Token authentication system and method
First Claim
Patent Images
1. A method for calculating One Time Passwords, comprising:
- concatenating, by a computer, a secret with a count, where the secret is uniquely assigned to a token and is shared between the token and an authentication server, and the count is a number that increases monotonically at the token with a number of One Time Passwords generated by the token and increases monotonically at the authentication server with each calculation by the authentication server of a One Time Password;
calculating, by the computer, a hash based upon the concatenated secret and count; and
truncating the result of the hash to obtain a new One Time Password.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.
22 Citations
11 Claims
-
1. A method for calculating One Time Passwords, comprising:
-
concatenating, by a computer, a secret with a count, where the secret is uniquely assigned to a token and is shared between the token and an authentication server, and the count is a number that increases monotonically at the token with a number of One Time Passwords generated by the token and increases monotonically at the authentication server with each calculation by the authentication server of a One Time Password; calculating, by the computer, a hash based upon the concatenated secret and count; and truncating the result of the hash to obtain a new One Time Password.
-
-
2. A method for authenticating a request for access to a resource, comprising:
-
receiving, by an authentication server, a request for authentication that includes a serial number that is uniquely associated with a token, a personal identification number associated with a user and a One Time Password generated by the token, wherein the One Time Password is based upon a value of a first count at the token and a secret shared between the token and the authentication server; retrieving, by the authentication server, a value of a second count that corresponds to the token based upon the serial number; retrieving, by the authentication server, the secret that corresponds to the token based upon the serial number; calculating, by the authentication server, a value of an additional One Time Password based upon retrieved values of the second count and the secret corresponding to the token; comparing the calculated One Time Password with the received One Time Password; if the calculated One Time Password corresponds to the received One Time Password, determining that the request is authenticated; if the calculated One Time Password does not correspond to the received One Time Password, then incrementing the value of the second count at the authentication server and recalculating the additional One Time Password based upon the incremented value of the second count and the secret, and comparing the recalculated One Time Password with the received One Time Password; and if the recalculated One Time Password does not correspond to the received One Time Password, then repeating to increment the second count and to recalculate the additional One Time Password until the recalculated One Time Password corresponds to the received One Time Password. - View Dependent Claims (3, 4, 5, 10)
-
-
6. A method for authenticating a request for access to a resource, comprising:
-
receiving, by an authentication server, a request for authentication that includes a username that is uniquely associated with a user, a personal identification number associated with a user and a One Time Password generated at a token, wherein the One Time Password is based upon a value of a first count at the token and a secret shared between the token and the authentication server; retrieving, by the authentication server, a value of a second count that corresponds to the token based upon the username; retrieving, by the authentication server, the secret that corresponds to the token based upon the username; calculating, by the authentication server, a value of an additional One Time Password based upon retrieved values of the count and the secret corresponding to the token; comparing the calculated One Time Password with the received One Time Password; and if the calculated One Time Password corresponds to the received One Time Password, determining that the request is authenticated; if the calculated One Time Password does not correspond to the received One Time Password, then incrementing the value of the second count at the authentication server and recalculating the additional One Time Password based upon the incremented count and the secret, and comparing the recalculated One Time Password with the received One Time Password; and if the recalculated One Time Password does not correspond to the received One Time Password, then repeating to increment the second count and to recalculate the additional One Time Password until the recalculated One Time Password corresponds to the received One Time Password. - View Dependent Claims (7, 8, 9, 11)
-
Specification