outputting via the output transducer an indication that the certificate is valid.
25. A system for authenticating a user of a local computer, the system comprising: a remote computer, which is configured to transmit an encryption key over a network to the local computer; and an authentication device, which comprises: a communication interface for communicating with a local interface of the local computer so as to receive the encryption key transmitted by the remote computer; an input "transducer, which is coupled to receive an access code that is input by the user; and an encryption processor, which is configured to encrypt the access code using the encryption key and to convey the encrypted access code via the local interface to the local computer, whereupon the encrypted access code is conveyed via the local computer over the network to the remote computer, which authenticates the user by decrypting the encrypted access code.
26. The system according to claim 25, wherein the authentication device comprises a memory that stores an authentication token, and is configured to convey an indication of the token through the local interface via the local computer to the remote computer over the network, and wherein the remote computer is configured to 62505S verify an identity of the user responsively to the indication.
27. The system according to claim 25, wherein the authentication device comprises a biometric sensor, which is coupled to receive a biometric input by the user, and wherein the authentication device is configured to convey an indication of the biometric input through the local interface via the local computer to the remote computer over the network, and wherein the remote computer is configured to verify an identity of the user responsively to the indication.
28. The system according to claim 27, wherein the biometric sensor is configured to sense a fingerprint of the user.
29. The system according to claim 25, wherein the input transducer comprises a keypad.
30. The system according to claim 25, wherein the authentication device comprises an output transducer, which is configured to prompt the user to input the access code .
31. The system according to claim 30, wherein the output transducer is selected from a group of transducers consisting of an indicator lamp and a flat panel display.
32. The system according to claim 30, wherein the remote computer is configured to convey a certificate over the network to the local computer, and wherein the authentication device is configured to verify that the certificate is valid and to prompt the user to input the access code in response to an indication that the certificate is valid. 62505S
33. The system according to claim 25, wherein the remote computer is configured to transmit the encryption key upon initiation of a communication session between the local computer and the remote computer, and to receive information that is input by the user via a user interface of the local computer in the communication session after authenticating the user.
34. The system according to claim 25, wherein the authentication device, is configured to receive further information that is input by the user via the input transducer after the user has been authenticated, and to transmit the further information in an encrypted form to the remote computer via a tunneled logical path through the local computer.
35. The system according to claim 25, wherein the communication interface comprises a plug, which is configured to be received by a receptacle in the local computer .
36. The system according to claim 25, wherein the communication interface comprises a wireless interface, which is configured to establish a short-range wireless link with the local computer.
37. A system for communication by a user of a local computer, the system comprising: a remote computer, which is configured to establish a physical communication link with the local computer over a network; and a data security device, which comprises.- a communication interface for communicating with a local interface of the local computer; 62505S an input transducer, which is coupled to receive data that are input by the user; and a processor, which is configured to set up a secure tunnel to the remote computer over the physical communication link via the local computer, and to encrypt the received data for transmission via the secure tunnel to the remote computer such that the encrypted data transmitted through the secure tunnel can be decrypted only using a key held by the remote computer that is unavailable to the local computer.
38. The system according to claim 37, wherein the communication interface comprises a plug, which is configured to be received by a receptacle in the local computer.
39. The system according to claim 37, wherein the communication interface comprises a wireless interface, which is configured to establish a short-range wireless link with the local computer.
40. The system according to claim 13, wherein the data input by the user via the input transducer comprise first data, and wherein the data security device is configured to receive second data input by the user via a user interface of the local computer, and to transmit the second data together with the first data to the. remote computer via the physical communication link in a single communication session.
41. The system according to claim 40, wherein the input transducer comprises a keypad, and wherein the user interface comprises a keyboard. 62505S
42. The system according to claim 40, wherein the secure tunnel comprises a first secure socket connection, and wherein the processor is configured to set up a second secure socket connection between the data security device and the local computer, and to receive the second data from the local computer through the second secure socket connection and transmit the second data through the first secure socket connection to the remote computer.
43. The system according to claim 37, wherein the data comprise a page provided by the remote computer for presentation on a display of the local computer, the page comprising a field to be filled in with the data input by the user.
44. The system according to claim 43, wherein the secure tunnel comprises a first secure socket connection, and wherein the processor is configured to set up a second secure socket connection between the data security device and the local computer, and to receive the page from the remote computer through the first secure socket connection and transmit the page through the second secure socket connection to the local - computer .
45. The system according . to claim 44, wherein the processor is configured to generate an indication on the display that the field is to be filled in by the user by means of the input transducer of the data security device.
46. The system according to claim 37, wherein the data security device comprises an output transducer, which is configured to prompt the user to input the data. 62505S
47. The system according to claim 46, wherein the output transducer is selected from a group of transducers consisting of an indicator lamp and a flat panel display.
48. The system according to claim 46, wherein the remote computer is configured to convey a certificate over the network to the local computer, and wherein the authentication device is configured to verify that the certificate is valid and to · output via the output transducer an indication that the certificate is valid.
49. An authentication device, for authenticating a user of a local computer on a remote computer, the device comprising: a communication interface for communicating with a local interface of the local computer so as to receive an encryption key transmitted by the remote computer over a network to the local computer; an input transducer, which is coupled to receive an access code that is input by the user; and an encryption processor, which is configured to encrypt the access code using the encryption key and to convey the encrypted access code via the local interface to the local computer, so as to cause the encrypted access code to be conveyed via the local computer over the network to the remote computer, for authentication of the user by decryption of the encrypted access code.
50. A data security device for use by a user of a local computer, which is in communication with a remote computer via a physical communication link over a network the device comprising: a communication interface for communicating with a local interface of the local computer; 62505S an input transducer, which is coupled to receive data that are input by the user; and a processor, which is configured to set up a secure tunnel to the remote computer . over the physical communication link via the local computer, and to encrypt the received data for transmission via . the secure tunnel to the remote computer such that the encrypted data transmitted through the ' secure tunnel . can be decrypted only using a key held by the remote computer that is unavailable to the local computer. For the Applicant,
Priority Applications (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IL185795A IL185795A (en) | 2007-09-06 | 2007-09-06 | Authentication method and device with encryption capability against malicious access to local computer |
| IL186473A IL186473A0 (en) | 2007-09-06 | 2007-10-07 | Information protection device |
| IL187492A IL187492A0 (en) | 2007-09-06 | 2007-11-19 | Information protection device |
| PCT/IL2008/001187 WO2009031140A2 (en) | 2007-09-06 | 2008-09-03 | Information protection device |
| EP08789858.1A EP2188942A4 (en) | 2007-09-06 | 2008-09-03 | Information protection device |
| US12/676,143 US20100180120A1 (en) | 2007-09-06 | 2008-09-03 | Information protection device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IL185795A IL185795A (en) | 2007-09-06 | 2007-09-06 | Authentication method and device with encryption capability against malicious access to local computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| IL185795A0 IL185795A0 (en) | 2008-01-06 |
| IL185795A true IL185795A (en) | 2013-12-31 |
Family
ID=42334277
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| IL185795A IL185795A (en) | 2007-09-06 | 2007-09-06 | Authentication method and device with encryption capability against malicious access to local computer |
| IL186473A IL186473A0 (en) | 2007-09-06 | 2007-10-07 | Information protection device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| IL186473A IL186473A0 (en) | 2007-09-06 | 2007-10-07 | Information protection device |
Country Status (1)
| Country | Link |
|---|---|
| IL (2) | IL185795A (en) |
-
2007
- 2007-09-06 IL IL185795A patent/IL185795A/en not_active IP Right Cessation
- 2007-10-07 IL IL186473A patent/IL186473A0/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| IL185795A0 (en) | 2008-01-06 |
| IL186473A0 (en) | 2008-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20100180120A1 (en) | Information protection device | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| US9444809B2 (en) | Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones™ | |
| KR101904177B1 (en) | Data processing method and apparatus | |
| EP2213044B1 (en) | Method of providing assured transactions using secure transaction appliance and watermark verification | |
| JP6012125B2 (en) | Enhanced 2CHK authentication security through inquiry-type transactions | |
| JP6105721B2 (en) | Start of corporate trigger type 2CHK association | |
| US7775427B2 (en) | System and method for binding a smartcard and a smartcard reader | |
| AU2014258980B2 (en) | Providing digital certificates | |
| WO2001084761A1 (en) | Method for securing communications between a terminal and an additional user equipment | |
| US20110202772A1 (en) | Networked computer identity encryption and verification | |
| EP2408170B1 (en) | Method and system for verifying data integrity | |
| US20120124378A1 (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| EP2824603A2 (en) | System and method for authenticating public keys | |
| JP5135331B2 (en) | PC external signature apparatus having wireless communication capability | |
| WO2011060739A1 (en) | Security system and method | |
| IL185795A (en) | Authentication method and device with encryption capability against malicious access to local computer | |
| WO2011060738A1 (en) | Method for confirming data in cpu card | |
| BRPI0803951A2 (en) | method for remote data signing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FF | Patent granted | ||
| MM9K | Patent not in force due to non-payment of renewal fees |