One time password

US 20090313687A1
Filed: 10/17/2005
Published: 12/17/2009
Est. Priority Date: 10/15/2004
Status: Active Grant

First Claim

Patent Images

1. A system for authentication, comprising:

a token processor coupled to a token memory, said token memory storing shared secret key K and token counter value C, said token memory further storing instructions adapted to be executed by said processor to generate a one time password;

a validation server coupled to a validation server memory, said validation server memory storing shared secret key K and validation server counter value C′

;

said token processor calculating a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂

Digit, where Digit is the number of digits in the one time password; and

sending the one time password to the validation server for validation.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.

100 Citations

View as Search Results

15 Claims

1. A system for authentication, comprising:
- a token processor coupled to a token memory, said token memory storing shared secret key K and token counter value C, said token memory further storing instructions adapted to be executed by said processor to generate a one time password;
  
  a validation server coupled to a validation server memory, said validation server memory storing shared secret key K and validation server counter value C′
  
  ;
  
  said token processor calculating a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂
  
  Digit, where Digit is the number of digits in the one time password; and
  
  sending the one time password to the validation server for validation.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein said validation server memory further stores a look-ahead parameter s, and where said validation server memory instructions are executed by said validation server processor to calculate a one time password based upon K and C′
    - +n, n being an integer from 1 to s, until the one time password calculated by the validation server matches the one time password received from the token or n=s.
  - 3. The system of claim 2, wherein if there is no match between the received one time password and a calculated one time password, then sending a signal indicating a failed validation attempt.
  - 4. The system of claim 2, wherein if there is a match between the received one time password and a calculated one time password, then said validation server processor sending a signal indicating a successful validation.
  - 5. The system of claim 3, wherein said validation server memory further stores a throttling parameter T, and wherein a throttling signal is sent if the number of failed validation attempts is equal to T.
  - 6. The system of claim 1, wherein said validation server memory further stores a throttling parameter T, and wherein further validation attempts are suspended if the number of failed validation attempts is equal to T.

7. A validation server, comprising:
- a processor;
  
  a memory coupled to said processor, said memory storing share secret key K, validation server counter value C′
  
  , look-ahead window parameter s and instructions adapted to be executed by said processor to receive a one time password from a token, calculate a one time password by generating a HMAC-SHA-1 value based upon key K and a counter value C′
  
  , truncating the generated HMAC-SHA-1 value modulo 10̂
  
  Digit, where Digit is the number of digits in the one time password and compare the calculated one time password to the one time password received from the token.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The validation server of claim 7, wherein if the calculated one time password does not match the one time password received from the token, said validation server calculates one time passwords based upon key K and counter value C′
    - +n, n being an integer from 1 to s.
  - 9. The validation server of claim 8, wherein if the received one time password does not match a calculated one time password, then sending a signal indicating a failed validation attempt.
  - 10. The validation server of claim 8, wherein if the received one time password does not match a calculated one time password, then sending a signal indicating a successful validation.
  - 11. The validation server of claim 8, wherein said memory stores a throttling parameter T, and wherein further validation attempts from the token are suspended after T failed validation attempts.

12. A method for validating a one time password created by a token by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂
- Digit, where Digit is the number of digits in the one time password, comprising;
  
  calculating a one time password to compare to the received one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C′
  
  ;
  
  truncating the generated HMAC-SHA-1 value modulo 10̂
  
  Digit, where Digit is the number of digits in the one time password;
  
  comparing the calculated one time password to the received one time password, and if there is no match, then incrementing C′
  
  by 1, recalculating the one time password, and if there is still no match, continuing to increment C′
  
  , recalculating the one time password and comparing the recalculated one time password to the received one time password, until C′
  
  =C′
  
  +s, where s is a look-ahead window parameter.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein if the calculated or a recalculated one time password matches the received password, sending a signal indicating a successful validation.
  - 14. The method of claim 12, wherein if the calculated or a recalculated one time password matches the received password, sending a signal indicating a failed validation attempt.
  - 15. The method of claim 14, further comprising suspending validation attempts if the number of failed validation attempts exceeds T, a throttling parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hart, Loren, Popp, Nicolas, M'Raihi, David

Granted Patent

US 8,087,074 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 2209/20   Manipulating the length of ...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3236   using cryptographic hash fu...

One time password

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

One time password

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links