Method for secure user and site authentication
First Claim
1. A method of authenticating a user on a network, comprising:
- receiving, by a security server, a request of a network site for authentication of the user;
calculating, by the security server in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by the security server and the network site but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm, wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm;
transmitting, by the security server to the network site, a time stamp or counter value associated with the calculated one-time-password; and
transmitting, by the security server to the user, the calculated one-time-password to authenticate the user to the network site.
11 Assignments
0 Petitions
Accused Products
Abstract
User authentication is achieved by creating a window on the user'"'"'s PC that is in communication with a security server, where this communication channel is separate from the communication channel between the user'"'"'s browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user'"'"'s desktop. The security server signals both the web page on the user'"'"'s browser and the window to which it has a separate channel. If user authentication is requested by the web site, the security server computes a one time password based on a secret which it shares with the web site, but not with the user, and which is not associated with any particular user, and the web site can re-compute the one time password to authenticate the user.
-
Citations
25 Claims
-
1. A method of authenticating a user on a network, comprising:
-
receiving, by a security server, a request of a network site for authentication of the user; calculating, by the security server in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by the security server and the network site but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm, wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm; transmitting, by the security server to the network site, a time stamp or counter value associated with the calculated one-time-password; and transmitting, by the security server to the user, the calculated one-time-password to authenticate the user to the network site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture for authenticating a user on a network, comprising:
-
non-transitory processor readable storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to; receive a request of a network site for authentication of the user; calculate in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by a security server and the network site but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm, wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm; transmit, to the network site, a time stamp or counter value associated with the calculated one-time-password; and transmit the calculated one-time-password to authenticate the user to the network site. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for authenticating a user on a network, comprising:
-
a communications port configured to receive a request of a network site for authentication of the user; and a processor configured to calculate, in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by a security server and the network site, but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm and to direct transmission of the calculated one-time-password and a time stamp or counter value associated with the calculated one-time-password to authenticate the user to the network site; wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method of authenticating a user on a network, comprising:
-
receiving, by a first user agent on a user network device from a network site, a request of the network site for the user to be authenticated; transmitting, by the first user agent to a security server, the network site request; receiving, by a second user agent on the user network device from the security server in response to transmission of the network site request, a one-time-password calculated based on (i) a secret shared by the security server and the network site, but not by the user, and the secret is not shared or associated by the security server or the network site with the user and (ii) a one-time-password generating algorithm; transferring the one-time-password from second user agent to first user agent; and transmitting, by the first user agent to the network site, the one-time-password to authenticate the user to the network site; wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm. - View Dependent Claims (23, 24, 25)
-
Specification