Token authentication system and method

US 8,639,628 B2
Filed: 02/23/2005
Issued: 01/28/2014
Est. Priority Date: 02/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for calculating One Time Passwords, comprising:

concatenating, by a computer, a secret with a count, where the secret is uniquely assigned to a token and is shared between the token and an authentication server, and the count is a number that increases monotonically at the token with a number of One Time Passwords generated by the token and increases monotonically at the authentication server with each calculation by the authentication server of a One Time Password;

calculating, by the computer, a hash based upon the concatenated secret and count; and

truncating the result of the hash to obtain a new One Time Password.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.

22 Citations

View as Search Results

11 Claims

1. A method for calculating One Time Passwords, comprising:
- concatenating, by a computer, a secret with a count, where the secret is uniquely assigned to a token and is shared between the token and an authentication server, and the count is a number that increases monotonically at the token with a number of One Time Passwords generated by the token and increases monotonically at the authentication server with each calculation by the authentication server of a One Time Password;
  
  calculating, by the computer, a hash based upon the concatenated secret and count; and
  
  truncating the result of the hash to obtain a new One Time Password.

2. A method for authenticating a request for access to a resource, comprising:
- receiving, by an authentication server, a request for authentication that includes a serial number that is uniquely associated with a token, a personal identification number associated with a user and a One Time Password generated by the token, wherein the One Time Password is based upon a value of a first count at the token and a secret shared between the token and the authentication server;
  
  retrieving, by the authentication server, a value of a second count that corresponds to the token based upon the serial number;
  
  retrieving, by the authentication server, the secret that corresponds to the token based upon the serial number;
  
  calculating, by the authentication server, a value of an additional One Time Password based upon retrieved values of the second count and the secret corresponding to the token;
  
  comparing the calculated One Time Password with the received One Time Password;
  
  if the calculated One Time Password corresponds to the received One Time Password, determining that the request is authenticated;
  
  if the calculated One Time Password does not correspond to the received One Time Password, then incrementing the value of the second count at the authentication server and recalculating the additional One Time Password based upon the incremented value of the second count and the secret, and comparing the recalculated One Time Password with the received One Time Password; and
  
  if the recalculated One Time Password does not correspond to the received One Time Password, then repeating to increment the second count and to recalculate the additional One Time Password until the recalculated One Time Password corresponds to the received One Time Password.
- View Dependent Claims (3, 4, 5, 10)
- - 3. The method of claim 2, wherein the hash function is SHA-1.
  - 4. The method of claim 2, wherein the secret is a symmetric cryptographic key.
  - 5. The method of claim 2, wherein incrementing the count and recalculating the additional One Time Password is repeated a predetermined number of times, and if the recalculated One Time Password does not correspond to the received One Time Password by the end of the predetermined number of times, the request is determined to be not authenticated.
  - 10. The method of claim 2, wherein the secret is uniquely assigned to the token.

6. A method for authenticating a request for access to a resource, comprising:
- receiving, by an authentication server, a request for authentication that includes a username that is uniquely associated with a user, a personal identification number associated with a user and a One Time Password generated at a token, wherein the One Time Password is based upon a value of a first count at the token and a secret shared between the token and the authentication server;
  
  retrieving, by the authentication server, a value of a second count that corresponds to the token based upon the username;
  
  retrieving, by the authentication server, the secret that corresponds to the token based upon the username;
  
  calculating, by the authentication server, a value of an additional One Time Password based upon retrieved values of the count and the secret corresponding to the token;
  
  comparing the calculated One Time Password with the received One Time Password; and
  
  if the calculated One Time Password corresponds to the received One Time Password, determining that the request is authenticated;
  
  if the calculated One Time Password does not correspond to the received One Time Password, then incrementing the value of the second count at the authentication server and recalculating the additional One Time Password based upon the incremented count and the secret, and comparing the recalculated One Time Password with the received One Time Password; and
  
  if the recalculated One Time Password does not correspond to the received One Time Password, then repeating to increment the second count and to recalculate the additional One Time Password until the recalculated One Time Password corresponds to the received One Time Password.
- View Dependent Claims (7, 8, 9, 11)
- - 7. The method of claim 6, wherein the hash function is SHA-1.
  - 8. The method of claim 6, wherein the secret is a symmetric cryptographic key.
  - 9. The method of claim 6, wherein incrementing the count and recalculating the additional One Time Password is repeated a predetermined number of times, and if the recalculated One Time Password does not correspond to the received One Time Password by the end of the predetermined number of times, the request is determined to be not authenticated.
  - 11. The method of claim 6, wherein the secret is uniquely assigned to the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Popp, Nicolas
Primary Examiner(s)
Nigh, James D

Application Number

US10/590,415
Publication Number

US 20070050635A1
Time in Patent Office

3,261 Days
Field of Search

705/67
US Class Current

705/67
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

Token authentication system and method

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Token authentication system and method

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others