METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS

US 20100263029A1
Filed: 04/09/2010
Published: 10/14/2010
Est. Priority Date: 04/09/2009
Status: Active Grant

First Claim

Patent Images

1. Method for one-time password generation, the one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter, comprising using the device to perform the steps of:

using a first password generation parameter for generating a first one-time password for use in user authentication by a first restricted resource, andusing a second password generation parameter for generating a second one-time password for use in user authentication by a second restricted resource, wherein the second restricted resource is different from the first restricted resource, and wherein the first and second password generation parameters are distinct.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for one-time password generation, the one-time password being used for user authentication by a restricted resource. The one-time password is generated by means of a mathematical algorithm in a user-specific device, and the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter. A first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource, and a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, the second restricted resource being different from the first restricted resource, and the first and second password generation parameters being distinct.

Citations

18 Claims

1. Method for one-time password generation, the one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter, comprising using the device to perform the steps of:
- using a first password generation parameter for generating a first one-time password for use in user authentication by a first restricted resource, andusing a second password generation parameter for generating a second one-time password for use in user authentication by a second restricted resource, wherein the second restricted resource is different from the first restricted resource, and wherein the first and second password generation parameters are distinct.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 17, 18)
- - 2. Method according to claim 1, wherein the first one-time password is generated by means of the first and a third password generation parameter, and wherein the second one-time password is generated by means of the second and a fourth password generation parameter.
  - 3. Method according to claim 2, wherein the first and second password generation parameters consist of distinct encryption keys, and wherein the third and fourth password generation parameters consist of a first and second counter, respectively.
  - 4. Method according to claim 1,wherein, when a user requests access to the first restricted resource, a one-time password is generated by means of the first and third password generation parameters, andwherein, when a user requests access to the second restricted resource, a one-time password is generated by means of the second and fourth password generation parameters.
  - 5. Method according to claim 3, wherein the counters are incremented in the device and at the restricted resource each time a one-time password is generated.
  - 6. Method according to claim 1, further comprising the step of,prior to the first generation of a one-time password and by means of the device, receiving the password generation parameter(s) together with an identity of the associated restricted resource to which the password generation parameters make authentication possible.
  - 7. Method according to claim 6, wherein the password generation parameters are transmitted to the device from the associated restricted resource or from a trusted entity.
  - 8. Method according to claim 7, wherein the trusted entity is a trusted entity that transmits password generation parameters for a plurality of restricted resources.
  - 9. Method according to claim 1, wherein, prior to the generation of a one-time password, the user is required to enter a PIN code associated with the password generation parameter(s) by means of which the one-time password is to be generated.
  - 10. Method according to claim 1, further comprising the steps of, when a restricted resource service requires one or more user actions to be signed and/or verified,prompting the user to use the device to sign and/or verify the action,by means of the device, in a signing mode, generating a one-time password and connecting to the restricted resource to request action(s) to be signed and/or verified using the generated one-time password and a user ID,by means of the restricted resource, verifying the one-time password and transmitting a message comprising action signing requests to the user device, andby means of the device, generating a new one-time password and generating a reply message for transmission to the restricted resource, the message including an identity of the action to be signed and the generated one-time password.
  - 11. Method according to claim 1, wherein the device is a mobile device consisting of any from the group:
    - mobile phone, smartphone, Personal Digital Assistant, handheld computer.
  - 12. Method according to claim 1, wherein the encryption keys are symmetric keys.
  - 17. Computer program, wherein code means, which when run by a processor in a device, causes the device to execute the method according to claim 1.
  - 18. Computer program product including a computer readable medium and a computer program according to claim 17, wherein the computer program is included in the computer readable medium.

13. Device for one-time password generation, the one-time password being used for user authentication by a restricted resource, wherein the device is provided with a mathematical algorithm for generating one-time passwords, and wherein a one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter, wherein the device further is arranged to:
- use a first password generation parameter for generating a one-time password for use in user authentication at a first restricted resource, anduse a second password generation parameter for generating a one-time password for use in user authentication at a second restricted resource, wherein the second restricted resource is different from the first restricted resource, and wherein the first and second password generation parameters are distinct.
- View Dependent Claims (14)
- - 14. Device according to claim 13, further comprising means for,prior to the first generation of a one-time password for use in user authentication at a restricted resource, receiving password generation parameter(s) associated with the restricted resource.

15. System for one-time password generation, the one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the mathematical algorithm using at least one user-specific password generation parameter, wherein the system comprises:
- means for, upon request by a first restricted resource, generating a first password generation parameter for use when generating one-time passwords to be used in user authentication at the first restricted resource, and transmitting the first password generation parameter to the user-specific device, andmeans for, upon request from a second restricted resource, generating a second password generation parameter for use when generating one-time passwords to be used in user authentication by the second restricted resource, and transmitting the second password generation parameter to the user device, wherein the second restricted resource is different from the first restricted resource, and wherein the first and second password generation parameters are distinct.
- View Dependent Claims (16)
- - 16. System according to claim 15, wherein the password generation parameters are arranged to be transmitted to the user-specific device from a trusted entity that is common to a plurality of restricted resources, wherein the trusted entity is arranged to generate the password generation parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Tohmo, Jesper, Roslund, Christer

Granted Patent

US 8,898,749 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links