[go: up one dir, main page]

WO2018187822A1 - User authentication for password protected application using a hardware token - Google Patents

User authentication for password protected application using a hardware token Download PDF

Info

Publication number
WO2018187822A1
WO2018187822A1 PCT/ZA2018/050016 ZA2018050016W WO2018187822A1 WO 2018187822 A1 WO2018187822 A1 WO 2018187822A1 ZA 2018050016 W ZA2018050016 W ZA 2018050016W WO 2018187822 A1 WO2018187822 A1 WO 2018187822A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
user
external device
password
record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/ZA2018/050016
Other languages
French (fr)
Inventor
Jacob Mattheus Christiaan BOTHA
Stephen Boyd ROBSON
Roelof Jacobus BURGER
David Johannes VAN DER MERWE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Parsec Pty Ltd
Original Assignee
Parsec Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Parsec Pty Ltd filed Critical Parsec Pty Ltd
Publication of WO2018187822A1 publication Critical patent/WO2018187822A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Definitions

  • This invention relates to the authentication of a user who wishes to make use of a password protected application such as a website, generally through the medium of the internet.
  • a typical website makes use of a user name and a password to keep track of each user. Normally an internet user is confronted with a registration process in order to interact with a target website. A practical reality is that an average website user is not particularly adept at choosing a strong password or at remembering a machine-generated password which, if strong, would likely consist of a lengthy string of unrelated characters.
  • a password manager is used to address, at least to some extent, the aforementioned situation.
  • a browser application can establish a password database which is automatically updated as users register passwords on websites and which is stored in the browser.
  • the password database can be maintained by a separate application that integrates with the browser.
  • a password manager stores passwords, possibly encrypted, at a suitable location but. if an attacker obtains access to the password database, the attacker could use the passwords or, if the passwords have been encrypted, have an unlimited time within which to crack an encryption key to the password database.
  • An industry-generated standard referred to as FIDO U2F defines a protocol that requires a user to present a token, such as a USB key, in addition to a chosen password, to access a website (say). When the token is presented to a reading device the user is required to perform a user action (e.g. touch a button) in order to authorise a transaction. In other words, user presence is required for the authentication process to be completed.
  • US2015/0199684 describes a secure, non-volatile, solid state memory data key which includes a USB port, a microprocessor and a secure memory for holding secure transaction information.
  • a biometric sensor is used to identify the person who is in physical possession of the data key before permitting access to the secure memory.
  • the microprocessor is configured to provide a chip-and-pin type security for online transactions, particularly at locations at which appropriate readers are not available.
  • Decryption of information in the memory is effected by means of logic resident in the microprocessor.
  • a large part of web browser functionality, relating to online transactions inside the data key, is embedded in the data key.
  • Security is provided by means of a password manager which allows a registered holder of the data key to create and change a password required to utilize the data key for a secure transaction.
  • the password manager may also include a password generator.
  • the data key may include the capability of registering the data key for operation with a specific user and with a specific mobile device that is also registered to the user. In one example of a transaction system implemented through the use of the data key a mobile device is required in addition to a host computer and a website.
  • the present invention is concerned with an approach to user authentication which employs a mobile token which requires very little computing resources and which is usable, in conjunction with an external password manager, to provide access to each of a plurality of individually addressable records each of which may contain a respective password.
  • Another object is to allow the token of the invention to be used with different host computers where a respective database is held on each computer.
  • the invention provides a token for user credential authentication which includes:
  • a port which provides a communication interface with an external device
  • a secure cryptographic calculation unit which provides a code, uniquely associated with the token, to the external device
  • non-volatile memory storage unit configured to store data selected from a plurality of individually addressable, optionally encrypted, records
  • a processor responsive to a signal from the external device, to retrieve data from the memory storage unit and to transfer the retrieved data via the port to the external device; and an approval mechanism, responsive to an authenticated user action, to allow user access to at least a part of the transferred data.
  • the memory unit may be configured to store data relating to a plurality of passwords. Preferably each password in the memory unit is stored in encrypted form.
  • the token may be physically engageable with the external device which, typically, is a computer. Such physical engagement, however, is not essential for communication between the external device and a communication module, which usually forms part of the processor in the token, may be achieved in any suitable way, for example through the use of a USB connection, through the use of Near Field Communication (NFC) techniques, using Bluetooth processes, or the like. The invention is not restricted in that regard.
  • NFC Near Field Communication
  • the approval mechanism may require a physical user action and, by way of example, may be a mechanical or touch switch. As the mechanism is responsive to a user action the function of the mechanism cannot be initiated by a machine-generated action i.e. user presence is required.
  • Use of the token may be dependent on the successful input, by the user, or from some other source, of a master password to the external device.
  • the token is therefore usable effectively in two modes in that it can be used in accordance with the FIDO U2F protocol and, secondly, in respect of those sites or applications which are not FIDO enabled but with a much improved level of security.
  • Each individually addressable record, in the memory storage unit may include a separate password protected area which can be protected by touch (for example) not only for reading but also for any updates or erasure. Thus an individual or a targeted password can be released to a user by means of a touch or an equivalent action.
  • the data in the token is not encrypted by means of the processor in the token. If encryption is required this is done on the external device which, typically, is a host computer. This approach reduces the cost of the token.
  • the mechanism which is responsive to an authenticated user action is thus used to control access to individual data records. Additionally, the mechanism, in that it is responsive to the detection of human presence, can perform universal second factor authentication (U2F).
  • U2F universal second factor authentication
  • the token of the invention offers minimum functionality. This is in contrast to the approach adopted in US2015/0199684 wherein a browser and other applications are embedded in the data key. The latter approach allows for a number of attack vectors since browsers are usually large applications that possibly contain vulnerabilities.
  • the unique code provided by the secure cryptographic calculation unit, allows for the token to be identified so that the token can be synchronized with a particular external device. This enables the data stored in the memory storage unit to be synchronized with the data held in the external device. Such synchronization can take place without reading all of the data contained in the records and without requiring the processor to perform encryption or decryption of the records.
  • FIG. 1 illustrates in block diagram form the use of a token according to the invention
  • Figure 2 is a schematic representation of a possible record structure within a database in the token
  • Figure 3 to Figure 8 are flowcharts which respectively depict different processes arising during the use of the token of the invention.
  • FIG. 1 of the accompanying drawings illustrates in block diagram form a token 10, according to the invention, which is placed in communication with a personal computer 12.
  • the token 10 includes a processor 14 with a communication interface 16, an approval mechanism 18, a security chip 20 with a unique serial number, a permanent memory storage unit 22 and a user approval device 24.
  • the communication interface 16 may be provided in the form of a USB connection which can be directly physically coupled to the computer 12. This however is only exemplary for other communication techniques such as Near Field Communication (NFC) processes, Bluetooth processes, or the like, can be employed.
  • NFC Near Field Communication
  • the approval mechanism 18 is adapted to verify a human input on the device 24.
  • the device 24 is a switch which is mechanically operated or which is sensitive to touch or the like.
  • the device 24 is such that it is not responsive to anything apart from a human input.
  • the mechanism 18 can confirm an input from the device 24 as originating from a human and notify the processor 14 thereof. If an input from the device 24 is not validated the processor 14 is not enabled.
  • the security chip 20 acts as a secure cryptographic calculation unit which is used to identify the token 10 to the computer 12.
  • a serial number of the chip is used as a file name for disk storage, in the computer 12, which is used for storage of a password database in the memory unit 22. This allows multiple tokens to be used on a single computer 12, and for a single token 10 to be used on multiple computers.
  • Each token's metadata records are synchronised to a file (database) that has the same name as the token's unique serial number.
  • the memory unit 22 is a permanent memory unit e.g. a flash device.
  • the computer 12 has an application programming interface 30 which embodies a corresponding API presented by the token 20.
  • the token 0 is capable of implementing the FIDO U2F protocol. Additionally, though, the token 10 implements a protective process for a password database in the memory unit 22, as is described hereinafter. [0029] A large number of records can be stored in the memory unit 22. Each record can be individually erased or updated. Figure 2 illustrates one possible structure of a record 32 in the memory unit 22. Each record 32 is associated with a unique password.
  • the record 32 includes a header 34 which is used to synchronize the token contents with a database which is stored in the computer 12.
  • the header 34 includes a record index, a content identifier which is a random number that is generated with every update to the record, and control flags which govern the use of the record (e.g. protected or not protected).
  • Such synchronization i.e. between the token and any one of a plurality of possible host computers, or, conversely, between a token selected from a plurality of available tokens and a single host computer 12, does not require all the records in the token to be transferred to the host computer, nor is the processor 14 required to perform an encryption or decryption function.
  • the record 32 also includes a password field 36 whcih is encrypted on the computer 12 and which contains the following sub-fields: a randomly generated number, a randomly generated initialization vector and a password string.
  • Metadata 38 encrypted on the computer 12, forms a part of the record 32 and contains the following sub-fields: a user name or identifier, a website URL, user defined notes, entry title, unique record identifier and a password record index made up of references to the database entries that contain the respective passwords.
  • the interface 30 makes it possible to perform a number of operations on the password database from an application program. Some of these operations are described hereinafter with reference, where applicable, to Figures 3 to 8.
  • a test record is decrypted to verify that the master password is correct.
  • the index of each record on the token is read and, if the index read matches the database record index, no action is taken and the index on the next record is read. If the index on the token differs from the database record then the corresponding metadata is read and saved to the database on the computer 12.
  • a new record 32 When the user registers on a new website or starts to use the token 10 for the first time a new record 32 must be created. As a first step the user enters information about the application and/or website to be accessed. The resulting metadata is sensitive in its own right and is encrypted by a process implemented on the computer 12 under the master password referred to under the heading "Database Creation”. [0040] If the user has not already chosen or generated a password, a password manager application generates a strong password which is made available to the user. If a new record 32 is to be created the password manager prompts the user to perform an action approval e.g. to touch the input device 24 so that human presence can be detected and notified via the approval mechanism 18 to the processor 4.
  • an action approval e.g. to touch the input device 24 so that human presence can be detected and notified via the approval mechanism 18 to the processor 4.
  • a Bulk Approval state is defined within the token 10. This state allows multiple operations to take place without requiring an approval action for each and every operation.
  • the token 10 is requested to do a Bulk Approval operation.
  • a bulk operation such as a universal delete or the making of a backup of the data in the memory module 22 is possible after the user executes specified operations on the device 24.
  • the user may be required to touch the input device 24 five times within a predetermined period of, say, five seconds. This prevents a Trojan or rogue program from reading the password from the token.
  • An examination of the flow diagram in Figure 4 shows that if the timer has expired and the actions (required for approval) have not been successfully input then the operation times out.
  • the application program prompts the user to do an approval action i.e. to use the input device 24 in the manner which has been defined;
  • the password manager application issues a read operation request to the token 10; and (5) if the record in question is protected the token 10 waits for the user to perform an approval action - again in accordance with a particular physical sequence of the kind referred to hereinbefore. If approval is not obtained no password is returned and the user is notified.
  • a protected record can only be deleted from the memory unit 22 if the user performs an approval action.
  • the sequence of steps in this regard is similar to that detailed under the heading "Bulk Approvals” - this is evident from a comparison of Figure 4 with Figure 6. This sequence of operations is therefore not further described.
  • Figure 7 depicts the general operation of the password database feature of the token. If a Bulk Approval exercise has been performed an operation such as a "read/write” or “delete” can be performed without further approval. If the record 32 in question is marked as a protected record in the flags in the field 34 ( Figure 2) the token waits for user approval to be obtained (in the manner already described) using the input device 24. If no user approval is forthcoming within a specific time period the operation fails.
  • a benefit of the token 10 lies in the fact that stored passwords are readable or writable only when the input device 24 is utilized. Typically a single touch on the device is used to release or update a password. Bulk operations are possible only after a predetermined sequence of operations is carried out e.g., as described the user must touch the device 24 a number times within a prescribed time period. [0048] It is also possible to protect access to the database in the token using an on- microprocessor test of the master password. In this instance the user has only a limited number of attempts to unlock the password database for first use. This is similar to the PIN protection afforded on a smart card device. In this mode the requirement for being able to read the database records is the presentation of a PIN and simultaneously obtaining approval by activating the input device 24.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

:A token for authenticating a user's credentials which includes a calculation unit which transmits a codeuniquely associated with the token to an externaldevice, a processor, responsive to a signalfrom theexternal device, which transfers retrieved data to the external device, and an approval mechanism,responsive to an authenticated user action, to allow user access to at least a part of the transferreddata.

Description

USER AUTHENTICATION FOR PASSWORD PROTECTED APPLICATION
USING A HARDWARE TOKEN
BACKGROUND OF THE INVENTION
[0001] This invention relates to the authentication of a user who wishes to make use of a password protected application such as a website, generally through the medium of the internet.
[0002] A typical website makes use of a user name and a password to keep track of each user. Normally an internet user is confronted with a registration process in order to interact with a target website. A practical reality is that an average website user is not particularly adept at choosing a strong password or at remembering a machine-generated password which, if strong, would likely consist of a lengthy string of unrelated characters.
[0003] A password manager is used to address, at least to some extent, the aforementioned situation. A browser application can establish a password database which is automatically updated as users register passwords on websites and which is stored in the browser. Alternatively the password database can be maintained by a separate application that integrates with the browser.
[0004] A password manager stores passwords, possibly encrypted, at a suitable location but. if an attacker obtains access to the password database, the attacker could use the passwords or, if the passwords have been encrypted, have an unlimited time within which to crack an encryption key to the password database. [0005] An industry-generated standard referred to as FIDO U2F defines a protocol that requires a user to present a token, such as a USB key, in addition to a chosen password, to access a website (say). When the token is presented to a reading device the user is required to perform a user action (e.g. touch a button) in order to authorise a transaction. In other words, user presence is required for the authentication process to be completed. Negatives are that the implementation of the protocol is reliant on the owner of the website, and on support from a browser, for the application programming interface of the FIDO standard. Consequently in respect of all websites where the FIDO protocol has not been implemented the aforementioned problems of password recall and protection remain. [0006] US2015/0199684 describes a secure, non-volatile, solid state memory data key which includes a USB port, a microprocessor and a secure memory for holding secure transaction information. A biometric sensor is used to identify the person who is in physical possession of the data key before permitting access to the secure memory. The microprocessor is configured to provide a chip-and-pin type security for online transactions, particularly at locations at which appropriate readers are not available. Decryption of information in the memory is effected by means of logic resident in the microprocessor. A large part of web browser functionality, relating to online transactions inside the data key, is embedded in the data key. Security is provided by means of a password manager which allows a registered holder of the data key to create and change a password required to utilize the data key for a secure transaction. The password manager may also include a password generator. The data key may include the capability of registering the data key for operation with a specific user and with a specific mobile device that is also registered to the user. In one example of a transaction system implemented through the use of the data key a mobile device is required in addition to a host computer and a website.
[0007] The present invention is concerned with an approach to user authentication which employs a mobile token which requires very little computing resources and which is usable, in conjunction with an external password manager, to provide access to each of a plurality of individually addressable records each of which may contain a respective password. Another object is to allow the token of the invention to be used with different host computers where a respective database is held on each computer.
SUMMARY OF THE INVENTION
[0008] The invention provides a token for user credential authentication which includes:
a port which provides a communication interface with an external device;
a secure cryptographic calculation unit which provides a code, uniquely associated with the token, to the external device;
a non-volatile memory storage unit configured to store data selected from a plurality of individually addressable, optionally encrypted, records;
a processor, responsive to a signal from the external device, to retrieve data from the memory storage unit and to transfer the retrieved data via the port to the external device; and an approval mechanism, responsive to an authenticated user action, to allow user access to at least a part of the transferred data.
[0009] The memory unit may be configured to store data relating to a plurality of passwords. Preferably each password in the memory unit is stored in encrypted form. [0010] The token may be physically engageable with the external device which, typically, is a computer. Such physical engagement, however, is not essential for communication between the external device and a communication module, which usually forms part of the processor in the token, may be achieved in any suitable way, for example through the use of a USB connection, through the use of Near Field Communication (NFC) techniques, using Bluetooth processes, or the like. The invention is not restricted in that regard.
[00 1] The approval mechanism may require a physical user action and, by way of example, may be a mechanical or touch switch. As the mechanism is responsive to a user action the function of the mechanism cannot be initiated by a machine-generated action i.e. user presence is required.
[0012] Use of the token, at least in part, may be dependent on the successful input, by the user, or from some other source, of a master password to the external device.
[00 3] Due to the nature of the token it is usable as a security key in that it is compliant with the FIDO U2F protocol.
[0014] The token is therefore usable effectively in two modes in that it can be used in accordance with the FIDO U2F protocol and, secondly, in respect of those sites or applications which are not FIDO enabled but with a much improved level of security.
[0015] Each individually addressable record, in the memory storage unit, may include a separate password protected area which can be protected by touch (for example) not only for reading but also for any updates or erasure. Thus an individual or a targeted password can be released to a user by means of a touch or an equivalent action. [0016] The data in the token is not encrypted by means of the processor in the token. If encryption is required this is done on the external device which, typically, is a host computer. This approach reduces the cost of the token.
[0017] The mechanism which is responsive to an authenticated user action is thus used to control access to individual data records. Additionally, the mechanism, in that it is responsive to the detection of human presence, can perform universal second factor authentication (U2F).
[0018] The token of the invention offers minimum functionality. This is in contrast to the approach adopted in US2015/0199684 wherein a browser and other applications are embedded in the data key. The latter approach allows for a number of attack vectors since browsers are usually large applications that possibly contain vulnerabilities.
[0019] The unique code, provided by the secure cryptographic calculation unit, allows for the token to be identified so that the token can be synchronized with a particular external device. This enables the data stored in the memory storage unit to be synchronized with the data held in the external device. Such synchronization can take place without reading all of the data contained in the records and without requiring the processor to perform encryption or decryption of the records.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] The invention is further described by way of example with reference to the accompanying drawings in which .
Figure 1 illustrates in block diagram form the use of a token according to the invention,
Figure 2 is a schematic representation of a possible record structure within a database in the token, and Figure 3 to Figure 8 are flowcharts which respectively depict different processes arising during the use of the token of the invention.
DESCRIPTION OF PREFERRED EMBODIMENT
[0021] Figure 1 of the accompanying drawings illustrates in block diagram form a token 10, according to the invention, which is placed in communication with a personal computer 12.
[0022] The token 10 includes a processor 14 with a communication interface 16, an approval mechanism 18, a security chip 20 with a unique serial number, a permanent memory storage unit 22 and a user approval device 24.
[0023] The communication interface 16 may be provided in the form of a USB connection which can be directly physically coupled to the computer 12. This however is only exemplary for other communication techniques such as Near Field Communication (NFC) processes, Bluetooth processes, or the like, can be employed.
[0024] The approval mechanism 18 is adapted to verify a human input on the device 24. Typically the device 24 is a switch which is mechanically operated or which is sensitive to touch or the like. The device 24 is such that it is not responsive to anything apart from a human input. The mechanism 18 can confirm an input from the device 24 as originating from a human and notify the processor 14 thereof. If an input from the device 24 is not validated the processor 14 is not enabled.
[0025] The security chip 20 acts as a secure cryptographic calculation unit which is used to identify the token 10 to the computer 12. A serial number of the chip is used as a file name for disk storage, in the computer 12, which is used for storage of a password database in the memory unit 22. This allows multiple tokens to be used on a single computer 12, and for a single token 10 to be used on multiple computers. Each token's metadata records are synchronised to a file (database) that has the same name as the token's unique serial number.
[0026] The memory unit 22 is a permanent memory unit e.g. a flash device. [0027] The computer 12 has an application programming interface 30 which embodies a corresponding API presented by the token 20.
[0028] The token 0 is capable of implementing the FIDO U2F protocol. Additionally, though, the token 10 implements a protective process for a password database in the memory unit 22, as is described hereinafter. [0029] A large number of records can be stored in the memory unit 22. Each record can be individually erased or updated. Figure 2 illustrates one possible structure of a record 32 in the memory unit 22. Each record 32 is associated with a unique password.
[0030] The record 32 includes a header 34 which is used to synchronize the token contents with a database which is stored in the computer 12. The header 34 includes a record index, a content identifier which is a random number that is generated with every update to the record, and control flags which govern the use of the record (e.g. protected or not protected).
[0031] Such synchronization, i.e. between the token and any one of a plurality of possible host computers, or, conversely, between a token selected from a plurality of available tokens and a single host computer 12, does not require all the records in the token to be transferred to the host computer, nor is the processor 14 required to perform an encryption or decryption function. [0032] The record 32 also includes a password field 36 whcih is encrypted on the computer 12 and which contains the following sub-fields: a randomly generated number, a randomly generated initialization vector and a password string.
[0033] Metadata 38, encrypted on the computer 12, forms a part of the record 32 and contains the following sub-fields: a user name or identifier, a website URL, user defined notes, entry title, unique record identifier and a password record index made up of references to the database entries that contain the respective passwords.
[0034] The interface 30 makes it possible to perform a number of operations on the password database from an application program. Some of these operations are described hereinafter with reference, where applicable, to Figures 3 to 8.
DATABASE CREATION
[0035] To create a password database the application program executes the following steps:
(1 ) A serial number request is sent to the token 0.
(2) The serial number of the chip 20, in the token, is used in the application program as the name of the database file.
(3) If the database exists already then the database is synchronized with the token 10, as is described hereinafter. However if the database does not yet exist the user chooses a master password that is used to encrypt the data in the file. This master password is used to encrypt the metadata entries, and the password entries, into the database. DATABASE SYNCHRONIZATION
[0036] The synchronization process referred to under the heading "Database Creation" proceeds as follows:
(1) A test record is decrypted to verify that the master password is correct.
(2) If the decryption of the test record is unsuccessful then the user is prevented from using the token and no further action is taken.
(3) If the decryption is successful then the index of each record on the token is read and, if the index read matches the database record index, no action is taken and the index on the next record is read. If the index on the token differs from the database record then the corresponding metadata is read and saved to the database on the computer 12.
[0037] To enhance the security of use of the token 10 the reading of any further record 32 from the token is inhibited unless the computer 12 can signal the token 10 that the last record was successfully decrypted.
[0038] To a substantial extent the sequences which are set out in Figures 3 to 8 are self- explanatory and further detailed descriptions are thus unnecessary.
CREATING A NEW DATABASE RECORD - FIGURE 3
[0039] When the user registers on a new website or starts to use the token 10 for the first time a new record 32 must be created. As a first step the user enters information about the application and/or website to be accessed. The resulting metadata is sensitive in its own right and is encrypted by a process implemented on the computer 12 under the master password referred to under the heading "Database Creation". [0040] If the user has not already chosen or generated a password, a password manager application generates a strong password which is made available to the user. If a new record 32 is to be created the password manager prompts the user to perform an action approval e.g. to touch the input device 24 so that human presence can be detected and notified via the approval mechanism 18 to the processor 4.
BULK OPERATIONS AND BULK APPROVALS - FIGURE 4
[0041] A Bulk Approval state is defined within the token 10. This state allows multiple operations to take place without requiring an approval action for each and every operation.
[0042] When the user chooses a bulk operation in the application the token 10 is requested to do a Bulk Approval operation. Typically a bulk operation such as a universal delete or the making of a backup of the data in the memory module 22 is possible after the user executes specified operations on the device 24. For example the user may be required to touch the input device 24 five times within a predetermined period of, say, five seconds. This prevents a Trojan or rogue program from reading the password from the token. An examination of the flow diagram in Figure 4 shows that if the timer has expired and the actions (required for approval) have not been successfully input then the operation times out. If the Bulk Approval operation is successful then a variable factor is set inside the token and remains effective until the token 10 is removed from the computer 12, or power is removed from the computer 12, or the operation is cancelled by a software command from the computer via the application programming interface 30. An alternative approach would be to reset an internal flag if no further activity has occurred within a certain period of time. TYPICAL USAGE - FIGURE 5
[0043] In use of a password manager a user typically goes through the following steps:
(1 ) selecting the relevant record 32 based on the metadata;
(2) activating a log-in action by executing specific physical functions e.g. by double clicking on the password field or on the copy button, or by pressing a particular key sequence;
(3) if the record is protected the application program prompts the user to do an approval action i.e. to use the input device 24 in the manner which has been defined;
(4) once the user has instructed the password manager application to retrieve a password, the password manager application issues a read operation request to the token 10; and (5) if the record in question is protected the token 10 waits for the user to perform an approval action - again in accordance with a particular physical sequence of the kind referred to hereinbefore. If approval is not obtained no password is returned and the user is notified.
RECORD DELETE OPERATION - FIGURE 6
[0044] A protected record can only be deleted from the memory unit 22 if the user performs an approval action. The sequence of steps in this regard is similar to that detailed under the heading "Bulk Approvals" - this is evident from a comparison of Figure 4 with Figure 6. This sequence of operations is therefore not further described.
PASSWORD DATABASE ACCESS ON TOKEN - FIGURE 7
[0045] Figure 7 depicts the general operation of the password database feature of the token. If a Bulk Approval exercise has been performed an operation such as a "read/write" or "delete" can be performed without further approval. If the record 32 in question is marked as a protected record in the flags in the field 34 (Figure 2) the token waits for user approval to be obtained (in the manner already described) using the input device 24. If no user approval is forthcoming within a specific time period the operation fails.
POWER ON RESET - FIGURE 8
[0046] At "power on" a bulk operation flag is reset. [0047] A benefit of the token 10 lies in the fact that stored passwords are readable or writable only when the input device 24 is utilized. Typically a single touch on the device is used to release or update a password. Bulk operations are possible only after a predetermined sequence of operations is carried out e.g., as described the user must touch the device 24 a number times within a prescribed time period. [0048] It is also possible to protect access to the database in the token using an on- microprocessor test of the master password. In this instance the user has only a limited number of attempts to unlock the password database for first use. This is similar to the PIN protection afforded on a smart card device. In this mode the requirement for being able to read the database records is the presentation of a PIN and simultaneously obtaining approval by activating the input device 24.

Claims

1 . A token for user credential authentication which includes:
a port which provides a communication interface with an external device;
a secure cryptographic calculation unit which provides a code, uniquely associated with the token, to the external device;
a non-volatile memory storage unit configured to store data selected from a plurality of individually addressable, optionally encrypted, records;
a processor, responsive to a signal from the external device, to retrieve data from the memory storage unit and to transfer the retrieved data via the port to the external device; and
an approval mechanism, responsive to an authenticated user action, to allow user access to at least a part of the transferred data.
2. A token according to claim 1 which is physically engageable with the external device.
3. A token according to claim 1 wherein each record is indexed so that it can be individually addressed and synchronized between applications without requiring access to its decrypted content.
4. A token according to claim 1 wherein access to each record is controlled by the approval mechanism.
5. A token according to claim 1 wherein the port provides the communication interface to the external device via a USB connection or a wireless interface.
6. A token according to claim 1 wherein the data, stored in the memory storage unit, is encrypted in the external device using, at least, a master password.
7. A token according to claim 1 wherein the approval mechanism is configured to be responsive to a plurality of successive authenticated user actions to allow user access to a plurality of records in the memory storage unit.
8. A token according to claim 1 wherein the approval mechanism is responsive to user touch on an input device at least once within a prescribed time period.
PCT/ZA2018/050016 2017-04-03 2018-04-03 User authentication for password protected application using a hardware token Ceased WO2018187822A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
ZA2017/02326 2017-04-03
ZA201702326 2017-04-03
ZA201708730 2017-12-21
ZA2017/08730 2017-12-21

Publications (1)

Publication Number Publication Date
WO2018187822A1 true WO2018187822A1 (en) 2018-10-11

Family

ID=62683519

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2018/050016 Ceased WO2018187822A1 (en) 2017-04-03 2018-04-03 User authentication for password protected application using a hardware token

Country Status (1)

Country Link
WO (1) WO2018187822A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2829307C1 (en) * 2024-04-16 2024-10-30 АО "Актив-софт" Method of registering security events in token

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
US20120066507A1 (en) * 2007-07-12 2012-03-15 Jobmann Brian C Identity authentication and secured access systems, components, and methods
US20150199684A1 (en) 2014-01-13 2015-07-16 uQontrol, Inc. Data storage key for secure online transactions

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
US20120066507A1 (en) * 2007-07-12 2012-03-15 Jobmann Brian C Identity authentication and secured access systems, components, and methods
US20150199684A1 (en) 2014-01-13 2015-07-16 uQontrol, Inc. Data storage key for secure online transactions

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2829307C1 (en) * 2024-04-16 2024-10-30 АО "Актив-софт" Method of registering security events in token

Similar Documents

Publication Publication Date Title
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
US8572392B2 (en) Access authentication method, information processing unit, and computer product
US20190050598A1 (en) Secure data storage
US8447990B2 (en) Password encryption key
US7743409B2 (en) Methods used in a mass storage device with automated credentials loading
EP1576762B1 (en) System and method for securing portable data
JP4118092B2 (en) Storage device and information processing device
EP1920380B1 (en) Mass storage device with automated credentials loading
JP2002373029A (en) How to prevent unauthorized copying of software using IC tags
JP2016520230A (en) Secure approval system and method
KR20080078820A (en) Device that provides a safe working environment and uses a virtual interface
TW201415280A (en) A method and service for securing a system networked to a cloud computing environment from malicious code attacks
CN113574828A (en) Security chip, security processing method and related equipment
BR112015015256B1 (en) Method and apparatus for managing access code
KR20150135393A (en) Secure automatic authorized access to any application through a third party
JP4724107B2 (en) User authentication method using removable device and computer
US10754979B2 (en) Information management terminal device
JP2021150681A (en) Information processing system, information processing program and information processing method
WO2021009501A1 (en) Blockchain wallet
CN108734014A (en) Cryptographic data authentication method and apparatus, code data guard method and device
US20210192023A1 (en) Authenticating an entity
WO2018187822A1 (en) User authentication for password protected application using a hardware token
JP2000029792A (en) Confidential information storage device
CN105359453A (en) Anonymous server based user settings protection
GB2574024A (en) Authenticating an entity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18732626

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18732626

Country of ref document: EP

Kind code of ref document: A1