| VASCO DATA SECURITY, INC. Patent applications |
| Patent application number | Title | Published |
|---|
| 20120112831 | MODULATION AND DEMODULATION CIRCUIT - The invention relates to modulation and demodulation circuits, such as envelope detectors used to demodulate amplitude-modulated (AM) signals. By coupling an analog circuit to a port of a digital component, a compact envelope detector can be obtained, which achieves demodulation of AM signals for direct coupling into a digital input port. Accordingly, a compact envelope detector may be used in the data receiving part of a sealed device requiring post-manufacturing data transfer, in combination with additional components that provide electromagnetic coupling, such as inductive, capacitive, or radiative. An example of such a device is a credit card sized authentication token. | 05-10-2012 |
| 20110314304 | MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS - Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component. The encryption-decryption component may also be adapted to decrypt encrypted data stored in the mass-memory storage component for returning the data to the host computer in response to a read data command from the host computer using a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component. | 12-22-2011 |
| 20110314290 | DIGIPASS FOR WEB-FUNCTIONAL DESCRIPTION - The DigiPass for the Web provides security for internet communication greater than that achieved by the use of a static password without requiring the user to install any software or to possess or use dedicated hardware of any kind. The user merely access an appropriate website which downloads an applet to the user's browser. This is a conventional function which is handled by the browser and does not require any expertise on the part of the user. The browser relies on a password known only to the user for authenticating the user to the browser/applet. The browser/applet interacts with the server to create an authentication key which is then stored on the user's computer. The user can invoke the authentication key dependent on the user's presentation to the browser/applet of the password. Since the password is not used outside the user-browser/applet interaction it is not subject to attacks by hackers. The authentication key is also protected from attacks by encryption although the user need not memorize any information other than the password. | 12-22-2011 |
| 20110258452 | REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES - The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader. | 10-20-2011 |
| 20100140360 | FLEX TOKEN WITH EMBOSSED KEY PROTECTION - The present invention relates to the field of pocket-size electronic devices, including credit card sized devices such as authentication tokens. It consists of an improvement of the well-known “raised ridge” to protect individual buttons from false key presses, obtained by applying embossing. A known problem with applying embossing to cards containing electronic components, is the fact that the embossing process may damage the components or the wiring inside the card. In the process according to the invention, an embossed ridge of a judiciously designed shape is used to avoid such damage. | 06-10-2010 |
| 20100140358 | SLIM ELECTRONIC DEVICE WITH DETECTOR FOR UNINTENTIONAL ACTIVATION - The device of the present invention, having at least one activation button, is further equipped with a sensor adapted to detect conditions under which unintentional triggering of the activation button is likely. The sensor is operatively coupled with the activation button to suspend its effect when the target conditions are being detected. The undesired side-effects of false button activations, including battery drain and activation counter drift, are thus avoided, increasing the device's lifespan and user convenience. In a particular embodiment, the sensor is a decoy button located near the activation button, which serves to de-activate the activation button. | 06-10-2010 |
| 20100122333 | METHOD AND SYSTEM FOR PROVIDING A FEDERATED AUTHENTICATION SERVICE WITH GRADUAL EXPIRATION OF CREDENTIALS - The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate. | 05-13-2010 |
| 20100065646 | METHOD FOR POST-MANUFACTURING DATA TRANSFER TO AND FROM A SEALED DEVICE - The present invention is directed towards authentication tokens that are completely embedded in a non-conductive enclosure. The invention is based on the insight that it would be advantageous to separate the electronic data personalization of such tokens from the visual device personalization. The present application concerns an authentication token that allows communication with an external unit after the production of the nonconductive enclosure, in order to transmit or receive device identification data. As this communication need only take place during the manufacturing process, a low-power close-range transmission technique such as inductive coupling, capacitive coupling, or RFID communication suffices for this purpose. Accordingly, the present application discloses a method for manufacturing authentication tokens, and a token manufactured according to said method. | 03-18-2010 |
| 20100058317 | Method for provisioning trusted software to an electronic device - The operations required to verify the origin and the authenticity of a software module for an electronic device can advantageously be divided between a general-purpose computer, hereinafter the host, having the electronic device attached to it, and the electronic device itself. More specifically, memory and processing intensive tasks such as syntax checking are done at the host, while security-critical tasks such as cryptographic verifications are done at the electronic device. The present invention thus provides a method for updating software on an electronic device in a trusted way, wherein verification steps are divided between a host system connected to the electronic device, and the electronic device itself. The present invention thus further provides a storage medium containing a program for a host system, causing this host system to perform verification steps with respect to a software update for an attached electronic device, and to appropriately interact with said electronic device. | 03-04-2010 |
| 20090322766 | Method for transmission of a digital message from a display to a handheld receiver - The invention relates to a method to efficiently transmit a digital message over a unidirectional optical link, such as the link between a computer screen and a security token equipped with photosensitive elements. It is an object of this invention to provide a source coding scheme that is optimized for transmissions of alphanumerical data containing frequent occurrences of numerals and less frequent occurrences of non-numerical data. This is achieved by using a modified Huffman code for source coding, consisting of a nibble-based prefix-free binary code. The output of the coder is efficiently mapped onto a 6B4T channel code, wherein unused ternary codewords can be used to signal data-link layer events. This efficient signalling of data-link layer events, in turn, allows for a synchronization scheme based on repeated transmissions of a finite-length message, combined with an out-of-band clock signal. | 12-31-2009 |
| 20090235339 | STRONG AUTHENTICATION TOKEN GENERATING ONE-TIME PASSWORDS AND SIGNATURES UPON SERVER CREDENTIAL VERIFICATION - The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token's trustworthy interfaces | 09-17-2009 |
| 20090232515 | METHOD AND AN APPARATUS TO CONVERT A LIGHT SIGNAL EMITTED BY A DISPLAY INTO DIGITAL SIGNALS - The present invention provides a method and a device to convert a time varying optical pattern emitted by a display into a digital data signal. More specifically the invention allows a handheld security token to convert a time-varying light intensity pattern emitted by a source such as a computer screen into a digital signal including a sequence of coded data symbols. The invention is based on the insight that the intensity of light emitted by regions of said source can be easily sampled by a simple low-cost processor if appropriate A/D conversion hardware converts the incident light into an electrical signal which is time varying, whereby the base frequency of this electrical signal is a function of the light intensity. Intensity levels used for channel coding and symbol clock can be recovered from the signal by the receiver. The invention comprises measuring this electrical signal, transforming sets of measurements into intensity samples for a plurality of sampling windows, adaptively calculating discrete intensity levels from these intensity samples, assigning intensity levels to the sampling windows, detecting symbol period boundaries, and decoding the symbols. | 09-17-2009 |
| 20090193511 | TWO-FACTOR USB AUTHENTICATION TOKEN - The present patent application discloses a USB token that advantageously mimics a human interface device such as a keyboard in interacting with a host computer, thus removing the need for pre-installation of a dedicated device driver. This is accomplished by requiring the host computer to direct the input of the attached human interface devices of the keyboard type, including the USB token, exclusively to the program interacting with the USB token, by using cryptographic algorithms based on a shared secret, which require less data to be transferred than PKI-based algorithms, and by employing an efficient encoding scheme that minimizes the time needed to exchange information with the USB token, and minimizes the probability of generating ambiguity with input that might legitimately be generated by other attached human interface devices. By using only symmetric encryption and the low-speed USB protocol, a single low-performance processor may be used, which results in a more cost-effective solution than PKI USB tokens emulating the combination of smart cards and smart card readers or USB tokens presenting themselves to the host computer as mass storage devices. The overall security is increased by adding a second authentication factor consisting of a static password entered by the user, and by limiting the number of valid token response that can be generated or retrieved in a usage session. | 07-30-2009 |
