Abstract

An electronic circuit providing a linear keypad and an apparatus comprising such electronic circuit are provided. Methods for detecting that a button of a linear keypad is being pressed and for determining which button is being pressed are also provided. A method for calibrating an apparatus comprising a linear keypad to enable the subsequent determination by the apparatus of which button of the linear keypad is being pressed is also provided.

IPC Classes  ?

• H03M 11/24 - Static coding using analogue means
• G06F 3/02 - Input arrangements using manually operated switches, e.g. using keyboards or dials

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

IPC Classes  ?

• G06F 21/42 - User authentication using separate channels for security data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disciosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

IPC Classes  ?

• G06F 21/42 - User authentication using separate channels for security data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

IPC Classes  ?

• G06F 21/42 - User authentication using separate channels for security data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Abstract

Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A strong authentication token supporting multiple instances associated with different users and protected by a user identity verification mechanism is disclosed. A multi-instance strong authentication token may be adapted to generate dynamic credentials using cryptographic secrets that are specific to a particular instance stored in the token. A method and a system to secure remotely accessible applications using strong authentication tokens supporting multiple instances are disclosed. A method for loading additional tokens into a multi-instance authentication token is disclosed.

IPC Classes  ?

• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

Methods, apparatus and systems are described for identifying potentially counterfeited products or goods.

IPC Classes  ?

• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

Methods, apparatus and systems for transferring transaction data using color images are provided.

IPC Classes  ?

• G06F 21/36 - User authentication by graphic or iconic representation
• G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
• G06K 7/14 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
• G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code

Abstract

Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described.

IPC Classes  ?

• G06Q 10/06 - Resources, workflows, human or project managementEnterprise or organisation planningEnterprise or organisation modelling
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• G06F 21/60 - Protecting data
• H04W 12/12 - Detection or prevention of fraud

Abstract

Methods and systems are provided for authenticating a user using data related to the historical interactions of the user with computer based applications.

IPC Classes  ?

• G06F 21/31 - User authentication
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

Methods, apparatus, and systems for securing the interactions of a user with an application using a Bluetooth enabled authentication device are disclosed.

IPC Classes  ?

• G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
• G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
• G06F 21/43 - User authentication using separate channels for security data wireless channels
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

Methods, apparatus, and systems for generating digital signatures are disclosed. An apparatus may present itself to a host computer as a mass storage device to provide cryptographic processing results through a standard mass storage access mechanism for exchanging files.

IPC Classes  ?

• H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

Methods, apparatus, and systems for securing a mobile application are disclosed. Users of the mobile application may be authenticated using a smartphone or other device including a Near-Field Communication (NFC) transfer device capable of NFC communication. An authentication device may be adapted to present itself to the NFC transfer device as an NFC tag and make a dynamic credential available to the NFC transfer device by including the dynamic credential in an NFC tag readable by the NFC transfer device using NFC mechanisms for reading data contents of NFC tags. An access device comprising the NFC transfer device may then provide the dynamic credential to an application server for verification.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/06 - Authentication
• H04W 4/00 - Services specially adapted for wireless communication networksFacilities therefor

Abstract

Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/06 - Authentication
• H04W 12/08 - Access security
• G06F 21/30 - Authentication, i.e. establishing the identity or authorisation of security principals
• H04L 9/08 - Key distribution

Abstract

Authentication devices and methods for generating dynamic credentials are disclosed. The authentication devices include a communication interface for communicating with a security device such as a smart card. A dynamic credential such as a one-time password (OTP) or a message authentication code (MAC) may be generated by receiving from a server an encrypted initialization seed encrypted with an asymmetric encryption algorithm using a public key of a public/private key pair, submitting the encrypted initialization seed to a security device, decrypting at the security device the encrypted initialization seed with a private key of the public/private key pair, returning the decrypted initialization seed to the authentication device, deriving at the authentication device a secret credential generation key from the decrypted initialization seed, and generating the dynamic credential by combining a dynamic variable with the secret credential generation key using a symmetric cryptographic dynamic credential generation algorithm.

IPC Classes  ?

• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

The invention provides a method and apparatus for the secure electronic signing of electronic documents and data. In a preferred embodiment, a method for generating a first digital signature associated with a set of application data is disclosed. The method comprises the steps of: obtaining a first digital representation in a high level first data format of the set of application data; generating a second digital representation in a low level second data format of the application data whereby said low level second data format is different from said high level first data format; presenting an analog representation of the set of application data to a user, whereby said second digital representation is a precise and accurate representation of said analog representation; obtaining an indication whether said user approves said analog representation for signing; if said indication indicates that the user approves said analog representation for signing, generating said first digital signature over said second digital representation using a first signature key associated with the user.

IPC Classes  ?

• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

Methods, apparatus, and systems for securing application interactions are disclosed. Application interactions may be secured by, at a user authentication device, capturing a signal emitted by an access device encoded with an authentication initiating message including an application identifier, decoding the signal and obtaining the authentication initiating message, retrieving the application identifier, presenting a human interpretable representation of the application identity to the user, obtaining user approval to generate a response message available to a verification server, generating a dynamic security value using a cryptographic algorithm that is cryptographically linked to the application identity, and generating a response message including the generated dynamic security value; making the response message available to a verification server; and, at the verification server, receiving the response message, verifying the response message including verifying the validity of the dynamic security value, and communicating the result of the verification of the response message to the application.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
• G06F 21/43 - User authentication using separate channels for security data wireless channels
• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

An electronic device, which may be a USB device, includes a body part that is removably connected to a cap. The body part includes a connector for plugging the device into a host computing device. The cap includes a lever part and a main part. The lever part of the cap is attached to the main part and pivots at least partially around a pivot axis. The lever part includes an anchor part on one side of the pivot axis and an unlock part on the other side of the pivot axis. The anchor part includes a hook that engages a cavity in the body part when the cap is connected to the body part. Depressing the unlock part of the cap causes the lever to pivot around the pivot axis thereby disengaging the hook from the first cavity, and thereby releasing the cap from the body part.

IPC Classes  ?

• H05K 5/02 - Casings, cabinets or drawers for electric apparatus Details
• H01R 13/453 - Shutter or cover plate opened by engagement of counterpart
• G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
• H01R 13/44 - Means for preventing access to live contacts

Abstract

A handheld authentication device comprising a data processor and a display is adapted to : generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display. A method for securing computer-based applications remotely accessed by a user comprises capturing images displayed on the display of an authentication device of the user whereby these images have been encoded with an authentication message generated by the authentication device and whereby the authentication message comprises the result of an asymmetric cryptographic operation on an input value; decoding the images to retrieve the authentication message; retrieving the result of the asymmetric cryptographic operation from the authentication message; verifying the authentication message.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

The present invention provides a secure smart card reader enabled to make reader signatures on data representative of events and actions which may be security related and which may comprise data representative of reader commands the reader receives from a host or remote application, smart card commands the reader exchanges with an inserted smart card, data the reader presents to the user for approval, and/or configuration parameters the reader applies when dealing with any of the foregoing. The smart card reader may furthermore be adapted to maintain logs of certain events and actions which may comprise exchanging reader commands with a host or remote application, exchanging smart card commands with an inserted smart card, and/or interactions with a user. The logs may comprise data representative of reader commands the reader receives from a host or remote application, smart card commands the reader exchanges with an inserted smart card, data the reader presents to the user for approval, and/or configuration parameters the reader applies when dealing with any of the foregoing. The secure smart card reader may be adapted to generate a reader signature over one or more of these logs.

IPC Classes  ?

• G06F 21/55 - Detecting local intrusion or implementing counter-measures
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
• G07F 7/08 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card

Abstract

The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

IPC Classes  ?

• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
• G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards

Abstract

Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may be modulated using a frequency shift keying modulation scheme using a plurality of coding frequencies to code the acoustical signal where each coding frequency may be an integer multiple of a common base frequency.

IPC Classes  ?

• G06F 21/20 - by restricting access to nodes in a computer system or computer network

Abstract

An electronic power supply circuit for battery-powered hardware devices is disclosed which can be electronically switched to supply any of at least two predetermined voltages wherein the batteries are switched in parallel or in series depending on the desired voltage. Also disclosed is an electronic apparatus comprising the electronic power supply circuit, which in some modes of operation uses the highest of the two predetermined voltages and which in other modes of operation can function with the lower of two predetermined voltages, and includes control logic that switches the electronic power supply circuit to supply said higher voltage when the apparatus in a mode in which it uses this higher voltage and that switches said electronic power supply circuit to supply said lower voltage at least during some of the modes in which the apparatus can function with the lower voltage.

IPC Classes  ?

• H02M 3/158 - Conversion of DC power input into DC power output without intermediate conversion into AC by static converters using discharge tubes with control electrode or semiconductor devices with control electrode using devices of a triode or transistor type requiring continuous application of a control signal using semiconductor devices only with automatic control of output voltage or current, e.g. switching regulators including plural semiconductor devices as final control devices for a single load
• H02J 7/00 - Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries

Abstract

Methods and apparatus for encoding and decoding data transmitted acoustically and/or optically to strong authentication tokens to generate dynamic security values are disclosed. The tokens may also include a selection mechanism to select either an acoustical or an optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device.

IPC Classes  ?

• G06F 21/20 - by restricting access to nodes in a computer system or computer network

Abstract

Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component. The encryption-decryption component may also be adapted to decrypt encrypted data stored in the mass-memory storage component for returning the data to the host computer in response to a read data command from the host computer using a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component.

IPC Classes  ?

• G06F 21/02 - by protecting specific internal components of computers

Abstract

Transactions are classified into a limited number of categories. A user submitting a transaction to a server is requested to also generate and submit a dynamic transaction category approval code for the submitted transaction. On the server side a corresponding verification value is generated for the received transaction. Transactions are assigned one of a limited number of risk levels. A user submitting a transaction to a server is requested to also generate and submit a dynamic risk level approval code for the submitted transaction. On the server side a corresponding verification value is generated for the received transaction. The received dynamic risk level approval code is verified on the server side by comparing it with the generated verification value.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

An apparatus comprising storage for a secret key, said secret key for use in the generation of cryptographic values, and a cryptographic agent for generating said cryptographic values using said secret key, selects one of a predetermined set of key transformations in an unpredictable way and applies said selected key transformation to said secret key prior to generating one of said cryptographic values A server receives and authenticates a credential generated using a transformed secret and derives the transformed secret, by generating a plurality of verification values using a set of known permitted transformations of a stored secret, determining whether said credential matches one of said plurality of verification values, and, if said credential matches one of said plurality of verification values, storing the corresponding one of said set of known permitted transformations as an updated value for said stored secret

IPC Classes  ?

• H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system

Abstract

The invention relates to the field of modulation and demodulation circuits, such as envelope detectors used to demodulate amplitude- modulated (AM) signals and amplitude-shift-keying (ASK) signals. By judiciously coupling an analog circuit comprising one resistor and two capacitors which are judiciously dimensioned to a port of a digital component, an extremely compact envelope detector can be obtained, which achieves demodulation of a binary ASK signal for direct coupling into a digital input port. Accordingly, a very compact envelope detector may advantageously be used in the data receiving part of a sealed device requiring postmanufactuπng data transfer, in combination with additional components that provide electromagnetic coupling, such as inductive coupling, capacitive coupling, or radiative coupling. An example of such a device is a credit card sized authentication token, the electrical personalization of which happens after the production of the card-like housing.

IPC Classes  ?

• H03K 5/153 - Arrangements in which a pulse is delivered at the instant when a predetermined characteristic of an input signal is present or at a fixed time interval after this instant

Abstract

The present invention relates to the field of pocket-size electronic devices, including credit card sized devices such as authentication tokens. It consists of an improvement of the well-known "raised ridge" to protect individual buttons from false key presses, obtained by applying embossing. A known problem with applying embossing to cards containing electronic components, is the fact that the embossing process may damage the components or the wiring inside the card. In the process according to the invention, an embossed ridge of a judiciously designed shape is used to avoid such damage.

IPC Classes  ?

• G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier

Abstract

The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.

IPC Classes  ?

• G06F 7/04 - Identity comparison, i.e. for like or unlike values

Abstract

The present invention is directed towards authentication tokens that are completely embedded in a non-conductive enclosure. The invention is based on the insight that it would be advantageous to separate the electronic data personalization of such tokens from the visual device personalization. The present application concerns an authentication token that allows communication with an external unit after the production of the nonconductive enclosure, in order to transmit or receive device identification data. As this communication need only take place during the manufacturing process, a low-power close-range transmission technique such as inductive coupling, capacitive coupling, or RFID communication suffices for this purpose. Accordingly, the present application discloses a method for manufacturing authentication tokens, and a token manufactured according to said method.

IPC Classes  ?

• G06F 7/00 - Methods or arrangements for processing data by operating upon the order or content of the data handled

Abstract

The operations required to verify the origin and the authenticity of a software module for an electronic device can advantageously be divided between a general-purpose computer (host) having the electronic device attached to it, and the electronic device itself. More specifically, memory and processing intensive tasks such as syntax checking are done at the host, while security-critical tasks such as cryptographic verifications are done at the electronic device. The present invention provides a method for updating software on an electronic device in a trusted way, wherein verification steps are divided between a host system connected to the electronic device, and the electronic device itself. The present invention further provides a storage medium containing a program for a host system, causing this host system to perform verification steps with respect to a software update for an attached electronic device, and to appropriately interact with the electronic device.

IPC Classes  ?

• G06F 9/44 - Arrangements for executing specific programs

Abstract

The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token's trustworthy interfaces.

IPC Classes  ?

• G06Q 20/00 - Payment architectures, schemes or protocols

Abstract

The present invention provides a method and a device to convert a time varying optical pattern emitted by a display into a digital data signal. More specifically the invention allows a handheld security token to convert a time-varying light intensity pattern emitted by a source such as a computer screen into a digital signal including a sequence of coded data symbols. The invention is based on the insight that the intensity of light emitted by regions of said source can be easily sampled by a simple low-cost processor if appropriate AID conversion hardware converts the incident light into an electrical signal which is time varying, whereby the base frequency of this electrical signal is a function of the light intensity. Intensity levels used for channel coding and symbol clock can be recovered from the signal by the receiver.

IPC Classes  ?

• H03M 1/66 - Digital/analogue converters

Abstract

The invention relates to a method to efficiently transmit a digital message over a unidirectional optical link, such as the link between a computer screen and a security token equipped with photosensitive elements. It is an object of this invention to provide a source coding scheme that is optimized for transmissions of alphanumerical data containing frequent occurrences of numerals and less frequent occurrences of non-numerical data. This is achieved by using a modified Huffman code for source coding, consisting of a nibble-based prefix-free binary code. The output of the coder is efficiently mapped onto a 6B4T channel code, wherein unused ternary codewords can be used to signal data-link layer events. This efficient signalling of data-link layer events, in turn, allows for a synchronization scheme based on repeated transmissions of a finite-length message, combined with an out-of-band clock signal.

IPC Classes  ?

• H03M 5/16 - Conversion to or from representation by pulses the pulses having three levels

Abstract

A USB token advantageously mimics a human interface device such as a keyboard in interacting with a host computer, thus removing the need for pre-installation of a dedicated device driver. This is accomplished by requiring the host computer to direct the input of the attached human interface devices of the keyboard type, including the USB token, exclusively to the program interacting with the USB token, by using cryptographic algorithms based on a shared secret, which require less data to be transferred than PKI-based algorithms, and by employing an efficient encoding scheme that minimizes the time needed to exchange information with the USB token, and minimizes the probability of generating ambiguity with input that might legitimately be generated by other attached human interface devices.

IPC Classes  ?

• H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols

Abstract

The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKl private keys such as PKI- enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

IPC Classes  ?

• H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols