DYNAMIC AUTHENTICATION FOR A COMPUTING SYSTEM

US 20170134363A1
Filed: 11/10/2015
Published: 05/11/2017
Est. Priority Date: 11/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors, a login request from a client and, in response, issuing, by one or more processors, a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;

receiving, by one or more processors, one or more a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;

generating, by one or more processors, a second ordered set of tokens based on the first seed and the first algorithm; and

authenticating, by one or more processors, the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer program product, and computer system for authenticating user access to a computing system using dynamic tokens are provided. A login request from a client is received, and in response, a token request from the client is issued. The token request identifies one or more sequence positions. One or more client tokens generated by the client are received based on the one or more sequence positions of the tokens. A sequence of tokens based on a first seed and a first algorithm are generated. The login request is authenticated by comparing the one or more client tokens with the sequence of tokens, based at least in part, on the one or more sequence positions.

Citations

21 Claims

1. A method comprising:
- receiving, by one or more processors, a login request from a client and, in response, issuing, by one or more processors, a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  receiving, by one or more processors, one or more a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  generating, by one or more processors, a second ordered set of tokens based on the first seed and the first algorithm; and
  
  authenticating, by one or more processors, the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21)
- - 2. The method of claim 1, wherein the token request identifies the first algorithm.
  - 3. The method of claim 2, further comprising:
    - receiving, by one or more processors, the first seed from the client prior to receiving the login request.
  - 4. The method of claim 3, wherein issuing the token request is in further response to determining that the first seed matches a second seed included in the login request.
  - 5. The method of claim 2, further comprising:
    - providing, by one or more processors, the first algorithm to the client prior to receiving the login request.
  - 6. The method of claim 1, further comprising:
    - selecting, by one or more processors, the first algorithm from among a plurality of algorithms based, at least in part, on the login request.
  - 7. The method of claim 6, wherein the plurality of algorithms correspond to registered users.
  - 8. The method of claim 1, further comprising:
    - denying access to an electronic resource in response to an occurrence of determining that the first seed does not match a second seed included in the login request.
  - 21. The method of claim 1, further comprising:
    - denying access to an electronic resource in response to an occurrence of determining that a client token of the plurality of client tokens corresponding to a first token position within a first ordered set of tokens does not match a token of the second ordered set of tokens corresponding to the first token position of the second ordered set of tokens.

9. A computer program product, the computer program product comprising:
- a computer readable storage device and program instructions stored on the computer readable storage device, the program instructions comprising;
  
  program instructions to receive a login request from a client and, in response, issue a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  program instructions to receive a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  program instructions to generate a second ordered set of tokens based on the first seed and the first algorithm; and
  
  program instructions to authenticate the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the one or more plurality of token positions.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer program product of claim 9, wherein the token request identifies the first algorithm.
  - 11. The computer program product of claim 10, further comprising:
    - program instructions to receive the first seed from the client prior to receiving the login request, wherein the token request is issued in further response to program instructions to determine that the first seed matches a second seed included in the login request.
  - 12. The computer program product of claim 10, further comprising:
    - program instructions to provide the first algorithm to the client prior to receiving the login request.
  - 13. The computer program product of claim 9, further comprising:
    - program instructions to select the first algorithm from among a plurality of algorithms based, at least in part, on the login request, wherein the plurality of algorithms correspond to registered users.
  - 14. The computer program product of claim 9, further comprising:
    - program instructions to deny access to an electronic resource in response to an occurrence of at least one of;
      
      (i) determining that the first seed does not match a second seed included in the login request; and
      
      (ii) determining that a client token of the plurality of client tokens corresponding to a first token position within a first ordered set of tokens does not match a token of the second ordered set of tokens corresponding to the first token position of the second ordered set of tokens.

15. A computer system, the computer system comprising:
- one or more computer processors;
  
  one or more computer readable storage media;
  
  program instructions stored on the computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising;
  
  program instructions to receive a login request from a client and, in response, issue a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  program instructions to receive a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  program instructions to generate a second ordered set of tokens based on the first seed and the first algorithm; and
  
  program instructions to authenticate the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the one or more plurality of token positions.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer system of claim 15, wherein the token request identifies the first algorithm.
  - 17. The computer system of claim 16, further comprising:
    - program instructions to receive the first seed from the client prior to receiving the login request, wherein the token request is issued in further response to program instructions to determine that the first seed matches a second seed included in the login request.
  - 18. The computer system of claim 16, further comprising:
    - program instructions to provide the first algorithm to the client prior to receiving the login request.
  - 19. The computer system of claim 15, further comprising:
    - program instructions to select the first algorithm from among a plurality of algorithms based, at least in part, on the login request, wherein the plurality of algorithms correspond to registered users.

20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Grunin, Galina, Nachman, David E., Nassar, Nader M., Nassar, Tamer M.

Granted Patent

US 9,742,761 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

H04L 63/083   using passwords cryptograph...

H04W 12/068   using credential vaults, e....

DYNAMIC AUTHENTICATION FOR A COMPUTING SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC AUTHENTICATION FOR A COMPUTING SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links