One time password
First Claim
Patent Images
1. A system for authentication, comprising:
- a token processor coupled to a token memory, said token memory storing shared secret key K and token counter value C, said token memory further storing instructions adapted to be executed by said processor to generate a one time password;
a validation server coupled to a validation server memory, said validation server memory storing shared secret key K and validation server counter value C′
;
said token processor calculating a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂
Digit, where Digit is the number of digits in the one time password; and
sending the one time password to the validation server for validation.
5 Assignments
0 Petitions
Accused Products
Abstract
A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.
100 Citations
15 Claims
-
1. A system for authentication, comprising:
-
a token processor coupled to a token memory, said token memory storing shared secret key K and token counter value C, said token memory further storing instructions adapted to be executed by said processor to generate a one time password; a validation server coupled to a validation server memory, said validation server memory storing shared secret key K and validation server counter value C′
;said token processor calculating a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂
Digit, where Digit is the number of digits in the one time password; andsending the one time password to the validation server for validation. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A validation server, comprising:
-
a processor; a memory coupled to said processor, said memory storing share secret key K, validation server counter value C′
, look-ahead window parameter s and instructions adapted to be executed by said processor to receive a one time password from a token, calculate a one time password by generating a HMAC-SHA-1 value based upon key K and a counter value C′
, truncating the generated HMAC-SHA-1 value modulo 10̂
Digit, where Digit is the number of digits in the one time password and compare the calculated one time password to the one time password received from the token. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for validating a one time password created by a token by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂
- Digit, where Digit is the number of digits in the one time password, comprising;
calculating a one time password to compare to the received one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C′
;truncating the generated HMAC-SHA-1 value modulo 10̂
Digit, where Digit is the number of digits in the one time password;comparing the calculated one time password to the received one time password, and if there is no match, then incrementing C′
by 1, recalculating the one time password, and if there is still no match, continuing to increment C′
, recalculating the one time password and comparing the recalculated one time password to the received one time password, until C′
=C′
+s, where s is a look-ahead window parameter. - View Dependent Claims (13, 14, 15)
- Digit, where Digit is the number of digits in the one time password, comprising;
Specification