WO2011090432A1 - Dispositif de mémoire portable à authentification et procédé et système d'authentification - Google Patents
Dispositif de mémoire portable à authentification et procédé et système d'authentification Download PDFInfo
- Publication number
- WO2011090432A1 WO2011090432A1 PCT/SG2010/000013 SG2010000013W WO2011090432A1 WO 2011090432 A1 WO2011090432 A1 WO 2011090432A1 SG 2010000013 W SG2010000013 W SG 2010000013W WO 2011090432 A1 WO2011090432 A1 WO 2011090432A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- unique code
- encryption
- module
- memory device
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Definitions
- This invention relates to a portable memory device with authentication and an authentication method and system; and relates particularly, though not exclusively, to such a device, method and system to secure an authentication process.
- Security of the authentication process may be required if there is a possibility of a "sniffing" of the password and/or a replay attack.
- a method to secure an authentication process for a portable memory device operatively connected to a host computer includes an encryption module of the portable memory device generating a unique code and sending it to a login software module of the host computer.
- the login software module encrypts the unique code and sends the encrypted unique code and a password to the encryption module.
- the encryption module decrypts the encrypted code to obtain the code for validation, and authenticates the password.
- a system to secure an. authentication process for a portable memory device operatively connectable to a host computer comprising an encryption module and the host computer comprising a login software module.
- the encryption module is configured to generate a unique code and send it to the login software module.
- the login software module is configured to encrypt the unique code and send the encrypted unique code and a password to the encryption module.
- the encryption module is further configured to decrypt the encrypted code to obtain the code for validation, and to authenticate the password.
- a portable memory device configured to be operatively connected to a host computer.
- the portable memory device comprises an encryption module configured to generate a unique code and send the unique code to a login software module of the host computer.
- the encryption module is further configured to receive from the login software module an encryption of the unique code and a password, and to decrypt the encrypted code to obtain the code for validation, and also to authenticate the password
- the password may be encrypted or hashed by the login software module before being sent to the encryption module.
- the encryption or hashing of the password may be by use of the code or a derivative of the code.
- the login software module may establish a secure communication channel between the login software module and the encryption module before the encryption module generates the unique code. All communication between the login software module and the encryption module may be over the secure communication channel.
- the unique code may be selected from: a number, a series of letters, a series of numbers, characters, or any combination of them.
- the unique code may be used for the one communication session. A different unique code may be generated for each communication session.
- Encryption may comprise hashing and decryption may comprise unhashing.
- Figure 1 is a schematic view of an exemplary system of a portable memory device connectable to ' a host apparatus to enable authentication of a user;
- Figure 2 is a block diagram illustrating the exemplary portable memory device and a part of the host apparatus of Figure 1 ;
- Figure 3 is flow chart for the operation of the exemplary embodiment of Figures 1 and 2; and Figure 4 is a flow chart illustrating an additional process to that of Figure 3.
- the host computer 100 may be of any suitable form such as, for example, desktop computer, personal computer, laptop computer, notebook computer, server, tablet computer, personal digital assistant, digital diary, or mobile/cellular telephone.
- connection of the portable memory device 200 with the host computer 100 may be direct or indirect. If direct it may be by the USB connector 208 of the portable memory device 200 engaging with a USB port 108 of the host computer 100. If indirect, it may be by any suitable wireless connection such as Bluetooth or WiFi; or by use of a cable (not shown).
- the portable memory device 200 has the USB connector 208 and a USB interface 212 operatively connected to a controller 204.
- a memory module 202 is also operatively connected to the controller 204.
- the memory module 202 may, for example, be a flash memory module. However, it may be of any suitable form of non-volatile memory.
- a login software module 110 in the host computer 100 establishes a secure channel 300 with the encryption module 210 of the portable memory device 200 (302).
- This may be by any suitable and known secure channel communication system.
- the secure channel 300 provides a first level of protection against "sniffing" of the password over the communication channel, and thus the possibility of a replay attack as all communication between the login software module 110 and the encryption module 210 is over the secure
- a one-time password challenge is used.
- the encryption module 210 generates a unique challenge code (303).
- the code may be a number, a series of letters, a series of numbers, characters, or any combination of them.
- the code is used for the one communication session. A different code is generated for each communication session.
- the code is sent by the encryption module 210 to the login software module 110 of the host computer 100 over the secure communications channel 300.
- the login software module 110 encrypts or hashes the code to obtain an encrypted or hashed code (304).
- the login software module 110 of the host computer 100 uses the secure communication channel 300 to send the encrypted or hashed code and the password of a user of the host computer 00 to the encryption module 210 (305).
- the encryption module 210 When the encryption module 210 receives the encrypted or hashed code and the password, it decrypts or unhashes the encrypted or hashed code to obtain the code to thus provide validation (306), and authenticates the password (307). This prevents a replay attack. If the validation is not successful (i.e. the code after decryption or unhashing is not the same as the code before encryption) and/or if the password is not authenticated, the secure communication channel 300 is closed and the session ends.
- Figure 4 shows a variation where following (304) the login software module 110 also hashes or encrypts the password (405) with the code or a derivative of the code. The hashed or encrypted password is then sent with the encrypted or hashed code to the encryption module 210 over the secure channel 300 (406). The encryption module 210 then decrypts the code and the password (407), validates the code and authenticates the password (409). This provides an additional layer of protection against a replay attack.
- the login software module 110 also hashes or encrypts the password (405) with the code or a derivative of the code.
- the hashed or encrypted password is then sent with the encrypted or hashed code to the encryption module 210 over the secure channel 300 (406).
- the encryption module 210 then decrypts the code and the password (407), validates the code and authenticates the password (409). This provides an additional layer of protection against a replay attack.
- the foregoing description has described exemplary embodiments, it will be understood by those skilled in the technology concerned that many variations in details
Abstract
La présente invention concerne un procédé pour sécuriser un procédé d'authentification pour un dispositif de mémoire portable connecté en fonctionnement à un ordinateur hôte. Le procédé comprend la génération par un module de chiffrement du dispositif de mémoire portable d'un code unique et l'envoi du code unique à un module de logiciel d'ouverture de session de l'ordinateur hôte. Le module de logiciel d'ouverture de session chiffre le code unique et envoie le code unique chiffré et un mot de passe au module de chiffrement. Le module de chiffrement déchiffre le code chiffré pour obtenir le code pour une validation, et authentifie le mot de passe. La présente invention concerne également un système correspondant et un dispositif de mémoire portable.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG2010/000013 WO2011090432A1 (fr) | 2010-01-19 | 2010-01-19 | Dispositif de mémoire portable à authentification et procédé et système d'authentification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG2010/000013 WO2011090432A1 (fr) | 2010-01-19 | 2010-01-19 | Dispositif de mémoire portable à authentification et procédé et système d'authentification |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011090432A1 true WO2011090432A1 (fr) | 2011-07-28 |
Family
ID=44307068
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2010/000013 WO2011090432A1 (fr) | 2010-01-19 | 2010-01-19 | Dispositif de mémoire portable à authentification et procédé et système d'authentification |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2011090432A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106817671A (zh) * | 2017-02-14 | 2017-06-09 | 腾讯科技(深圳)有限公司 | 一种联网信息共享方法、第一终端及系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050250473A1 (en) * | 2004-05-04 | 2005-11-10 | Research In Motion Limited | Challenge response system and method |
US7139915B2 (en) * | 1998-10-26 | 2006-11-21 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US20090193511A1 (en) * | 2008-01-30 | 2009-07-30 | Vasco Data Security, Inc. | Two-factor usb authentication token |
-
2010
- 2010-01-19 WO PCT/SG2010/000013 patent/WO2011090432A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7139915B2 (en) * | 1998-10-26 | 2006-11-21 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US20050250473A1 (en) * | 2004-05-04 | 2005-11-10 | Research In Motion Limited | Challenge response system and method |
US20090193511A1 (en) * | 2008-01-30 | 2009-07-30 | Vasco Data Security, Inc. | Two-factor usb authentication token |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106817671A (zh) * | 2017-02-14 | 2017-06-09 | 腾讯科技(深圳)有限公司 | 一种联网信息共享方法、第一终端及系统 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9455830B2 (en) | Method for securing credentials in a remote repository | |
CN109923830B (zh) | 用于配置无线网络接入设备的系统和方法 | |
EP2314090B1 (fr) | Association de dispositif portatif | |
CN103152366B (zh) | 获得终端权限的方法、终端及服务器 | |
US8099761B2 (en) | Protocol for device to station association | |
WO2015180691A1 (fr) | Procédé et dispositif d'accord sur des clés pour informations de validation | |
KR101239297B1 (ko) | 정보 보호 시스템 및 방법 | |
WO2015192670A1 (fr) | Procédé d'authentification d'identité d'utilisateur, terminal et terminal de service | |
US9445269B2 (en) | Terminal identity verification and service authentication method, system and terminal | |
US20100250796A1 (en) | Establishing a Secure Channel between a Server and a Portable Device | |
CN109361508B (zh) | 数据传输方法、电子设备及计算机可读存储介质 | |
JP2012530311A5 (fr) | ||
US8397281B2 (en) | Service assisted secret provisioning | |
US11196721B2 (en) | Systems and methods for establishing a secure communication channel between an information handling system and a docking station | |
WO2014180198A1 (fr) | Procédé, système et dispositif d'accès d'un terminal et support de stockage informatique | |
US8799646B1 (en) | Methods and systems for authenticating devices | |
CN101621794A (zh) | 一种无线应用服务系统的安全认证实现方法 | |
WO2010023506A1 (fr) | Procédés, appareils, produits-programmes informatiques et systèmes pour l'appariement et l'association sécurisés de dispositifs sans fil | |
KR100668446B1 (ko) | 안전한 인증정보 이동방법 | |
CA2813765C (fr) | Procede permettant de mettre en surete des justificatifs d'identite dans un organe d'archivage eloigne | |
CN102404337A (zh) | 数据加密方法和装置 | |
US9654455B2 (en) | Communication system, communication device, key management apparatus, and communication method | |
CN108199851B (zh) | 一种数据安全传输方法、装置及系统 | |
US10574441B2 (en) | Management of cryptographic keys | |
KR101680536B1 (ko) | 기업용 모바일 업무데이터 보안 서비스 방법 및 그 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10844084 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10844084 Country of ref document: EP Kind code of ref document: A1 |