Derivative seeds
First Claim
1. A method for use in a network in which a user having a user device that stores a master seed authenticates through a client-side device to another entity on the network, the client side device being located between the user device and the other entity, the method comprising:
- in the other entity, receiving from the client-side device a unique identifier identifying the client-side device;
in the other entity, mathematically combining a secret with the unique identifier for the client device to generate a derivative seed, wherein the secret is derived from the master seed;
sending the derivative seed from the other entity to the client-side device; and
in the client-side device;
receiving the derivative seed; and
after receiving the derivative seed, disconnecting the client-side device from the network;
wherein the method further comprises, in the user device;
receiving the unique identifier for the client-side device;
mathematically combining the at least the unique identifier for the client device with the secret to generate the derivative seed; and
using the derivative seed to authenticate the user device to the client-side device while the client-side device is disconnected from the network, the client-side device being unable to communicate with the other entity while the client-side device is disconnected from the network.
14 Assignments
0 Petitions
Accused Products
Abstract
A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.
-
Citations
11 Claims
-
1. A method for use in a network in which a user having a user device that stores a master seed authenticates through a client-side device to another entity on the network, the client side device being located between the user device and the other entity, the method comprising:
- in the other entity, receiving from the client-side device a unique identifier identifying the client-side device;
in the other entity, mathematically combining a secret with the unique identifier for the client device to generate a derivative seed, wherein the secret is derived from the master seed;
sending the derivative seed from the other entity to the client-side device; and
in the client-side device;
receiving the derivative seed; and
after receiving the derivative seed, disconnecting the client-side device from the network;
wherein the method further comprises, in the user device;
receiving the unique identifier for the client-side device;
mathematically combining the at least the unique identifier for the client device with the secret to generate the derivative seed; and
using the derivative seed to authenticate the user device to the client-side device while the client-side device is disconnected from the network, the client-side device being unable to communicate with the other entity while the client-side device is disconnected from the network. - View Dependent Claims (2, 3, 4, 5, 6)
- in the other entity, receiving from the client-side device a unique identifier identifying the client-side device;
-
7. A method performed by a client-side device on a network in which a user authenticates through the client-side device to another entity on the network, the method comprising:
-
sending to the other entity of the network a unique identifier identifying the client-side device; receiving from the other entity a derivative seed, wherein the derivative seed was generated by mathematically combining a secret with the unique identifier for the client-side device, wherein the secret is based on a master seed; disconnecting from the network, the client-side device being unable to communicate with the other entity while the client-side device is disconnected from the network; to authenticate a user, sending the unique identifier for the client-side device to a user device; after sending the unique identifier for the client-side device to the user device, while the client-side device is disconnected from the network, receiving information from the user device indicating that user device possesses the derivative seed; and determining that the user is authenticated to the other entity in response to receiving the information from the user device indicating that user device possesses the derivative seed. - View Dependent Claims (8, 9, 10, 11)
-
Specification