WO2011090432A1 - Dispositif de mémoire portable à authentification et procédé et système d'authentification - Google Patents

Dispositif de mémoire portable à authentification et procédé et système d'authentification Download PDF

Info

Publication number
WO2011090432A1
WO2011090432A1 PCT/SG2010/000013 SG2010000013W WO2011090432A1 WO 2011090432 A1 WO2011090432 A1 WO 2011090432A1 SG 2010000013 W SG2010000013 W SG 2010000013W WO 2011090432 A1 WO2011090432 A1 WO 2011090432A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
unique code
encryption
module
memory device
Prior art date
Application number
PCT/SG2010/000013
Other languages
English (en)
Inventor
Joon Yong Wayne Tan
Original Assignee
T-Data Systems (S) Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by T-Data Systems (S) Pte Ltd filed Critical T-Data Systems (S) Pte Ltd
Priority to PCT/SG2010/000013 priority Critical patent/WO2011090432A1/fr
Publication of WO2011090432A1 publication Critical patent/WO2011090432A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • This invention relates to a portable memory device with authentication and an authentication method and system; and relates particularly, though not exclusively, to such a device, method and system to secure an authentication process.
  • Security of the authentication process may be required if there is a possibility of a "sniffing" of the password and/or a replay attack.
  • a method to secure an authentication process for a portable memory device operatively connected to a host computer includes an encryption module of the portable memory device generating a unique code and sending it to a login software module of the host computer.
  • the login software module encrypts the unique code and sends the encrypted unique code and a password to the encryption module.
  • the encryption module decrypts the encrypted code to obtain the code for validation, and authenticates the password.
  • a system to secure an. authentication process for a portable memory device operatively connectable to a host computer comprising an encryption module and the host computer comprising a login software module.
  • the encryption module is configured to generate a unique code and send it to the login software module.
  • the login software module is configured to encrypt the unique code and send the encrypted unique code and a password to the encryption module.
  • the encryption module is further configured to decrypt the encrypted code to obtain the code for validation, and to authenticate the password.
  • a portable memory device configured to be operatively connected to a host computer.
  • the portable memory device comprises an encryption module configured to generate a unique code and send the unique code to a login software module of the host computer.
  • the encryption module is further configured to receive from the login software module an encryption of the unique code and a password, and to decrypt the encrypted code to obtain the code for validation, and also to authenticate the password
  • the password may be encrypted or hashed by the login software module before being sent to the encryption module.
  • the encryption or hashing of the password may be by use of the code or a derivative of the code.
  • the login software module may establish a secure communication channel between the login software module and the encryption module before the encryption module generates the unique code. All communication between the login software module and the encryption module may be over the secure communication channel.
  • the unique code may be selected from: a number, a series of letters, a series of numbers, characters, or any combination of them.
  • the unique code may be used for the one communication session. A different unique code may be generated for each communication session.
  • Encryption may comprise hashing and decryption may comprise unhashing.
  • Figure 1 is a schematic view of an exemplary system of a portable memory device connectable to ' a host apparatus to enable authentication of a user;
  • Figure 2 is a block diagram illustrating the exemplary portable memory device and a part of the host apparatus of Figure 1 ;
  • Figure 3 is flow chart for the operation of the exemplary embodiment of Figures 1 and 2; and Figure 4 is a flow chart illustrating an additional process to that of Figure 3.
  • the host computer 100 may be of any suitable form such as, for example, desktop computer, personal computer, laptop computer, notebook computer, server, tablet computer, personal digital assistant, digital diary, or mobile/cellular telephone.
  • connection of the portable memory device 200 with the host computer 100 may be direct or indirect. If direct it may be by the USB connector 208 of the portable memory device 200 engaging with a USB port 108 of the host computer 100. If indirect, it may be by any suitable wireless connection such as Bluetooth or WiFi; or by use of a cable (not shown).
  • the portable memory device 200 has the USB connector 208 and a USB interface 212 operatively connected to a controller 204.
  • a memory module 202 is also operatively connected to the controller 204.
  • the memory module 202 may, for example, be a flash memory module. However, it may be of any suitable form of non-volatile memory.
  • a login software module 110 in the host computer 100 establishes a secure channel 300 with the encryption module 210 of the portable memory device 200 (302).
  • This may be by any suitable and known secure channel communication system.
  • the secure channel 300 provides a first level of protection against "sniffing" of the password over the communication channel, and thus the possibility of a replay attack as all communication between the login software module 110 and the encryption module 210 is over the secure
  • a one-time password challenge is used.
  • the encryption module 210 generates a unique challenge code (303).
  • the code may be a number, a series of letters, a series of numbers, characters, or any combination of them.
  • the code is used for the one communication session. A different code is generated for each communication session.
  • the code is sent by the encryption module 210 to the login software module 110 of the host computer 100 over the secure communications channel 300.
  • the login software module 110 encrypts or hashes the code to obtain an encrypted or hashed code (304).
  • the login software module 110 of the host computer 100 uses the secure communication channel 300 to send the encrypted or hashed code and the password of a user of the host computer 00 to the encryption module 210 (305).
  • the encryption module 210 When the encryption module 210 receives the encrypted or hashed code and the password, it decrypts or unhashes the encrypted or hashed code to obtain the code to thus provide validation (306), and authenticates the password (307). This prevents a replay attack. If the validation is not successful (i.e. the code after decryption or unhashing is not the same as the code before encryption) and/or if the password is not authenticated, the secure communication channel 300 is closed and the session ends.
  • Figure 4 shows a variation where following (304) the login software module 110 also hashes or encrypts the password (405) with the code or a derivative of the code. The hashed or encrypted password is then sent with the encrypted or hashed code to the encryption module 210 over the secure channel 300 (406). The encryption module 210 then decrypts the code and the password (407), validates the code and authenticates the password (409). This provides an additional layer of protection against a replay attack.
  • the login software module 110 also hashes or encrypts the password (405) with the code or a derivative of the code.
  • the hashed or encrypted password is then sent with the encrypted or hashed code to the encryption module 210 over the secure channel 300 (406).
  • the encryption module 210 then decrypts the code and the password (407), validates the code and authenticates the password (409). This provides an additional layer of protection against a replay attack.
  • the foregoing description has described exemplary embodiments, it will be understood by those skilled in the technology concerned that many variations in details

Abstract

La présente invention concerne un procédé pour sécuriser un procédé d'authentification pour un dispositif de mémoire portable connecté en fonctionnement à un ordinateur hôte. Le procédé comprend la génération par un module de chiffrement du dispositif de mémoire portable d'un code unique et l'envoi du code unique à un module de logiciel d'ouverture de session de l'ordinateur hôte. Le module de logiciel d'ouverture de session chiffre le code unique et envoie le code unique chiffré et un mot de passe au module de chiffrement. Le module de chiffrement déchiffre le code chiffré pour obtenir le code pour une validation, et authentifie le mot de passe. La présente invention concerne également un système correspondant et un dispositif de mémoire portable.
PCT/SG2010/000013 2010-01-19 2010-01-19 Dispositif de mémoire portable à authentification et procédé et système d'authentification WO2011090432A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2010/000013 WO2011090432A1 (fr) 2010-01-19 2010-01-19 Dispositif de mémoire portable à authentification et procédé et système d'authentification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2010/000013 WO2011090432A1 (fr) 2010-01-19 2010-01-19 Dispositif de mémoire portable à authentification et procédé et système d'authentification

Publications (1)

Publication Number Publication Date
WO2011090432A1 true WO2011090432A1 (fr) 2011-07-28

Family

ID=44307068

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2010/000013 WO2011090432A1 (fr) 2010-01-19 2010-01-19 Dispositif de mémoire portable à authentification et procédé et système d'authentification

Country Status (1)

Country Link
WO (1) WO2011090432A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106817671A (zh) * 2017-02-14 2017-06-09 腾讯科技(深圳)有限公司 一种联网信息共享方法、第一终端及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050250473A1 (en) * 2004-05-04 2005-11-10 Research In Motion Limited Challenge response system and method
US7139915B2 (en) * 1998-10-26 2006-11-21 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US20090193511A1 (en) * 2008-01-30 2009-07-30 Vasco Data Security, Inc. Two-factor usb authentication token

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7139915B2 (en) * 1998-10-26 2006-11-21 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US20050250473A1 (en) * 2004-05-04 2005-11-10 Research In Motion Limited Challenge response system and method
US20090193511A1 (en) * 2008-01-30 2009-07-30 Vasco Data Security, Inc. Two-factor usb authentication token

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106817671A (zh) * 2017-02-14 2017-06-09 腾讯科技(深圳)有限公司 一种联网信息共享方法、第一终端及系统

Similar Documents

Publication Publication Date Title
US9455830B2 (en) Method for securing credentials in a remote repository
CN109923830B (zh) 用于配置无线网络接入设备的系统和方法
EP2314090B1 (fr) Association de dispositif portatif
CN103152366B (zh) 获得终端权限的方法、终端及服务器
US8099761B2 (en) Protocol for device to station association
WO2015180691A1 (fr) Procédé et dispositif d'accord sur des clés pour informations de validation
KR101239297B1 (ko) 정보 보호 시스템 및 방법
WO2015192670A1 (fr) Procédé d'authentification d'identité d'utilisateur, terminal et terminal de service
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
US20100250796A1 (en) Establishing a Secure Channel between a Server and a Portable Device
CN109361508B (zh) 数据传输方法、电子设备及计算机可读存储介质
JP2012530311A5 (fr)
US8397281B2 (en) Service assisted secret provisioning
US11196721B2 (en) Systems and methods for establishing a secure communication channel between an information handling system and a docking station
WO2014180198A1 (fr) Procédé, système et dispositif d'accès d'un terminal et support de stockage informatique
US8799646B1 (en) Methods and systems for authenticating devices
CN101621794A (zh) 一种无线应用服务系统的安全认证实现方法
WO2010023506A1 (fr) Procédés, appareils, produits-programmes informatiques et systèmes pour l'appariement et l'association sécurisés de dispositifs sans fil
KR100668446B1 (ko) 안전한 인증정보 이동방법
CA2813765C (fr) Procede permettant de mettre en surete des justificatifs d'identite dans un organe d'archivage eloigne
CN102404337A (zh) 数据加密方法和装置
US9654455B2 (en) Communication system, communication device, key management apparatus, and communication method
CN108199851B (zh) 一种数据安全传输方法、装置及系统
US10574441B2 (en) Management of cryptographic keys
KR101680536B1 (ko) 기업용 모바일 업무데이터 보안 서비스 방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10844084

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10844084

Country of ref document: EP

Kind code of ref document: A1