WO2001044898A1 - Cryptographic token and enabling system - Google Patents
Cryptographic token and enabling system Download PDFInfo
- Publication number
- WO2001044898A1 WO2001044898A1 PCT/CA2000/001480 CA0001480W WO0144898A1 WO 2001044898 A1 WO2001044898 A1 WO 2001044898A1 CA 0001480 W CA0001480 W CA 0001480W WO 0144898 A1 WO0144898 A1 WO 0144898A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- ideogram
- enabling
- signature information
- graphical interface
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Definitions
- the present invention relates to an enabling method and systems for devices such as communications systems, security systems and a cryptographic token and security system.
- the data is provided with an application header, a transport header, an internet header, and a data link header
- Link encryption occurs when the data link header includes an encryption method or algorithm that encrypts the remainder of the signal
- the layers of encryption increase as the data link header, the internet header, the transport header and the application header introduce encryption protocols to encrypt the data. While these levels of encryption are currently the standard levels or layers of encryption associated with internet communications, there is continual movement in the industry to improve security protocols.
- Another problem associated with the security of information transmitted over communication mediums relates to social engineering. It is common for users large and small to continue using the same asymmetrical keys and log on passwords for extended periods of time Further, these keys are typically stored in a computer or other data bus storage means where the software for the encryption and decryption of the data is also stored. Consequently, it is possible for an unauthorized third party to copy the hard drive or storage medium and subsequently analyze the storage medium without time constraints to determine the user's asymmetrical and symmetrical keys Once having obtained such key information, this third party can then intercept the communication and utilize the key to unlock or decrypt the transmitted data
- a cryptographic token may include a contact sensitive graphical interface accessible by the user so as to enable the cryptographic token to function and transmit the user cryptographic key or other user information to a security module.
- the cryptographic token includes an authentication processor connected to the graphical interface for verifying the authenticity of the user. This interface and authenticity check provide an enabling or log m method that may be conducted off-line from or in conjunction with a security module such that it is improbable to gain unauthorized access to the user's cryptographic key information.
- the present invention has application with various communication systems, such as voice communication, video communications, telecommunications, and internet communications.
- the authentication processor and the contact sensitive graphical user interface provide the basis of the method and system for enabling the cryptographic token and the security system.
- This enabling method and system may be used to enable other types of devices requiring restricted access such as, for example communications devices and security access devices.
- Other devices to be enabled may include enabling of telephones, cellular, satellite or video telephones, computers, video communication devices, telecommunication devices, and voice communication devices. It is contemplated that the enabling method and system may operate independently of the cryptographic token. That is the method and system may operate to simply enable, or permit operation of a device and not perform the encryption/decryption operation also performed by the cryptographic token. Secure communication or activation occurs by the device to be enabled being operable with or having the contact sensitive graphical interface.
- the user ideogram signature is produced on the contact sensitive graphical interface and the authentication processor creates a user identification template from the user ideogram signature produced on the contact sensitive graphical interface.
- the template is stored in memory.
- the comparator compares a second produced user ideogram signature information on the contact sensitive graphical interface with the user identification template stored in memory and the device is enabled when the compa ⁇ son of the second produced user ideogram signature information matches the user identification template stored in memory.
- the cryptographic token can be in the form of a rectangular card such as, for example, a printed circuit card having an input/output port that is PC card compatible. Such a PC card may have its own power supply Alternatively, the cryptographic token can be in the form of a card, such as an IC card or Smart Card. Such IC and Smart Cards typically do not have an independent power supply
- the graphical interface is a contact sensitive interface that may be sensitive simply to contract or to contact and pressure contact
- the graphical interface may include a graphical contact sensitive tablet, which is pressure sensitive, over which a stylus is manipulated by a user to enter an ideogram signature information
- a contact sensitive display may be used for the graphical interface that may or may not echo the ideogram signature information
- the display may generate a menu of user selection activation prompts to guide a user in entering ideogram signature information to create a user identification template to be stored in the cryptographic token.
- the menu may further prompt the user to create or generate new cryptographic keys within the system and prompt the user for a password in addition to the other security levels.
- the cryptographic token may contain at least three authentication factors for encryption.
- the first factor is something the user knows such as, for example, the password.
- the second authentication factor is something the user has which is the token and the cryptographic key information stored on the token.
- the third authentication factor is something the user does which is provide ideogram signature information on the token. Additionally, the first and third authentication factors are something the user can change thereby adding a layer or level of security.
- ideogram signature information refers to a graphic representation made by user's on the contact sensitive graphic interface.
- signature is used to represent the user's graphic representation of it's personal signature or, is used in combination with the term ideogram to represent the personal characteristics of the user in creating an ideogram.
- This ideogram signature is referred to as information since it is codified and interrogated by the authentication processor of the enabling system to create an identification template of information that is subsequently used to verify the authenticity of a user
- the cryptographic token or enabling system includes a watchdog or tampering circuit which in the event of an intrusion erases from the memory of the cryptographic token the cryptographic key and ideogram signature template.
- the display or a light emitting diode display may be utilized by the cryptographic token to provide a visual indication of when the token is properly activated.
- the cryptographic token may further include a buzzer for sounding alarms related to proper or improper activation of the token.
- a method for enabling a device having a contact sensitive graphical interface comp ⁇ sing the steps of producing a user ideogram signature on the contact sensitive graphical interface, creating a user identification template from the user ideogram signature produced on the contact sensitive graphical interface, storing the user identification template in memory, comparing a second produced user ideogram signature information on the contact sensitive graphical interface with the user identification template stored in memory, and enabling the device when the compa ⁇ son of the second produced user ideogram signature information matches the user identification template stored in memory
- an enabling system operable with a security system or a communications system for enabling the security system or communications system
- the enabling system comprising a contact sensitive graphical interface accessible to a user for capturing user ideogram signature information, memory for sto ⁇ ng user ideogram signature information captured by the graphical interface; a user authentication processor for creating a user identification template from the user ideogram signature information and storing the user identification template in the memory; and, a comparator for comparing receipt of user ideogram signature information with the user identification template, the comparator generating an authentication signal when the compa ⁇ son of the user ideogram signature information matches the user identification template to enable the secu ⁇ ty system or communications system.
- Figure 1 is perspective view of the cryptographic token and secu ⁇ ty system used as an interface between a personal computer and an internet site;
- FIG. 2 is a block diagram of the cryptographic token with its own off-line power supply
- Figure 3 is a perspective view of the cryptographic token showing a preferred contact sensitive liquid crystal display and stylus
- Figures 4 and 5 show the display of the token prompting the user w ith menu selections
- Figure 6 is a block diagram of the internet secu ⁇ ty module utilizing the cryptographic token of Figure 2;
- Figures 7 to 14 are flow charts showing the steps involved in setting up and logging into the cryptographic token
- Figure 15 is a block diagram of the cryptographic token dependent on a remote power supply
- Figure 16 is a shows a communication system in the form of a telephone incorporating the enabling system.
- FIG. 17 shows a secu ⁇ ty system using the enabling system Detailed Desc ⁇ ption Of The Preferred Embodiment
- the secure communication system 10 operates in conjunction with personal computers 12 and 14 to provide for secure transactions and data communication across the internet 16
- the first personal computer or computer 12 is in effect a first data transceiver for transmitting and receiving data to and from a first communication port
- the communication port 18 of computer 12 is connected via cable 20 to an internet secu ⁇ ty module 22.
- the internet secu ⁇ ty module has an output port 26 in the form of a telephone jack for connecting through standard telephone line 28 the internet security module 22 to the internet
- the internet 16 then routes the data across the internet to the telephone or communication line 30 of the second computer 14
- the second computer 14 may simply be another user in the system or may be a computer that provides a service through which a secure transaction and the exchange of money or credit may flow from computer 12 through the internet security module 22, the internet 16, to the computer 14
- the security module 22 may be alternatively connected to a single port for transmission of information with that single port. Such a single port arrangement would have application in an ATM banking machine environment.
- a cryptographic token card 24 is required to be inserted into a hardware enabling receiving interface port 32 of the internet security module 22.
- the cryptographic token 24 is a temporary coupling which may be inserted into the port 32 and removed from the port 32 as indicated by arrow 34.
- the cryptographic token 24 is shown in Figure 1 to comprise a printed circuit card which has an outer casing 36, a connecting port 38, and a contact sensitive graphical interface 40.
- the cryptographic token 24 bears cryptographic key information which is utilized by the internet security module 22 when the cryptographic token 24 is inserted into the receiving port 32 of the internet security module 22.
- the cryptographic key information includes either a symmetric or an asymmetric key.
- the asymmetric key includes both a public key and a private key. These keys are preferably maintained in the cryptographic token 24 away from the internet security module 22 for use by the internet security module 22 with standard internet security protocol algorithms.
- standard internet security protocol encrypting and decrypting algorithms are, for example, a link encryption, network encryption, secure socket layer encryption, and application layer encryption.
- the preferred encryption used by the internet security module 22 is secure socket layer encryption.
- the cryptographic token 24, once enabled with the security module 22, would be able to download and upload sensitive data to and from the security module and internet
- a block diagram of the cryptographic token has a battery 42 connected to a power conditioning circuit 44.
- the power conditioning circuit 44 is further connected to an input power connection 46 to the PC card host controller or hardware receiving port 32 of the internet secu ⁇ ty module 22.
- the cryptographic token 24 When the cryptographic token 24 is not connected to the internet security module 22 it is considered to be off-line from the internet security module 22 and power to the cryptographic token 24 is provided by battery 42.
- power Upon insertion of the cryptographic token 24 into the host controller 32 of the internet secu ⁇ ty module 22, power is fed along line 46 through the power conditioning circuit 44.
- the power conditioning circuit 44 acts to regulate the power source of the cryptographic token 24 from the battery 42 to the internet security module 22.
- the power conditioning circuit 44 has an output power line 48 which provides an operating voltage to the other programmed operating hardware of the cryptographic token 24.
- the contact sensitive graphical interface 40 is shown to include a contact sensitive liquid crystal display 50 connected to a graphical interface 52
- the graphical interface 52 converts information pressed onto the liquid crystal display into a graphic pattern and transmits this graphic pattern across the data bus 54 to the user authentication processor 56
- the user authentication processor 56 may also be considered as a cryptographic controller which controls the overall cryptographic operation of the cryptographic token 24 Prompts for information obtained from a user are transmitted across the bus 54 from the authentication processor 56 through the graphic interface 52 and echoed or displayed on the liquid crystal display 50.
- the user authentication processor 56 includes a comparator 58, and a real time clock and random number generator 60. The real time clock and random generator number is utilized by the authentication processor 56 to generate cryptographic key information such as symmet ⁇ cal keys and asymmetrical keys in the form of p ⁇ vate and public keys when so instructed or requested by a user.
- the cryptographic token 24 also includes memory 62 in the form a flash memory 64 and a scratch pad random access memory 66.
- the flash memory 64 is connected to the authentication processor 56 by data transfer bus 68.
- the scratch pad RAM memory 66 is connected to the authentication processor 56 by data transfer bus 70.
- the operation of the authentication processor 56 is stepped and controlled by a control clock 72.
- the authentication processor 56 communicates with the internet security module 22 through a data transfer bus 74 to the connection interface port 38 when the port is plugged into the PC host controller 32 of the internet security module 22.
- the PC card interface or a connection interface port 38 is a standard interface port and may comprise as computer compatible PC card
- the authentication processor is further connected to one or more LED's 76 and an audible transducer or buzzer 78
- the cryptographic token 24 further includes a tampering circuit 80 that detects an intrusion of the cryptographic token 24 and sends a signal to the flash memory 64 to delete the program templates and cryptographic keys normally stored in this flash memory
- a tampering circuit 80 that detects an intrusion of the cryptographic token 24 and sends a signal to the flash memory 64 to delete the program templates and cryptographic keys normally stored in this flash memory
- the cryptographic token 24 provides through the battery 42 an offline token which stores a user's cryptographic keys in the flash memory 64 together with a template of the user's ideogram signature information.
- the flash memory 64 may also store the password of the user.
- the cryptographic token 24 prompts the user with menu selection once the card is activated.
- the main menu 82 is displayed on the display 40 to the user allowing the user to select the options of log in or setup.
- the main menu 82 is shown in Figure 4.
- the setup menu 84 shown in Figure 5 is displayed to the user.
- the setup menu includes five options of create new template, edit existing template, generate symmetrical key, generate asymmetrical key, and enter/change passwords.
- the authentication processor verifies the activation of the cryptographic token 24 by an authorized user. Once the activation of cryptographic token 24 is authenticated, the cryptographic tokei 24 ⁇ s then enabled permitting the transference of data across data transfer bus 74 from the authentication processor 56 to the connection interface port 38
- the cryptographic token 24 is activated at 160 This activation may simply comp ⁇ se tapping the contact sensitive LCD display 50 three times in a row to have the authentication processor 56 prompt the cryptographic token 24 to have the main menu displayed as at step 82 in Figure 7 This main menu in Figure 7 is similar to the one shown in Figure 4. The user then has the option to select the login feature at 162 or go to the setup feature at 164.
- the system shown in Figure 8 displays the setup menu 84 which is similar to the menu shown Figure 5
- the user then has the ability to create a new template at 166 or edit an existing template 168, generate symmet ⁇ cal key information 170, generate asymmetrical key information 172 or create/edit the password 174
- the template may be created in accordance with the methodology shown in Figure 9
- the authentication processor 56 requests the display 50 to prompt the user to enter ideogram signature information (ISI), such as, for example, the ideogram signature information 92 shown in Figure 3 This information is entered on the contact sensitive graphical interface 50
- the authentication processor 56 at 224 applies a pattern recognition algorithm to the ideogram signature information and stores the pattern result in a memory 62.
- the processor 56 applies a smoothing algorithm to start to weigh the pattern results with previous pattem results to create a user identification template at 230
- the processor 56 stores the user identification template information in flash memory 64 at 234 and then proceeds to step 236 ending the creation of the template process. It should be understood that in the process for creating the new template may only occur when no template has been entered into the system In the event that a template has been entered into the system, then a default to the edit routine occurs.
- the process in Figure 10 is implemented by the processor 56.
- the processor checks to determine if an identification template is already stored in the a flash memory 64 at 176. In the event that there is no template stored then the processor 56 returns to the setup menu 178 In the event there is an existing template stored in the flash memory 64, step 179 is performed w hereby the processor goes to the log in procedure to authenticate that this is in fact the authorized user wishing to change there ideogram signature information. The log in procedure is discussed subsequently in more detail with respect to Figure 15.
- the next step is at 180 to erase the existing template stored in the flash memory 64 and then the system returns to create the new template menu at 182.
- the process of Figure 13 is enacted.
- the processor 56 determines at step 196 if the password is stored in the flash memory 64. If the answer is yes then the step 198 displays an alphanumeric key pad and prompts the user to enter the password.
- the processor 56 compares the entered password with the password stored in flash memory 64 at 200.
- the processor 56 determines if the passwords entered and stored match at 202 and in the event that there is no match the process either ends or returns to the main menu 204 thereby rejecting the request to create or edit the password.
- the process at 206 displays an alphanumeric keypad and prompts the user to enter a new password.
- the new password is then stored in the memory 60 at 208 and the process displays for a second time the alphanumeric keypad and prompts the user to re-enter the new password at 210.
- the processor compares the entered and re-entered passwords at 212.
- a decision on the password matching is made at step 214. In the event that these passwords do not match then the system initiates the password editing or creating procedure once again by returning to process box 206.
- the decision from the matching of the passwords at 214 is positive then the password is stored in a flash memory 64 at step 216 and the create/edit password routine is ended at 218
- the authentication processor 56 at step 248 applies the pattern recognition algo ⁇ thm to the ideogram signature information 92 to create the new pattern.
- the comparator 58 compares the new ideogram signature information pattern with the user identification template stored at the flash memory 64 at step 250.
- a decision is made as to whether the pattern matches the user identification template and in the event the answer is no, then the system simply ends the login procedure without enabling the cryptographic token 24 at step 244.
- the processor enables itself at step 254 to communicate over the data bus 74 with the connection interface port 38 of the cryptographic token 24.
- the system b ⁇ ngs the sign on or login procedure to an end at step 244. Once the cryptographic token 24 is enabled, then it is in a position to make available its cryptographic key information to the internet security module 32
- the internet security module 22 has its own power conditioning circuit 100 connected to a battery backup 102 and through a power input line 104 to a wall plug adapter 106.
- the power conditioning circuit 100 regulates the power supply to the internet security module 22
- the power conditioning circuit 100 has a power output line 108 which is connected to the hardware components located within the internet security module 22 to provide sufficient power to these components
- the internet security module 22 preferably had a touch sensitive liquid crystal display 1 10 connected through a data bus 1 14 to main processor 1 12.
- the liquid crystal display displays to the user the activities of the internet secu ⁇ ty module 22 during the operation of the internet security module 22.
- the main processor 1 12 is an xx86 class processor.
- This processor is connected through data bus 120 to a cryptographic co-processor 1 16 and a real time clock and random number generator 1 18.
- the cryptographic coprocessor and real time clock and random number generator accelerate the application of the encrypting and decrypting protocols to the data main processor 1 12 to the telephone line 28.
- the main processor 1 12 is further connected through to LED 128 and an audible signal beeper 130.
- Memory for the main processor is connected through a flash memory 132 which stores programs and other keys.
- the internet secu ⁇ ty module 122 further includes a scratch pad and random access memory 134 for temporary sto ⁇ ng calculations made by the mam processor 1 12.
- the main processor 1 12 is further connected through signaling ports 124 to a universal serial bus interface 122 or an RS/232 se ⁇ al interface 122. These interfaces are connected to the communication ports 18 to the first computer 12.
- the main processor 1 12 is further connected through a communication line 126 to the PC card host interface or having the hardware receiving slot 32.
- the diagram shows the crypto
- the main processor manipulates a data signal coming from the computer 12 through the input or interface port 122 and the communication lines 124 with an encrypting and decrypting algorithm provided in the co-processor 1 16 and random number generator 1 18. This data is further encoded with the key information made available by the cryptographic token 24 The information encrypted is then transmitted - 19 -
- main processor 1 12 performs no encryption or decryption of signals passing through the main processor between the telephone line 28 and the first computer 12
- the main processor 1 12 also decrypts data received from the computer 12
- the flash memory 132 stores cryptographic keys received from the cryptographic token 24.
- the keys are erased from the flash memory 132.
- the tamper circuit 136 sends a signal to the flash memory 132 to erase the memory 132.
- FIG 15 a block diagram of an alternative embodiment for the cryptographic token 24 of Figure 2 is shown.
- the components of the cryptographic token card 24 of Figure 15, including their reference numerals and functionality are identical to that shown and descnbed for Figure 2 except for the differences explained hereafter.
- the block diagram of the cryptographic token card differs in that it relies on the power from the security module 22 of Figure 6 at line 46 of Figure 15.
- the power from security module 22 is fed through the hardware receiving port 32 of the secu ⁇ ty module at connecting line 46 into the power conditioning circuit 44 of the cryptographic token card 24
- the cryptographic token card 24 preferably comprises either an IC card or a Smart Card.
- the cryptographic token card 24 As a result of the cryptographic token card 24 having to rely on a source of power from the security module 22, or an other power source, the cryptographic token card 24 must be coupled to the security module 22, or the other power source, so as to operate the cryptographic token card 24 in accordance with the method of operation previously described for Figures 2 to 5 and 7 to 14.
- a cellular communications device in the form of a telephone 300.
- the telephone 300 includes a display 302, an on/off switch 303 and alphanumeric keypad 304 to operate the telephone.
- Such telephone devices are commonly known in the art.
- the improvement is the use of the contact sensitive graphical user interface 40 mounted to the telephone 300.
- the telephone 300 also includes the circuitry of Figures 2 or 15 which functions in the manner previously desc ⁇ bed with respect to Figures 4, 5, 7 to 10 and 14 where the authentication processor 56 simply functions to permit authentication of the ideogram signature received by the pressure sensitive LCD 50 and graphic interface 52.
- the hardware receiving port 32 may simply be an electrical line connection to the on/off switch 303 of the telephone 300 or to other circuitry in the telephone which controls the enabling operation of the telephone.
- secu ⁇ ty system in the form of a keyless door entry secu ⁇ ty system 310 mounted to an access door 312.
- the improvement is the use of the contact sensitive graphical user interface 40 mounted to the door 312.
- the contact sensitive graphical user interface 40 could be mounted to the wall adjacent the door 312
- the secu ⁇ ty system 310 also includes the circuitry of Figures 2 and 15 which functions in the manner previously described with respect to Figures 4, 5, 7 to 10 and 14 where the authentication processor 56 simply functions to permit authentication of the ideogram signature received by the pressure sensitive LCD 50 and graphic interface 52
- the hardware receiving port 32 may simply be an electrical - 21 -
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- User Interface Of Digital Computer (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU19789/01A AU1978901A (en) | 1999-12-13 | 2000-12-13 | Cryptographic token and enabling system |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2,292,063 | 1999-12-13 | ||
CA 2292063 CA2292063A1 (en) | 1999-12-13 | 1999-12-13 | Cryptographic token and security system |
CA2,296,208 | 2000-01-17 | ||
CA 2296208 CA2296208C (en) | 1999-12-13 | 2000-01-17 | Cryptographic token and security system |
CA 2315599 CA2315599A1 (en) | 1999-12-13 | 2000-08-04 | Cryptographic token and enabling system |
CA2,315,599 | 2000-08-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001044898A1 true WO2001044898A1 (en) | 2001-06-21 |
WO2001044898A8 WO2001044898A8 (en) | 2001-09-27 |
Family
ID=27171107
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2000/001480 WO2001044898A1 (en) | 1999-12-13 | 2000-12-13 | Cryptographic token and enabling system |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU1978901A (en) |
CA (1) | CA2315599A1 (en) |
WO (1) | WO2001044898A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2201125A (en) * | 1987-02-16 | 1988-08-24 | De La Rue Syst | Verification device |
US5559961A (en) * | 1994-04-04 | 1996-09-24 | Lucent Technologies Inc. | Graphical password |
US5895906A (en) * | 1986-08-08 | 1999-04-20 | Norand Corporation | Hand-held data capture system with processor module and detachable second module |
-
2000
- 2000-08-04 CA CA 2315599 patent/CA2315599A1/en not_active Abandoned
- 2000-12-13 WO PCT/CA2000/001480 patent/WO2001044898A1/en active Application Filing
- 2000-12-13 AU AU19789/01A patent/AU1978901A/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5895906A (en) * | 1986-08-08 | 1999-04-20 | Norand Corporation | Hand-held data capture system with processor module and detachable second module |
GB2201125A (en) * | 1987-02-16 | 1988-08-24 | De La Rue Syst | Verification device |
US5559961A (en) * | 1994-04-04 | 1996-09-24 | Lucent Technologies Inc. | Graphical password |
Also Published As
Publication number | Publication date |
---|---|
AU1978901A (en) | 2001-06-25 |
WO2001044898A8 (en) | 2001-09-27 |
CA2315599A1 (en) | 2001-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7083090B2 (en) | Remote portable and universal smartcard authentication and authorization device | |
US5878142A (en) | Pocket encrypting and authenticating communications device | |
KR101699897B1 (en) | A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange | |
CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
US20100180120A1 (en) | Information protection device | |
CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
US20020031225A1 (en) | User selection and authentication process over secure and nonsecure channels | |
WO2001084761A1 (en) | Method for securing communications between a terminal and an additional user equipment | |
US20010054147A1 (en) | Electronic identifier | |
JPH02170272A (en) | Collation system for secret information | |
US7065647B2 (en) | Communication system, authentication communication device, control apparatus, and communication method | |
CN101964805B (en) | Method, equipment and system for safely sending and receiving data | |
KR20010022588A (en) | Method for the safe handling of electronic means of payment and for safely carrying out business transactions, and device for carrying out said method | |
CN111540093A (en) | Access control system and control method thereof | |
CN112769574A (en) | Key injection method and system, key management system, device and machine readable medium | |
CA2296208C (en) | Cryptographic token and security system | |
KR20070117371A (en) | Apparatus for generating random numbers for object oriented otp | |
CN101933315A (en) | The keyboard for encrypting and authenticating against trojan horse with one time key | |
WO2001044898A1 (en) | Cryptographic token and enabling system | |
CN206863808U (en) | Encrypted card | |
CN100390699C (en) | Right identification method using plug-in device and system applying the method | |
KR100671795B1 (en) | Computer for Processing Card Settlement Information | |
JP2005084846A (en) | Automatic individual identification of ic card | |
JP4729187B2 (en) | How to use card management system, card holder, card, card management system | |
WO2004055737A1 (en) | Apparatus and method forming a bridge between biometrics and conventional means of secure communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: C1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
CFP | Corrected version of a pamphlet front page | ||
CR1 | Correction of entry in section i |
Free format text: PAT. BUL. 25/2001 UNDER (30) REPLACE "2,314,559" BY "2,315,599" |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |