Methods and systems for authenticating users over networks
First Claim
Patent Images
1. A method for authenticating users comprising:
- requesting a one-time password and determining a time the request was made;
comparing the request time against a previous request time;
when the request time is after the previous request time, entering a personal identification number into a communications device, the personal identification number being transmitted during an enrollment process from the device to an authentication system for storage therein;
retrieving, by the communications device, a shared secret stored therein;
generating a hashed personal identification number from the personal identification number;
generating a modified shared secret; and
generating a one-time password with the modified shared secret and the request time.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password.
-
Citations
19 Claims
-
1. A method for authenticating users comprising:
-
requesting a one-time password and determining a time the request was made; comparing the request time against a previous request time; when the request time is after the previous request time, entering a personal identification number into a communications device, the personal identification number being transmitted during an enrollment process from the device to an authentication system for storage therein; retrieving, by the communications device, a shared secret stored therein; generating a hashed personal identification number from the personal identification number; generating a modified shared secret; and generating a one-time password with the modified shared secret and the request time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for authenticating users comprising:
-
an authentication system comprising an authentication database and being configured to store within said authentication database authentication data associated with authorized users, generate and store shared secrets, generate one-time passwords, and authenticate users; and a communications device configured to obtain authentication data, store shared secrets, generate hashed personal identification numbers, and generate one-time passwords, said communications device and said authentication system being configured to communicate over a network, said authentication system being further configured to receive and store personal identification numbers transmitted from said communications device, said communications device being further configured to combine a hashed personal identification number with a new shared secret to generate a modified shared secret, compare a time a one-time password is requested against a previous request time, when the request time is after the previous request time, generate a one-time password with the modified shared secret and the request time, and transmit the one-time password to said authentication system. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer program recorded on a non-transitory computer-readable recording medium included in a transaction management system, the computer program for enabling authentication of a user attempting to access resources stored in the transaction management system, the computer program for causing the transaction management system to execute at least the following:
-
retrieve a shared secret upon receiving a request for a one-time password; compare a time the request was made against a previous request time; when the request time is after the previous request time generate a hashed personal identification number from a personal identification number, otherwise initiate a shared secret replacement process; combine the hashed personal identification number with the shared secret to generate a modified shared secret; generate the one-time password with the modified shared secret and the request time; determine time intervals; generate a series of passwords that includes a password for each determined time interval, each password being generated using the modified shared secret and the beginning time of a respective time interval; compare the one-time password against each password included in the series; and permit the user to access the resources when the one-time password matches a password included in the series.
-
Specification