Methods for pre-authentication of users using one-time passwords
First Claim
1. A method for communicating passwords comprises:
- receiving at a server a challenge from a authentication server via a first secure communications channel, wherein the challenge includes at least a random password from the authentication server that is inactive;
communicating the challenge from the server to a client computer via a second secure communications channel, wherein the client computer receives the random password from the authentication server that is inactive;
receiving at the server a challenge response from the client computer via the second secure communications channel, wherein the challenge response includes a digital certificate and a digital data packet, wherein the digital certificate includes a public key in an encrypted form, and wherein the digital data packet is determined in the client and comprises a combination of at least a portion of the challenge and a private key corresponding to the public key; and
communicating the challenge response from the server to the authentication server via the first secure communications channel;
wherein the random password from the authentication server that is inactive is activated when the authentication server verifies the challenge response.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.
-
Citations
20 Claims
-
1. A method for communicating passwords comprises:
-
receiving at a server a challenge from a authentication server via a first secure communications channel, wherein the challenge includes at least a random password from the authentication server that is inactive; communicating the challenge from the server to a client computer via a second secure communications channel, wherein the client computer receives the random password from the authentication server that is inactive; receiving at the server a challenge response from the client computer via the second secure communications channel, wherein the challenge response includes a digital certificate and a digital data packet, wherein the digital certificate includes a public key in an encrypted form, and wherein the digital data packet is determined in the client and comprises a combination of at least a portion of the challenge and a private key corresponding to the public key; and communicating the challenge response from the server to the authentication server via the first secure communications channel; wherein the random password from the authentication server that is inactive is activated when the authentication server verifies the challenge response. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for a client computer comprises:
-
receiving challenge data from a authentication server in the client computer via a first secure communications channel, wherein the challenge data comprises a challenge and a password from the authentication server that is inactive; receiving a user PIN; recovering a private key and a digital certificate in response to the user PIN; sending the digital certificate to the authentication server via an external server, wherein the digital certificate comprises a public key in an encrypted form; sending a digital data packet to the authentication server via the external server, wherein the digital data packet is determined in the client computer and comprises a combination of at least a portion of the challenge and the private key; and
thereaftersending a user login and the password from the authentication server from the client computer to a password-based security system coupled to the authentication server, wherein when the authentication server verifies the digital data packet, the password that is inactive is activated. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for a verification server comprises:
-
receiving a request for a one-time password in the verification server from a client computer; determining a one-time password within the verification server, wherein the one-time password within the verification server is initially inactive; communicating data comprising the one-time password that is initially inactive from the verification server to the client computer; receiving user identification data from a user at the client computer in the verification server; verifying in the verification server, the user in response to the user identification data; and activating the one-time password in the verification serer when the user is verified. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification