US2007255960A1PendingUtilityA1

System and method for validating a network session

49
Assignee: AUTHENEX INCPriority: Oct 26, 2001Filed: Jun 11, 2007Published: Nov 1, 2007
Est. expiryOct 26, 2021(expired)· nominal 20-yr term from priority
H04L 63/0428H04L 63/0838H04L 63/0853G06Q 20/367G06Q 20/3678
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for preventing interception and decryption of information by an unauthorized party when that information is transmitted over a network is provided. A token is used to encrypt one-time password that is different for each network session, to prevent decryption thereof. The encrypted one-time password is returned to a network server for authentication by the server. The network server generates its response in a similar fashion. The server compares its response to the one-time password, to determine if they match. If they match, then the client is granted access to the network. If they responses do not match, then the client is denied access to the network by the server.

Claims

exact text as granted — not AI-modified
1 . A method for preventing interception and decryption of information by an unauthorized party when that information is transmitted over a network, the method comprising the following steps: 
 (a) coupling a computer to a network;    (b) coupling a token device to the computer;    (c) querying a sever for access to the network;    (d) generating a challenge responsive to the query;    (e) transmitting the challenge to the token device;    (f) generating an encryption key responsive to receipt of the challenge;    (g) generating a response based upon the encryption key and an identifier code;    (h) transmitting the response to the server;    (i) comparing the response to a server-generated response to determine if the response and the server-generated response match;    (j) if the response and the server-generated response match, then granting access to the network; and    (k) if the response and the server-generated response do not match, then denying access to the network.    
   
   
       2 . The method of  claim 1  wherein a new challenge is generated for each query of a server.  
   
   
       3 . The method of  claim 1  wherein a new identifier code is generated for each query of a server.  
   
   
       4 . The method of  claim 1  wherein one of the queried server and the computer generates the challenge.  
   
   
       5 . A method for preventing interception and decryption of information by an unauthorized party when that information is transmitted between a computer and a network, the method comprising the following steps: 
 (a) coupling a computer to a network;    (b) coupling a token device to the computer;    (c) querying a sever for access to the network;    (d) generating a challenge responsive to the query, the challenge comprising a puzzle, a key ID, and an identifier code;    (e) transmitting the challenge to the token device;    (f) generating an encryption key responsive to receipt of the puzzle and key ID;    (g) generating a response based upon the encryption key and the identifier code;    (h) transmitting the response to the server;    (i) comparing the response to a server-generated response to determine if the response and the server-generated response match;    (j) if the response and the server-generated response match, then granting access to the network; and    (k) if the response and the server-generated response do not match, then denying access to the network.    
   
   
       6 . The method of  claim 5  wherein a new challenge and a new identifier code are generated for each query of a server.  
   
   
       7 . The method of  claim 5  wherein the response comprises a one-time password.  
   
   
       8 . The method of  claim 7  wherein the one-time password is encrypted.  
   
   
       9 . The method of  claim 5  further comprising: 
 the token device including a processor and a memory, the memory configured with an ID pad region and at least one encryption/decryption key stored therein.    
   
   
       10 . The method of  9  wherein the token device performs a first round of encryption to generate the encryption key, the first round of encryption comprising the following steps: 
 retrieving information from selected addresses in the ID pad region of the memory determined by the puzzle;    retrieving an encryption/decryption key from memory determined by the key ID; and    feeding the encryption/decryption key and information retrieved from the ID pad into an encryption/decryption algorithm running on the processor to generate the encryption key.    
   
   
       11 . The method of  claim 10  wherein the token device performs a second round of encryption to generate the response, the second round of encryption comprising the following steps: 
 feeding the encryption key and the identifier code into the encryption/decryption algorithm running on the processor to generate the response.    
   
   
       12 . A method for preventing interception and decryption of information by an unauthorized party when that information is transmitted between a terminal and a network, the method comprising the following steps: 
 (a) coupling a terminal to a network;    (b) coupling a token device to the terminal;    (c) querying a sever for access to the network;    (d) generating a challenge responsive to the query, the challenge comprising a puzzle, a key ID, and an identifier code;    (e) transmitting the challenge to the token device;    (f) decomposing the challenge to obtain a puzzle component, a key ID component, and an identifier code;    (g) performing a first round of encryption to generate a puzzle key responsive to selected information determined by the puzzle component and the key ID component of the challenge;    (h) performing a second round of encryption to generate a one-time password based upon the puzzle key and the identifier code;    (i) transmitting the one-time password to the server;    (j) comparing the one-time password to a server-generated response to determine if the one-time password and the server-generated response match;    (k) if the one-time password and the server-generated response match, then granting access to the network; and    (l) if the one-time password and the server-generated response do not match, then denying access to the network.    
   
   
       13 . The method of  claim 12  wherein the one-time password is encrypted.  
   
   
       14 . A method for preventing interception and decryption of information by an unauthorized party when that information is transmitted between a computer and a network, the method comprising the following steps: 
 (a) coupling a computer to a network, the network including more than one interconnected server;    (b) coupling a token device to the computer, the token device including a processor and a memory, the processor running a data encryption/decryption algorithm;    (c) querying a sever of the network for access to the network;    (d) generating a challenge responsive to the query;    (e) transmitting the challenge to the token device;    (f) decomposing the challenge to obtain a puzzle component, a key ID component, and an identifier code;    (g) performing a first round of encryption wherein the token device's processor generates a puzzle key responsive to selected information retrieved from the memory, the selected information determined by the puzzle component and the key ID component of the challenge;    (h) performing a second round of encryption wherein the token device's processor generates a one-time password based upon the puzzle key and the identifier code;    (i) transmitting the one-time password to the server;    (j) comparing the one-time password to a server-generated response to determine if the one-time password and the server-generated response match;    (k) if the one-time password and the server-generated response match, then granting access to the network; and    (l) if the one-time password and the server-generated response do not match, then denying access to the network.    
   
   
       15 . A system for preventing interception and decryption of information by an unauthorized party when that information is transmitted between a computer and a network, the system comprising: 
 a computer adapted to be coupled to a network; and    a token device adapted to be coupled to the computer, the token device including a processor and a memory, the processor adapted to run a data encryption/decryption algorithm,    wherein if a client requests access to a server then a query is sent to the sever, a challenge responsive to the query is generated and transmitted to the token, the token performing more than one round of encryption to generate a one-time password based upon the challenge, the one-time password transmitted to the server to compare the one-time password to a server-generated response to determine if the one-time password and the server-generated response match; whereby    if the one-time password and the server-generated response match, then the client is granted access to the network and if the one-time password and the server-generated response do not match, then the client is denied access to the network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.