Extended one-time password method and apparatus
First Claim
1. A method for handling a session one-time-password (“
- OTP”
) transmission with an OTP token, the OTP token in communication with a server and a client workstation via a network, the method comprising;
an OTP token opening, with an embedded security browser at the OTP token, a secure session between the OTP token and a server;
receiving, at the OTP token, after opening the secure session, server information that at least partially identifies the server, wherein the server information is received from the server;
determining whether the server is legitimate based on the received server information;
in response to determining that the server is legitimate;
transmitting, from the OTP token, data of an internally-generated OTP; and
initiating, with the OTP token, a client-server session with the server; and
in response to determining that the server is not legitimate;
refraining from transmitting, from the OTP token, data of an internally-generated OTP.
3 Assignments
0 Petitions
Accused Products
Abstract
An OTP token for facilitating the authorizing of a client workstation to conduct a session with a server over the Internet is disclosed. Information at least partially identifying the server is provided to the OTP token and/or the client workstation, and a determination is made, using this identifying information, if the server is a legitimate server. In accordance with this determination, it is decided whether or not to transmit data indicative of a session OTP from the OTP token to the client workstation. In some embodiments, if the identifying information is indicative of a legitimate server, the data indicative of the session OTP is transmitted from the OTP token to the client workstation, and otherwise, the data indicative of the session OTP is withheld from the client workstation. Data indicative of the session OTP may include, in various embodiments, either multi-factor authentication data derived from user authorization data, or session OTP data that is independent of user authentication data.
35 Citations
30 Claims
-
1. A method for handling a session one-time-password (“
- OTP”
) transmission with an OTP token, the OTP token in communication with a server and a client workstation via a network, the method comprising;an OTP token opening, with an embedded security browser at the OTP token, a secure session between the OTP token and a server; receiving, at the OTP token, after opening the secure session, server information that at least partially identifies the server, wherein the server information is received from the server; determining whether the server is legitimate based on the received server information; in response to determining that the server is legitimate; transmitting, from the OTP token, data of an internally-generated OTP; and initiating, with the OTP token, a client-server session with the server; and
in response to determining that the server is not legitimate;refraining from transmitting, from the OTP token, data of an internally-generated OTP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- OTP”
-
16. A method for handling a session one-time-password (“
- OTP”
) transmission with an OTP token, the OTP token in communication with a server and a client workstation via a network, the method comprising;receiving, at an OTP token, server information that at least partially identifies a server, wherein the server information is received from the server; determining whether the server is legitimate based on the received server information; in response to determining that the server is legitimate; transmitting, from the OTP token, data of an internally-generated OTP; and initiating, with the OTP token, a client-server session with the server; and
in response to determining that the server is not legitimate;refraining from transmitting, from the OTP token, data of an internally-generated OTP; wherein the determination of whether the server is legitimate is carried out in accordance with at least one of protocol data of a received communication, certificate data transmitted in a received communication, IP address data, or URL data. - View Dependent Claims (17)
- OTP”
-
18. A one-time-password (“
- OTP”
) token for use with a client workstation in communication with a server via a network, the OTP token comprising;a manual input device for inputting information at least partially identifying a server; a server legitimacy engine for determining whether the server is legitimate based on the information; an OTP generator operative to generate a session OTP; an OTP-transmission decision engine operative to decide whether to transmit, from the OTP token, data of the session OTP in response to a determination that the server is legitimate or whether to refrain from transmitting the data of the session OTP in response to a determination that the server is not legitimate; and an embedded security browser embedded within the OTP token, the embedded browser operative to open a security session between the OTP token and the server. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- OTP”
-
26. A one-time-password (“
- OTP”
) token for use with a client workstation in communication with a server via a network, the OTP token comprising;a manual input device for inputting information at least partially identifying a server; a server legitimacy engine for determining whether the server is legitimate based on the information; an OTP generator operative to generate a session OTP; and an OTP-transmission decision engine operative to decide whether to transmit, from the OTP token, data of the session OTP in response to a determination that the server is legitimate or whether to refrain from transmitting the data of the session OTP in response to a determination that the server is not legitimate; wherein the server legitimacy engine is operative to determine whether the server is legitimate based on at least one of protocol data of a communication from the server certificate data transmitted in a communication from the server, IP address data, or URL data. - View Dependent Claims (27)
- OTP”
-
28. A one-time-password (“
- OTP”
) token for use with a client workstation in communication with a server via a network, the OTP token comprising;a manual input device for inputting information at least partially identifying a server; a server legitimacy engine for determining whether the server is legitimate based on the information; an OTP generator operative to generate a session OTP; and an OTP-transmission decision engine operative to decide whether to transmit, from the OTP token, data of the session OTP in response to a determination that the server is legitimate or whether to refrain from transmitting the data of the session OTP in response to a determination that the server is not legitimate; wherein the OTP generator is operative to generate the session OTP in accordance with user authentication data, thereby generating the session OTP as multi-factor authentication data. - View Dependent Claims (29, 30)
- OTP”
Specification