ONE TIME PASSWORD KEY RING FOR MOBILE COMPUTING DEVICE
First Claim
1. One or more computer-readable media comprising computer-executable instructions for provisioning independent generation of single-use combinations of characters to aid in remote verification, the computer-executable instructions directed to steps comprising:
- receiving information regarding a server computing device associated with a remote entity with which the provisioning will be performed;
receiving provisioning information, comprising a signature, from the server computing device;
verifying the signature of the received provisioning information based on the received information regarding the server computing device;
creating a private key from a random value;
selecting parameters from the received provisioning information;
creating a public key from data comprising;
the private key and the selected parameters;
creating a shared secret from data comprising;
the private key, the selected parameters, and a public key of the server computing device associated with the selected parameters; and
creating, from data comprising the shared secret, a single-use combination of characters to aid in remote verification to the remote entity.
2 Assignments
0 Petitions
Accused Products
Abstract
Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device'"'"'s public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.
83 Citations
20 Claims
-
1. One or more computer-readable media comprising computer-executable instructions for provisioning independent generation of single-use combinations of characters to aid in remote verification, the computer-executable instructions directed to steps comprising:
-
receiving information regarding a server computing device associated with a remote entity with which the provisioning will be performed; receiving provisioning information, comprising a signature, from the server computing device; verifying the signature of the received provisioning information based on the received information regarding the server computing device; creating a private key from a random value; selecting parameters from the received provisioning information; creating a public key from data comprising;
the private key and the selected parameters;creating a shared secret from data comprising;
the private key, the selected parameters, and a public key of the server computing device associated with the selected parameters; andcreating, from data comprising the shared secret, a single-use combination of characters to aid in remote verification to the remote entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer-readable media comprising computer-executable instructions for provisioning independent generation of single-use combinations of characters to aid in remote verification, the computer-executable instructions directed to steps comprising:
-
creating a private key from a random value; creating provisioning information comprising parameters and public keys corresponding to the parameters; providing the provisioning information to one or more clients through network communications; receiving client data comprising;
selected parameters, selected from the parameters of the provisioning information and a public key of a client generating the received client data;creating a shared secret from data comprising;
the private key, the selected parameters, and the public key of the client;receiving a first single-use combination of characters generated by the client as a remote verification; creating a second single-use combination of characters from data comprising the shared secret; and verifying the client if the first single-use combination of characters is equivalent to the second single-use combination of characters. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for providing protected information to at least one user, the system comprising:
-
a server computing device associated with a site providing at least some of the protected information, the server computing device comprising a first shared secret from which single-use combinations of characters are created and updated data for creating the single-use combinations of characters, wherein the first shared secret is based on the updated data; and a mobile computing device utilized by the at least one user to generate a single-use combination of characters to verify the at least one user to the site, the mobile computing device comprising a second shared secret, equivalent to the first shared secret, from which the single-use combination of characters is created and a network connection for obtaining the updated data from the server computing device prior to creating the single-use combination of characters. - View Dependent Claims (17, 18, 19, 20)
-
Specification