Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
First Claim
1. A method for electronic communication, the method comprising:
- receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm;
authenticating the user based on the unique identifier and the first one-time password;
generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and
establishing, in response to the user being authenticated, a secure channel using a session key created at least in part from the second one-time password.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication system and method are configured for mutual authentication and secure channel establishment between two parties. In one embodiment a first party generates a first one-time password and sends it to a second party. The second party authenticates the first party by generating a one-time password using the same algorithm, secrets and parameters and matching it with the received first one-time password. If the received first one-time password matches with a generated password, the second party generates a consecutive one-time password, and establishes a secure channel to the first party using the consecutive one-time password. The first party generates a consecutive one-time password and authenticates the second party by successfully communicating with the second party using the secure channel.
254 Citations
18 Claims
-
1. A method for electronic communication, the method comprising:
-
receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm; authenticating the user based on the unique identifier and the first one-time password; generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and establishing, in response to the user being authenticated, a secure channel using a session key created at least in part from the second one-time password. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for electronic communication, the method comprising:
-
generating a first one-time password using a first cryptographic algorithm; transmitting the first one-time password and a unique identifier associated with a user to a server; generating a second one-time password using the first cryptographic algorithm; establishing a secure channel with the server using a first session key created at least in part from the second one-time password, wherein the server creates a second session key using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and authenticating the server based on the establishment of the secure channel. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An electronic communication apparatus comprising:
-
a processor and a memory structured to store instructions executable by the processor, the instructions corresponding to; receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm; authenticating the user based on the unique identifier and the first one-time password; generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and establishing, in response to the user being authenticated, a secure channel using a session key created at least in part from the second one-time password.
-
-
16. An electronic communication apparatus comprising:
-
a processor and a memory structured to store instructions executable by the processor, the instructions corresponding to; generating a first one-time password using a first cryptographic algorithm; transmitting the first one-time password and a unique identifier associated with a user to a server; generating a second one-time password using the first cryptographic algorithm; establishing a secure channel with the server using a first session key created at least in part from the second one-time password, wherein the server creates a second session key using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and authenticating the server based on the establishment of the secure channel.
-
-
17. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism including:
-
instructions for receiving a unique identifier associated with a user and a first one-time password, the first one-time password being generated using a first cryptographic algorithm; instructions for authenticating the user based on the unique identifier and the first one-time password; instructions for generating, in response to the user being authenticated, a second one-time password using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and instructions for establishing, in response to the user being authenticated, a secure channel using a session key created at least in part from the second one-time password.
-
-
18. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism including:
-
instructions for generating a first one-time password using a first cryptographic algorithm; instructions for transmitting the first one-time password and a unique identifier associated with a user to a server; instructions for generating a second one-time password using the first cryptographic algorithm; instructions for establishing a secure channel with the server using a first session key created at least in part from the second one-time password, wherein the server creates a second session key using a second cryptographic algorithm, the second cryptographic algorithm being associated with the first cryptographic algorithm; and instructions for authenticating the server based on the establishment of the secure channel.
-
Specification