Processorless token for producing a one-time password

US 8,752,148 B1
Filed: 06/25/2012
Issued: 06/10/2014
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an entity using a one-time password, the method comprising:

initializing a non-volatile memory of a hardware device with a pre-produced sequence of one-time passwords, each one-time password in the pre-produced sequence of one-time passwords being produced by an algorithm;

indexing into the non-volatile memory of the hardware device upon a request for a one-time password to read the one-time password; and

outputting the one-time password to the entity;

wherein indexing includes dividing a numeric value used for indexing by a number of one-time password elements in the non-volatile memory, using the result as the offset to read a first one-time password from the non-volatile memory, using the remainder of the division as an offset to read a second one-time password from the non-volatile memory, and exclusive-oring the first one-time password and the second one-time password to produce the one-time password.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processorless hardware token provides a one-time password for user authentication. The processorless hardware token contains a non-volatile memory upon which is stored a pre-produced sequence of one-time passwords. The processorless hardware token uses limited circuitry on a circuit board to read from the non-volatile memory and display a one-time password associated with a current interval. The displayed one-time password is then used for authentication by an authentication server that compares the one-time password displayed on the processorless hardware token with a one-time password retrieved from a copy of the pre-produced sequence of one-time passwords stored on the Authentication Server.

28 Citations

View as Search Results

19 Claims

1. A method of authenticating an entity using a one-time password, the method comprising:
- initializing a non-volatile memory of a hardware device with a pre-produced sequence of one-time passwords, each one-time password in the pre-produced sequence of one-time passwords being produced by an algorithm;
  
  indexing into the non-volatile memory of the hardware device upon a request for a one-time password to read the one-time password; and
  
  outputting the one-time password to the entity;
  
  wherein indexing includes dividing a numeric value used for indexing by a number of one-time password elements in the non-volatile memory, using the result as the offset to read a first one-time password from the non-volatile memory, using the remainder of the division as an offset to read a second one-time password from the non-volatile memory, and exclusive-oring the first one-time password and the second one-time password to produce the one-time password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of authenticating the entity as in claim 1, further comprising:
    - transmitting the one-time password to an authentication server;
      
      indexing into a copy of the pre-produced sequence of one-time passwords stored on the authentication server to read an authentication one-time password; and
      
      comparing the one-time password with the authentication one-time password to authenticate whether the entity is legitimate.
  - 3. The method of authenticating the entity as in claim 2, further comprising:
    - approving the entity upon the comparing being true.
  - 4. The method of authenticating the entity as in claim 2, further comprising:
    - hashing each one-time password in the copy of the pre-produced sequence of one-time passwords via a one-way function prior to storage of the pre-produced sequence of one-time passwords on the authentication server; and
      
      hashing the one-time password via the one-way function prior to comparison with the authentication one-time password.
  - 5. The method of authenticating the entity as in claim 1 wherein indexing into the non-volatile memory of the hardware device upon the request for the one-time password occurs while the entity possesses the hardware device;
    - wherein the algorithm uses a seed to create the pre-produced sequence of one-time passwords; and
      
      wherein the method further comprises;
      
      rendering un-recoverable the seed used by the algorithm to create the pre-produced sequence of one-time passwords upon creation of the pre-produced sequence of one-time passwords and prior to the entity obtaining possession of the hardware device.
  - 6. The method of authenticating the entity as in claim 1, wherein initialization of the non-volatile memory of the hardware device with the pre-produced sequence of one-time passwords is performed at time of manufacture of the hardware device.
  - 7. The method of authenticating the entity as in claim 1, wherein indexing includes using a numeric value representative of a current time as an offset into the non-volatile memory.
  - 8. The method of authenticating the entity as in claim 1, wherein indexing includes using a numeric value representative of a number of times the entity has requested the one-time password as an offset into the non-volatile memory.
  - 9. The method of authenticating the entity as in claim 1, wherein the indexing and outputting of the one-time password on the hardware device are performed by electronic circuitry, which is constructed and arranged to retrieve the one-time password from a location in non-volatile memory based on an index to alleviate involvement of any hardware encryption or hash functionality while the one-time password is retrieved.

10. A hardware device for producing a one-time password, the hardware device comprising:
- a non-volatile memory, the non-volatile memory including a pre-produced sequence of one-time passwords, each one-time password in the sequence of pre-produced one-time passwords comprising an algorithm result;
  
  a circuit board coupled to the non-volative memory, the circuit board being constructed and arranged to read the one-time password from the non-volatile memory by using an index value to determine a location of the one-time password in the non-volatile memory; and
  
  an output device coupled to the circuit board, the output device being constructed and arranged to output the read one-time password;
  
  wherein the circuit board is configured to read the one-time password by dividing the index value by a number of one-time password elements in the non-volatile memory, using the result as the offset to read a first one-time password from the non-volatile memory, and using the remainder of the division as an offset to read a second one-time password from the non-volatile memory, the first one-time password and the second one-time password exclusive-ored to produce the one-time password.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The hardware device as in claim 10, wherein the pre-produced sequence of one-time passwords is stored in the non-volatile memory at time of manufacture of the hardware device.
  - 12. The hardware device as in claim 10, wherein the index value is a numeric value representative of a current time.
  - 13. The hardware device as in claim 10, wherein the index value is a numeric value representative of a number of times the entity has requested the one-time password.
  - 14. The hardware device as in claim 10, wherein the circuit board, when reading the one-time password from the non-volatile memory, is constructed and arranged to retrieve the one-time password from the location in the non-volatile memory based on the index to alleviate involvement of any of hardware encryption or hash functionality while the one-time password is read.
  - 15. The hardware device as in claim 10, further comprising:
    - a power source that provides energy via energy harvesting.

16. A computer readable storage medium with a computer program stored thereon, the computer program upon execution by a processor performing a method of authenticating an entity using a one-time password, the method comprising:
- initializing a non-volatile memory of a hardware device with a pre-produced sequence of one-time passwords, each one-time password in the pre-produced sequence of one-time passwords being produced by an algorithm;
  
  indexing into the non-volatile memory of the hardware device upon a request for a one-time password to read the one-time password; and
  
  outputting the one-time password to the entity;
  
  wherein indexing includes dividing a numeric value used for indexing by a number of one-time password elements in the non-volatile memory, using the result as the offset to read a first one-time password from the non-volatile memory, using the remainder of the division as an offset to read a second one-time password from the non-volatile memory, and exclusive-oring the first one-time password and the second one-time password to produce the one-time password.
- View Dependent Claims (17)
- - 17. The computer readable storage medium as in claim 16, further comprising:
    - transmitting the one-time password to an authentication server;
      
      indexing into a copy of the pre-produced sequence of one-time passwords stored on the authentication server to read an authentication one-time password; and
      
      comparing the one-time password with the authentication one-time password.

18. A method of authenticating an entity using a one-time password, the method comprising:
- initializing a non-volatile memory of a hardware device with a pre-produced sequence of one-time passwords, each one-time password in the pre-produced sequence of one-time passwords being produced by an algorithm;
  
  indexing into the non-volatile memory of the hardware device upon a request for a current one-time password to read the one-time password; and
  
  outputting the one-time password to the entity;
  
  wherein indexing includes (i) deriving, from a numeric value used for indexing, a first index and a second index, (ii) reading a first one-time password from the non-volatile memory using the first index, (iii) reading a second one-time password from the non-volatile memory using the second index, and (iv) combining the first one-time password and the second one-time password together to produce the current one-time password.
- View Dependent Claims (19)
- - 19. A method as in claim 18 wherein combining the first one-time password and the second one-time password together to produce the current one-time password includes:
    - performing an exclusive-OR operation to generate the current one-time password, the exclusive-OR operation using at least a portion of the first one-time password as a first input and at least a portion of the second one-time password as a second input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Ackerman, Karl, Vipond, Edward W.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US13/532,309
Time in Patent Office

715 Days
Field of Search

726/6, 726/7, 713/168, 713/171, 713/172, 713/182
US Class Current

726/6
CPC Class Codes

H04L 9/3228 One-time or temporary data,...

H04L 9/3234 involving additional secure...

Processorless token for producing a one-time password

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Processorless token for producing a one-time password

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links