Methods for pre-authentication of users using one-time passwords
First Claim
1. A method for communicating passwords comprises:
- receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising at least a random password that is inactive;
communicating the challenge from the server to a client computer via a second secure communications channel;
receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to at least a portion of the challenge and the private key; and
communicating the challenge response from the server to the authentication server via the first secure communications channel;
wherein the random password is activated when the authentication server verifies the challenge response.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.
131 Citations
20 Claims
-
1. A method for communicating passwords comprises:
-
receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising at least a random password that is inactive;
communicating the challenge from the server to a client computer via a second secure communications channel;
receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to at least a portion of the challenge and the private key; and
communicating the challenge response from the server to the authentication server via the first secure communications channel;
wherein the random password is activated when the authentication server verifies the challenge response. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for a client computer comprises:
-
receiving challenge data from a authentication server via a first secure communications channel, the challenge data comprising a challenge and a password that is inactive;
receiving a user PIN;
recovering a private key and a digital certificate in response to the user PIN;
sending the digital certificate to the authentication server via an external server, the digital certificate comprising a public key in an encrypted form;
sending a digital signature to the authentication server via the external server, the digital signature being determined in response the challenge and the private key; and
thereaftersending a user login and the password to a password-based security system coupled to the authentication server, wherein when the authentication server verifies the digital signature, the password is activated. - View Dependent Claims (8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20)
-
-
14. A method for a verification server comprises:
-
receiving a request for a one-time password from a client computer;
determining a one-time password, the one-time password being inactive;
communicating data comprising the one-time password to the client computer;
receiving user identification data from a user at the client computer;
verifying the user in response to the user identification data; and
activating the one-time password when the user is authenticated.
-
Specification