Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP
First Claim
1. A method of authenticating and encrypting a client-server communication, comprising the steps of:
- a) generating a first one-time password (OTP1) and a second one-time password (OTP2) from a cryptographic token;
b) generating an encryption key (K_ENC) and a MAC (Message Authentication Code) key (K_MAC) based on OTP2;
c) preparing and protecting client data using K_ENC and K_MACd) sending a request message from the client to the server, the request message containing the protected client data, a cryptographic identifier token (TID) and OTP1;
e) validating OTP1 at the server, and generating OTP2 at the server upon successful validation;
f) deriving K_ENC and K_MAC from OTP2 at the server;
g) processing the request message and generating result data;
h) encrypting the result data using K_ENC and creating a digest using K_MAC;
i) sending the encrypted result data to the client; and
j) decrypting the result data at the client using K_ENC and verifying the authenticity of the result data using K_MAC.
9 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating and encrypting a client-server communication is provided. Two one-time passwords (OTP1 and OTP2) are generated from a cryptographic token. An encryption key (K_ENC) and a MAC key (K_MAC) are generated based on OTP2. The client data are prepared and protected using K_ENC and K_MAC. A request message is sent from the client to the server, and contains the protected client data, a cryptographic token identifier and OTP1. OTP1 is validated at the server, and OTP2 is generated at the server upon successful validation. K_ENC and K_MAC are derived from OTP2 at the server. The request message is processed and result data is generated. The result data is encrypted using K_ENC and a digest is created using K_MAC. The encrypted result data is sent to the client, and is decrypted using K_ENC and the authenticity of the result data is verified using K_MAC.
-
Citations
10 Claims
-
1. A method of authenticating and encrypting a client-server communication, comprising the steps of:
-
a) generating a first one-time password (OTP1) and a second one-time password (OTP2) from a cryptographic token; b) generating an encryption key (K_ENC) and a MAC (Message Authentication Code) key (K_MAC) based on OTP2; c) preparing and protecting client data using K_ENC and K_MAC d) sending a request message from the client to the server, the request message containing the protected client data, a cryptographic identifier token (TID) and OTP1; e) validating OTP1 at the server, and generating OTP2 at the server upon successful validation; f) deriving K_ENC and K_MAC from OTP2 at the server; g) processing the request message and generating result data; h) encrypting the result data using K_ENC and creating a digest using K_MAC; i) sending the encrypted result data to the client; and j) decrypting the result data at the client using K_ENC and verifying the authenticity of the result data using K_MAC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data authentication and encryption protocol, comprising:
-
a) a pair of one-time passwords, OTP1 and OTP2, where OTP1 is used for user validation and OTP2 is used for key generation; b) an encryption key, K_ENC, derived from OTP2, used to encrypt data; and c) a MAC key, K_MAC, derived from OTP2, used to authenticate encrypted data, wherein OTP1, OTP2, K_ENC and K_MAC are derived such that the protocol does not require a public-key infrastructure. - View Dependent Claims (10)
-
Specification