Claims
- 1. A method for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising the steps of:
a. performing a first security transaction which authenticates said security token to said security token enabled computer system, b. establishing a secure communications connection between said security token and said security token enabled computer system which incorporates a shared symmetric key set generated during said first security transaction, c. assigning at least one key from said shared symmetric key set to a dedicated communications channel accessible to said security token, and d. performing a second security transaction which authenticates a user to said security token.
- 2. The method according to claim 1 wherein said user is authenticated to said security token by providing a critical security parameter directly or indirectly to said security token via said intelligent remote device.
- 3. The method according to claim 1 further including the step of setting at least a first security state following the successful completion of said first security transaction.
- 4. The method according to claim 1 further including the step of setting at least a second security state following the successful completion of said second security transaction.
- 5. The method according to claim 4 further including the step of enabling the use of said secure communications connection following the setting of said at least a second security state.
- 6. The method according to claim 1 wherein said secure communications connection is anonymous to but controlled by said security token.
- 7. The method according to claim 1 wherein said first security transaction comprises a challenge/response protocol which incorporates an asymmetric key pair.
- 8. The method according to claim 1 further including the step of signaling said security token enabled computer system by said security token if said second security transaction is successful.
- 9. The method according to claim 1 wherein said secure communications connection is established at least in part over a wireless telecommunications connection.
- 10. The method according to claim 1 further including the step of allowing said user access to one or more secure resources following successful completion of said second security transaction.
- 11. The method according to claim 1 wherein step 1.b further includes the steps of;
1.b.1 generating said shared symmetric key set by said security token enabled computer system, 1.b.2 encrypting said at least one key with a public key associated with said security token, 1.b.3 sending the encrypted said at least one key to said security token, and 1.b.4 decrypting the said at least one key with a private key associated with said security token.
- 12. The method according to claim 1 wherein said dedicated communications channel prevents the number of concurrent wireless secure communications connections with said security token from exceeding a predetermined limit.
- 13. The method according to claim 12 wherein said predetermined limit is 1.
- 14. The method according to claim 10 wherein said secure communications connection is only available when said security token is in proximity to said security token enabled computer system.
- 15. A method for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising the steps of,
a. establishing a wireless communications connection between said intelligent remote device and said security token enabled computer system, b. performing a first security transaction which authenticates said security token to said security token enabled computer system, c. establishing an exclusive secure communications connection between said security token and said security token enabled computer system, and d. performing a second security transaction which authenticates a user to said security token.
- 16. The method according to claim 15 further including the step of allowing said user access to one or more secure resources following successful completion of said second security transaction.
- 17. The method according to claim 15 wherein step 15.d further includes the steps of 15.d.1 prompting said user to provide said critical security parameter, and 15.d.2 signaling an affirmative result to said security token enabled computer system if said second security transaction is successful.
- 18. The method according to claim 15 wherein step 15.a further includes the step of sending a digital certificate to said security token enabled computer system.
- 19. The method according to claim 15 wherein step 15.a further includes the step of prompting said user to select either a local or remote authentication transaction.
- 20. The method according to claim 15 wherein step 15.a further includes the step of providing said user a sensory feedback from at least said security token enabled computer system indicative of a remote authentication transaction in progress.
- 21. The method according to claim 15 wherein said exclusive wireless secure communications connection is associated with a dedicated communications channel which prevents concurrent wireless secure communications connections from being established with said security token.
- 22. The method according to claim 20 wherein said sensory feedback includes visual, tactile, aural or vibratory feedback.
- 23. The method according to claim 15 wherein said exclusive wireless secure communications connection is only available when said security token is in the proximity of said security token enabled computer system.
- 24. A system for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising;
- 25. The system according to claim 24 wherein said user interface means includes conditional means for conditionally receiving said critical security parameter.
- 26. The system according to claim 25 wherein said conditional means limits or prevents receiving said critical security parameter until said cryptographically encoded link is established.
- 27. The system according to claim 24 wherein said security token enabled computer system is in wireless communications with said intelligent remote device and said operatively coupled security token.
- 28. The system according to claim 24 wherein said first security transaction means includes a challenge/response protocol means and an asymmetric cryptography means.
- 29. The system according to claim 24 wherein said first secure communications connection means includes a symmetric key set generation means and a secure symmetric key exchange means.
- 30. The system according to claim 24 wherein said security token interface means includes security token communications means and electromagnetic power transfer means.
- 31. The system according to claim 24 wherein said dedicated communications channel means includes a unique channel identifier means which is accessible by said security token enabled computer system.
- 32. The system according to claim 24 wherein successful execution of said first security transaction means sets a first computer system security state associated with said security token enabled client.
- 33. The system according to claim 24 wherein establishment of said cryptographically encoded link sets a first token security state associated with said security token.
- 34. The system according to claim 24 wherein successful execution of said second security transaction means sets a second token security state associated with said security token.
- 35. The system according to claim 24 wherein said security token enabled computer system further includes proximity sensing means.
- 36. A system for establishing a secure end-to-end communications connection between a security token enabled computer system and a security token associated with a wireless intelligent remote device comprising; said security token enabled computer system including;
a first processor; a first memory coupled to said first processor; at least one remote authentication application operatively stored in a first portion of said first memory having logical instructions executable by said first processor to;
authenticate said security token; establish a secure end-to-end communications connection with said security token; said intelligent remote device including; a second processor; a second memory coupled to said second processor; a security token interface coupled to said second processor; a user interface coupled to said second processor; and, at least one remote device interface application operatively stored in a portion of said second memory having logical instructions executable by said second processor to;
emulate a security token device interface locally coupled to at least said security token enabled computer system; and, conditionally receive and route a critical security parameter provided by said user via said user interface to said security token; and said security token including; at least a third processor; a third memory coupled to said at least a third processor; a communications and electromagnetic power interface coupled to said at least a third processor and said security token interface; at least one token remote authentication application operatively stored in a second portion of said third memory having logical instructions executable by said at least a third processor to;
establish said secure end-to-end communications connection in conjunction with said security token enabled computer system; restrict said secure end-to-end communications connection to a single wireless communications channel; and authenticate said user based at least in part on said critical security parameter.
- 37. The system according to claim 36 further including a first wireless transceiver functionally coupled to said first processor in processing communications with a second wireless transceiver functionally coupled to said second processor.
- 38. The system according to claim 36 further including a public key associated with said security token retrievably stored in a second portion of said first memory and a private key retrievably stored in a second portion of said third memory, wherein said private key is a counterpart to said public key.
- 39. The system according to claim 36 further including a reference critical security parameter retrievably stored in a third portion of said third memory.
- 40. The system according to claim 38 wherein said public and private keys are incorporated into a challenge/response protocol used to authenticate said security token to said security token enabled computer system.
- 41. The system according to claim 40 wherein said at least one remote authentication application further includes logical instructions executable by said first processor to generate a symmetric key set and perform a secure key exchange with said security token.
- 42. The system according to claim 41 wherein said secure key exchange is performed using said public and private keys.
- 43. The system according to claim 41 wherein said symmetric key set is incorporated into said secure end-to-end communications connection.
- 44. The system according to claim 39 wherein said user is authenticated by said at least one token remote authentication application by comparing said provided critical security parameter to said reference critical security parameter.
- 45. The system according to claim 36 wherein said at least one token remote authentication application restricts usage of said secure end-to-end communications connection until said user is authenticated.
- 46. The system according to claim 36 wherein said secure end-to-end communications connection is restricted to a single wireless connection with said security token using a dedicated communications channel controlled by said at least one token remote authentication application.
- 47. The system according to claim 42 wherein said dedicated communications channel includes a unique identifier available by said security token enabled computer system.
- 48. The system according to claim 36 wherein said communications and electromagnetic power interface includes inductive means, capacitive means or electric contact means.
- 49. A computer program product embodied in a tangible form readable by a security token processor, wherein said computer program product includes executable instructions stored thereon for causing said security token processor to,
a. utilize one or more security token emulation services provided by an intelligent remote device processor, b. establish a secure end-to-end communications connection in conjunction with a security token enabled computer system processor, c. restrict said secure end-to-end communications connection to a single wireless secure communications channel, and d. authenticate a user.
- 50. The computer program product according to claim 49 further including executable instructions stored thereon for causing said security token enabled computer system processor to;
a. authenticate said security token, b. establish said secure end-to-end communications connection with said security token, and c. allow said user access to one or more secure resources following authentication of said user.
- 51. The computer program product according to claim 49 further including executable instructions stored thereon for causing said intelligent remote device processor to;
a. provide said one or more security token emulation services to said security token processor, and b. receive and route a critical security parameter provided by said user via said user interface to said security token.
- 52. The computer program product according to claim 49 wherein said tangible form includes magnetic media, optical media or logical media.
- 53. The computer program product according to claim 49 wherein said executable instructions are stored in a code format comprising byte code, compiled, interpreted, compliable and interpretable.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation in part to co-pending US patent applications:
[0002] Ser. No. 10/424,783, filed Apr. 29, 2003, entitled, “Universal Secure Messaging For Cryptographic Modules,” and
[0003] Ser. No. 09/880,795, filed Jun. 15, 2001, entitled, “Method, System And Apparatus For A Portable Transaction Device”
[0004] This application is a related application of the application, entitled “Intelligent Remote Device,” by inventors named Eric Le Saint and Dominique Fedronic and which was filed on Dec. 22, 2003.
[0005] The three aforementioned co-pending US patent applications are herein incorporated by reference in their entirety.
Continuation in Parts (2)
|
Number |
Date |
Country |
Parent |
10424783 |
Apr 2003 |
US |
Child |
10740920 |
Dec 2003 |
US |
Parent |
09880795 |
Jun 2001 |
US |
Child |
10424783 |
Apr 2003 |
US |