Strong authentication token generating one-time passwords and signatures upon server credential verification
US8302167B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 11, 2008 |
| Grant date | Oct 30, 2012 |
| Priority date | — |
| Expiry date | Dec 6, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token's trustworthy interfaces.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.