Remote authentication and transaction signatures

Assignee

• VASCO Data Security, Inc. · US

Inventors

• Dirk Marien · Ranst, BE
• Frank Coulier · Grimbergen, BE
• Frank Hoornaert · Oud-Heverlee, BE
• Frederik Mennes · Strombeek-Bever, BE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3228
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Authentication devices and methods for generating dynamic credentials are disclosed. The authentication devices include a communication interface for communicating with a security device such as a smart card. A dynamic credential such as a one-time password (OTP) or a message authentication code (MAC) may be generated by receiving from a server an encrypted initialization seed encrypted with an asymmetric encryption algorithm using a public key of a public/private key pair, submitting the encrypted initialization seed to a security device, decrypting at the security device the encrypted initialization seed with a private key of the public/private key pair, returning the decrypted initialization seed to the authentication device, deriving at the authentication device a secret credential generation key from the decrypted initialization seed, and generating the dynamic credential by combining a dynamic variable with the secret credential generation key using a symmetric cryptographic dynamic credential generation algorithm.