[go: up one dir, main page]

HK1075337A - Method and apparatus for simplified audio authentication - Google Patents

Method and apparatus for simplified audio authentication Download PDF

Info

Publication number
HK1075337A
HK1075337A HK05107464.7A HK05107464A HK1075337A HK 1075337 A HK1075337 A HK 1075337A HK 05107464 A HK05107464 A HK 05107464A HK 1075337 A HK1075337 A HK 1075337A
Authority
HK
Hong Kong
Prior art keywords
identifier
public key
time
digital signature
secure
Prior art date
Application number
HK05107464.7A
Other languages
Chinese (zh)
Inventor
G.G.罗斯
R.F.小奎克
A.甘特曼
Original Assignee
高通股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 高通股份有限公司 filed Critical 高通股份有限公司
Publication of HK1075337A publication Critical patent/HK1075337A/en

Links

Description

Method and apparatus for simplified audio verification
Background
PRIORITY AND RELATED APPLICATION
This application is related to Ser. No. 09/611569, entitled "Method and Apparatus for secure Authentication with Audio telephones", filed 7.2000, and claims priority from provisional patent application Ser. No. 60/344959, entitled "Method and Apparatus for Simplified Authentication Audio Authentication", filed 21.12.2001. Both applications are incorporated herein by reference.
Technical Field
The present invention relates generally to the field of electronic security and, more particularly, to authenticating individuals through tones.
Background
Internet access and the use of electronic data systems are growing in the public. Electronic commerce is popular with consumers and merchants because of a number of factors, such as the ability of one party to buy and sell to another party without involving the complex processes involved in traditional transactions.
However, as electronic commerce grows, the likelihood of fraud also increases. Identity misappropriated by fraudsters can cause losses to innocent individuals. In the worst case, the fraudster may gain access to the identity of the party to use the individual's credit and financial account.
To prevent unauthorized individuals from intercepting private information, various security and encryption schemes have been developed to hide private information sent between parties. However, the hiding of private information is only one aspect of the need to achieve a high degree of consumer confidence security in e-commerce transactions. Another aspect is authentication.
Conventionally, a signature on a legitimate document identifies the parties involved in the subject matter of the document and represents the parties' formal agreement. With the advent of electronic transactions, electronic signatures are used to identify parties and the corresponding agreements between them. Electronic signatures in global and national business activities have been promulgated so that such electronic signatures have the same legal power as written signatures for legitimate contracts. However, the implementation of such secure electronic signatures is left to the government.
Accordingly, the authentication implementation of an individual may be achieved by: known authentication such as a password or Personal Identification Number (PIN); a portable object such as a credit card or proximity card; and/or by personal characteristics (biometrics) such as fingerprints, DNA or signatures.
With respect to the reliability of current electronic security measures, it is often the case for individuals to carry multiple authentication objects or be forced to remember multiple passwords. For example, an individual may require a PIN on an ATM machine, require a password to enter a computer, require a second password to access internet services at home, require multiple passwords to access multiple internet web pages, proximity cards to access a secure building or structure, or a garage door to open to access a house.
Authentication by knowing is therefore problematic for individuals who are forced to remember multiple passwords or PINs. Moreover, the most easily remembered password is the one that others can guess most easily for an individual. In addition, security may be compromised because information to be remembered may be written down when there is too much. Writing down such information makes the personal password or PIN code vulnerable to theft.
The need to obtain authentication information via portable objects and personal features can be problematic for the average consumer because of the highly specialized input devices. For example, ATM cards require ATM machines and smart cards require smart card readers.
Accordingly, current methods of using physical objects and personal characteristics are inadequate for individuals authenticated through data connections or telephone lines. In addition, having to remember a password or carry multiple physical objects can be cumbersome for an individual. Therefore, there is a need to simplify and increase the security of the personal authentication process.
SUMMARY
A device is disclosed that can be used by an individual to securely identify himself by transmitting a secure identifier. The identification and authentication process is one-way, i.e. the individual sends a secure identifier, the receiver then authenticates the secure identifier and allows access. The secure identifier includes a digital signature, a time element, and a key identifier. The apparatus includes a processor; at least one actuator coupled to the processor; a clock capable of generating a time element; a memory element for storing a private key and public key information (such as a key identifier); a signature generator coupled to the processor for generating a digital signature; and a transmitter, coupled to the signal generator, for transmitting the secure identifier. In an aspect of an embodiment, a plurality of digital signatures may be stored or generated by a storage element using a plurality of encryption keys and using a processor.
The process through which the device transmits the secure identifier includes generating a time element, selecting a key identifier, generating a random number, generating a digital signature as a function of the private key, the time element, and the random number, and transmitting a data packet.
A device that may be used to receive the authentication message includes a receiver to receive the secure identifier. The secure identifier includes a public key identifier, a time identifier, and a digital signature. The apparatus further includes an identifier for verifying the secure identifier. The verifier includes a memory including at least one public key and information relating to time tolerances and access privileges, a key retriever for retrieving the public key and the access privileges relating to the public key, a time verifier for verifying that the received time identifier falls within the time tolerances, and a digital signature verifier. The digital signature verifier determines the authenticity of the digital signature as a function of the digital signature, the public key, and the time identifier. The digital signature may further be encrypted with a PIN, wherein the receiver decrypts the digital signature using PIN information accessed in association with the public key.
The process that the secure identifier undergoes includes receiving the secure identifier, which includes a digital signature, a public key identifier, and a time identifier, and verifying the validity of the secure identifier.
In another aspect, the device may further include a key selector to select a particular key within the device.
In another aspect, it would be advantageous to provide an authentication apparatus and method that requires only one-way communication.
In another aspect, the apparatus and methods may encrypt the digital signature using a Personal Identifier (PIN).
In another aspect, the sending device minimizes the information sent to the receiving device so that authentication can occur more quickly.
In another aspect, a sequence reference is included within the secure identifier to prevent replay of the same secure identifier.
In another aspect, the devices and methods may establish public and private keys within the authentication device.
In another aspect, the apparatus and methods provide authentication without using a public key infrastructure.
Brief description of the drawings
The features, nature, and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify correspondingly throughout and wherein:
FIG. 1A is a block diagram of a physical implementation of an audio verification device;
FIG. 1B is a block diagram of another physical implementation of an audio verification device;
FIG. 1C is a block diagram of a physical implementation of an optical verification device;
FIG. 1D is a block diagram of a physical implementation of an authentication device;
FIG. 2 is a block diagram of a transmitting authentication device;
FIG. 3 is a flow chart of a verification process;
FIG. 4 is a block diagram of a receiving authentication device;
FIG. 5 is a block diagram of a receive authentication process;
fig. 6 is a block diagram of an authentication device incorporated into a wireless telephone.
Detailed description of the preferred embodiments
The verification device may be used to verify the identity of an individual to allow transactions between the individual and various external devices. In particular, the authentication is unidirectional; that is, the individual sends a secure identifier, and the receiver then verifies the secure identifier and allows access. The physical possession and operation of the verification device provides one aspect of the verification needed, just as the physical possession of a key enables an individual to gain access through a locked door. Alternatively, for more secure applications, the authentication device may be combined with an application specific password or Personal Identification Number (PIN).
The authentication device may be small enough to be attached to a key ring. Alternatively, the verification device may be embedded in another device, such as a wireless telephone or Personal Digital Assistant (PDA). In one mode of operation, a user may bring an authentication device in proximity to a receiver or input device. An actuation of the device, such as a button press, activates the authentication device to send a short signal identifying the token in a cryptographically secure manner. The signal encodes an encrypted secure message or secure identifier and preferably uses public key technology, although the public key infrastructure may be bypassed (bypassed). The secure identifier may include a time representation. Receipt of the secure identifier and verification of the authentication signal is sent by the token. Checking the time encoded in the secure identifier to within a reasonable range of times known in the receiver provides evidence that the audio signal is not simply a replay of a signal that is recorded later.
One method for generating a digital signature is public key encryption. In a public key encryption scheme, a user has both a private key for signing and a public key for verification. The user signs the communication with the user's private key and sends the secure identifier with the communication to the destination party, which then verifies the communication with the user's public key. The fact that the target party can verify the communication using the user's public key is to verify that the communication is from the user's electronic signature. It is noted that the use of a public key encryption scheme is merely illustrative and that example embodiments may include other protections of known schemes.
In another non-limiting example embodiment, the public key infrastructure is bypassed (bypassed). A encounter occurs to identify the individual who wishes to gain access. In a security example where an individual is allowed access to a building, the individual wishes to enter a security office and the identity of the individual meets the requirements of the security office. After the identity of the individual is granted, the individual activates its own security device, which causes the device to send public key information corresponding to the private information contained within its personal security device. Public key information is received by the secure office and recorded and stored.
In operation, when an individual attempts to enter, the individual activates the security device, thereby transmitting the secure identifier to the receiving device, which in turn verifies that the received transmitted signal was verified using the public key recorded and stored in the secure office. The access information and privilege information may be stored in association with the public key. In an embodiment, the receiver is coupled to a secure database that uses short identifiers, such as a database index. The timestamp in the transmitted secure identifier verifies that the transmission signature is within acceptable time limits as received, thereby allowing entry. Furthermore, the secure identifier may be verified such that the indicated time is later than the time of last use of the signature. This prevents replay of the same signature even after a short time. In one embodiment, the time tolerance is predetermined. After authentication, access is allowed. Accordingly, the transmitted secure identifier is authenticated using one-way communication.
It is worth noting that when greater anonymity is desired, the individual may provide another secure identifier to the receiving device, whose name may not correspond to the transmitted secure identifier. For example, the second secure identifier may be generated with a key that is initially set to not include the name of the person.
In another mode of operation, the user may also be required to enter a Personal Identification Number (PIN) code, which is more appropriate for higher level security applications. In this way, the PIN is used as a first unlock of the device. In addition, the PIN code may also be entered directly into the receiving or authenticating device, such as in the case of an ATM machine. Additionally, it is contemplated that a user may have different PINs for different applications such that the PIN code is recognized for an application at the very moment, but the PIN may not allow access to other devices. The PIN code may be input before or after the audio signal is transmitted and may be input to a device that generates the signal or to a device that receives the signal.
In another, higher level security mode of operation, the verifier or receiver passes a challenge (challenge) to the user to have the user signed with the time element. The challenge is preferably random and thus unique for each situation. For example, the receiver may have a display to allow the user to enter a series of numbers (challenge) into the verification device. The user then enters the challenge into the authentication device and activates it to sign the challenge and the time element. Thus, the digital signature of the challenge, as well as the time element, provide greater protection against replay attacks. For example, whenever the verifier selects a different challenge. Then replaying the recorded message to the verifier will not succeed even within an acceptable time tolerance.
In one embodiment, the authentication device includes a single actuator. In other embodiments, there may be multiple enforcers on the device to select different internal encryption keys or to provide other user interfaces. When activated, a verification signal is sent. The information that may be encoded within the signal includes a key identifier. The key identifier may have a device serial number and a predetermined number of bits that select a particular key within the device, or the key identifier may be a duplicate (hash) of a public key. Other information that may be encoded includes a predetermined number of bits that represent the time represented within the device. In another embodiment, the least significant bit of time within the device is used.
The receiving device demodulates and verifies the signal (including verifying the signature and time). The authentication receiver prestores, among other information, a public key record corresponding to the secret key in the device, and in particular information relating to the acceptable clock offset, the last known offset, may be stored and taken into account. The record may also include attributes associated with the public key, such as access privileges associated with that particular public key. The access privileges may be information such as when and where a particular public key may be used, but are not limited to such. The access privileges may also include which device the public key may access. Using information about the clock offset and the least significant bits of the current time, the verification server verifies the time of the digital signature application so that the signature can be verified to allow access.
Alternatively, the receiving device may demodulate the signal and send the signal to a verifier located elsewhere. For example, the central verifier may receive the signal in digital or analog form and perform the verification process. The central verifier may include a central, back-end database containing information needed to verify the received signature and associated privilege information. After authentication, the central authenticator sends the necessary information to the authentication server. Thus, the demodulation of the received secure identifier and the verification of the signature can be done in two places-either within the receiving device or within a central verifier/database.
In another embodiment, the authentication device is provided with more than one key, and possibly the additional keys are established internally. In such an embodiment, an internal random number generator is used to establish the key within the authentication device.
FIG. 1A illustrates a block diagram of a physical implementation of an authentication device 100. The device 100 includes an activator or actuator 104. Optionally, additional actuators 108 and 112 may also be used. The additional executors 108 and 112 may also be used to activate different keys that in turn authenticate different applications. Actuators 104, 108, and 112 may be any type of switch, such as a push button switch, rocker switch, dial, or voice activated switch. The transmitter 116 transmits an audio verification signal or secure identifier 120. The secure identifier 120 includes a digital signature, an identifier of a public key, along with other information such as the current time to access a particular device. In one embodiment, the predetermined number of bits represents time. In another embodiment, the predetermined number of least significant bits represents time. Thus, the receipt and verification of the secure identifier 120 is proof that the secure identifier 120 was sent by the verification device 100. Additionally, checking the time encoded within the secure identifier against the current time verifies that the encoded time is within reasonable limits of the current time. The digital signature is a function of the private key and preferably a key identifier and a random number. The private key corresponds to a particular public key. If the secure identifier 120 is sent in accordance with a response, the digital signature is a function of challenge (challenge).
FIG. 1C illustrates a block diagram of another physical implementation of the authentication device 124. The actuator 128 and optional additional actuators 132 and 136 enable a user to select a particular key. The transmitter 140 transmits an optical verification signal or security identifier 144.
In another embodiment, FIG. 1B illustrates a physical implementation of another authentication device 148. The display 152 displays the different keys that are selectable to the user. Selector keys 156 and 160 allow the user to scroll through the display and identify the various keys available. Actuator 164 allows the user to select the desired key to be sent via transmitter 168. The transmitted secure identifier 172 is in the form of an audio secure identifier or an optical secure identifier that is transmitted to the receiving device for verification.
FIG. 1D illustrates another embodiment of a physical implementation of authentication device 176. Similar to the embodiment illustrated in FIG. 1B, display 180, along with selectors 184 and 188, allow a user to scroll through and identify individual keys. A user input device such as a keypad 192 allows the user to enter a Personal Identification Number (PIN) in addition to the numeric signals. Enforcer 194 selects and sends the selected key in the form of an encrypted secure identifier via transmitter 196.
As used herein, a digital signature is a randomized function of the signer's private key and the signed message. I.e. the digital signature is a function of the signer's private key, the signed and the random number. In this embodiment, the signed message is typically a time identifier, although other information may be used. In another embodiment in the challenge-response case, the signed message is a challenge entered by the user (possibly along with a time identifier). Therefore, in order to verify a digital signature, a public key of a signer, a signature to be verified, and a signed message are required. Thus, the "secure identifier" sent to the verifier contains the information needed for verification: a public key identifier (the key itself should be known to the verifier), a message (i.e. a time identifier), and a signature.
In a non-limiting example embodiment, the tone is used to uniquely represent a cryptographic signature stored or generated by the authentication device. Many devices, such as desktop and notebook computers, are currently integrated or may have accessories that can generate or receive tones. Other electronic devices such as Personal Digital Assistants (PDAs), mobile phones, pagers, and alarm systems may also be used with suitable accessories in an example embodiment. In addition, other communication methods such as telephone networks, radio networks, intercom systems, bluetooth (TM), other wireless devices, and other RF communication systems may also be used. Accordingly, a user may use example embodiments to directly identify himself in a transaction face-to-face or indirectly through a communication medium.
In another non-limiting embodiment, the optical signal is used to uniquely represent a cryptographic signature stored on or generated by the authentication device. Similar to tones, many devices may be equipped with or have an accessory that generates or receives wireless signals, such as infrared, radio frequency, and light signals.
Fig. 2 illustrates an internal operational block diagram of an authentication device 200. The actuator 204 is coupled to a Central Processing Unit (CPU) or processor and associated memory 208. Actuator 204 may be any type of user-activated actuator, such as a rocker switch, push button switch, or voice activated switch. The processor and memory 208 is coupled to an internal clock 212, a random number generator 216, and an optional additional static memory 220. Alternatively, the random number generator 216 may be a pseudo-random number generator based on a preloaded random seed (seed). The clock 212 generates time. Although the clock need not identify the current time, the time need not coincide with the receiver time of the verification signal. Also, the clock may have a separate auxiliary or backup power supply, such as a battery (not shown). I.e. the time represented in the transmitting device and the receiving device needs to advance at the same rate, but there may be an offset between the two. The static memory 220 may be used to store key identifiers and other information. Static memory is also useful when a power source (such as a battery) needs to be replaced. Of course, the memory 208 may also be used for such storage.
Different key identifiers may be used to identify the user to conduct different transactions. For example, one key may be used by a bank to allow transactions, another key may be specific to an entry door, and another key may be used for an office door. Similarly, the same key identifier may be used for different transactions. Accordingly, the same key may be used to access a particular office door, car door, phone, or computer. The key identifier, which may be stored in memory 220, may include information such as a device serial number and potentially the number of bits indicating a particular key within the device.
Optionally, the device 200 may include an input device 228 that is capable of receiving a Personal Identification Number (PIN). The PIN may be used for transactions requiring a higher level of security. The processor 208 generates a data packet that combines a predetermined number of bits representing time and a suitable key identifier and generates an encrypted digital signature. The secure identifier is then output by a transmitter, such as transmitter 224. If the secure identifier is an audio input device, the authentication device may be located proximate to the audio input device such that the receiver can receive the audio secure identifier. Similarly, if the secure identifier is an optical secure identifier, the authentication device may be located in proximity to the optical input device such that the receiver can receive the optical secure identifier. It is worth noting that the authentication device does not need to be in proximity to the receiver. For example, in the example of using a telephone, the secure identifier is sent to a telephone transmission system (wired or wireless) via transmitter 224 for receipt by a remote receiver.
In another embodiment, the PIN is entered directly into the receiving device, such as in the case of an Automated Teller Machine (ATM). In this case, the PIN may be used to encrypt the signed portion of the transmitted data (as opposed to the timestamp or identifier). In another embodiment, the PIN is also entered directly into the receiving device.
Fig. 3 illustrates a flow diagram of the operation of the authentication apparatus described with respect to fig. 2. 304 generate a time. 308 identify the particular key required for a given operation. A random number 312 is generated. A processor, such as processor 208 of fig. 2, generates a digital signature 316 using the current time (time identifier), the identified key, and the generated random number. Optionally, the generated digital signature is encrypted using a PIN entered by the user. The digital signature 316 coupled with the time identifier and the public key identifier is together referred to as a secure identifier, which is then transmitted 324. It is noted that the above steps may be performed in any order.
Fig. 4 illustrates a device receiving a secure identifier 400. The receiver 404 receives the signal transmitted from the authentication device and demodulates the signal. The data is then forwarded to the verifier 408. The verifier 408 includes a memory 412, a time verifier 416, and a signature verifier 420. The memory 412 contains a public key record corresponding to the secret key within the device, as well as other information. In particular information about the amount of acceptable clock skew, the last known skew and other time-related information can be stored and taken into account. Also, access and privilege information is stored in association with the public key. Thus, the time validator 416 compares the time of receipt from the secure identifier to a predetermined receivable time window, and also takes into account such clock offset information. If the received time is within an acceptable time limit, the time component of the secure identifier is verified. The public key corresponding to the public key identifier is also retrieved.
The signature verifier 420 preferably comprises a processor and verifies that the signature generated by the private key corresponds to the stored public key. Optionally, PIN verifier 424 verifies that the appropriate PIN is used by decoding the digital signature received as a function of the PIN. If the authentication process completes successfully, access to the device is allowed. No signal from the receiving device 400 is required to be sent back to the transmitting device to allow access.
Fig. 5 illustrates a process flow diagram experienced by the device depicted in fig. 4. 504 receives the secure identifier and demodulates it. Optionally, 508 the secure identifier is decrypted with a PIN. Step 512 verifies the digital signature. The public key corresponding to the transmitted public key identifier is accessed to determine the validity of the security identifier using the accessed key. Step 516 verifies the time. The time indicated in the received secure identifier verifies within an acceptable time tolerance, as predetermined within the receiving device (or central verifier). If the signature, time information, and optionally PIN information 520 are acceptable, access is allowed 524. Otherwise, the access request is denied 528. Notably, without the correct public key to verify the signature, the signature itself appears to be random data, so that any adversary intercepting it cannot verify a guess about the correct PIN, even if the link itself is insecure.
In another embodiment, the device may operate with a secure co-processor, such as a smart card or a Subscriber Identity Module (SIM) card. In the non-limiting example of a SIM card and a radiotelephone, the SIM card is inserted into the radiotelephone 600, as illustrated in fig. 6. The SIM card is the secure part 604 and the rest of the phone is the unsecure part 608. Similar to the embodiment described in fig. 2, the SIM card includes an internal random number generator 612, a memory 616 for keys, a processor (and memory) 620, and optionally a PIN module 622. The device utilizes internal components within the radiotelephone, such as an activator 624, a clock 628 and a signal output or transmitter 632. Alternatively, clock 628 may reside within secure portion 604. In the case where the clock 628 resides within the secure portion 604, for example, a wireless Code Division Multiple Access (CDMA) handset may derive its time component from the network. Thus, compromising the security of the handset (i.e., hacking the handset) with or emulating network time can be more difficult.
It is noted that the example embodiments may be implemented at any time that the database for storing information pertaining to the authentication process is present at (i.e., accessible to) the receiving end. The processor of the example embodiment may be used to implement an encryption scheme with one party and another encryption scheme with another party. The basic implementation of the exemplary embodiments can be implemented without requiring a physical connection to an intermediate resource, since the communication of the separate parties is implemented over a wireless medium.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application. The skilled artisan will recognize in such cases the interchangeability of hardware and software, and how best to implement the described functionality for each particular application. The various blocks, modules, and windows of logic and steps disclosed in the illustrative embodiments herein may be implemented or performed in the alternative or additional steps of: an Application Specific Integrated Circuit (ASIC), a programmable logic device, discrete gate or transistor logic, discrete hardware elements such as, for example, registers within a FIFO, a processor executing a set of firmware instructions, any conventional programmable software and processor, a Field Programmable Gate Array (FPGA) or other programmable logic device, or any combination thereof, to implement the functions described herein. The processor is preferably a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, a hard disk, a removable disk, a CD-ROM, a DVD-ROM, registers, or any other magnetic or optical medium. Those of skill in the art would understand that the data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description are advantageously represented by voltages, circuits, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
The previous description of the preferred embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without the use of the inventive faculty. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (58)

1. An authentication device for generating a secure identifier, the device comprising:
a processor;
a clock coupled to the processor for generating time elements;
a memory element coupled to the processor for storing private key and public key information;
at least one actuator coupled to the processor;
a signature generator, coupled to the processor, for generating a digital signature, the digital signature being a digital signature of the private key and the time element; and
a transmitter, coupled to the signal generator, for transmitting a secure identifier, the secure identifier including a digital signature, a time element, and public key information.
2. The apparatus of claim 1, wherein the signature generator further comprises:
a random number generator coupled to the processor for encrypting the digital signature.
3. The apparatus of claim 1, wherein the time element comprises a predetermined number of least significant bits of time.
4. The device of claim 1, further comprising an input element coupled to the processor, the input element capable of receiving a Personal Identification Number (PIN).
5. The device of claim 1, further comprising an input element coupled to the processor, the input element capable of receiving a challenge.
6. The device of claim 1, further comprising a display coupled to the processor, the display capable of displaying a key identifier.
7. The apparatus of claim 1, wherein the transmitted secure identifier is transmitted as a tone.
8. The apparatus of claim 1, wherein the transmitted secure identifier is transmitted as an optical signal.
9. The apparatus of claim 1 wherein said actuator is a push button switch.
10. The apparatus of claim 1 wherein said actuator is a voice activated switch.
11. The apparatus of claim 1, wherein the public key information is a public key identifier.
12. The apparatus of claim 11, wherein the public key identifier is derived from public key information.
13. The apparatus of claim 1, wherein the public key information is a public key.
14. The apparatus of claim 1, wherein the digital signature is encrypted using a Personal Identification Number (PIN).
15. A method of authentication, comprising:
generating a time element;
identifying a key identifier;
generating a digital signature;
generating a secure identifier that is a function of the time element, the key identifier, the digital signature; and
the secure identifier is transmitted.
16. The method of claim 15, further comprising identifying a PIN, and wherein generating the digital signature is further a function of the PIN.
17. The method of claim 15, wherein the transmitted security identifier is transmitted as a tone.
18. The method of claim 15, wherein the transmitted secure identifier is transmitted as an optical signal.
19. The method of claim 15, wherein the digital signature is derived from a private key.
20. An authentication receiver, comprising:
the receiver is configured to receive a secure identifier, the secure identifier comprising:
a digital signature comprising information derived from a private key,
a public key identifier; and
a time identifier; and
a verifier to verify a secure identifier, the verifier comprising:
a memory including information corresponding to the received public key information and time tolerance information;
a key retriever coupled to the memory and configured to retrieve a public key corresponding to the public key identifier; and
a time validator coupled to the memory and configured to validate that the received time identifier is within an acceptable time tolerance.
21. The apparatus of claim 20, wherein the secure identifier further comprises a PIN, and wherein the receiver is configured to decode the digital signature using the PIN.
22. The apparatus of claim 20, wherein the key retriever compares the received public key identifier to public key information stored in the memory.
23. The apparatus of claim 20, wherein the time tolerance information includes information about clock skew.
24. The apparatus of claim 20, wherein the secure identifier is transmitted as a tone.
25. The apparatus of claim 20, wherein the secure identifier is transmitted as an optical signal.
26. A method of authentication, comprising:
receiving a secure identifier, the secure identifier comprising a digital signature, a key identifier, and a time identifier; and
verifying the secure identifier, the verifying comprising:
verifying that the received public key identifier corresponds to known information about the received public key identifier; and
the time identifier is verified such that the received time identifier is within a predetermined time tolerance.
27. The method of claim 26, wherein the digital signature further comprises a PIN, and wherein receiving further comprises decrypting at least a portion of the digital signature using the PIN.
28. The method of claim 26, wherein the received secure identifier is received as a tone.
29. The method of claim 26, wherein the received secure identifier is received as an optical signal.
30. Authentication device for generating a secure identifier, characterized in that it comprises:
a processor device;
clock means, coupled to the processor, for generating a time element;
a memory element coupled to the processor means for storing the private key means and the public key information means;
at least one actuator device coupled to the processor device;
signature generator means, coupled to the processor means, for generating a digital signature means, the digital signature means being a function of the private key means and the time element means; and
transmitter means, coupled to the signal generator means, for transmitting a secure identifier, the secure identifier comprising a digital signature, a time element, and public key information.
31. The apparatus of claim 30, wherein the signature generator means further comprises:
and a random number generator device coupled to the processor device to encrypt the digital signature device.
32. The apparatus of claim 30, wherein said time element means includes a predetermined number of time least significant bits.
33. The apparatus of claim 30, further comprising an input element means coupled to the processor means, the input element means capable of receiving a Personal Identification Number (PIN) means.
34. The apparatus of claim 30, further comprising an input element means coupled to the processor means, the input element means capable of receiving the challenge means.
35. The apparatus of claim 30, further comprising a display device coupled to the processor device, the display device capable of displaying at least one key identifier device.
36. The apparatus of claim 30, wherein the transmitted secure identifier means is transmitted as a tone means.
37. The apparatus of claim 30, wherein the transmitted secure identifier means is transmitted as optical signal means.
38. The apparatus of claim 30 wherein the actuator means is a push button switch.
39. The apparatus of claim 30 wherein the actuator means is a voice activated switch.
40. The apparatus of claim 30, wherein the public key information is a public key identifier device.
41. An arrangement according to claim 40, characterized in that the public key identifier means is derived from within the public key information means.
42. The apparatus of claim 30, wherein the public key information is a public key.
43. The apparatus of claim 30, wherein the digital signature means is encrypted using a Personal Identification Number (PIN) device.
44. A method of authentication, comprising:
means for generating a time element;
means for identifying a key identifier;
means for generating a digital signature;
means for generating a secure identifier as a function of the time element, the key identifier, and the digital signature; and
means for transmitting a secure identifier.
45. The method of claim 44, further comprising means for identifying a PIN, and wherein the means for generating a digital signature is also a function of the PIN.
46. The method of claim 44, wherein the transmitted security identifier is transmitted as a tone.
47. The method of claim 44, wherein the transmitted secure identifier is transmitted as an optical signal.
48. The method of claim 44, wherein the digital signature is derived from a private key.
49. An authentication receiver, comprising:
receiver means for receiving a secure identifier, the secure identifier means comprising:
a digital signature device including information derived from a private key,
a public key identifier device; and
a time identifier device; and
a verifier device for verifying a secure identifier, the verifier device comprising:
a memory device including information corresponding to the received public key information device and time tolerance information device;
a key retriever means coupled to the memory means and for retrieving a public key of the corresponding public key identifier means; and
time validator means coupled to the memory means for validating that the received time identifier means is within an acceptable time tolerance.
50. The apparatus of claim 49, wherein the secure identifier means further comprises a PIN, and wherein the receiver is configured to decode the digital signature means using the PIN means.
51. Apparatus according to claim 49, wherein the key retriever means compares the received public key identifier means with public key information means stored in the memory.
52. The apparatus of claim 49 wherein the time tolerance information includes information regarding clock skew.
53. The apparatus of claim 49, wherein the secure identifier means is transmitted as a tone.
54. An apparatus according to claim 49, wherein the secure identifier means is transmitted as an optical signal.
55. A method of authentication, comprising:
means for receiving a secure identifier, the secure identifier comprising a digital signature, a key identifier, and a time identifier; and
apparatus for verifying a secure identifier, the verification comprising:
means for verifying that the received public key identifier corresponds to known information about the received public key identifier; and
means for verifying the time identifier such that the received time identifier is within a predetermined time tolerance.
56. The method of claim 55, wherein the digital signature further comprises a PIN, and wherein receiving further comprises decrypting at least a portion of the digital signature using the PIN.
57. The method of claim 55, wherein the received secure identifier is received as a tone.
58. The method of claim 55, wherein the received secure identifier is received as an optical signal.
HK05107464.7A 2001-12-21 2002-12-19 Method and apparatus for simplified audio authentication HK1075337A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US60/344,959 2001-12-21
US10/077,365 2002-02-15

Publications (1)

Publication Number Publication Date
HK1075337A true HK1075337A (en) 2005-12-09

Family

ID=

Similar Documents

Publication Publication Date Title
JP4680505B2 (en) Simple voice authentication method and apparatus
US9338163B2 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
US7539864B2 (en) Methods and portable device for digitally signing data
US8689290B2 (en) System and method for securing a credential via user and server verification
US8132722B2 (en) System and method for binding a smartcard and a smartcard reader
CN111027035B (en) Multi-identity authentication method and system based on block chain
US20060036857A1 (en) User authentication by linking randomly-generated authentication secret with personalized secret
CN1203640C (en) Method of establishing the trustorthiness level of a participant in a communication connection
WO2001084761A1 (en) Method for securing communications between a terminal and an additional user equipment
CN101278538A (en) Method and device for user authentication
US20070136604A1 (en) Method and system for managing secure access to data in a network
WO2024049352A1 (en) Methods and systems of using quantum key distribution for secure user and data authentication
HK1075337A (en) Method and apparatus for simplified audio authentication
CN1949196A (en) Method, device and system for storage data in portable device safely
JP2003324429A (en) Authentication method and authentication system
Molla Mobile User Authentication System (MUAS) for E-commerce Applications
Nali et al. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud (Extended Version)