III III 0 IIOI DID IIO 1101 DID III DID III III DD liD IIID II DI II
`
`US 20020178370A1
`
`(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2002/0178370 Al
`Gurevich et at. (cid:9)
`(43) Pub. Date: (cid:9)
`Nov. 28, 2002
`
`(54) METHOD AND APPARATUS FOR SECURE
`AUTHENTICATION AND SENSITIVE DATA
`MANAGEMENT
`
`(76) Inventors: Michael N. Gurevich, Walnut Creek,
`CA (US); Vit Kantor, Arlington
`Heights, IL (US)
`
`Correspondence Address:
`Michael J. Mallie
`BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN
`LLP
`Seventh Floor
`12400 Wilshire Boulevard
`Los Angeles, CA 90025-1026 (US)
`(21) Appl. No. (cid:9)
`
`09/751,596
`
`(22)
`
`Filed:
`
`Dec. 29, 2000
`
`Related U.S. Application Data
`
`(60) Provisional application No. 60/173,731, filed on Dec.
`30, 1999.
`
`Publication Classification
`
`Int. Cl.7 ....................................................... H04L 9/00
`(51)
`(52) U.S. Cl . ........................... 713/189; 713/184; 380/277
`
`ABSTRACT
`(57) (cid:9)
`A method and apparatus for improved data management are
`described. In one embodiment, the method comprises gen-
`erating a first key component, generating an encryption key
`using the first key component, a token key and a personal
`identification number (PIN), encrypting data using the
`encryption key, and sending the data encrypted with the
`encryption key to a server along with the first key compo-
`nent.
`
`fN (cid:9)
`
`on Key - the same for all tokens far a given Use r;
`Different for di, fferent Users
`Authentication
`Client generates Authentication Data based on Token Key and PINK
`-------------------' ►
`Sexvervenfies authentication data and confirms authent ^ratinn
` Encryption ----------,-
`Client generates unique Server-side key component, (cid:9)
`Generates unique Encryption key wing that component,
`
`Authenkcation Data based on Token Key and PIN
`
`.
`
`® (cid:9)
`
`1
`
`W
` Token Key and PIN. _____*
`
`
`-
`Client Encrypts the data using that (cid:9)
`d ^s
`encryption Key, (cid:9)
`Client transmits to the Server Encrypted Data Entry and Server — (cid:9) ^*
`
`y''r ry e
`
`Decryption
`
`eirat (cid:9)
`Unique D Entry Entiyp1ofl Key (cid:9)
`
`mponent araTera'crypree Data;
`Ce nt (cid:9)
`Client re-creates the Encryption Key for the Data Entry;
`Client decrypts the Data Entry (cid:9)
`
`Enc yyted
`
`to Eratay
`
`Server-side Key
`Carnpoient (unique for each Data Enby)
`
`PETITIONERS' EXHIBIT 1030
`
`Page 1 of 16
`
`(cid:9)
`(cid:9)
`

`

`00
`
`a
`
`00
`
`Vj
`
`b
`
`bata En
`
`F^c ^^te
`
`Component (unique for each Data En. y)
`S'erver-side Key
`
`Client decrypts the Data Entry (cid:9)
`Client re-creates the Encryption Key for the Data Entry;
`CA`nt retnev`es^rom e ewer-side^`key coic ponent a^WTei c_y ed Data;
`
`Unique Dt Entry Enczyption Key (cid:9)
`
`e mt (cid:9)
`
`Decryption
`
`_ 1Y Qx )Q Tt-------------
`
`- ^ns
`-
`
`'
`
`-
`
`Serve
`.
`
`
`
`rte_ (cid:9)
`
`
`
`Client transmits to the Semr Encrypted Data Entry and Sewer (cid:9)
`encryption Key,
`Client Encrypts the data using that (cid:9)
`Token Key and PIN.
`Generates unique Encryption key wing that component,
`Client generates unique Server-side key component, (cid:9)
`
`Encryyption
`
`Serververi#'ies authentication data and confirms authent tj
`
`-... (cid:9)
`
`thent cation Data based on Token Key and PIN
`
`Client generates Authentication Data based on Token Key and PIN
`Authentication
`
`Diferent for different Users
`Token Key - the same for ali tokens fora given User;
`
`fT
`
`Fig. I
`
`Page 2 of 16
`
`(cid:9)
`

`

`00
`
`N
`
`00
`
`o'
`
`b
`
`.:
`
`Wireless (cid:9)
`
`Devices
`
`Fills in WML Forms
`
`Present token
`
`and PIN
`
`.......
`
`
`
`..........
`
`I (3
`
`Server (cid:9)
`
`
`
`n
`n
`
`-
`
`n
`
`_._ .._
`.®
`
`in the Browser window (cid:9)
`. Maps YML doe into HTML Form
`
`4.I crypts AccessEntry XML doe
`
`Encryption Key (cid:9)
`
`3.Restores Unique Access Entry
`2.Retrieves Access Entry from Server
`1.Autosenses HTML Form
`
`Token
`oftw:1r
`
`ZOv
`
`Web-based
`
`uGuard
`
`.--------------------- (cid:9)
`
`data (cid:9)
`
`2. Retrieves User Profile
`Step (Token is Inserted) j .Token Authenticates to
`Initirl ation n.nnnnnnnnna. .a nnaaaaaanassaaanmaa
`
`the Server;
`
`Fig 2.
`
`Page 3 of 16
`
`(cid:9)
`(cid:9)
`

`

`00
`
`N
`
`
`
`Ui
`
`N
`v
`
`^.
`
`
`
`
`
`- (cid:9)
`
`Wireless (cid:9)
`
`Devices
`
`4 '.
`
`........................... (cid:9)
`
`Present token (cid:9)
`
`and PIN (cid:9)
`
`.
`
`I
`
`or uses it itself to secure a Transaction
`Passes the Key to an Application
`Decrypts AccessEn and gets PKI key.
`
`;' (cid:9)
`
`3. Reston s Unique Access Entry (cid:9)
`
`1„}
`
`J"-' (cid:9)
`
`theke}' frolu Serer (cid:9)
`
`°,. (cid:9)
`
`p........
`
`C (cid:9)
`
`Ser (cid:9)
`
`p (cid:9)
`
`..
`
`vw' _
`l ate Cd (cid:9)
`
`Web-based
`
`2. Retrinres Access Entry containing
`1.User asks for PKI key
`
`lokeit (cid:9)
`S oft a-ar - (cid:9)
`
`n(cid:127)rrrr.r...r.r.rr.r.r..r.rr.r.....r.^y.
`
`Step (Token is Inserted) I .Token Authenticates to
`Initialization (cid:9)
`
`Fig. 3.
`
`-4-------------------- (cid:9)
`
`2. Retrieves User Profile
`
`data (cid:9)
`the Server;
`
`Page 4 of 16
`
`(cid:9)
`(cid:9)
`(cid:9)
`(cid:9)
`

`

`00
`
`a
`C
`41
`rr
`
`VI
`
`b
`
`esunauon
`
`To the message (cid:9)
`7. Gatewy
`
`
`
`a.tl,
`3. Si}mod ross^ e
`
`( atcw (cid:9)
`
`5. PDA decrypts signing loy
`
`and signs $►e message
`
`1.Authenticate and
`
` Gateway caches CerI,ficats
`
`2 Encrypted sigrnng key end clear Certificate
`
`1
`
`Sei-vt~ri ;`^
`
`Fig.4.
`
`Page 5 of 16
`
`

`

`Patent Application Publication Nov. 28, 2002 Sheet 5 of 5 (cid:9)
`
`US 2002/0178370 Al
`
`S00
`
`MAIN
`MEMORY
`SO4
`
`STATIC
`MEMORY
`5D
`
`MASS
`STORAGE
`MEMORY
`507
`
`PROCESSOR
`512
`
`BUS
`511
`
`DISPLAY
`21 (cid:9)
`
`(cid:9) KEYBOARD
`522
`
`CURSOR
`CONTROL
`DEVICE
`523
`
`HARD
`COPY
`DEVICE
`5.4
`
`WIRELESS!
`TELEPHONY
`INTERFACE
`525
`
`FIG. s
`
`Page 6 of 16
`
`

`

`US 2002/0178370 Al
`
`Nov. 28, 2002
`
`METHOD AND APPARATUS FOR SECURE
`AUTHENTICATION AND SENSITIVE DATA
`MANAGEMENT
`[0001] This application claims the benefit of U.S. Provi-
`sional Application No. 60,173,731 entitled "A Method and
`Apparatus for Secure Authentication and Authentication
`Management," filed Dec. 30, 1999.
`
`FIELD OF THE INVENTION
`
`[0002] The present invention relates to the field of data
`management in systems; more particularly, the present
`invention relates to secure data management in a networked
`environment.
`
`BACKGROUND OF THE INVENTION
`
`[0003] Typical computer user nowadays deals with a vari-
`ety of secure services such as web sites, email services,
`dial-up accounts, application programs, etc. To get access to
`a secure service a user has to pass authentication—a process
`by which the user (subject) provides his name (identity) and
`password or other authentication data to a mutually trusted
`entity (principal authenticator). The principal authenticator
`(traditionally embedded into the secure service itself or,
`more advantageously, a separate entity) is responsible for
`granting/denying access (a communication link and access
`privileges) to the subject. While good encryption techniques
`exist to prevent tapping on communication links to such
`services, there are no good methods from preventing pass-
`words or other authentication data themselves from being
`guessed or stolen. A number of password cracking programs
`exist and they are very effective in guessing passwords by
`combining dictionary search and basic human engineering
`techniques. A really good password shall be as long as
`possible and absolutely devoid of any semantic meaning. A
`good practice is to change passwords periodically. Many
`existing secure services enforce periodic change of pass-
`words and, additionally, disallow re-using of old passwords.
`However, people are unable not only to create good pass-
`words, but most importantly, to remember them. Thus,
`robust, hard to guess passwords must be written down
`somewhere. Also, entering them is a nuisance.
`[0004] Quite often a user has to access password-protected
`services from computers different than that user's "primary"
`computer. Although, having different passwords for each
`service makes perfect sense, it is difficult to accomplish this
`without some access management utility that frees the user
`from the necessity to invent, remember and type all these
`different passwords. Furthermore, there should be a way to
`detect and block unauthorized use of such access manage-
`ment utility. For the authorized user, there should be a way
`to restore his/her passwords preventing, at the same time,
`unauthorized use by an illegitimate user.
`[0005] Corporations need a reliable and inexpensive way
`to manage restricted access to its resources, including
`mechanisms to supply their employees and customers with
`a secure and easily manageable password distribution and
`protection mechanism.
`[0006] Both individual users and corporations are often
`interested in keeping track of what particular secure services
`were accessed by a particular user and an indication of when
`those services were accessed. Besides passwords, a user may
`
`need to handle other types of data that should be kept in
`confidence. This data includes, but is not limited to: personal
`profile data (e.g., social security, driver license numbers,
`addresses, etc); payment instruments and financial data (e.g.,
`accounts and credit/debit card numbers, etc.); Public Key
`Infrastructure (PKI) credentials including public keys, pri-
`vate keys and/or digital certificates, and other types of
`cryptographic data; other types of data used for authentica-
`tion, (e.g., biometric profiles, etc.); online forms with arbi-
`trary content that user fills in using an internet browser on a
`wired or wireless Internet-enabled device; and arbitrary data
`(e.g, data files). As described herein, the term "user" means
`both human users and/or software applications that require
`access to sensitive data (e.g., an application may need to use
`a set of PKI credentials or to supply a password to login to
`a database, etc.).
`[0007] There are a number of common problems related to
`managing sensitive data of any nature. For example, one
`common problem is dependable and convenient handling of
`sensitive data. That is, protecting data from any unautho-
`rized use that includes ensuring that a transaction involving
`sensitive data has been originated by the data's true owner.
`A good example is ensuring that an online purchase using a
`credit card has been initiated by that card's true owner. The
`data must be well-protected against user impersonation and
`forceful break-ins. Convenience means that human user
`should be relieved from repetitive operations; a user should
`be guided by the system as much as possible. Another
`problem is creating data of high quality. For instance, user
`passwords should be hard to guess.
`[0008] Still other problems include data distribution, revo-
`cation, and validity checking, and accessing data in a mobile
`and portable manner. Mobility and portability mean that the
`system allows a user to manage his sensitive data using a
`variety of wired and wireless devices and allow a user to
`preserve his digital identity independently on what device he
`is using at a particular moment.
`[0009] PKI is surely becoming a preferred mechanism for
`implementing sensitive transactions protection and non-
`repudiation. There is a number of specific problems that
`significantly slow down wide-spread PKI adoption, both in
`wired and wireless environments. For example, PKI mobil-
`ity and portability: a user should be able to access his PKI
`credentials from any device, including wireless and personal
`computers (PCs) not belonging to the user. PKI credentials
`are usually stored in an encrypted profile on user's PC, and
`there is no way of allowing users to carry their PKI profiles
`with them. As different institutions (banks, brokerages, etc.)
`start implementing their own PKI deployments, the users are
`required to carry around multiple sets of PKI credentials.
`
`[0010] Another problem is that PKI profiles stored on
`users' computers are vulnerable to off-line guessing attacks.
`Also problematic is that PKI credentials management,
`including distribution, revocation, renewal is very difficult to
`handle in large deployments. Time for new credentials
`distribution becomes comparable with the key lifetime itself.
`Distributing renewed credentials to users that possibly do
`not even use them, or use them infrequently, is a costly and
`time-consuming process.
`
`[0011] PKI problems are even more severe in the wireless
`environments. Wireless devices and network constraints are
`not allowed to keep multiple PKI credentials on the wireless
`
`Page 7 of 16
`
`(cid:9)
`

`

`US 2002/0178370 Al
`
`Nov. 28, 2002
`
`2
`
`devices themselves (and even keeping one certificate on a
`device is often unfeasible). Sending signed messages with
`certificates attached via wireless networks consumes a lot of
`resources and may be not viable at all.
`[0012] An additional problem is the data vulnerability
`window on the wireless gateway. Specifically, data travels
`wireless network encrypted under WTLS protocol. On the
`wired leg of the data route, data is encrypted under the SSL
`protocol. On the wireless gateway, the data is decrypted and
`re-encrypted (WTLS to SSL or vice versa), thus there is a
`time period during which the data is not encrypted on the
`gateway.
`
`assistant devices
`authentication (cid:9)
`[0013] Hardware (cid:9)
`(Secureld from RSA Technologies of Bedford, Mass., Digi-
`pass from VASCO) are used for accessing secure services.
`The user must physically posses the SecureId device in order
`to access the service. Although these SecureId devices
`provide good mechanism for preventing unauthorized
`access to a company's Intranets, these tokens do not solve
`the problems described above. Users still need to remember
`and maintain their passwords.
`[0014] Software authentication assistant utilities (NetCon-
`cierge from NextCard Inc.) provide a mechanism for
`"remembering user's authentication data" and assisting the
`entering of this data during a "next session". These utilities
`do not solve problems discussed above.
`[0015] Digital certificates deploy a notion of a "mutually
`trusted third party" for accessing secure services. A digital
`certificate is obtained by the user from the "mutually trusted
`third party" and is used by a cooperative secure server
`(especially designed) for checking with the "mutually
`trusted third party" if the user is authorized for requested
`service. However, these certificates are usually stored on the
`user's computer, and thus, are accessible by everyone who
`has access to that computer. Digital certificates do not solve
`the problem of reliable and restricted management of
`restricted users needed by corporations. Moreover, the use of
`digital certificates is limited to "cooperative" secure ser-
`vices.
`[0016] On-line aggregation and e-wallet services such as,
`Yodlee and Obongo, deal only with users' logon data (user
`Ids and passwords) and with online forms in a limited
`fashion (filling in only user profile-related data). These
`solutions have various security deficiencies, such as lack of
`strong authentication and data vulnerability windows.
`
`[0017] More secure PKI management solutions from PKI
`vendors (e.g., Entrust Technologies of Ottawa, Canada,
`Baltimore Technologies of Dublin, Ireland, Verisign of
`Mountain View, Calif.) are narrowly oriented to deal with
`PKI data only and do not solve all problems described
`above.
`
`SUMMARY OF THE INVENTION
`
`[0018] A method and apparatus for improved data man-
`agement are described. In one embodiment, the method
`comprises generating a first key component, generating an
`encryption key using the first key component, a token key
`and a personal identification number (PIN), encrypting data
`using the encryption key, and sending the data encrypted
`with the encryption key to a server along with the first key
`component.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`[0019] The present invention will be understood more
`fully from the detailed description given below and from the
`accompanying drawings of various embodiments of the
`invention, which, however, should not be taken to limit the
`invention to the specific embodiments, but are for explana-
`tion and understanding only.
`[0020] FIG. 1 illustrates user authentication and data
`storing/retrieval mechanism in which three components, a
`token, PIN and server, are included in order to access the
`data.
`[0021] FIG. 2 illustrates how the system deals with online
`forms for both on wired and wireless devices.
`[0022] FIG. 3 illustrates one embodiment of a process of
`using PKI credentials.
`[0023] FIG. 4 illustrates the method described above for
`handling signed transactions on wireless devices.
`[0024] FIG. 5 is a block diagram of one embodiment of a
`computer system.
`
`DETAILED DESCRIPTION OF THE PRESENT
`INVENTION
`
`[0025] In the following description, numerous details are
`set forth, to provide a thorough understanding of the present
`invention. It will be apparent, however, to one skilled in the
`art, that the present invention may be practiced without these
`specific details. In other instances, well-known structures
`and devices are shown in block diagram form, rather than in
`detail, in order to avoid obscuring the present invention.
`[0026] Some portions of the detailed descriptions which
`follow are presented in terms of algorithms and symbolic
`representations of operations on data bits within a computer
`memory. These algorithmic descriptions and representations
`are the means used by those skilled in the data processing
`arts to most effectively convey the substance of their work
`to others skilled in the art. An algorithm is here, and
`generally, conceived to be a self-consistent sequence of steps
`leading to a desired result. The steps are those requiring
`physical manipulations of physical quantities. Usually,
`though not necessarily, these quantities take the form of
`electrical or magnetic signals capable of being stored, trans-
`ferred, combined, compared, and otherwise manipulated. It
`has proven convenient at times, principally for reasons of
`common usage, to refer to these signals as bits, values,
`elements, symbols, characters, terms, numbers, or the like.
`[0027]
`It should be borne in mind, however, that all of
`these and similar terms are to be associated with the appro-
`priate physical quantities and are merely convenient labels
`applied to these quantities. Unless specifically stated other-
`wise as apparent from the following discussion, it is appre-
`ciated that throughout the description, discussions utilizing
`terms such as "processing" or "computing" or "calculating"
`or "determining" or "displaying" or the like, refer to the
`action and processes of a computer system, or similar
`electronic computing device, that manipulates and trans-
`forms data represented as physical (electronic) quantities
`within the computer system's registers and memories into
`other data similarly represented as physical quantities within
`the computer system memories or registers or other such
`information storage, transmission or display devices.
`
`Page 8 of 16
`
`(cid:9)
`

`

`US 2002/0178370 Al
`
`Nov. 28, 2002
`
`3
`
`[0028] The present invention also relates to apparatus for
`performing the operations herein. This apparatus may be
`specially constructed for the required purposes, or it may
`comprise a general purpose computer selectively activated
`or reconfigured by a computer program stored in the com-
`puter. Such a computer program may be stored in a computer
`readable storage medium, such as, but is not limited to, any
`type of disk including floppy disks, optical disks, CD-
`ROMs, and magnetic-optical disks, read-only memories
`(ROMs), random access memories (RAMs), EPROMs,
`EEPROMs, magnetic or optical cards, or any type of media
`suitable for storing electronic instructions, and each coupled
`to a computer system bus.
`
`[0029] The algorithms and displays presented herein are
`not inherently related to any particular computer or other
`apparatus. Various general purpose systems may be used
`with programs in accordance with the teachings herein, or it
`may prove convenient to construct more specialized appa-
`ratus to perform the required method steps. The required
`structure for a variety of these systems will appear from the
`description below. In addition, the present invention is not
`described with reference to any particular programming
`language. It will be appreciated that a variety of program-
`ming languages may be used to implement the teachings of
`the invention as described herein.
`
`[0030] A machine-readable medium includes any mecha-
`nism for storing or transmitting information in a form
`readable by a machine (e.g., a computer). For example, a
`machine-readable medium includes read only memory
`("ROM"); random access memory ("RAM"); magnetic disk
`storage media; optical storage media; flash memory devices;
`electrical, optical, acoustical or other form of propagated
`signals (e.g., carrier waves, infrared signals, digital signals,
`etc.); etc.
`
`[0031] Overview
`
`[0032] Methods and apparatus for secure authentication
`and sensitive data management are described herein. In one
`embodiment, a server operated by a service provider and
`individualized secure tokens (tokens) are used to facilitate
`the secure authentication and sensitive data management.
`The tokens may be hardware and/or software and are dis-
`tributed to the users (subscribers). Sensitive data is stored on
`the server. In one embodiment, each item is individually
`encrypted with a unique just in time generated encryption
`key, where "just in time" refers to the fact that the encryption
`key is generated only when it is to be used and not in
`advance. These encryption keys are not stored anywhere and
`are re-created on the fly when needed. To access sensitive
`data, the client software (in case of a hardware token
`residing on it) utilizes data located on the token, and on the
`server, and in the subscriber's head.
`
`[0033] In one embodiment, the token is preferably a credit
`card-size CD-ROM disk or a conventional CD-ROM disk.
`The card-size CD-ROM disk is a preferred because of its
`physical dimensions. Credit card-size CD-ROM disks cur-
`rently offered in the market are readable by a conventional
`CD-ROM driver and provide capacity of about 22 MB of
`data. In another embodiment, the token is a general-purpose
`palm held computing device. In yet another embodiment, the
`token is a digital phone. In still another embodiment, the
`token is a smart card. Token may also be implemented
`entirely in software.
`
`[0034] Passwords are one of the sensitive data types the
`system described herein manages. The system provides for
`just in time, high quality passwords generation and allows a
`user to specify password characteristics, such as, for
`example, maximum length, allowed symbols, etc. High
`quality passwords (the ones that are very difficult to crack)
`are rarely used because people have very hard time remem-
`bering and typing them in, but the system described herein
`relieves users from the necessity to remember and manually
`input their passwords. "High quality" passwords are the
`ones that are extremely hard to guess. Thus, they should be
`devoid of any semantics (such as, for example, "your wife's
`maiden name plus your dog's name", etc.) These semanti-
`cally meaningless passwords should, in addition, be com-
`posed of a mixture of lower- and upper-case letters, digits,
`and special symbols.
`[0035]
`If an on-line form contains a password (used to
`login to a website, for instance), a client-side application
`(referred below as PMU or SDMU) recognizes that and
`allows for automatic generation of that password. instead of
`using a human-invented password. The client-side applica-
`tion may recognize if an on-line form contains a password
`by acquiring access to the content of a downloaded page.
`The automatic generation of a password may be performed,
`for instance, by choosing symbols for the passwords ran-
`domly and ensuring that these symbols are combined
`according to a "high quality password rules" described
`above. Password generation may also be triggered explicitly
`by the user. Besides this password-generation feature, the
`system treats logon forms the same way as any other on-line
`form.
`[0036] Password-only Management System.
`
`[0037] In one embodiment, for the purpose of handling a
`subset of sensitive data that includes only passwords, a token
`contains: a password management utility program (PMU); a
`randomly generated very long stream of bytes(VLSB);
`optionally, a unique Subscriber Personal Identification Num-
`ber (PIN); optionally, additional content for advertisements,
`products promotions, etc., may be included. The PMU
`manages all aspects of token use, including most impor-
`tantly just in time password generation and prevention of
`unauthorized use. Preferably, the PMU complies with tra-
`ditional communication security such as, for example, the
`secure handshake with the server and message encryption.
`The PMU is preferably a Java application, thus providing for
`multi-platform support.
`
`[0038] In one embodiment, the VLSB is 15-20 MB long.
`In one embodiment, the VLSB is subscriber specific and is
`stored and/or written on the individualized token. In another
`embodiment, the VLSB is generated by a device or system,
`such as, for example, a personal palm held computing
`device. This stream of bytes is used for password generation.
`[0039] In one embodiment, the PIN is encrypted by the
`server's public key and is stored on the token itself. For
`additional security, a subscriber may request from the server
`his own PIN and provide this PIN to the PMU upon program
`startup. Either stored on the token or provided by the
`subscriber, the PIN (preferably encrypted by the server's
`public key) is used to identify the individual token to the
`server.
`[0040]
`In one embodiment, in the case of such a system
`that only handles passwords, the server is an application
`
`Page 9 of 16
`
`(cid:9)
`

`

`US 2002/0178370 Al
`
`Nov. 28, 2002
`
`0
`
`running on a service provider's host. In one embodiment, the
`server provides (in conjunction with PMU) for: tokens
`identification; service activation/deactivation; usage track-
`ing; enabling PMU for just in time password generation; and
`prevention of unauthorized use based on usage tracking.
`[0041] Password Management Utility
`[0042] In one embodiment, the PMU is implemented as
`follows. When a subscriber needs a password for a given
`service (service name) for the first time, the user provides to
`the PMU, the service name and user identity to the service
`(Subject Id). The subject ID refers to a combination of a
`service name that requires the password and the user login
`name for that service. For instance, if a user has an account
`with a Yahoo Mail with login name "Smithl35", then the
`subject ID would be "Yahoo Mail-Smithl35". Firstly, the
`PMU randomly generates a string of bytes, referred to herein
`as the seed key. Second, the PMU generates on the fly a
`password for the service by using the seed key to control
`which bytes of the VLSB in the token to use for the
`password. The PMU can take into account subscriber-
`provided password characteristics such as, for example,
`password length, specification whether special symbols are
`allowed in the password, etc. Third, the PMU saves the
`association <"service name"-"subject Id"-"seed key"-"pass-
`word characteristics"> (access entry) on the local computer
`and on the server (if the computer is connected to the
`Internet). For instance, an access entry for User's Yahoo
`email account could be: <Yahoo Mail-Smithl35-sI(5 gb#j-
`"length-10, alpha-numeric symbols only">. Preferably, this
`access entry is encrypted. In one embodiment the encryption
`key is generated by the same algorithm as for the "just in
`time password generation" but using the token's PIN as the
`"seed key".
`[0043] Fourth, in one embodiment, the PMU copies the
`generated password to the clipboard from where the sub-
`scriber may paste it to the authentication window. In another
`embodiment, the PMU advantageously copies the subject Id
`and the generated password directly to the authentication
`window where a user is supposed to enter his login name and
`password of the service.
`[0044] When the subscriber accesses that service again,
`the PMU uses a previously created access entry for that
`service and regenerates the password on the fly. In one
`embodiment, the user identifies the service name to the
`PMU. In another embodiment, the PMU advantageously
`identifies recurring access to the secure service automati-
`cally (by URL or other means).
`[0045] One benefit of this mechanism of just in time
`password generation is that no passwords are stored neither
`on the server, nor on the subscriber's computer. The pass-
`words are re-generated as they are needed. Another benefit
`is that no passwords are transmitted between the server and
`the subscriber's computer. To reproduce the password, both
`a unique token and a seed key for the password service are
`required. In one embodiment, the seed keys are stored in
`encrypted form. In one embodiment, the passwords are
`extremely hard to guess because of a very long stream of
`bytes used to generate them, the passwords have the maxi-
`mum length allowed and passwords are semantically mean-
`ingless. The maximum length allowed may be used, but is
`not necessary. However, the longer the password, the more
`difficult it is to crack. Different services and/or application
`have different restrictions on how long the password may be.
`
`[0046] In one embodiment, in the case of a passwords
`handling-only oriented system, the server is implemented as
`follows. First, the PMU connects to the server over the
`Internet using a secure connection method (such as, for
`example, SSL) and transmits the unique PIN to the server.
`The PIN is preferably encrypted by the server public key.
`Next, the server verifies that the token with that PIN has not
`been reported as stolen or lost. If the token has been
`compromised, the server breaks the connection with the
`PMU and records the IP address of the PMU. This IP address
`may be used to track down the perpetrator.
`[0047] Else, if token's legitimacy has been confirmed, the
`server sends back to the PMU a list of access entries for all
`previously accessed secure services. In one embodiment, the
`list is preferably encrypted by the SSL session key. There-
`after, the PMU saves the list on the local computer. Each
`access entry of the list is preferably saved individually
`encrypted as described herein. This will advantageously
`enable the PMU for adding/deleting/updating new access
`entries to the list without re-encrypting of the whole list.
`Next, each time the PMU generates a password, it creates a
`usage entry minimally consisting of association <"service
`name"-"time stamp">. Afterward, each time a new usage
`entry is generated, or periodically, all new usage entries are
`sent to the server. This advantageously enables the server for
`usage tracking.
`[0048]
`If a subscriber loses the tokens, or if it is stolen,
`he/she reports the fact to the server and the token is marked
`as compromised. The PIN may be marked as compromised.
`In one embodiment, in this case, the subscriber may be
`issued two tokens—an "old" token, with the PIN and VLSB
`as the lost one, and a "new" token, with a new unique PIN
`and VLSB. The new token enables the server to send to the
`subscriber the same list of access entries as was accumulated
`through the usage of the stolen token. However, all these
`access entries are marked as requiring a change in the
`password. For each access entry in the list, the PMU requests
`the subscriber to access the secure service by using the "old"
`token and to generate a new password by using the "new"
`token. Each time the server receives a usage entry, it clears
`the mark requiring password change for the corresponding
`access entry.
`[0049] In another embodiment, a subscriber may be issued
`a new token with the same VLSB and unique new PIN. In
`that case, no passwords regeneration is required, and at the
`same time, use of the old token is blocked (because its PIN
`is reported as compromised).
`[0050]
`In one embodiment, the content of tokens (PIN and
`VLSB) issued to subscribers is stored securely at the manu-
`facturing facility of the token. In another embodiment, the
`manufacturing facility may have a mechanism to re-generate
`the VLSB using the token's PIN. In either case, the content
`of tokens is not accessible through Internet.
`[0051] In one embodiment, a subscriber may choose not to
`store the content at all, but in that case he/she has to cha