`
`(19) World Intellectual Property Organization
`International Bureau
`
`25 January 2001 (25.01.2001) |IIIIIllllllll||lllllllllllllll||||l||||l||||||||||||||||l|||Illllllllllllllllll
`
`(43) International Publication Date
`
`(10) International Publication Number
`WO 01/06699 A2
`
`
`(51) International Patent Classification7:
`
`H04L 9/00
`
`(21) International Application Number:
`
`PCT/USOO/19656
`
`(22) International Filing Date:
`
`19 July 2000 (19.07.2000)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`(30) Priority Data:
`09/356,600
`
`English
`
`English
`
`19 July 1999 (19.07.1999)
`
`US
`
`(71) Applicant: RSA SECURITY INC. [US/US]; 36 Crosby
`Drive, Bedford, MA 01730 (US).
`
`(81) Designated States (national): AE, AG, AL, AM, AT, AU,
`AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ,
`DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR,
`HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR,
`LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ,
`NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM,
`TR, TT, TZ, UA, UG, UZ, VN, YU, ZA, ZW.
`
`(84) Designated States (regional): ARIPO patent (GH, GM,
`KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE,
`IT, LU, MC, NL, PT, SE), OAPI patent (BF, BJ, CF, CG,
`CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG).
`
`(72) Inventors: DUANE, William; 4 Howard Road, Westford,
`MA 01886 (US). ROSTIN, Peter; Gardsmygvagen 6,
`8-135 68 Tyreso (SE).
`
`Without international search report and to be republished
`upon receipt of that report.
`
`Published:
`
`(74) Agent: LANZA, John, D.; Testa, Hurwitz & Thibeault,
`LLP, High Street Tower, 125 High Street, Boston, MA
`02110 (US).
`
`For two-letter codes and other abbreviations, refer to the ”Guid-
`ance Notes on Codes andAbbreviations " appearing at the begin-
`ning ofeach regular issue ofthe PCT Gazette.
`
`WO01/06699A2
`
`(54) Title: SYSTEM AND METHODS FOR MAINTAINING AND DISTRIBUTING PERSONAL SECURITY DEVICES
`
`(57) Abstract: This invention relates to methods and apparatus for securely accessing and providing information including the use
`of a personal security device on a client where the client is subject to compromise.
`
`|PR2018-OOO67
`
`Unified EX1017 Page 1
`
`IPR2018-00067
`Unified EX1017 Page 1
`
`
`
`WO 01/06699
`
`PCT/U500/19656
`
`SYSTEM AND METHODS FOR MAINTAINING AND DISTRIBUTING PERSONAL
`SECURITY DEVICES
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`This invention relates to the field of cryptography, including user authentication,
`
`document authentication, symmetric key cryptography, public key cryptography, secure
`
`communications, secret sharing, and key distribution.
`
`W C
`
`ryptography has become increasingly important with the increased presence of the
`
`Internet, an inherently insecure transmission medium. Cryptography enables methods of secure
`
`user authentication, which is a prerequisite to performing secure electronic commerce on the
`
`Internet.
`
`10
`
`15
`
`20
`
`25
`
`Typical methods of user authentication are insecure and vulnerable to eavesdropping. For
`
`example, suppose that a user Alice wishes to log into a computer over the Internet. A typical
`
`authentication process requires Alice to enter her password. This password is typically entered
`
`and transmitted in the clear and may be easily intercepted by an eavesdropper Eve as it travels
`
`across the Internet, providing Eve with the information necessary to gain exactly the same access
`
`privileges as Alice. Cryptography provides secure authentication protocols allowing Eve to
`
`eavesdrop on the authentication information without providing her with the necessary
`
`information to gain the same access privileges as Alice.
`
`Cryptographic methods of secure user authentication require the storage of sensitive
`
`information, typically on a medium such as the hard disk drive of a general purpose computer or
`
`the flash memory of a personal digital assistant. With the increasing portability and mobility of
`
`such hardware comes the increasing ease of its theft. In one illustrative example, a user travels
`
`with a laptop computer containing authentication information stored on its hard disk. This
`
`authentication information can be used to make a secure network connection, to log in to a
`
`remote host, and to sign email. If the laptop were to be stolen, the thief could then use this stolen
`
`information to perform further mischief by masquerading as the user.
`
`|PR2018—OOO67
`
`Unified EX1017 Page 2
`
`IPR2018-00067
`Unified EX1017 Page 2
`
`
`
`WO 01/06699
`
`PCT/U500/19656
`
`- 2 -
`
`One type of sensitive authentication information is a user’s private key. A private key is
`
`a component of public key cryptography, which enables methods of user authentication as well as
`
`secure communications over unsecured channels. Public key cryptography employs a key pair
`
`comprising a public key and a private key. One key is used to encrypt a file and the other key is
`
`used to decrypt it. The key used to encrypt a file is not usefial for subsequently decrypting it. In
`
`general, public key cryptography enables a user Alice to authenticate herself to another user Bob
`
`by encrypting data provided by Bob with her private key, creating a digital signature. Alice then
`
`sends the signature to Bob. Bob then uses Alice’s public key to decrypt the signature, which he
`
`then compares to the plaintext. Alice is authenticated to Bob if the decrypted and plaintext data
`
`match. Implementations of public key cryptography include RSA, Diffie-Helman, ElGamal, and
`
`Elliptic Curve Cryptography (“ECC”).
`
`Another type of sensitive information is the output of an authentication token. In one
`
`implementation, an authentication token displays a number that changes periodically. The
`
`numbers displayed are elements in a pseudorandom sequence. Before the token is used, it is
`
`synchronized with a security server so that the security server subsequently knows what number
`
`is displayed on the token at any given time. When a user seeks access to a resource administered
`
`by the security server, the user sends the server the number currently displayed on the token. The
`
`server then authenticates the user by comparing the sent number with the number that the server
`
`expects the authentication token to currently display. If they match, the user is authenticated and
`
`granted access to the resource. An authentication token can be implemented in hardware or
`
`software. In one software implementation, an authentication token includes program code
`
`running on the user’s laptop.
`
`Another type of sensitive information is a key to a challenge—response protocol. In one
`
`implementation of this protocol, the key comprises a number known by the user and an
`
`authentication server. Instead of requesting the number directly, the authentication server sends
`
`the user an operand. The user performs a mathematical function using the operand and the key
`
`and sends the result back to the authentication server, which compares the user’s answer with the
`
`expected answer. The mathematical function is designed so that it is impractical to discern the
`
`key from the operand and the result. A challenge-response authentication protocol can be
`
`implemented in software on the user’s a general purpose computer.
`
`Sensitive information for secure user authentication can be stored on a variety of
`
`hardware. For example, secure user authentication methods may be implemented on a
`
`10
`
`15
`
`20
`
`25
`
`30
`
`|PR2018—00067
`
`Unified EX1017 Page 3
`
`IPR2018-00067
`Unified EX1017 Page 3
`
`
`
`WO 01/06699
`
`PCT/US00/19656
`
`_ 3 _
`
`workstation, a desktop computer, a laptop computer, a personal digital assistant, a smartcard, a
`
`universal serial bus (“USB”) key, or specialized hardware. This specialized hardware can be
`
`small and portable, with form factors similar to a credit card, a gumdrop, or a school ring.
`
`There is a need to protect sensitive information stored on a wide range hardware that is
`
`subject to several forms of physical compromise.
`
`BRIEF SUMMARY OF THE INVENTION
`
`The invention provides apparatus and methods for securely accessing and providing
`
`information. In one embodiment the invention relates to a method for securely providing
`
`information including the steps of receiving information identifying an encrypted personal
`
`10‘
`
`security device, providing the encrypted personal security device, receiving authentication
`
`information, and providing decryption information for the personal security device responsive to
`
`the authentication information. In a further embodiment, the encrypted personal security device
`
`includes an encrypted key. In another embodiment, the encrypted personal security device
`
`includes information necessary to make a secure virtual private network connection. In another
`
`embodiment. the method further includes the step of validating the authentication information.
`
`In another embodiment, the step of providing the encrypted personal security device includes the
`
`steps of retrieving and providing the personal security device. In a further embodiment, the
`
`retrieval step includes retrieving the personal security device from an authentication server. In
`
`another embodiment, the method further includes the step of storing the personal security device
`
`on a smartcard. In another embodiment, the method further includes the step of storing the
`
`personal security device in a volatile memory element.
`
`In another aspect the invention relates to a method for accessing secure information
`
`including the steps of receiving an encrypted personal security device, receiving decryption
`
`information for the personal security device, and decrypting the personal security device. In one
`
`embodiment the method further includes the step of using the decrypted personal security device
`
`to access secure information. In another embodiment, the personal security device includes
`
`information necessary to make a secure network connection between a network client and a
`
`network server. In another embodiment, the personal security device includes information
`
`necessary to make a secure virtual private network connection. In another embodiment, the
`
`method further includes the steps of transmitting information identifying an encrypted personal
`
`security device and transmitting authentication information. In another embodiment, the method
`
`15
`
`20
`
`25
`
`30
`
`|PR2018—OOO67
`
`Unified EX1017 Page 4
`
`IPR2018-00067
`Unified EX1017 Page 4
`
`
`
`WO 01/06699
`
`PCT/USOO/19656
`
`- 4 _
`
`further includes the step of storing the personal security device on a smartcard. In another
`
`embodiment, the method further includes the step of storing the personal security device in a
`
`volatile memory element.
`
`In another embodiment the invention relates to a method for allowing a network client
`
`secure access to information including the steps of requesting, by the network client, a personal
`
`security device from a network server, wherein the personal security device includes encrypted
`
`information necessary to make a secure network connection, forwarding, by the network server,
`
`the personal security device to the network client, and providing, by the network server,
`
`decryption information for the personal security device. In another embodiment, the personal
`
`security device includes information necessary to make a secure virtual private network
`
`connection. In another embodiment, the method further includes the steps of forwarding, by the
`
`network server, the request to an authentication server, querying, by the authentication server, a
`
`user databse with the request, returning, by the user database, a personal security device to the
`
`authentication server, and forwarding, by the authentication server, the personal security device
`
`to the network server. In another embodiment, the method further includes the steps of
`
`obtaining, by the client, authentication information from an authentication token, providing, by
`
`the client, the authentication information to the authentication server, confirming, by the
`
`authentication server, the validity of the authentication information, retrieving, by the network
`
`server, decryption information for the personal security device from a database, and providing, by
`
`the network server, decryption information for the personal security device to the client. In
`
`another embodiment, the method firrther includes the step of decrypting, by the client, the
`
`personal security device.
`
`In another embodiment the invention relates to a device for providing secure access to
`
`information including a first receiver receiving information identifying an encrypted personal
`
`security device, a first transmitter providing the personal security device, a second receiver
`
`receiving authentication information, and a second transmitter providing decryption information
`
`for the personal security device responsive to the authentication information. In a further
`
`embodiment, the personal security device includes an encrypted key. In another embodiment, the
`
`personal security device includes information necessary to make a secure network connection
`
`between a network client and a network server. In another embodiment, the personal security
`
`device includes information necessary to make a secure virtual private network connection. In
`
`another embodiment, the device also includes an authenticator validating the authentication
`
`10
`
`15
`
`20
`
`25
`
`30
`
`|PR2018-00067
`
`Unified EX1017 Page 5
`
`IPR2018-00067
`Unified EX1017 Page 5
`
`
`
`WO 01/06699
`
`PCT/U500/19656
`
`_ 5 -
`
`information. In another embodiment, the first receiver is the same as the second receiver. In
`
`another embodiment, the first transmitter is the same as the second transmitter.
`
`In another aspect the invention relates to a device for accessing secure information
`
`including a first receiver receiving an encrypted personal security device, a second receiver
`
`receiving decryption information for the personal security device, and a decryptor decrypting the
`
`personal security device. In another embodiment, the personal security device includes
`
`information necessary to make a secure network connection between a network client and a
`
`network server. In another embodiment, the personal security device includes information
`
`necessary to make a secure virtual private network connection. In another embodiment, the
`
`device further includes a first transmitter transmitting information identifying an encrypted
`
`personal security device, and a second transmitter transmitting authentication information. In
`
`another embodiment, the first transmitter is the same as the second transmitter. In another
`
`embodiment, the device also includes a smartcard storing the decryption information. In another
`
`embodiment, the device also includes a volatile memory element storing the decryption
`
`information. In another embodiment, the first receiver is the same as the second receiver.
`
`In another embodiment the invention relates to a system for providing secure access to
`
`information including a network client including a volatile memory element and a network server
`
`storing an encrypted personal security device in a server memory element, the personal security
`
`device including encrypted information. In another embodiment, the system further includes a
`
`smartcard having a volatile memory element storing the personal security device. In another
`
`embodiment, the system further includes decrypted information for forming a secure network
`
`connection between the client and the server wherein the decrypted information is derived from
`
`applying the decryption information to the personal security device. In a further embodiment, the
`
`decryption information is stored in the volatile memory element. In a further embodiment, the
`
`decrypted information is stored in the volatile memory element. In another embodiment, the
`
`network is a virtual private network. In a further embodiment, the encrypted information
`
`includes information necessary for forming a secure network connection the the client and the
`
`server. In a further embodiment, the system further includes an authentication token, wherein the
`
`token is capable of providing authentication information, and an authentication server, wherein
`
`the authentication server includes a user database, wherein the user database includes decryption
`
`information for the personal security device, and wherein the authentication server is capable of
`
`providing the decryption information upon receipt of the authentication information.
`
`1O
`
`15
`
`20
`
`25
`
`30
`
`|PR2018—00067
`
`Unified EX1017 Page 6
`
`IPR2018-00067
`Unified EX1017 Page 6
`
`
`
`WO 01/06699
`
`PCT/USOO/19656
`
`- 6 -
`
`BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
`
`The foregoing and other objects, features and advantages of the present invention, as well
`
`as the invention itself, will be more fully understood from the following description of preferred
`
`embodiments, when read together with the accompanying drawings, in which:
`
`FIG. 1 is a flowchart illustrating the interaction between a client and a server.
`
`FIG. 2 is a flowchart illustrating steps a server undertakes to securely provide
`
`information.
`
`FIG. 3 is a flowchart illustrating steps a client undertakes performing a challenge-
`
`1O
`
`15
`
`response protocol for accessing information.
`
`FIG. 4 is a schematic illustration of a security regime.
`
`FIG. 5 is a flowchart illustrating steps a client undertakes to securely receive and access
`
`information.
`
`FIG. 6 is a schematic illustration of a hardware embodiment used to store and access a
`
`personal security device.
`
`FIG. 7 is a schematic illustration of a hardware embodiment used to store and access a
`
`personal security device.
`
`FIG. 8 is a flowchart illustrating steps to erase sensitive information after use.
`
`FIG. 9 is a schematic illustration of a system for securely providing information.
`
`FIG. 10 is a schematic illustration of a workstation storing and decrypting a personal
`
`20
`
`security device.
`
`FIG. 11 is a schematic illustration of a system for securely providing a key in response to
`
`authentication.
`
`FIG. 12 is a schematic illustration of a smartcard and a smartcard reader.
`
`FIG. 13 is a schematic illustration of a personal security device stored in an external non-
`
`25
`
`volatile medium.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`For the purposes of this invention, the term “personal security device” refers to encrypted
`
`sensitive information that may be stored on devices subject to physical compromise. “Personal
`
`security device” may also be used as a synecdoche to refer to the hardware storing this encrypted
`
`30
`
`sensitive information. In one embodiment of the invention, the personal security device can only
`
`be decrypted with decryption information, known as a key.
`
`|PR2018—OOO67
`
`Unified EX1017 Page 7
`
`IPR2018-00067
`Unified EX1017 Page 7
`
`
`
`WO 01/06699
`
`PCT/USOO/19656
`
`- 7 -
`
`For the purposes of this invention, “non-volatile storage medium” refers to any medium
`
`in which data persists when power is not supplied to the device on which the medium resides.
`
`Examples of non-volatile storage media include disks, tapes, compact disc read—only memory
`
`(“CD-ROM”), digital versatile disc (“DVD”), flash memory, erasable—programmable read-only
`
`memory (“EPROM”) and read-only memory (“ROM”). For the purposes of this invention,
`
`“volatile storage medium” refers to any medium in which data is stored in a transitory manner or
`
`data is lost when power is removed from the medium. An example of a volatile storage medium
`
`is random-access memory (“RAM”). In a typical embodiment, volatile storage media are less
`
`susceptible to physical compromise than non-volatile storage media.
`
`For the purposes of this invention, the term “physical compromise” encompasses any
`
`means by which an adversary may gain access to information on a user’s system. For example, a
`
`laptop computer can be stolen and its contents accessed. Physical compromise also encompasses
`
`an adversary may gaining entrance to an office and copying sensitive contents of a target
`
`computer onto a removable storage medium such as a floppy disk or removable cartridge.
`
`Physical compromise also encompasses an adversary transmitting sensitive information from a
`
`target computer to one of the adversary’s computers over a computer network such as the
`
`Internet. Physical compromise also encompasses the use of cracking methods including viruses
`
`and trojan horses. For example, a desktop system can be infected with a virus that seeks out
`
`sensitive information and transmits what it finds to an adversary over the Internet. Alternatively,
`
`an adversary can exploit a security hole in an operating system to gain access to that system
`
`directly. One example of a security hole exploit is known as Back Orifice, which provides
`
`unauthorized access to systems running Microsoft’s Windows NT operating system.
`
`For the purposes of this invention, the term “authentication token” refers to a device or
`
`program providing authentication information to a user that is determined based on secret
`
`information shared by the authentication token and an authentication server. In one embodiment,
`
`the authentication token is implemented as code running on the user’s general purpose computer.
`
`In an alternate embodiment, the authentication token is implemented on specialized hardware.
`
`Referring to FIG. 1, and in brief overview, a system is provided
`
`One embodiment of the invention, as illustrated in FIG. 1, includes a client that interacts
`
`with a server to gain access to sensitive information. The client first transmits a personal security
`
`device query to the server (Step 100). In one embodiment, this query includes information
`
`necessary to uniquely identify a specific personal security device. In an alternate embodiment,
`
`1O
`
`15
`
`20
`
`25
`
`30
`
`|PR2018—00067
`
`Unified EX1017 Page 8
`
`IPR2018-00067
`Unified EX1017 Page 8
`
`
`
`WO 01/06699
`
`PCT/USOO/19656
`
`_ 8 _
`
`the query includes a request to generate a new personal security device. In one embodiment, the
`
`query is received via a computer network. In a further embodiment, the computer network is a
`
`local area network. In an alternate embodiment, the computer network is a wide area network.
`
`In a further embodiment, the wide area network is the Internet. In one embodiment, the query is
`
`received Via an open or unsecured connection. In an alternate embodiment, the query is received
`
`via a secured connection. In a further embodiment, the connection is secured by the SSL
`
`protocol. In one embodiment, the query does not include any authentication information.
`
`The server receives the personal security device query (Step 110), and provides the
`
`personal security device to the client (Step 120). In one embodiment, the server provides the
`
`personal security device by transmitting it over a computer network. In a further embodiment,
`
`the computer network is a local area network. In an alternate embodiment, the computer network
`
`is a wide area network. In a further embodiment, the wide area network is the Internet. In one
`
`embodiment, the personal security device is transmitted over an open or unsecured connection.
`
`In an alternate embodiment, the personal security device is transmitted over a secured
`
`connection. In a further embodiment, the connection is secured by the SSL protocol.
`
`The client then receives the transmitted personal security device (Step 130) and transmits
`a key query requesting the key to the personal security device (Step 140). The key query includes
`
`an unique identifier for the personal security device to be decrypted. The key query also includes
`
`authentication information. In one embodiment, the authentication information is the output of
`
`an authentication token. In an alternate embodiment, the authentication information is a
`
`digitally—signed document. In yet another alternate embodiment, the authentication information
`
`is a passphrase. In yet another alternate embodiment, the authentication information is a
`
`response to a challenge. In yet another alternate embodiment, the authentication information
`
`includes biometric information. In one embodiment, the key query is transmitted via a computer
`
`network. In a further embodiment, the computer network is a local area network. In an alternate
`
`embodiment, the computer network is a wide area network. In a further embodiment, the wide
`
`area network is the Internet. In one embodiment, the key query is transmitted via an open or
`
`unsecured connection. In an alternate embodiment, the key query is transmitted via a secured
`
`connection. In a further embodiment, the connection is secured by the SSL protocol.
`
`The server then receives the key query (Step 150) and determines if the authentication
`
`information is correct (Step 160). In one embodiment, the server determines if the authentication
`
`information matches the information the server expects to be displayed on an authentication
`
`10
`
`15
`
`20
`
`25
`
`30
`
`|PR2018—00067
`
`Unified EX1017 Page 9
`
`IPR2018-00067
`Unified EX1017 Page 9
`
`
`
`WO 01/06699
`
`PCT/US00/19656
`
`- 9 -
`
`token. In an alternate embodiment, the server verifies the authentication information’s digital
`
`signature. In yet another alternate embodiment, the server determines if the authentication
`
`information matches a passphrase. In yet another alternate embodiment, the server determines if
`
`the authentication information is a correctly calculated response to a challenge. In yet another
`
`alternate embodiment, the server determines if the authentication information matches a user’s
`
`biometric information.
`
`If the authentication information is correct, the server provides the key to the personal
`
`security device (Step 170). Otherwise the server refuses to provide the key (Step 180). In one
`
`embodiment, the server provides the key by transmitting it over a computer network. In a further
`
`embodiment, the computer network is a local area network. In an alternate embodiment, the
`
`computer network is a wide area network. In a further embodiment, the wide area network is the
`
`Internet. In one embodiment, the key is transmitted over an open or unsecured connection. In an
`
`alternate embodiment, the key is transmitted over a secured connection. In a further
`
`embodiment, the connection is secured by the SSL protocol.
`
`The client receives the key (Step 190) and uses it to decrypt the personal security device
`
`(Step 195) thereby gaining access to its contents. In one embodiment, the key is a symmetric key
`
`and decryption is performed using a symmetric cipher such as RC4, A4, DES, RC5, Blowfish, or
`
`RC6. In an alternate embodiment, the key is a first asymmetric key of a key pair, the personal
`
`security device was encrypted with a second key of a key pair, and the decryption is performed
`
`using a public-key cryptographic cipher.
`
`In one embodiment of this invention, the personal security device may be distributed
`
`openly and without any requirement for authentication. In a further embodiment, the key to the
`
`personal security device is not distributed openly, but only in response to proper authentication.
`
`FIG. 2 illustrates steps taken by a server of this embodiment. The server receives a query for a
`
`personal security device (Step 200). In one embodiment, this query includes information
`
`necessary to uniquely identify a specific personal security device. In an alternate embodiment,
`
`the query includes a request to generate a new personal security device. In one embodiment, the
`
`query is received via a computer network. In a further embodiment, the computer network is a
`
`local area network. In an alternate embodiment, the computer network is a wide area network.
`
`In a further embodiment, the wide area network is the Internet. In one embodiment, the query is
`
`received via an open or unsecured connection. In an alternate embodiment, the query is received
`
`10
`
`15
`
`20
`
`25
`
`30
`
`|PR2018-00067
`
`Unified EX1017 Page 10
`
`IPR2018-00067
`Unified EX1017 Page 10
`
`
`
`WO 01/06699
`
`PCT/U800/19656
`
`_ 10 _
`
`via a secured connection. In a further embodiment, the connection is secured by the SSL
`
`protocol. In one embodiment, the query does not include any authentication information.
`
`The server then provides the personal security device (Step 210). In one embodiment, the
`
`server provides the personal security device by transmitting it over a computer network. In a
`
`fiirther embodiment, the computer network is a local area network. In an alternate embodiment,
`
`the computer network is a wide area network. In a further embodiment, the wide area network is
`
`the Internet. In one embodiment, the personal security device is transmitted over an open or
`
`unsecured connection. In an alternate embodiment, the personal security device is transmitted
`
`over a secured connection. In a further embodiment, the connection is secured by the SSL
`
`10
`
`protocol.
`
`The server then receives a key query (Step 220). The key query includes an unique
`
`identifier for the personal security device to be decrypted. The key query also includes
`
`authentication information. In one embodiment, the authentication information is the output of
`
`an authentication token. In an alternate embodiment, the authentication information is a
`
`digitally-signed document. In yet another alternate embodiment, the authentication information
`
`is a passphrase. In yet another alternate embodiment, the authentication information is a
`
`response to a challenge. In yet another alternate embodiment, the authentication information
`
`includes biometric information. In one embodiment, the key query is received via a computer
`
`network. In a further embodiment, the computer network is a local area network. In an alternate
`
`embodiment, the computer network is a wide area network. In a further embodiment, the wide
`
`area network is the Internet. In one embodiment, the key query is received via an open or
`
`unsecured connection. In an alternate embodiment, the key query is received via a secured
`
`connection. In a further embodiment, the connection is secured by the SSL protocol.
`
`The server then determines if the authentication information is correct (Step 230). In one
`
`embodiment, the server determines if the authentication information matches the information the
`
`server expects to be displayed on an authentication token. In an alternate embodiment, the server
`
`verifies the authentication information’s digital signature. In yet another alternate embodiment,
`
`the server determines if the authentication information matches a passphrase. In yet another
`
`alternate embodiment, the server determines if the authentication information is a correctly
`
`calculated response to a challenge. In yet another alternate embodiment, the server determines if
`
`the authentication information matches a user’s biometric information.
`
`15
`
`20
`
`25
`
`30
`
`|PR2018-00067
`
`Unified EX1017 Page 11
`
`IPR2018-00067
`Unified EX1017 Page 11
`
`
`
`WO 01/06699
`
`PCT/USOO/19656
`
`_ 11 _
`
`If the authentication information is correct, the server provides the key to the personal
`
`security device (Step 240). Otherwise the server refuses to provide the key (Step 250). In one
`
`embodiment, the server provides the key by transmitting it over a computer network. In a further
`
`embodiment, the computer network is a local area network. In an alternate embodiment, the
`
`computer network is a wide area network. In a further embodiment, the wide area network is the
`
`Internet. In one embodiment, the key is transmitted over an open or unsecured connection. In an
`
`alternate embodiment, the key is transmitted over a secured connection. In a further
`
`embodiment, the connection is secured by the SSL protocol.
`
`Methods of providing proper authentication include but are not limited to entering a
`
`password, successfully completing a challenge—response protocol, entering data from an
`
`authentication token, and biometric authentication. Characterisitics for biometric authentication
`
`can include fingerprints, voice prints, retinal scan, facial features, or the measurement of any
`
`physical characteristic associated with a user to be authenticated.
`
`FIG. 3 illustrates an embodiment employing a challenge-response protocol. A client
`
`requests a specific personal security device by sending a personal security device query (Step
`
`300). In one embodiment, this query includes information necessary to uniquely identify a
`
`specific personal security device. In an alternate embodiment, the query includes a request to
`
`generate a new personal security device. In one embodiment, the query is received via a
`
`computer network. In a further embodiment, the computer network is a local area network. In an
`
`alternate embodiment, the computer network is a wide area network. In a further embodiment,
`
`the wide area network is the Internet. In one embodiment, the query is received v