The growing need for better user authentication is drawing increased attention to technologies such as one-time passwords. In a one-time password system, a user typically carries a device or “token” that generates and displays a series of passwords over time. The user reads the currently displayed password and enters it into a personal computer, e.g., via a Web browser, as part of an authentication operation. Such a system offers a significant improvement over conventional password-based authentication since the password is dynamic and random. Previously misappropriated one-time passwords are of no help to an attacker in determining the current password, which remains hard to guess.
One particular example of a one-time password device of the type described above is the RSA SecurID® user authentication token, commercially available from RSA, The Security Division of EMC Corporation, of Bedford, Mass., U.S.A. For a number of years, SecurID® has been the dominant solution in two factor authentication. Its relative simplicity combined with its independence from client-side software has contributed in no small measure to its success in many large enterprises. In a typical embodiment, a SecurID® authentication token may comprise a small handheld device with an LCD screen that displays a new one-time tokencode consisting of six to eight decimal digits every 60 seconds. An ordinary user would utilize this tokencode, possibly in combination with a personal identification number (PIN) with the resulting combination called a passcode, instead of a static password to access secure resources. Each displayed tokencode is based on a secret seed and the current time of day. Any verifier with access to the seed and a time of day clock can verify that the presented tokencode is valid.
A wireless authentication token, that is, a token that transmits authentication information over the air rather than via the user, can offer many attractions. Such a token can alleviate much of the burden on users in manually entering tokencodes or other authentication information. It can also achieve considerably higher transmission bandwidth, opening up a range of new functions beyond simple authentication, such as encryption. Wireless tokens can offer several other potential advantages as well, such as hands-free authentication for physically demanding environments like hospitals and factory floors, and rapid fire authentication for temporally demanding situations, such as online auctions.
Conventional aspects of wireless authentication tokens are described in, for example, M. Corner, “Transient Authentication for Mobile Devices,” PhD Thesis, University of Michigan, 2003. The approach disclosed therein is designed to protect information on mobile devices such as laptops from exposure in the event of theft or loss. Its authentication protocol utilizes bidirectional communication between mobile devices and authentication tokens. Such an approach is problematic, however, in that authentication tokens that accept input in their authentication protocols can be vulnerable to active attacks.
Accordingly, a need exists for a wireless authentication token or other wireless processing device that can provide the convenience of wireless communication but also provide enhanced security in authentication and other cryptographic operations.