Method and System for Authentication

US 20080072295A1
Filed: 09/20/2006
Published: 03/20/2008
Est. Priority Date: 09/20/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for authentication carried out at a service provider, comprising:

starting a session with a client;

receiving a challenge from the client;

responding to the challenge with a response; and

sending a key to the client in non-OCR (optical character recognition) format, wherein the key is used for the session between the client and the service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authentication are provided for verifying a service provider and providing a secure session. The method carried out at the service provider (402) includes: starting (403) a session with a client (401); receiving a challenge (405) from the client (401); responding to the challenge with a response (408); and sending a key (408) to the client (401) in non-OCR format, wherein the key is used for the session between the client (401) and the service provider (402). The response to the challenge is known only to the client (401) and the service provider (402). The key is used by the client (401) to encrypt (412) all the communications with the service provider (402) in the session. The response and the key may be sent to an alternative channel previously supplied by the client (401).

Citations

28 Claims

1. A method for authentication carried out at a service provider, comprising:
- starting a session with a client;
  
  receiving a challenge from the client;
  
  responding to the challenge with a response; and
  
  sending a key to the client in non-OCR (optical character recognition) format, wherein the key is used for the session between the client and the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as claimed in claim 1, wherein the challenge from the client has a response inherently known to the service provider.
  - 3. A method as claimed in claim 1, wherein the challenge and response are generated by a computer algorithm known to the client and the service provider.
  - 4. A method as claimed in claim 1, wherein the challenge and response are generated by hardware tokens at the client and the service provider.
  - 5. A method as claimed in claim 1, wherein the response has previously been provided by the client during a registration procedure with the service provider.
  - 6. A method as claimed in claim 1, wherein the response is made to an alternative channel of communication with the client previously provided by the client.
  - 7. A method as claimed in claim 1, wherein starting a session with a client includes receiving a log in request from a client, and the method includes a client sending a password only when the key has been received by the client and the password is encrypted with the key.
  - 8. A method as claimed in claim 1, wherein the response and the key are provided in non-OCR format.
  - 9. A method as claimed in claim 1, wherein the key is generated by the service provider at the time of the session.
  - 10. A method as claimed in claim 1, wherein the key is a password, code or encryption key.
  - 11. A method as claimed in claim 1, wherein the key gives access to an alternative address for the service provider.
  - 12. A method as claimed in claim 11, including notifying the client by a first communication channel of the key, and sending to a second communication channel the non-OCR formatted key and the alternative address for the service provider.

13. A method for authentication carried out at a service provider, comprising:
- starting a session with a client;
  
  receiving a challenge from the client; and
  
  responding to the challenge with a response to an alternative communication channel previously supplied by the client.

14. A method for authentication carried out at a service provider, comprising:
- starting a session with a client;
  
  receiving a challenge from the client;
  
  responding to the challenge with a response; and
  
  sending an alternative address for the service provider to the client.
- View Dependent Claims (15, 16)
- - 15. A method as claimed in claim 14, wherein sending an alternative address for the service provider is through a trusted alternative channel.
  - 16. A method as claimed in claim 14, wherein the alternative address is provided uniquely for the client.

17. A computer program product stored on a computer readable storage medium for, comprising computer readable program code means for performing the steps of:
- starting a session with a client;
  
  receiving a challenge from the client;
  
  responding to the challenge with a response; and
  
  sending a key to the client in non-OCR format, wherein the key is used for the session between the client and the service provider.

18. A system for authentication including a server comprising:
- a receiving means for initiating a client session;
  
  a response generating mechanism;
  
  a key generator for a session key;
  
  a non-OCR formatter for formatting the key;
  
  a transmitting means for transmitting the response and the key to a client.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. A system as claimed in claim 18, wherein the response generating mechanism determines a response inherently known at the server.
  - 20. A system as claimed in claim 18, wherein the response generating mechanism includes a computer algorithm known to a client and the server.
  - 21. A system as claimed in claim 18, wherein the response generating mechanism includes a hardware token corresponding to a hardware token of a client.
  - 22. A system as claimed in claim 18, wherein the response generating mechanism includes a store of responses previously provided by a client.
  - 23. A system as claimed in claim 18, wherein the response generating mechanism responds to an alternative channel of communication with a client previously provided by the client.
  - 24. A system as claimed in claim 23, wherein the key is a password, code or encryption key.
  - 25. A system as claimed in claim 24, wherein the key gives access to an alternative address for the service provider.
  - 26. A system as claimed in claim 18, wherein the server includes an alternative address for a client session.
  - 27. A system as claimed in claim 18, including a first communication channel for notifying the client of the key, a second communication channel for sending a non-OCR formatted key and the alternative address for the service provider.
  - 28. A system as claimed in claim 27, wherein the second communication channel is a message means including a link to the alternative address for the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Goldberg, Itzhack, Factor, Michael, Nagin, Kenneth, Medini, Yotam, Borenstein, Nathaniel Solomon

Application Number

US11/533,544
Publication Number

US 20080072295A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Method and System for Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links