Apparatus for pre-authentication of users using one-time passwords
First Claim
1. A computer program product for a client computing system including a processor includes:
- code that directs the processor to request a challenge from an authentication server;
code that directs the processor to receive the challenge from the authentication server via a secure communications channel, wherein the challenge includes at least a password that is inactive;
code that directs the processor to receive user authentication data from a user;
code that directs the processor to determine a private key and a digital certificate in response to the user authentication data;
code that directs the processor to form a digital signature in response to the password that is inactive from the authentication server and the private key;
code that directs the processor to communicate the digital signature to the authentication server,code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form; and
code that directs the processor to communicate network user authentication data and the password that is inactive to the authentication server via a security server,wherein the authentication server activates the password that is inactive when the digital signature is verified, andwherein the codes reside on a tangible media.
10 Assignments
0 Petitions
Accused Products
Abstract
A computer program product for a client computing system including a processor includes code that directs the processor to request a challenge from a authentication server, code that directs the processor to receive the challenge from the authentication server via a first secure communications channel, the challenge comprising an identity code, code that directs the processor to receive user authentication data from a user, code that directs the processor to determine a private key and a digital certificate in response to the user authentication data, code that directs the processor to form a digital signature in response to the identity code and the private key, code that directs the processor to communicate the digital signature to the authentication server, code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form, and code that directs the processor to communicate network user authentication data and the identity code to the authentication server via a security server, wherein the authentication server activates the identity code when the digital signature is verified, and wherein the codes reside on a tangible media.
-
Citations
20 Claims
-
1. A computer program product for a client computing system including a processor includes:
-
code that directs the processor to request a challenge from an authentication server; code that directs the processor to receive the challenge from the authentication server via a secure communications channel, wherein the challenge includes at least a password that is inactive; code that directs the processor to receive user authentication data from a user; code that directs the processor to determine a private key and a digital certificate in response to the user authentication data; code that directs the processor to form a digital signature in response to the password that is inactive from the authentication server and the private key; code that directs the processor to communicate the digital signature to the authentication server, code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form; and code that directs the processor to communicate network user authentication data and the password that is inactive to the authentication server via a security server, wherein the authentication server activates the password that is inactive when the digital signature is verified, and wherein the codes reside on a tangible media. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A client computing system for communicating with a private server includes:
-
a tangible memory configured to store a key wallet, the key wallet including a private key associated with a user and a digital certificate associated with the user, the private key and digital certificate stored in an encrypted form; a processor coupled to the tangible memory, the processor configured to receive a challenge from an authentication server via a secure communications channel, the challenge comprising a password that is inactive, configured to receive user authentication data from the user, configured to determine a retrieved private key and a retrieved digital certificate from the key wallet in response to the user authentication data from the user;
configured to form a digital signature in response to the password that is inactive from the authentication server and the retrieved private key, configured to communicate the digital signature to the authentication server, configured to communicate the digital certificate to the authentication server, and configured to communicate network user authentication data and the identity code to the authentication server via a security server,wherein the authentication server activates the password that is inactive when the digital signature is verified, and wherein the security server allows the client computing system to communicate with the private server when the password that is inactive is activated. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A client system for communicating with a remote server includes:
-
a tangible memory configured to store key wallet program, the key wallet program configured to store a private key associated with a user and a digital certificate associated with the user in protected forms; means for receiving a challenge from a verification server via a secure communications channel, the challenge comprising at least a network password that is inactive; means for receiving at least a PIN from the user; means for determining a returned private key and a returned digital certificate from the key wallet in response to at least the PIN from the user; means for forming a digital signature in response to the network password received from the verification server and to the private key; means for communicating the digital certificate and the digital signature to the authentication server; and means for communicating at least the network password to a security server, wherein the network password is activated when the digital signature and digital certificate authenticate the user; and wherein the security server allows the client system to communicate with the remote server when the network password is activated. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification