METHODS AND SYSTEMS FOR AUTHENTICATING USERS OVER NETWORKS
First Claim
Patent Images
1. A method for authenticating users over networks comprising:
- requesting a one-time password;
entering a personal identification number into a communications device;
retrieving a replaceable shared secret stored in the communications device;
generating a hashed personal identification number from the entered personal identification number;
combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret; and
generating a one-time password with the modified shared secret and the time of said requesting operation.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password.
-
Citations
20 Claims
-
1. A method for authenticating users over networks comprising:
-
requesting a one-time password; entering a personal identification number into a communications device; retrieving a replaceable shared secret stored in the communications device; generating a hashed personal identification number from the entered personal identification number; combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret; and generating a one-time password with the modified shared secret and the time of said requesting operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for authenticating users over networks, said system comprising:
-
a service provider system, said service provider system including at least a database, said service provider system being configured to store within said database at least resources and unique user identifiers; a computing device configured to at least communicate with said service provider system; an authentication system comprising an authentication database and being configured to communicate with at least said service provider system and said computing device, store within said authentication database authentication data associated with each of a plurality of authorized users, generate and store shared secrets, generate one-time passwords, and conduct an authentication process; and a communications device configured to at least communicate with said authentication system, obtain authentication data, store shared secrets, replace shared secrets with new shared secrets, generate hashed personal identification numbers, and generate one-time passwords, said authentication system being further configured to communicate with said communications device, said communications device being further configured to replace a shared secret with a new shared secret, combine a hashed personal identification number with the new shared secret to generate a modified shared secret, generate a one-time password with the modified shared secret and a time the one-time password is requested, and transmit the one-time password to said authentication system. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program recorded on a non-transitory computer-readable recording medium included in a computer system, the computer program for enabling authentication of a user attempting to access resources stored in the computer system, the computer program for causing the computer system to execute at least the following:
-
retrieving a replaceable shared secret upon receiving a request for a one-time password; generating a hashed personal identification number from a personal identification number entered into the transaction management system; combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret; generating the one-time password with the modified shared secret and the time of the request; determining a plurality of time intervals; generating series of passwords that includes a password for each time interval, each of the passwords being generated using the modified shared secret and the beginning time of a respective interval of time; comparing the one-time password against each password included in the series of passwords; and permitting the user to access the resources when the one-time password matches one of the passwords included in the series of passwords.
-
Specification