System and method for securely sending a network one-time-password utilizing a mobile computing device

US 8,484,710 B2
Filed: 09/09/2011
Issued: 07/09/2013
Est. Priority Date: 02/14/2001
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of securely sending a network one-time-password (OTP) from a user computer to an authentication server, the method comprising the steps of:

receiving through a user interface, a user password comprising a plurality of characters;

authenticating by the user computer, a mobile computing device (MCD) communicably coupled to the user computer, wherein the authenticating step verifies that the MCD can properly construct and return to the user computer, a mobile OTP based on information provided by the user computer;

receiving by the user computer, a network OTP second factor from the authenticated MCD;

modifying by the user computer, the user password received through the user interface in accordance with the network OTP second factor to create the network OTP; and

sending the network OTP from the user computer to the authentication server;

wherein the user computer includes a mobile server application and the MCD includes a mobile client application, and the step of authenticating the MCD includes the steps of;

the mobile server application receiving from the mobile client application, an identifier of the MCD;

the mobile server application utilizing the identifier to look up an MCD index value (Index-2) in an identifier/Index-2 database in the user computer;

the mobile server application sending the Index-2 value to the mobile client application;

the mobile server application receiving a mobile OTP from the mobile client application, wherein the mobile client application constructs the mobile OTP based on a mobile OTP second factor retrieved from an Index-2/mobile OTP second factor database; and

the mobile server application authenticating the MCD when the mobile OTP matches a stored mobile OTP in the user computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method, and computer program for securely sending a network one-time-password (OTP) from a user computer to an authentication server. A Network Client Application in the user computer interfaces with the authentication server, and a Mobile Server Application in the user computer interfaces with a Mobile Client Application in a mobile computing device (MCD) such as a smartphone. When a user enters a User ID and password into the user computer, the Network Client Application sends the User ID to the authentication server to obtain an index value (Index-1) from the authentication server. The Mobile Server Application authenticates the MCD and then sends Index-1 to the MCD to obtain a network OTP second factor from the MCD. The Network Client Application modifies the user password in accordance with the network OTP second factor to create the network OTP, and sends the network OTP to the authentication server.

Citations

20 Claims

1. A computer-implemented method of securely sending a network one-time-password (OTP) from a user computer to an authentication server, the method comprising the steps of:
- receiving through a user interface, a user password comprising a plurality of characters;
  
  authenticating by the user computer, a mobile computing device (MCD) communicably coupled to the user computer, wherein the authenticating step verifies that the MCD can properly construct and return to the user computer, a mobile OTP based on information provided by the user computer;
  
  receiving by the user computer, a network OTP second factor from the authenticated MCD;
  
  modifying by the user computer, the user password received through the user interface in accordance with the network OTP second factor to create the network OTP; and
  
  sending the network OTP from the user computer to the authentication server;
  
  wherein the user computer includes a mobile server application and the MCD includes a mobile client application, and the step of authenticating the MCD includes the steps of;
  
  the mobile server application receiving from the mobile client application, an identifier of the MCD;
  
  the mobile server application utilizing the identifier to look up an MCD index value (Index-2) in an identifier/Index-2 database in the user computer;
  
  the mobile server application sending the Index-2 value to the mobile client application;
  
  the mobile server application receiving a mobile OTP from the mobile client application, wherein the mobile client application constructs the mobile OTP based on a mobile OTP second factor retrieved from an Index-2/mobile OTP second factor database; and
  
  the mobile server application authenticating the MCD when the mobile OTP matches a stored mobile OTP in the user computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the MCD is assigned an Internet Protocol (IP) address having an associated geographic location, and the MCD also includes a Global Positioning System (GPS) receiver that independently generates GPS location information for the MCD, wherein the step of authenticating the MCD also includes the steps of:
    - the mobile server application in the user computer receiving from the MCD, the GPS location information for the MCD and the IP address of the MCD;
      
      the mobile server application comparing the GPS location information with the geographic location associated with the IP address of the MCD; and
      
      the mobile server application positively authenticating the MCD only when the mobile OTP matches the stored mobile OTP in the user computer and the GPS location information matches the geographic location associated with the IP address of the MCD.
  - 3. The method as recited in claim 1, wherein the step of the mobile server application receiving an identifier of the MCD from the mobile client application includes also receiving location information for the MCD, and the method further comprises:
    - the mobile server application comparing the MCD location information with location information for the user computer; and
      
      the mobile server application positively authenticating the MCD only when the mobile OTP matches the stored mobile OTP in the user computer and the MCD location information matches the location information for the user computer.
  - 4. The method as recited in claim 1, wherein the step of receiving the user password through the user interface includes receiving the user password and a User ID by a network client application in the user computer, and the method further comprises the steps of:
    - the network client application sending the User ID to the authentication server;
      
      the network client application receiving a network index value (Index-1) from the authentication server, wherein the authentication server utilizes the User ID to look up the Index-1 value in a User ID/Index-1 database; and
      
      the network client application passing the Index-1 value to the mobile server application in the user computer.
  - 5. The method as recited in claim 4, wherein the step of receiving by the user computer, the network OTP second factor from the authenticated MCD includes the steps of:
    - the mobile server application sending the Index-1 value to the mobile client application in the MCD;
      
      the mobile server application receiving the network OTP second factor from the mobile client application, wherein the mobile client application utilizes the Index-1 value to retrieve the network OTP second factor from an Index-1/network OTP second factor database in the MCD; and
      
      the mobile server application passing the network OTP second factor to the network client application in the user computer.
  - 6. The method as recited in claim 5, wherein the Index-1/network OTP second factor database is protected in an electronic vault in the MCD, and the step of sending the Index-1 value to the mobile client application includes the mobile server application also sending a code or key enabling the mobile client application to access the electronic vault.
  - 7. The method as recited in claim 4, wherein the step of the network client application sending the User ID to the authentication server includes the network client application also sending location information for the user computer to the authentication server, wherein the authentication server positively authenticates the user computer only when the network OTP matches a stored network OTP in the authentication server and the user computer location information matches user computer location information stored in the authentication server.
  - 8. The method as recited in claim 1, wherein the network OTP second factor includes at least one additional character to be added to the user password, and the step of modifying the user password received through the user interface in accordance with the network OTP second factor includes the steps of:
    - the network client application dividing the password into a plurality of password segments and placing each segment in a different one of a plurality of data packets; and
      
      placing the additional character in an additional data packet; and
      
      wherein the step of sending the network OTP to the authentication server includes sending each of the data packets individually to the authentication server.
  - 9. The method as recited in claim 1, wherein the network OTP second factor includes at least one additional character to be added to the user password, and the step of modifying the user password received through the user interface in accordance with the network OTP second factor includes the steps of:
    - the network client application dividing the password into a plurality of password segments and placing each segment in a different one of a plurality of data packets; and
      
      placing the additional character in at least one of the data packets; and
      
      wherein the step of sending the network OTP to the authentication server includes sending each of the data packets individually to the authentication server.
  - 10. The method as recited in claim 1, wherein the network OTP second factor includes an inter-packet time interval, and the step of modifying the user password received through the user interface in accordance with the network OTP second factor includes:
    - the network client application dividing the password into a plurality of password segments and placing each segment in a different one of a plurality of data packets; and
      
      wherein the step of sending the network OTP to the authentication server includes sending each of the data packets individually to the authentication server, wherein the data packets in at least one pair of data packets are separated by the inter-packet time interval.
  - 11. The method as recited in claim 1, wherein the network OTP second factor includes a plurality of inter-packet time intervals, and the step of modifying the user password received through the user interface in accordance with the network OTP second factor includes:
    - the network client application dividing the password into a plurality of password segments and placing each segment in a different one of a plurality of data packets; and
      
      wherein the step of sending the network OTP to the authentication server includes sending each of the data packets individually to the authentication server, wherein the data packets in each pair of data packets are separated by a different one of the plurality of inter-packet time intervals.

12. A computer-implemented method of authenticating a mobile computing device (MCD) by a user computer communicably coupled to the MCD, wherein the MCD includes a mobile client application and the user computer includes a mobile server application, the method comprising the steps of:
- the mobile server application receiving from the mobile client application, an identifier of the MCD;
  
  the mobile server application utilizing the identifier to look up an MCD index value (Index-2) in an identifier/Index-2 database in the user computer;
  
  the mobile server application sending the Index-2 value to the mobile client application;
  
  the mobile server application receiving a mobile one-time-password (OTP) from the mobile client application, wherein the mobile client application constructs the mobile OTP based on the MCD identifier and a mobile OTP second factor retrieved from an Index-2/mobile OTP second factor database; and
  
  the mobile server application authenticating the MCD when the mobile OTP matches a stored mobile OTP in the user computer.
- View Dependent Claims (13)
- - 13. The method as recited in claim 12, wherein the MCD is assigned an Internet Protocol (IP) address having an associated geographic location, and the MCD also includes a Global Positioning System (GPS) receiver that independently generates GPS location information for the MCD, wherein the method further comprises the steps of:
    - the mobile server application in the user computer receiving from the MCD, the GPS location information for the MCD and the IP address of the MCD;
      
      the mobile server application comparing the GPS location information with the geographic location associated with the IP address of the MCD; and
      
      the mobile server application authenticating the MCD only when the mobile OTP matches the stored mobile OTP in the user computer and the GPS location information matches the geographic location associated with the IP address of the MCD.

14. An apparatus in a user computer for securely sending a network one-time-password (OTP) to an authentication server, the apparatus comprising:
- a processor;
  
  a non-transitory memory coupled to the processor, said memory storing computer program instructions, wherein when the processor executes the computer program instructions, the processor causes the apparatus to;
  
  receive through a user interface, a user password comprising a plurality of characters;
  
  authenticate a mobile computing device (MCD) communicably coupled to the user computer;
  
  receive a network OTP second factor from the authenticated MCD;
  
  modify the user password received through the user interface in accordance with the network OTP second factor to create the network OTP; and
  
  send the network OTP to the authentication server;
  
  wherein the user computer includes a mobile server application and the MCD includes a mobile client application, and the apparatus is configured to authenticate the MCD by performing the steps of;
  
  the mobile server application receiving from the mobile client application, an identifier of the MCD;
  
  the mobile server application utilizing the identifier to look up an MCD index value (Index-2) in an identifier/Index-2 database in the user computer;
  
  the mobile server application sending the Index-2 value to the mobile client application;
  
  the mobile server application receiving a mobile OTP from the mobile client application, wherein the mobile client application constructs the mobile OTP based on a mobile OTP second factor retrieved from an Index-2/mobile OTP second factor database; and
  
  the mobile server application authenticating the MCD when the mobile OTP matches a stored mobile OTP in the user computer.

15. An apparatus in a mobile computing device (MCD) for securely sending a network one-time-password (OTP) second factor to a user computer communicably coupled to the MCD, the apparatus comprising:
- a processor;
  
  a non-transitory memory coupled to the processor, said memory storing computer program instructions, wherein when the processor executes the computer program instructions, the processor causes the apparatus to;
  
  perform a procedure to authenticate the MCD with the user computer;
  
  upon positively authenticating the MCD with the user computer, receive from the user computer, an Index-1 value;
  
  utilize the Index-1 value to retrieve the network OTP second factor from an Index-1/network OTP second factor database in the MCD; and
  
  send the network OTP second factor to the user computer;
  
  wherein the user computer includes a mobile server application and the MCD includes a mobile client application and wherein when performing the procedure to authenticate the MCD, the processor causes the apparatus to;
  
  send an identifier of the MCD to the mobile server application;
  
  receive from the mobile server application, an MCD index value (Index-2) associated with the MCD identifier;
  
  utilize the Index-2 to retrieve a mobile OTP second factor from an Index-2/mobile OTP second factor database;
  
  construct a mobile OTP from the MCD identifier and the mobile OTP second factor; and
  
  send the mobile OTP to the mobile server application.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus as recited in claim 15, wherein the Index-1/network OTP second factor database is protected in an electronic vault in the MCD, and after performing the procedure to authenticate the MCD, the apparatus also receives from the mobile server application, a code or key enabling the mobile client application to access the electronic vault.
  - 17. The apparatus as recited in claim 15, wherein the processor also causes the apparatus to establish an encrypted communication link with the user computer prior to performing the authentication procedure.
  - 18. The apparatus as recited in claim 15, wherein the processor also causes the apparatus to establish an encrypted communication link with the user computer after performing the authentication procedure.

19. A computer program loaded on a non-transitory memory coupled to a processor of a user computer, wherein the program includes a mobile server application and a network client application, wherein when the applications are run on the processor, the processor causes the user computer to securely send a network one-time-password (OTP) to an authentication server by performing the following steps:
- the network client application receiving through a user interface, a User ID and a user password comprising a plurality of characters;
  
  the network client application sending only the User ID to the authentication server;
  
  the network client application receiving from the authentication server, a first index value (Index-1), and passing the Index-1 to the mobile server application;
  
  the mobile server application authenticating a mobile computing device (MCD) communicably coupled to the user computer;
  
  the mobile server application sending the Index-1 to a mobile client application on the MCD;
  
  the mobile server application receiving from the mobile client application, a network OTP second factor associated with the Index-1, and passing the network OTP second factor to the network client application;
  
  the network client application modifying the user password received through the user interface in accordance with the network OTP second factor to create the network OTP; and
  
  the network client application sending the network OTP to the authentication server;
  
  wherein the authenticating step includes;
  
  the mobile server application sending an activation message to the mobile client application on the MCD;
  
  the mobile server application receiving an MCD identifier from the mobile client application in response to the activation message;
  
  the mobile server application retrieving from a database, a second index value (Index-2) associated with the MCD identifier;
  
  the mobile server application sending the Index-2 to the mobile client application;
  
  the mobile server application receiving from the mobile client application, a mobile OTP constructed from the MCD identifier and a mobile OTP second factor associated with the Index-2; and
  
  the mobile server application validating the mobile OTP.
- View Dependent Claims (20)
- - 20. The computer program as recited claim 19, wherein the Index-1/network OTP second factor database is protected in an electronic vault in the MCD, and after performing the procedure to authenticate the MCD, the processor also causes the mobile server application to send to the mobile client application, a code or key enabling the mobile client application to access the electronic vault.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pass Protect Technology LLC
Original Assignee
Pass Protect Technology LLC
Inventors
Vernon, Jim, Smith, Steven W.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US13/199,797
Publication Number

US 20110321146A1
Time in Patent Office

669 Days
Field of Search

726/7
US Class Current

726/7
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

H04L 2209/80   Wireless

H04L 63/0838   using one-time-passwords

H04L 9/3228   One-time or temporary data,...

System and method for securely sending a network one-time-password utilizing a mobile computing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely sending a network one-time-password utilizing a mobile computing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links