METHOD AND SYSTEM FOR ONE TIME PASSWORD BASED AUTHENTICATION AND INTEGRATED REMOTE ACCESS

US 20080072303A1
Filed: 09/13/2007
Published: 03/20/2008
Est. Priority Date: 09/14/2006
Status: Abandoned Application

First Claim

Patent Images

1. A system for client authentication using a one time password (OTP), comprising:

a client configured to request access to an application executing on an internal corporate network, and transmit the OTP and a user name associated with a user to an OTP keys distribution center (KDC), wherein the OTP is used to authenticate the user to the internal corporate network; and

the OTP KDC configured to receive the OTP from the client, and issue an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the OTP, wherein the inter-domain key and the TGT are used to authenticate the client and grant access to the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for client authentication using a one time password (OTP) including a client configured to request access to an application executing on an internal corporate network, and transmit the OTP and a user name associated with a user to an OTP keys distribution center (KDC), wherein the OTP is used to authenticate the user to the internal corporate network, and the OTP KDC configured to receive the OTP from the client, and issue an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the OTP, wherein the inter-domain key and the TGT are used to authenticate the client and grant access to the application.

260 Citations

25 Claims

1. A system for client authentication using a one time password (OTP), comprising:
- a client configured to request access to an application executing on an internal corporate network, and transmit the OTP and a user name associated with a user to an OTP keys distribution center (KDC), wherein the OTP is used to authenticate the user to the internal corporate network; and
  
  the OTP KDC configured to receive the OTP from the client, and issue an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the OTP, wherein the inter-domain key and the TGT are used to authenticate the client and grant access to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the client is one selected from a group consisting of a local corporate machine, a handheld device, a computer, a kiosk, and a remote terminal server.
  - 3. The system of claim 2, wherein the user is a remote user on an external network, and wherein the remote user, using the client, is authenticated to the application hosted by the corporate server via a single sign-on experience.
  - 4. The system of claim 1, wherein the client comprises an authenticating entity modified to support OTP authentication, wherein the authenticating entity obtains the OTP from the user.
  - 5. The system of claim 1, wherein the OTP is generated using one selected from a group consisting of a smart card, an OTP token, and a display card.
  - 6. The system of claim 1, wherein the client is further configured to request access to resources and services associated with a corporate server.
  - 7. The system of claim 1, further comprising:
    - a validation server operatively connected to the OTP KDC and configured to validate the OTP received from the client.
  - 8. The system of claim 1, wherein the client is located in a first domain and the OTP KDC is located in a second domain.
  - 9. The system of claim 8, wherein the inter-domain key is used to verify that trust is established between the first domain and the second domain.
  - 10. The system of claim 1, further comprising:
    - a local keys distribution center (KDC) configured to issue a service ticket to the client, wherein the service ticket is a short-term ticket used to establish communication between the client and a corporate server executing the application.
  - 11. The system of claim 10, wherein the TGT is encrypted using the inter-domain key, and wherein the local KDC is further configured to decrypt the TGT using the inter-domain key.
  - 12. The system of claim 10, wherein the TGT is a long-term ticket used to obtain the service ticket from the local KDC.
  - 13. The system of claim 1, wherein the OTP is a randomized password generated using a mathematical algorithm and a previous password.
  - 14. The system of claim 1, wherein the user is an employee of a corporation associated with the internal corporate network, and wherein the internal corporate network is located in a third domain.
  - 15. The system of claim 1, wherein the local KDC and the OTP KDC are Kerberos servers.

16. A method for client authentication using a one time password (OTP), comprising:
- receiving the OTP from a client, wherein the OTP is used to authenticate a user to the internal corporate network;
  
  validating the OTP;
  
  issuing an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the OTP;
  
  requesting a service ticket using the TGT and the inter-domain key; and
  
  establishing communication with a corporate server executing an application on the internal corporate network using the service ticket.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising:
    - caching the TGT, the inter-domain key, and the service ticket.
  - 18. The method of claim 16, wherein the client is one selected from a group consisting of a local corporate machine, a handheld device, a computer, a third-party kiosk, and a remote terminal server.
  - 19. The method of claim 18, wherein the user is a remote user on an external network, and wherein the remote user, using the client, is authenticated to the application hosted by the corporate server via a single sign-on experience.
  - 20. The method of claim 16, wherein the client comprises an authenticating entity modified to support OTP authentication, wherein the authenticating entity obtains the OTP from the user.
  - 21. The method of claim 16, wherein the OTP from the client is received in a second domain, and wherein the inter-domain key is used to verify that trust is established between the first domain and the second domain.
  - 22. The method of claim 16, wherein the TGT is encrypted using the inter-domain key, and wherein a local keys distribution center (KDC) is configured to decrypt the TGT using the inter-domain key.

23. A computer system, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instruction stored in the memory for enabling the computer system under control of the processor to;
  
  receive the OTP from a client, wherein the OTP is used to authenticate a user to the internal corporate network;
  
  validate the OTP;
  
  issue an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the OTP;
  
  request a service ticket using the TGT and the inter-domain key; and
  
  establish communication with a corporate server executing an application on the internal corporate network using the service ticket.

24. A method for client authentication using an authentication credential, comprising:
- receiving the authentication credential associated with a user from a client, the authentication credential is used to authenticate the user to the internal corporate network;
  
  validating the authentication credential;
  
  issuing an inter-domain key and a ticket-granting-ticket (TGT) to the client upon validation of the authentication credential;
  
  requesting a service ticket using the TGT and the inter-domain key; and
  
  establishing communication with a corporate server executing an application on the internal corporate network using the service ticket.
- View Dependent Claims (25)
- - 25. The method of claim 24, wherein the authentication credential is one selected from a group consisting of a one-time password (OTP) and a biometric authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DEXA Systems Incorporated
Original Assignee
Schlumberger Technology Corporation (Schlumberger NV)
Inventors
Syed, Jameel

Application Number

US11/855,017
Publication Number

US 20080072303A1
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/0838 using one-time-passwords

METHOD AND SYSTEM FOR ONE TIME PASSWORD BASED AUTHENTICATION AND INTEGRATED REMOTE ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

260 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ONE TIME PASSWORD BASED AUTHENTICATION AND INTEGRATED REMOTE ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links