US20100186070A1 - System, device and method for secure provision of key credential information - Google Patents
System, device and method for secure provision of key credential informationDownload PDFInfo
- Publication number
- US20100186070A1 US20100186070A1US12/321,519US32151909AUS2010186070A1US 20100186070 A1US20100186070 A1US 20100186070A1US 32151909 AUS32151909 AUS 32151909AUS 2010186070 A1US2010186070 A1US 2010186070A1
- Authority
- US
- United States
- Prior art keywords
- credential information
- secure
- key credential
- provision
- logic circuitry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Definitions
- the present inventionrelates to computer networking, and more particularly to a system for secure provision of key credential information to a server via an un-trusted computer.
- identity theftcan occur entirely within the confines of a corporate network or a university network wherein a dishonest individual uses a transaction within the network to steal PINs enabling access to confidential information.
- keystroke loggerto log individual keystrokes for extracting personal information.
- the keystroke loggeris, for example, software installed on a computer without the user's knowledge and its operation is invisible to the user.
- the keystroke logger in the form of softwareis, for example, distributed and installed remotely—for example, in the form of malware—and transmits the key logs to a remote computer in an invisible fashion.
- Numerous anti-virus programsfight known malicious software programs and try to keep up with the proliferation of new malicious software programs.
- one object of the present inventionis to provide a system for secure provision of key credential information to a server via an un-trusted computer.
- Another object of the present inventionis to provide a system for secure provision of key credential information that is easily installed in an existing computer system.
- a system for secure provision of key credential informationcomprises secure logic circuitry for being disposed in a host computer.
- the secure logic circuitrydetects a message received from a remote computer connected to the host computer which is indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer.
- the systemfurther comprises a secure user interface connected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry.
- a method for secure provision of key credential informationUsing a secure logic circuitry disposed in a host computer, a message received from a remote computer connected to the host computer which is indicative of a request for provision of the key credential information is detected. Using the secure logic circuitry, a message prompting a user for providing the key credential information is generated. Using a secure user interface connected to the secure logic circuitry, the key credential information is received from the user and provided to the secure logic circuitry. Using the secure logic circuitry, the key credential information is provided to the remote computer absent processing using circuitry of the host computer.
- the advantage of the present inventionis that it provides a system for secure provision of key credential information to a server via an un-trusted computer.
- a further advantage of the present inventionis that it provides a system for secure provision of key credential information that is easily installed in an existing computer system.
- FIGS. 1A and 1Bare simplified block diagrams of a system for secure provision of key credential information according to a preferred embodiment of the present invention.
- FIG. 2is a simplified flow diagram of a method for secure provision of key credential information according to a preferred embodiment of the present invention.
- a system for secure provision of key credential information 100is provided.
- a user's Personal Computer (PC) or workstation 102is connected via a communication network 114 such as, for example, the Internet, to a remote computer 116 , for example, a server of an Internet based booking center or vendor.
- computerssuch as PCs and workstations communicate with the communication network 114 via a Network Interface Card (NIC) 118 which is connected to a motherboard 110 comprising a Central Processing Unit (CPU) 106 via an internal bus system.
- NICNetwork Interface Card
- CPUCentral Processing Unit
- the usertypically interacts with the computer 102 using key board 112 for providing information and commands to the CPU 106 and monitor 104 for visually receiving information, for example, in a graphical fashion.
- the system for secure provision of key credential information 100enables a user to communicate key credential information to the server 116 such that a malware having, for example, a surreptitious key logger capability, resident in the computer's CPU 106 or motherboard 110 is not able to see the provided key credential information.
- the system for secure provision of key credential information 100preferably comprises a NIC 118 having secure logic circuitry 120 connected to ports 130 , 132 , and 134 .
- the ports 132 and 134are connected to the communication network 114 and the internal bus system of the computer 102 , respectively.
- the secure logic circuitry 120comprises, for example, a processor 136 and memory 138 having executable commands stored therein for execution on the processor 136 .
- the secure logic circuitry 120scans messages received from the server 116 for detecting a message which is indicative of a request for provision of the key credential information.
- the serverthen sends a request for credentials message to the computer 102 .
- the CPU 106 of the computer 102sends a HTTP GET message to the server 116 specifying a server resource and the server 116 replies with a HTTP 401 Authorization Required message with an embedded realm-title such as “Some-Service Login” to alert the user to exactly which set of key credentials are required for the requested resource.
- a HTTP 401 Authorization Required messagewith an embedded realm-title such as “Some-Service Login” to alert the user to exactly which set of key credentials are required for the requested resource.
- the secure user interfacecomprises, for example, a secure keyboard 126 for receiving the key credential information from the user and a secure display 124 for displaying a message for prompting the user for provision of the key credential information.
- the secure user interfacecomprises a touch screen.
- the secure user interfaceis deployed, for example, as a peripheral device connected to the port 130 via cable 122 .
- wireless communicationis enabled between the secure logic circuitry 120 and the secure user interface 124 , 126 using, for example, RF or infrared signal transmission techniques.
- the secure logic circuitry 120scans for messages coming from remote port 80 that contains the HTTP 401 message.
- a dedicated internet protocolis used to handle credentials for more general services or the secure logic circuitry 120 scans for authentication for each type of internet protocol, e.g. POP on port 110 .
- the secure logic circuitry 120generates a message for prompting the user for provision of the key credential information which is then transmitted to the secure display 124 for alerting the user.
- an audio alertis generated using, for example, a loudspeaker disposed in the secure user interface.
- the secure displayshows the embedded realm title such as “Some-Service Login”.
- the secure logic circuitryinterrupts communication between the keyboard and the motherboard, for example, simultaneously when the message for prompting the user for provision of the key credential information is displayed.
- keyboard 126can be enhanced with a second non-secured keyboard-to-PC connection link (not shown) that can transmit keystrokes from the enhanced keyboard 126 to the PC motherboard 110 in a non-secure mode, this optional enhanced keyboard 126 additionally having a user-activatable switch 128 that, when activated, temporarily blocks future transmission via the second non-secured keyboard-to-PC connection link to halt any typed keystrokes provided from the keyboard from reaching the motherboard 110 , and when activated, additionally temporarily allowing future transmission of data from the enhanced keyboard 126 to the NIC 118 via cable 122 or such other manner known to a person skilled in the art.
- the userenters the required key credential information which is then sent to the secure logic circuitry 120 via cable 122 .
- the secure logic circuitry 120Upon receipt, the secure logic circuitry 120 provides the key credential information to the remote computer 116 absent processing using the motherboard 110 , for example, by generating a reply message with the key credential information contained therein.
- the secure logic circuitry 120additionally keeps track of outgoing HTTP GET requests, because within the HTTP protocol, an authorization message is supplied by retrying the originals HTTP GET request with an additional Authorization field added that contains the key credential information.
- the HTTP protocoldefines a low security Basic mode, where the key credential information is transmitted over the network using a base-64 transfer encoding.
- HTTPalso includes a Digest based authentication mechanism, whereby the HTTP 401 message also contains a one-time unique server supplied “salt” value.
- the authentication replyis a specified hash computation of the user key credential information and the “salt” value, for which the server evaluates the correctness.
- a network based eavesdropperis not able to recover the key credential information.
- the secure logic circuitry 120is adaptable to perform these various encoding techniques in a straightforward manner.
- the system for secure provision of key credential information 100is easily installed, for example, in the form of a NIC, into an existing insertion slot of a computer such as a PC or workstation with the secure user interface being connected thereto, allowing retrofitting of existing computer systems in a simple fashion.
- FIG. 2a simplified flow diagram of a method for secure provision of key credential information according to a preferred embodiment of the invention is provided.
- the methodis implemented using the system 100 described above.
- messages received from the remote computer 116are scanned for detecting— 12 —a message received from the remote computer 116 which is indicative of a request for provision of key credential information.
- the secure logic circuitryUpon detection of the message, the secure logic circuitry generates a message prompting a user for providing the key credential information— 14 .
- the secure logic circuitryinterrupts— 16 —communication between circuitry 110 of the host computer 102 and the remote computer 116 to increase security.
- transmission of keystroke signals to the circuitry 110 of the host computer 102 from a keyboard 112 connected to the host computer 102is interrupted.
- the interruptionis performed, for example, when a same keyboard connected to the motherboard 110 and to the secure logic circuitry 120 is used. For example, the user presses a toggle switch disposed on the keyboard prior provision of the key credential information.
- the interruptionis performed automatically, using the secure logic circuitry 120 .
- the interruptionis also performed when two separate keyboards or a touch screen are employed to prevent accidental use of the keyboard connected to the motherboard 110 for provision of the key credential information by the user.
- the secure logic circuitrygenerates display data for displaying the message prompting the user which is then displayed— 22 —using the secure display 124 .
- the key credential informationis received from the user and provided to the secure logic circuitry 120 , at 24 .
- the key credential informationis encoded— 26 —using one of various available encoding techniques for providing the key credential information in an obfuscated fashion.
- the secure logic circuitry 120then sends— 28 —the key credential information to the remote computer 116 absent processing using circuitry 110 of the host computer 102 .
- the NIC of the present inventionwould not incorporate or utilize a conventional packet sniffer function that would capture the secure credential packets being transmitted therethrough (to mitigate the risk that malware could locate and acquire such data from the NIC).
- an NIC of the present inventionmay be provided which is physically separate from, and connectable to the laptop by way of, for example, a USB port or other interface on the laptop, in a manner known to a person skilled in art (network access to and from laptop thereafter being provided by way of the NIC of the present invention).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
- 1. Field of the Invention
- The present invention relates to computer networking, and more particularly to a system for secure provision of key credential information to a server via an un-trusted computer.
- 2. Brief Description of the Related Art
- Commerce over the Internet has become very popular. Such commerce takes many forms, from purchasing merchandise from online vendors to conducting online banking and stock trading. Common to all such transactions is the need to transmit private secure information. Typically, the transactions are carried out using secure encrypted connections. However, there are still opportunities to capture the private information that is used during online transactions, for example, to obtain passwords, Personal Identification Numbers (PIN), social security numbers, driver's license numbers and account numbers, to name a few. Illegal procurement of such information and using the same in a fraudulent manner is commonly referred to as identity theft.
- While the Internet is by far the largest and most pervasive computer network, the problem of identity theft occurs in other networks as well. For example, identity theft can occur entirely within the confines of a corporate network or a university network wherein a dishonest individual uses a transaction within the network to steal PINs enabling access to confidential information.
- Many of the current security mechanisms assume that a user's computer and its keyboard are secure, which is incorrect. One form of conducting online identity theft is to use a keystroke logger to log individual keystrokes for extracting personal information. The keystroke logger is, for example, software installed on a computer without the user's knowledge and its operation is invisible to the user. The keystroke logger in the form of software is, for example, distributed and installed remotely—for example, in the form of malware—and transmits the key logs to a remote computer in an invisible fashion. Numerous anti-virus programs fight known malicious software programs and try to keep up with the proliferation of new malicious software programs.
- It is desirable to provide a system for secure provision of key credential information to a server via an un-trusted computer.
- It is also desirable to provide a system for secure provision of key credential information that is easily installed in an existing computer system.
- Accordingly, one object of the present invention is to provide a system for secure provision of key credential information to a server via an un-trusted computer.
- Another object of the present invention is to provide a system for secure provision of key credential information that is easily installed in an existing computer system.
- According to one aspect of the present invention, there is provided a system for secure provision of key credential information. The system comprises secure logic circuitry for being disposed in a host computer. The secure logic circuitry detects a message received from a remote computer connected to the host computer which is indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer. The system further comprises a secure user interface connected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry.
- According to another aspect of the present invention, there is further provided a method for secure provision of key credential information. Using a secure logic circuitry disposed in a host computer, a message received from a remote computer connected to the host computer which is indicative of a request for provision of the key credential information is detected. Using the secure logic circuitry, a message prompting a user for providing the key credential information is generated. Using a secure user interface connected to the secure logic circuitry, the key credential information is received from the user and provided to the secure logic circuitry. Using the secure logic circuitry, the key credential information is provided to the remote computer absent processing using circuitry of the host computer.
- The advantage of the present invention is that it provides a system for secure provision of key credential information to a server via an un-trusted computer.
- A further advantage of the present invention is that it provides a system for secure provision of key credential information that is easily installed in an existing computer system.
- A preferred embodiment of the present invention is described below with reference to the accompanying drawings, in which:
FIGS. 1A and 1B are simplified block diagrams of a system for secure provision of key credential information according to a preferred embodiment of the present invention; and,FIG. 2 is a simplified flow diagram of a method for secure provision of key credential information according to a preferred embodiment of the present invention.- Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention belongs. Although any methods and materials similar or equivalent to those described herein can be used in the practice or testing of the present invention, the preferred methods and materials are now described.
- While the description of the preferred embodiments herein below is with reference to an Internet connection for sake of simplicity, it will become evident to those skilled in the art that the embodiments of the invention are not limited thereto, but are also applicable for use with various other networks such as, for example, corporate networks or university networks.
- Referring to
FIGS. 1A and 1B , a system for secure provision ofkey credential information 100 according to a preferred embodiment of the invention is provided. A user's Personal Computer (PC) orworkstation 102 is connected via acommunication network 114 such as, for example, the Internet, to aremote computer 116, for example, a server of an Internet based booking center or vendor. Typically, computers such as PCs and workstations communicate with thecommunication network 114 via a Network Interface Card (NIC)118 which is connected to amotherboard 110 comprising a Central Processing Unit (CPU)106 via an internal bus system. The user typically interacts with thecomputer 102 usingkey board 112 for providing information and commands to theCPU 106 and monitor104 for visually receiving information, for example, in a graphical fashion. - The system for secure provision of
key credential information 100 enables a user to communicate key credential information to theserver 116 such that a malware having, for example, a surreptitious key logger capability, resident in the computer'sCPU 106 ormotherboard 110 is not able to see the provided key credential information. - The system for secure provision of
key credential information 100 preferably comprises aNIC 118 havingsecure logic circuitry 120 connected toports ports communication network 114 and the internal bus system of thecomputer 102, respectively. Thesecure logic circuitry 120 comprises, for example, aprocessor 136 andmemory 138 having executable commands stored therein for execution on theprocessor 136. Thesecure logic circuitry 120 scans messages received from theserver 116 for detecting a message which is indicative of a request for provision of the key credential information. Typically, when a user attempts to invoke a service on a remote network resource, the server then sends a request for credentials message to thecomputer 102. For example, in conventional web browsing operations theCPU 106 of thecomputer 102 sends a HTTP GET message to theserver 116 specifying a server resource and theserver 116 replies with a HTTP401 Authorization Required message with an embedded realm-title such as “Some-Service Login” to alert the user to exactly which set of key credentials are required for the requested resource. - When the
secure logic circuitry 120 encounters a “request for key credentials” message the request is not passed to thecomputer motherboard 110—as is using conventional technology—but instead is passed to asecure user interface secure logic circuitry 120 via theport 130. The secure user interface comprises, for example, asecure keyboard 126 for receiving the key credential information from the user and asecure display 124 for displaying a message for prompting the user for provision of the key credential information. Alternatively, the secure user interface comprises a touch screen. The secure user interface is deployed, for example, as a peripheral device connected to theport 130 viacable 122. Alternatively, wireless communication is enabled between thesecure logic circuitry 120 and thesecure user interface secure logic circuitry 120 scans for messages coming from remote port80 that contains the HTTP401 message. More generally, a dedicated internet protocol is used to handle credentials for more general services or thesecure logic circuitry 120 scans for authentication for each type of internet protocol, e.g. POP onport 110. Thesecure logic circuitry 120 generates a message for prompting the user for provision of the key credential information which is then transmitted to thesecure display 124 for alerting the user. Optionally, an audio alert is generated using, for example, a loudspeaker disposed in the secure user interface. For example, for a common web browsing situation, the secure display shows the embedded realm title such as “Some-Service Login”. - Optionally, the secure logic circuitry interrupts communication between the keyboard and the motherboard, for example, simultaneously when the message for prompting the user for provision of the key credential information is displayed.
- Optionally,
keyboard 126 can be enhanced with a second non-secured keyboard-to-PC connection link (not shown) that can transmit keystrokes from theenhanced keyboard 126 to thePC motherboard 110 in a non-secure mode, this optional enhancedkeyboard 126 additionally having a user-activatable switch 128 that, when activated, temporarily blocks future transmission via the second non-secured keyboard-to-PC connection link to halt any typed keystrokes provided from the keyboard from reaching themotherboard 110, and when activated, additionally temporarily allowing future transmission of data from theenhanced keyboard 126 to theNIC 118 viacable 122 or such other manner known to a person skilled in the art. This eliminates the requirement for the PC user to have separate secure and non-secure keyboards. - The user enters the required key credential information which is then sent to the
secure logic circuitry 120 viacable 122. Upon receipt, thesecure logic circuitry 120 provides the key credential information to theremote computer 116 absent processing using themotherboard 110, for example, by generating a reply message with the key credential information contained therein. Once the key credential information has been received, conventional communication and operation proceeds. For the common web browsing situation thesecure logic circuitry 120 additionally keeps track of outgoing HTTP GET requests, because within the HTTP protocol, an authorization message is supplied by retrying the originals HTTP GET request with an additional Authorization field added that contains the key credential information. - As is evident, there are numerous variants for coding the key credential information. For example, the HTTP protocol defines a low security Basic mode, where the key credential information is transmitted over the network using a base-64 transfer encoding. HTTP also includes a Digest based authentication mechanism, whereby the HTTP401 message also contains a one-time unique server supplied “salt” value. In this authentication technique, the authentication reply is a specified hash computation of the user key credential information and the “salt” value, for which the server evaluates the correctness. Using this technique, a network based eavesdropper is not able to recover the key credential information. Of course, there are numerous other methods for encoding the key credential information using various encryption techniques. The
secure logic circuitry 120 is adaptable to perform these various encoding techniques in a straightforward manner. - The system for secure provision of
key credential information 100 is easily installed, for example, in the form of a NIC, into an existing insertion slot of a computer such as a PC or workstation with the secure user interface being connected thereto, allowing retrofitting of existing computer systems in a simple fashion. - Referring to
FIG. 2 , a simplified flow diagram of a method for secure provision of key credential information according to a preferred embodiment of the invention is provided. The method is implemented using thesystem 100 described above. At10, using thesecure logic circuitry 120 disposed in thehost computer 102 messages received from theremote computer 116 are scanned for detecting—12—a message received from theremote computer 116 which is indicative of a request for provision of key credential information. Upon detection of the message, the secure logic circuitry generates a message prompting a user for providing the key credential information—14. Optionally, the secure logic circuitry interrupts—16—communication betweencircuitry 110 of thehost computer 102 and theremote computer 116 to increase security. At18, transmission of keystroke signals to thecircuitry 110 of thehost computer 102 from akeyboard 112 connected to thehost computer 102 is interrupted. The interruption is performed, for example, when a same keyboard connected to themotherboard 110 and to thesecure logic circuitry 120 is used. For example, the user presses a toggle switch disposed on the keyboard prior provision of the key credential information. Alternatively, the interruption is performed automatically, using thesecure logic circuitry 120. Optionally, the interruption is also performed when two separate keyboards or a touch screen are employed to prevent accidental use of the keyboard connected to themotherboard 110 for provision of the key credential information by the user. - At20, the secure logic circuitry generates display data for displaying the message prompting the user which is then displayed—22—using the
secure display 124. Using the secure user interface connected to thesecure logic circuitry 120, the key credential information is received from the user and provided to thesecure logic circuitry 120, at24. Using thesecure logic circuitry 120, the key credential information is encoded—26—using one of various available encoding techniques for providing the key credential information in an obfuscated fashion. Thesecure logic circuitry 120 then sends—28—the key credential information to theremote computer 116 absentprocessing using circuitry 110 of thehost computer 102. - After provision of the key credential information to the
remote computer 116 communication between thecircuitry 110 of thehost computer 102 and theremote computer 116 is enabled—30—as well as transmission of keystroke signals from the keyboard to thecircuitry 110 of thehost computer 102, at32. - It is understood that in the preferred embodiment of the present invention, the NIC of the present invention would not incorporate or utilize a conventional packet sniffer function that would capture the secure credential packets being transmitted therethrough (to mitigate the risk that malware could locate and acquire such data from the NIC).
- It is also understood that, in the case of a laptop computer, an NIC of the present invention may be provided which is physically separate from, and connectable to the laptop by way of, for example, a USB port or other interface on the laptop, in a manner known to a person skilled in art (network access to and from laptop thereafter being provided by way of the NIC of the present invention).
- The present invention has been described herein with regard to preferred embodiments. However, it will be obvious to persons skilled in the art that a number of variations and modifications can be made without departing from the scope of the invention as described herein.
Claims (13)
1. A system for secure provision of key credential information comprising:
secure logic circuitry for being disposed in a host computer, the secure logic circuitry for:
detecting a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information;
generating a message for prompting a user for provision of the key credential information receiving the key credential information; and,
providing the key credential information to the remote computer absent processing using circuitry of the host computer; and,
a secure user interface connected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry.
2. A system for secure provision of key credential information as defined inclaim 1 wherein the secure user interface comprises:
a secure display for displaying the message for prompting the user for provision of the key credential information; and,
a secure keyboard for providing the key credential information.
3. A system for secure provision of key credential information as defined inclaim 1 wherein the secure logic circuitry is placed on a network interface card.
4. A system for secure provision of key credential information as defined inclaim 3 wherein the secure user interface is provided as a peripheral device connected to the network interface card.
5. A system for secure provision of key credential information as defined inclaim 1 wherein the secure logic circuitry comprises a processor and memory, the memory having executable commands stored therein for execution on the processor.
6. A method for secure provision of key credential information comprising:
using a secure logic circuitry disposed in a host computer, detecting a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information;
using the secure logic circuitry, generating a message prompting a user for providing the key credential information;
using a secure user interface connected to the secure logic circuitry, receiving the key credential information from the user and providing the same to the secure logic circuitry;
using the secure logic circuitry, providing the key credential information to the remote computer absent processing using circuitry of the host computer.
7. A method for secure provision of key credential information as defined inclaim 6 comprising:
using the secure logic circuitry, generating display data for displaying the message prompting the user; and,
using a display of the secure user interface displaying the message prompting the user.
8. A method for secure provision of key credential information as defined inclaim 6 comprising scanning messages received from the remote computer for detecting the message indicative of a request for provision of the key credential information.
9. A method for secure provision of key credential information as defined inclaim 7 comprising interrupting transmission of keystroke signals from a keyboard connected to the host computer to the circuitry of the host computer.
10. A method for secure provision of key credential information as defined inclaim 6 comprising:
interrupting communication between the circuitry of the host computer and the remote computer after detection of the message indicative of a request for provision of the key credential information; and,
enabling the communication between the circuitry of the host computer and the remote computer after provision of the key credential information to the remote computer.
11. A method for secure provision of key credential information as defined inclaim 6 comprising using the secure logic circuitry, encoding the key credential information for provision of the same in an obfuscated fashion.
12. A device for providing secure key credential information comprising:
key credential information request detection means connected to a host computer adapted for detecting a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information;
secure logic circuitry for being disposed within the host computer and adapted for receiving key credential information from a user and providing same to the remote computer while not providing key credential information to any other processor of the host computer; and
keyboard means adapted for receiving the key credential information from the user and providing the same to the secure logic circuitry.
13. The device according toclaim 12 having display means connected to the key credential information request detection means and adapted for generating a message for prompting the user for provision of the key credential information in response to the detection of a message received from the remote computer connected to the host computer and indicative of a request for provision of the key credential information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/321,519US20100186070A1 (en) | 2009-01-22 | 2009-01-22 | System, device and method for secure provision of key credential information |
| US13/140,383US8302174B2 (en) | 2008-12-18 | 2009-12-14 | System, device and method for secure provision of key credential information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/321,519US20100186070A1 (en) | 2009-01-22 | 2009-01-22 | System, device and method for secure provision of key credential information |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/140,383ContinuationUS8302174B2 (en) | 2008-12-18 | 2009-12-14 | System, device and method for secure provision of key credential information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20100186070A1true US20100186070A1 (en) | 2010-07-22 |
Family
ID=42338008
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/321,519AbandonedUS20100186070A1 (en) | 2008-12-18 | 2009-01-22 | System, device and method for secure provision of key credential information |
| US13/140,383Expired - Fee RelatedUS8302174B2 (en) | 2008-12-18 | 2009-12-14 | System, device and method for secure provision of key credential information |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/140,383Expired - Fee RelatedUS8302174B2 (en) | 2008-12-18 | 2009-12-14 | System, device and method for secure provision of key credential information |
Country Status (1)
| Country | Link |
|---|---|
| US (2) | US20100186070A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110035768A1 (en)* | 2009-08-07 | 2011-02-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and Arrangements for Control of Consumption of Content Services |
| US8302174B2 (en) | 2008-12-18 | 2012-10-30 | James A. McAlear | System, device and method for secure provision of key credential information |
| US20140250404A1 (en)* | 2012-06-21 | 2014-09-04 | Google Inc. | Secure data entry via a virtual keyboard |
| US9900326B2 (en)* | 2015-05-21 | 2018-02-20 | James McAlear | Method and apparatus for protecting computer files from CPU resident malware |
| US9931066B2 (en) | 2011-12-11 | 2018-04-03 | Abbott Diabetes Care Inc. | Analyte sensor devices, connections, and methods |
| US20180144122A1 (en)* | 2015-04-30 | 2018-05-24 | Michael Hugh Thomas DYMOND | Platform for generation of passwords and/or email addresses |
| US10213139B2 (en) | 2015-05-14 | 2019-02-26 | Abbott Diabetes Care Inc. | Systems, devices, and methods for assembling an applicator and sensor control device |
| US10674944B2 (en) | 2015-05-14 | 2020-06-09 | Abbott Diabetes Care Inc. | Compact medical device inserters and related systems and methods |
| US11071478B2 (en) | 2017-01-23 | 2021-07-27 | Abbott Diabetes Care Inc. | Systems, devices and methods for analyte sensor insertion |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140007221A1 (en)* | 2012-06-29 | 2014-01-02 | Jasmeet Chhabra | Secure image authentication |
| US20160132676A1 (en)* | 2014-11-11 | 2016-05-12 | Meir Avganim | Secure password storage and recall system |
| US20180260556A1 (en)* | 2017-03-09 | 2018-09-13 | Meir Avganim | Secure data and password storage and recall system |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020156905A1 (en)* | 2001-02-21 | 2002-10-24 | Boris Weissman | System for logging on to servers through a portal computer |
| US20030177389A1 (en)* | 2002-03-06 | 2003-09-18 | Zone Labs, Inc. | System and methodology for security policy arbitration |
| US6681327B1 (en)* | 1998-04-02 | 2004-01-20 | Intel Corporation | Method and system for managing secure client-server transactions |
| US6834271B1 (en)* | 1999-09-24 | 2004-12-21 | Kryptosima | Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet |
| US6873988B2 (en)* | 2001-07-06 | 2005-03-29 | Check Point Software Technologies, Inc. | System and methods providing anti-virus cooperative enforcement |
| US7054845B2 (en)* | 2000-05-10 | 2006-05-30 | Sony Corporation | Electronic settlement system, settlement management device, store device, client device, data storage device, computer program, and storage medium |
| US20070033273A1 (en)* | 2005-04-15 | 2007-02-08 | White Anthony R P | Programming and development infrastructure for an autonomic element |
| US20070180505A1 (en)* | 2006-02-01 | 2007-08-02 | Xerox Corporation | Dynamic collation of domain for user authentication on existing devices |
| US20070198825A1 (en)* | 2006-02-22 | 2007-08-23 | Schwarz Henry S | Internet secure terminal for personal computers |
| US20070241182A1 (en)* | 2005-12-31 | 2007-10-18 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
| US20080184349A1 (en)* | 2007-01-30 | 2008-07-31 | Ting David M T | System and method for identity consolidation |
| US20100061556A1 (en)* | 2008-09-10 | 2010-03-11 | Verizon Corporate Services Group Inc. | Securing information exchanged via a network |
| US20100083359A1 (en)* | 2008-09-29 | 2010-04-01 | Readshaw Neil I | Trusted database authentication through an untrusted intermediary |
| US20100325715A1 (en)* | 2009-06-23 | 2010-12-23 | Microsoft Corporation | Browser plug-in for secure credential submission |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5596718A (en) | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
| FR2749680B1 (en) | 1996-06-05 | 1998-08-28 | Ckd Sa | DEVICE FOR SECURING COMPUTERIZED TRANSACTIONS, ESPECIALLY FOR ELECTRONIC PAYMENT |
| US5923756A (en) | 1997-02-12 | 1999-07-13 | Gte Laboratories Incorporated | Method for providing secure remote command execution over an insecure computer network |
| US7725730B2 (en)* | 2002-08-09 | 2010-05-25 | Emc Corporation | Cryptographic methods and apparatus for secure authentication |
| FR2850772A1 (en) | 2003-01-31 | 2004-08-06 | France Telecom | Electronic transaction securing device for use in electronic commerce, has analyzing unit to retransmit intercepted signals to processing unit without modification if they are not in order of passage in secured mode |
| US6959362B2 (en) | 2003-05-07 | 2005-10-25 | Microsoft Corporation | Caching based on access rights in connection with a content management server system or the like |
| US20080109889A1 (en)* | 2003-07-01 | 2008-05-08 | Andrew Bartels | Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications |
| JP2008508571A (en) | 2004-08-02 | 2008-03-21 | セイコーエプソン株式会社 | Output system, output data management apparatus, network device, output data management program and output program, and output method |
| DE102005008433A1 (en) | 2005-02-24 | 2006-08-31 | Giesecke & Devrient Gmbh | Safety module for smart card, has interface receiving input data e.g. password, from input device, where input data from interface are processed using individual data and without transmitting data to another interface in operation mode |
| US7725928B2 (en) | 2005-12-02 | 2010-05-25 | Palo Alto Research Center Incorporated | System and method for establishing temporary and permanent credentials for secure online commerce |
| EP2131555A1 (en) | 2008-06-04 | 2009-12-09 | Rapid Mobile Media Ltd. | Apparatus and method for identification of the characteristics of a communication device |
| US20100186070A1 (en) | 2009-01-22 | 2010-07-22 | Mcalear James A | System, device and method for secure provision of key credential information |
| CA2650163C (en) | 2008-12-18 | 2013-07-23 | Her Majesty The Queen In Right Of Canada, As Represented By The Ministerof National Defence | System and method for secure provision of key credential information |
- 2009
- 2009-01-22USUS12/321,519patent/US20100186070A1/ennot_activeAbandoned
- 2009-12-14USUS13/140,383patent/US8302174B2/ennot_activeExpired - Fee Related
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6681327B1 (en)* | 1998-04-02 | 2004-01-20 | Intel Corporation | Method and system for managing secure client-server transactions |
| US6834271B1 (en)* | 1999-09-24 | 2004-12-21 | Kryptosima | Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet |
| US7054845B2 (en)* | 2000-05-10 | 2006-05-30 | Sony Corporation | Electronic settlement system, settlement management device, store device, client device, data storage device, computer program, and storage medium |
| US20020156905A1 (en)* | 2001-02-21 | 2002-10-24 | Boris Weissman | System for logging on to servers through a portal computer |
| US6873988B2 (en)* | 2001-07-06 | 2005-03-29 | Check Point Software Technologies, Inc. | System and methods providing anti-virus cooperative enforcement |
| US7546629B2 (en)* | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
| US20030177389A1 (en)* | 2002-03-06 | 2003-09-18 | Zone Labs, Inc. | System and methodology for security policy arbitration |
| US20070033273A1 (en)* | 2005-04-15 | 2007-02-08 | White Anthony R P | Programming and development infrastructure for an autonomic element |
| US20070241182A1 (en)* | 2005-12-31 | 2007-10-18 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
| US20070180505A1 (en)* | 2006-02-01 | 2007-08-02 | Xerox Corporation | Dynamic collation of domain for user authentication on existing devices |
| US20070198825A1 (en)* | 2006-02-22 | 2007-08-23 | Schwarz Henry S | Internet secure terminal for personal computers |
| US7962742B2 (en)* | 2006-02-22 | 2011-06-14 | Henry Samuel Schwarz | Internet secure terminal for personal computers |
| US20080184349A1 (en)* | 2007-01-30 | 2008-07-31 | Ting David M T | System and method for identity consolidation |
| US20100061556A1 (en)* | 2008-09-10 | 2010-03-11 | Verizon Corporate Services Group Inc. | Securing information exchanged via a network |
| US20100083359A1 (en)* | 2008-09-29 | 2010-04-01 | Readshaw Neil I | Trusted database authentication through an untrusted intermediary |
| US20100325715A1 (en)* | 2009-06-23 | 2010-12-23 | Microsoft Corporation | Browser plug-in for secure credential submission |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8302174B2 (en) | 2008-12-18 | 2012-10-30 | James A. McAlear | System, device and method for secure provision of key credential information |
| US20110035768A1 (en)* | 2009-08-07 | 2011-02-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and Arrangements for Control of Consumption of Content Services |
| USD903877S1 (en) | 2011-12-11 | 2020-12-01 | Abbott Diabetes Care Inc. | Analyte sensor device |
| US11179068B2 (en) | 2011-12-11 | 2021-11-23 | Abbott Diabetes Care Inc. | Analyte sensor devices, connections, and methods |
| US9931066B2 (en) | 2011-12-11 | 2018-04-03 | Abbott Diabetes Care Inc. | Analyte sensor devices, connections, and methods |
| US11051724B2 (en) | 2011-12-11 | 2021-07-06 | Abbott Diabetes Care Inc. | Analyte sensor devices, connections, and methods |
| US11051725B2 (en) | 2011-12-11 | 2021-07-06 | Abbott Diabetes Care Inc. | Analyte sensor devices, connections, and methods |
| USD915602S1 (en) | 2011-12-11 | 2021-04-06 | Abbott Diabetes Care Inc. | Analyte sensor device |
| USD915601S1 (en) | 2011-12-11 | 2021-04-06 | Abbott Diabetes Care Inc. | Analyte sensor device |
| US20140250404A1 (en)* | 2012-06-21 | 2014-09-04 | Google Inc. | Secure data entry via a virtual keyboard |
| US9983787B2 (en)* | 2012-06-21 | 2018-05-29 | Google Llc | Secure data entry via a virtual keyboard |
| US11137909B2 (en)* | 2012-06-21 | 2021-10-05 | Google Llc | Secure data entry via a virtual keyboard |
| US10908814B2 (en) | 2012-06-21 | 2021-02-02 | Google Llc | Secure data entry via a virtual keyboard |
| US20180144122A1 (en)* | 2015-04-30 | 2018-05-24 | Michael Hugh Thomas DYMOND | Platform for generation of passwords and/or email addresses |
| US11062018B2 (en)* | 2015-04-30 | 2021-07-13 | Phantomkey Technology Limited | Platform for generation of passwords and/or email addresses |
| US11995176B2 (en) | 2015-04-30 | 2024-05-28 | Phantomkey Technology Limited | Platform for generation of passwords and/or email addresses |
| US10674944B2 (en) | 2015-05-14 | 2020-06-09 | Abbott Diabetes Care Inc. | Compact medical device inserters and related systems and methods |
| US10213139B2 (en) | 2015-05-14 | 2019-02-26 | Abbott Diabetes Care Inc. | Systems, devices, and methods for assembling an applicator and sensor control device |
| US9900326B2 (en)* | 2015-05-21 | 2018-02-20 | James McAlear | Method and apparatus for protecting computer files from CPU resident malware |
| US11071478B2 (en) | 2017-01-23 | 2021-07-27 | Abbott Diabetes Care Inc. | Systems, devices and methods for analyte sensor insertion |
| US12268496B2 (en) | 2017-01-23 | 2025-04-08 | Abbott Diabetes Care Inc. | Systems, devices and methods for analyte sensor insertion |
Also Published As
| Publication number | Publication date |
|---|---|
| US20120131651A1 (en) | 2012-05-24 |
| US8302174B2 (en) | 2012-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8302174B2 (en) | System, device and method for secure provision of key credential information | |
| US10187211B2 (en) | Verification of password using a keyboard with a secure password entry mode | |
| KR100997911B1 (en) | Transaction authentication by tokens subject to the existence of the individual | |
| JP5981610B2 (en) | Network authentication method for electronic transactions | |
| EP1716468B1 (en) | System and method for preventing identity theft using a secure computing device. | |
| JP4219561B2 (en) | Smart card user interface for trusted computing platforms | |
| JP4603167B2 (en) | Communication between modules of computing devices | |
| CN101340281B (en) | Method and system for safe login input on network | |
| US20110204140A1 (en) | System and method for conducting secure pin debit transactions | |
| JP2012503229A (en) | Apparatus, system and computer program for authorizing server operation | |
| US20100257359A1 (en) | Method of and apparatus for protecting private data entry within secure web sessions | |
| KR20080101333A (en) | Security method using virtual keyboard | |
| US8832813B1 (en) | Voice authentication via trusted device | |
| KR20140100440A (en) | A computer network system for preventing logging of input data | |
| CA2650163C (en) | System and method for secure provision of key credential information | |
| KR101498120B1 (en) | Digital certificate system for cloud-computing environment and method thereof | |
| US9477822B1 (en) | Secure password entry for accessing remote online services | |
| KR101152610B1 (en) | The Method of Virtual Keyboard | |
| US20130239188A1 (en) | Authentication Method for a Universal Serial Bus Device and Related Universal Serial Bus Device | |
| WO2008022559A1 (en) | Device and method for safely making use of network service needless of relying on security of client side | |
| WO2009018685A1 (en) | The device and the method of encrypting and authenticating against trojan horse with one time key | |
| JP2008152612A (en) | Authentication system and authentication method | |
| KR101584219B1 (en) | Authentication method, digital system, and authentication system thereof | |
| KR20150089960A (en) | Authentication method, digital system, and authentication system thereof | |
| JP2002082909A (en) | Information management device and information management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:HER MAJESTY THE QUEEN IN RIGHT OF CANADA, AS REPRE Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MCALEAR, JAMES A.;REEL/FRAME:022216/0167 Effective date:20090108 | |
| AS | Assignment | Owner name:MCALEAR, JAMES, MR., CANADA Free format text:ASSIGNMENT;ASSIGNOR:HER MAJESTY THE QUEEN IN RIGHT OF CANADA, AS REPRESENTED BY THE MINISTER OF THE DEPARTMENT OF NATIONAL DEFENCE (DND);REEL/FRAME:026106/0945 Effective date:20100712 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |