Single-use password authentication
First Claim
1. At an authentication service in a computerized environment that includes a client, a service provider, and an authentication service, a method of the authentication service authenticating the client to the service provider using a one-time password that was previously exchanged between the authentication service and the client, the method comprising the acts of:
- the authentication service generating an authentication service identifier for the client;
the authentication service receiving a client moniker from the client;
after receiving the client moniker, the authentication service sending a one-time password to the client for the client to use in accessing the service provider;
after sending the one-time password to the client, the authentication service receiving a one-time password from the service provider;
if the one-time password received from the service provider matches the one-time password sent by the authentication service to the client, then the authentication service sending the authentication service identifier for the client to the service provider to authenticate the client; and
if the one-time password received from the service provider does not match the one-time password sent by the authentication service to the client, then the authentication service indicating to the service provider that the one-time password received from the service provider does not match the one-time password sent to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, computer program products and methods for authentication using a one-time password. In system that includes a client, a service provider, and an authentication service, the authentication service generates an authentication service identifier for the client. Any suitable identifier may be used for the authentication service identifier, which generally takes the form of an arbitrary number of characters. From the client, the authentication service receives a client moniker (e.g., a username) for the client to use when accessing the authentication service. The authentication service sends a one-time password to the client for the client to use in accessing the service provider. When the authentication service receives a one-time password from the service provider, the authentication service sends the authentication service identifier for the client to the service provider to authenticate the client if the one-time password received from the service provider matches the one-time password sent to the client.
38 Citations
29 Claims
-
1. At an authentication service in a computerized environment that includes a client, a service provider, and an authentication service, a method of the authentication service authenticating the client to the service provider using a one-time password that was previously exchanged between the authentication service and the client, the method comprising the acts of:
-
the authentication service generating an authentication service identifier for the client; the authentication service receiving a client moniker from the client; after receiving the client moniker, the authentication service sending a one-time password to the client for the client to use in accessing the service provider; after sending the one-time password to the client, the authentication service receiving a one-time password from the service provider; if the one-time password received from the service provider matches the one-time password sent by the authentication service to the client, then the authentication service sending the authentication service identifier for the client to the service provider to authenticate the client; and if the one-time password received from the service provider does not match the one-time password sent by the authentication service to the client, then the authentication service indicating to the service provider that the one-time password received from the service provider does not match the one-time password sent to the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. At an authentication service in a computerized environment that includes a client, a service provider, and an authentication service, a computer program storage product comprising one or more computer readable media carrying computer executable instructions that, when executed, cause one or more processors in the authentication service to perform a method of the authentication service authenticating the client to the service provider using a one-time password previously exchanged between the authentication service and the client, the method comprising the authentication service performing acts of:
-
the authentication service generating an authentication service identifier for the client; the authentication service receiving a client moniker from the client; after receiving the client moniker, the authentication service sending a one-time password to the client for use with the service provider; after sending the one-time password to the client, the authentication service receiving a one-time password from the service provider; and the authentication service identifying that the one-time password received from the service provider matches the one-time password sent by the authentication service to the client; and the authentication service sending the authentication service identifier for the client to the service provider to authenticate the client. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. At a service provider in a computerized environment that includes a client, a service provider, and an authentication service, a method of the service provider authenticating the client through a one-time password previously exchanged between the authentication service and the client, the method comprising the service provider performing acts of:
-
the service provider associating a prior authentication service identifier for the client with a prior service provider identifier for the client; the service provider receiving from the client a service provider identifier for the client and a one-time password from the client to use in authenticating the client through the authentication service, wherein the authentication service sent the one-time password to the client in exchange for a client moniker; the service provider verifying that the service provider identifier received from the client matches the prior service provider identifier, and represents a valid service provider identifier; the service provider sending the one-time password to the authentication service in order to receive a client authentication service identifier from the authentication service; identifying that a received authentication service identifier for the client matches the prior authentication service identifier for the client associated with the service provider identifier for the client at the service provider. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. At a service provider in a computerized environment that includes a client, a service provider, and an authentication service, a computer program storage product comprising one or more computer readable media carrying computer executable instructions that, when executed, cause one or more processors in the service provider to perform a method of the service provider authenticating the client through a one-time password previously exchanged between the client and the authentication service, the method comprising the service provider performing acts of:
-
the service provider associating an authentication service identifier for the client with a prior service provider identifier for the client; the service provider receiving from the client the service provider identifier for the client and a one-time password from the client to use in authenticating the client through the authentication service, wherein the authentication service sent the one-time password to the client in exchange for a client moniker; the service provider verifying that the service provider identifier received from the client matches the prior service provider identifier, and represents a valid service provider identifier; the service provider sending the one-time password to the authentication service in order to receive a client authentication service identifier from the authentication service; identifying that received authentication service identifier for the client matches the prior authentication service identifier for the client associated with the service provider identifier for the client at the service provider; and the service provider allowing the client access to one or more services offered by the service provider. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. At a client computer system in a computerized environment that includes a client, a service provider, and an authentication service, a computer program storage product comprising one or more computer readable media carrying computer executable instructions that, when executed, cause one or more processors in the client to perform a method of the client authenticating to the service provider using a one-time password previously exchanged between the client and the authentication service, the method comprising the client performing acts of:
-
the client sending a client moniker to the authentication service to obtain a one-time password; the client receiving the one-time password from the authentication service, wherein the one-time password is associated with an authentication service identifier for the client to use in accessing the service provider; the client sending a service provider identifier for the client to the service provider so that the service provider can locate the authentication service identifier for the client that is associated with the service provider identifier for the client at the service provider; and the client sending the one-time password previously received from the authentication service to the service provider, whereby the service provider can perform the acts of; sending the one-time password to the authentication service; upon validating the one-time password by the authentication service, receiving the authentication service identifier for the client that is associated with the one-time password from the authentication service; and matching the authentication service identifier for the client that is received from the authentication service with the authentication service identifier for the client that is associated with the service provider identifier for the client at the service provider. - View Dependent Claims (27, 28, 29)
-
Specification