Extended one-time password method and apparatus
First Claim
1. ) In a system comprising a server, a client workstation in communication with the server via a wide-area network, and an OTP token interfaced with the client workstation via a device interface, a method of handling session OTP transmission, the method comprising:
- a) receiving from the server information at least partially identifying the server;
b) determining if said identifying information is indicative of a legitimate server; and
c) in accordance with said determining, deciding to carry out one action selected from the group consisting of;
i) transmitting, from the OTP token, data indicative of an internally-generated session OTP; and
ii) refraining from said transmitting.
3 Assignments
0 Petitions
Accused Products
Abstract
An OTP token for facilitating the authorizing of a client workstation to conduct a session with a server over the Internet is disclosed. Information at least partially identifying the server is provided to the OTP token and/or the client workstation, and a determination is made, using this identifying information, if the server is a legitimate server. In accordance with this determination, it is decided whether or not to transmit data indicative of a session OTP from the OTP token to the client workstation. In some embodiments, if the identifying information is indicative of a legitimate server, the data indicative of the session OTP is transmitted from the OTP token to the client workstation, and otherwise, the data indicative of the session OTP is withheld from the client workstation. Data indicative of the session OTP may include, in various embodiments, either multi-factor authentication data derived from user authorization data, or session OTP data that is independent of user authentication data.
231 Citations
36 Claims
-
1. ) In a system comprising a server, a client workstation in communication with the server via a wide-area network, and an OTP token interfaced with the client workstation via a device interface, a method of handling session OTP transmission, the method comprising:
-
a) receiving from the server information at least partially identifying the server;
b) determining if said identifying information is indicative of a legitimate server; and
c) in accordance with said determining, deciding to carry out one action selected from the group consisting of;
i) transmitting, from the OTP token, data indicative of an internally-generated session OTP; and
ii) refraining from said transmitting. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. ) An OTP token for use with a client workstation in communication with a server via a wide-area network, the OTP token comprising:
-
a) a device port for receiving, from the client workstation, data including information at least partially identifying the server;
b) a server legitimacy engine for determining if said information is indicative of a legitimate server;
c) an OTP generator operative to generate a session OTP; and
d) an OTP-transmission decision engine operative, in accordance with results of said determining, to decide to carry out one action selected from the group consisting of;
i) transmitting, from the OTP token, data indicative of said session OTP; and
ii) refraining from said transmitting. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. ) The OTP token of claim 33 further comprising:
e) a user identification module for authenticating said user authentication data. - View Dependent Claims (34)
-
35. ) A system for handling transmission of Session OTP data, the system comprising:
-
a) a client workstation in communication with a server via a wide-area network, b) an OTP token interfaced with said client workstation, said OTP token including;
i) a device port for interfacing with said client workstation; and
ii) an OTP generator operative to generate a session OTP; and
wherein at least one of said OTP token and said client workstation is operative to receive information identifying said server, the system further comprising;
c) a server legitimacy engine for determining if said information is indicative of a legitimate server, said server legitimacy engine residing at least in part in at least one of said OTP token and said client workstation;
d) an OTP-transmission decision engine operative, in accordance with results of said determining, to decide to carry out one action selected from the group consisting of;
i) transmitting, from the OTP token, data indicative of said session OTP; and
ii) refraining from said transmitting, wherein, said OTP-transmission decision engine resides at least in part in at least one of said OTP token and said client workstation.
-
-
36. ) A computer readable storage medium having computer readable code embodied in said computer readable storage medium, said computer readable code comprising instructions for:
-
a) receiving, by at least one of a client workstation in communication with a server via a wide-area network and an OTP token interfaced with said server, information at least partially identifying the server;
b) determining if said identifying information is indicative of a legitimate server; and
c) in accordance with said determining, deciding to carry out one action selected from the group consisting of;
i) transmitting, from the OTP token, data indicative of an internally-generated session OTP; and
ii) refraining from said transmitting.
-
Specification