Mutual authentication between two parties using two consecutive one-time passwords

US 20070220253A1
Filed: 03/15/2006
Published: 09/20/2007
Est. Priority Date: 03/15/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for authentication, the method comprising:

receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm;

authenticating the user based on the unique identifier and the first one-time password;

generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and

transmitting, in response to the user being authenticated, the second one-time password to the user, the first and second one-time passwords expiring after the second one-time password being transmitted to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system and method are configured for mutual authentication between two parties. In one embodiment a first party generates a first one-time password and sends it to a second party. The second party authenticates the first party by generating a one-time password using the same algorithm, secrets and parameters and matching it with the received first one-time password. If the received first one-time password matches with a generated password, the second party generates a consecutive one-time password, and sends it to the first party. The first party authenticates the consecutive one-time password by generating a one-time password consecutive to the first one-time password and matching with the received consecutive one-time password. If they match, the mutual authentication is completed successfully.

70 Citations

View as Search Results

32 Claims

1. A method for authentication, the method comprising:
- receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm;
  
  authenticating the user based on the unique identifier and the first one-time password;
  
  generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  transmitting, in response to the user being authenticated, the second one-time password to the user, the first and second one-time passwords expiring after the second one-time password being transmitted to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first and second cryptographic algorithms are either one-way bashing algorithms or one-way encryption algorithms.
  - 3. The method of claim 1, further comprising:
    - identifying the second cryptographic algorithm based on the unique identifier, wherein authenticating the user comprises authenticating the user based on the second cryptographic algorithm and the first one-time password.
  - 4. The method of claim 1, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values.
  - 5. The method of claim 4, wherein authenticating the user comprises:
    - generating a third one-time password using the second cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being determined by an index and the predeterminable sequence, the index being determined by applying an index algorithm to the first one-time password, the index algorithm being associated with the second cryptographic algorithm; and
      
      responsive to the first one-time password being the same as the third one-time password, determining that the user is authenticated, otherwise determining that the user is not authenticated.
  - 6. The method of claim 4, wherein authenticating the user comprises:
    - generating a third one-time password using the second cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password; and
      
      responsive to the first one-time password being the same as the third one-time password, determining that the user is authenticated, otherwise determining that the user is not authenticated.
  - 7. The method of claim 6, wherein the previous one-time password is a one-time password generated during the most recent successful authentication with the user.
  - 8. The method of claim 1, wherein the first one-time password expires after authenticating the user.

9. A method for authentication, the method comprising:
- generating a first one-time password using a first cryptographic algorithm;
  
  transmitting the first one-time password and a unique identifier associated with a user to a server;
  
  receiving a second one-time password from the server, the second one-time password being generated using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  authenticating the server based on the second one-time password, the first and second one-time passwords expiring after authenticating the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the first and second cryptographic algorithms are either one-way hashing algorithms or one-way encryption algorithms.
  - 11. The method of claim 9, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values.
  - 12. The method of claim 11, wherein generating the first one-time password comprises:
    - generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being successive in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password, the value of the sequence parameter used to generate the first one-time password being represented by an index of the predeterminable sequence, the index being encoded into the one-time password.
  - 13. The method of claim 11, wherein generating the first one-time password comprises:
    - generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password.
  - 14. The method of claim 13, wherein the previous one-time password is the most recently generated one-time password.
  - 15. The method of claim 11, wherein authenticating the server comprises:
    - generating a third one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate the first one-time password; and
      
      responsive to the second one-time password being the same as the third one-time password, determining that the server is authenticated, otherwise determining that the server is not authenticated.
  - 16. The method of claim 9, wherein the first one-time password expires after transmitting to the server.

17. An electronic communication apparatus comprising:
- a processor and a memory structured to store instructions executable by the processor, the instructions corresponding to;
  
  receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm;
  
  authenticating the user based on the unique identifier and the first one-time password;
  
  generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  transmitting, in response to the user being authenticated, the second one-time password to the user, the first and second one-time passwords expiring after the second one-time password being transmitted to the user.
- View Dependent Claims (18, 19, 20)
- - 18. The electronic communication apparatus of claim 17, the instructions further corresponding to:
    - identifying the second cryptographic algorithm based on the unique identifier, wherein authenticating the user comprises authenticating the user based on the second cryptographic algorithm and the first one-time password.
  - 19. The electronic communication apparatus of claim 17, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values.
  - 20. The electronic communication apparatus of claim 19, the instructions further corresponding to:
    - generating a third one-time password using the second cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being determined by an index and the predeterminable sequence, the index being determined by applying an index algorithm to the first one-time password, the index algorithm being associated with the second cryptographic algorithm; and
      
      responsive to the first one-time password being the same as the third one-time password, determining that the user is authenticated, otherwise determining that the user is not authenticated.

21. An electronic communication apparatus comprising:
- a processor and a memory structured to store instructions executable by the processor, the instructions corresponding to;
  
  generating a first one-time password using a first cryptographic algorithm;
  
  transmitting the first one-time password and a unique identifier associated with a user to a server;
  
  receiving a second one-time password from the server, the second one-time password being generated using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  authenticating the server based on the second one-time password, the first and second one-time passwords expiring after authenticating the server.
- View Dependent Claims (22, 23, 24)
- - 22. The electronic communication apparatus of claim 21, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, and wherein generating the first one-time password comprises:
    - generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being successive in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password, the value of the sequence parameter used to generate the first one-time password being represented by an index of the predeterminable sequence, the index being encoded into the one-time password.
  - 23. The electronic communication apparatus of claim 21, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, and wherein generating the first one-time password comprises:
    - generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password.
  - 24. The electronic communication apparatus of claim 21, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, and wherein authenticating the server comprises:
    - generating a third one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate the first one-time password; and
      
      responsive to the second one-time password being the same as the third one-time password, determining that the server is authenticated, otherwise determining that the server is not authenticated.

25. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism including:
- instructions for receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm;
  
  instructions for authenticating the user based on the unique identifier and the first one-time password;
  
  instructions for generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  instructions for transmitting, in response to the user being authenticated, the second one-time password to the user, the first and second one-time passwords expiring after the second one-time password being transmitted to the user.
- View Dependent Claims (26, 27, 28)
- - 26. The computer program product of claim 25, further comprising:
    - instructions for identifying the second cryptographic algorithm based on the unique identifier, wherein authenticating the user comprises authenticating the user based on the second cryptographic algorithm and the first one-time password.
  - 27. The computer program product of claim 25, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values.
  - 28. The computer program product of claim 27, wherein instructions for authenticating the user comprises:
    - instructions for generating a third one-time password using the second cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being determined by an index and the predeterminable sequence, the index being determined by applying an index algorithm to the first one-time password, the index algorithm being associated with the second cryptographic algorithm; and
      
      instructions for responsive to the first one-time password being the same as the third one-time password, determining that the user is authenticated, otherwise determining that the user is not authenticated.

29. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism including:
- instructions for generating a first one-time password using a first cryptographic algorithm;
  
  instructions for transmitting the first one-time password and a unique identifier associated with a user to a server;
  
  instructions for receiving a second one-time password from the server, the second one-time password being generated using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
  
  instructions for authenticating the server based on the second one-time password, the first and second one-time passwords expiring after authenticating the server.
- View Dependent Claims (30, 31, 32)
- - 30. The computer program product of claim 29, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, wherein instructions for generating the first one-time password comprises:
    - instructions for generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being successive in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password, the value of the sequence parameter used to generate the first one-time password being represented by an index of the predeterminable sequence, the index being encoded into the one-time password.
  - 31. The computer program product of claim 29, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, wherein instructions for generating the first one-time password comprises:
    - instructions for generating the first one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the first one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate a previous one-time password.
  - 32. The computer program product of claim 29, wherein the first and second cryptographic algorithms are functionally equivalent and have the same token secrets, the first and second cryptographic algorithms having a sequence parameter, the value of the sequence parameter being in a predeterminable sequence of values, wherein instructions for authenticating the server comprises:
    - instructions for generating a third one-time password using the first cryptographic algorithm, the value of the sequence parameter used to generate the third one-time password being the successor in the predeterminable sequence of the value of the sequence parameter used to generate the first one-time password; and
      
      instructions for responsive to the second one-time password being the same as the third one-time password, determining that the server is authenticated, otherwise determining that the server is not authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boncle, Inc.
Original Assignee
Boncle, Inc.
Inventors
Law, Eric

Application Number

US11/377,866
Publication Number

US 20070220253A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/445 by mutual authentication, e...

H04L 63/0838 using one-time-passwords

Mutual authentication between two parties using two consecutive one-time passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Mutual authentication between two parties using two consecutive one-time passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others