Derivative seeds
First Claim
Patent Images
1. A method for generating authentication seeds for a plurality of client-side entities, said method comprising:
- based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of client-side entities, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding client-side entity.
14 Assignments
0 Petitions
Accused Products
Abstract
A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.
427 Citations
47 Claims
-
1. A method for generating authentication seeds for a plurality of client-side entities, said method comprising:
- based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of client-side entities, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding client-side entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method of using a single master seed to authenticate any selectable one of a plurality of client-side entities to a verifier, wherein each of the plurality of client-side entities is identified by a different unique identifier, said method comprising:
-
mathematically combining the master seed with the unique identifier for said any selectable client-side entity to generate a derivative seed for said any selectable client-side entity; and
using the derivative seed that was generated for said any selectable client-side entity to authenticate said any selectable client-side entity to the verifier. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
- 24. A method of generating authentication seeds for one or more client-side entities to enable them to individually authenticate to one or more server-side entities, said method comprising from a single master seed, generating a plurality of derivative seeds, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed with a corresponding different plurality of unique identifiers, each unique identifier of the corresponding different plurality of unique identifiers identifying a different entity.
-
32. A method implemented in a token for authenticating a plurality of different first entities to a second entity, said method comprising:
-
storing a master seed in the token;
when any one of said plurality of first entities seeks to authenticate to the second entity, (1) mathematically combining the master seed with a unique identifier supplied for that first entity to generate a derivative seed for that first entity; and
(2) using the derivative seed for that first entity to authenticate to the second entity. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A method for use in a network in which a user having a user device that stores a master seed authenticates through a client-side device to another entity on the network, the method comprising:
-
in a server connected to the network, receiving from the client-side device a unique identifier identifying the client-side device;
in the server, mathematically combining a secret with the unique identifier for the client device to generate a derivative seed, wherein the secret is derived from the master seed; and
sending the derivative seed from the server to the client-side device. - View Dependent Claims (39, 40, 41, 42, 43)
-
-
44. A method implemented by a client-side device on a network in which a user authenticates through the client-side device to another entity on the network, the method comprising:
-
sending to the other entity of the network a unique identifier identifying the client-side device;
receiving from the other entity a derivative seed, wherein the derivative seed was generated by mathematically combining a secret with the unique identifier for the client-side device, wherein the secret is based on the master seed;
disconnecting from the network;
to authenticate a user, sending the unique identifier for the client-side device to a user device;
after sending the unique identifier for the client-side device to the user device, receiving information from the user device indicating that user device possesses the derivative seed. - View Dependent Claims (45, 46)
-
-
47. A method of authenticating a plurality of users at a server site, said method comprising:
-
storing a plurality of derived seeds that are all computed from a single master seed, wherein each one of the plurality of derived seeds is for a corresponding different one of the plurality of entities, wherein each derived seed of the plurality of seeds is generated by mathematically combining the master seed with a unique identifier for the corresponding entity;
for any selected one of the plurality of users, receiving authentication information from that user that is mathematically generated from the derived seed for that user; and
for that selected user, authenticating that user based on the authentication information received from that user.
-
Specification