One-time password validation in a multi-entity environment

US 8,959,596 B2
Filed: 06/15/2006
Issued: 02/17/2015
Est. Priority Date: 06/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, in a validation processor, a plurality of a predetermined number of first credentials of the same type that uniquely identifies a user, the plurality of received first credentials indicative of being from a first client processor;

receiving, in the validation processor, a second credential that uniquely identifies the first client processor, the second credential indicative of being from the first client processor;

determining, by the validation processor, each of the received plurality of first credentials and the second credential, as respective pairs, constitute a first unique pair that is valid for a one-time validation based on;

finding each of the received first credentials is determined, by the validation processor, to be valid;

finding it is a first occurrence, as respective pairs, of each of the received plurality of first credentials and the second credential;

finding that the respective pairs of the received plurality of first credentials and the second credential has not been previously used for a secure communication;

finding that the plurality of received first credentials is received in a predetermined order; and

based on the result of the one-time validation, rejecting the respective pair of the received plurality of first credentials and the second credential if the respective pair has been previously used for the secure communication, and accepting the respective pair, as the first unique respective pair, if the plurality of received first credentials and the second credential pair if the first unique pair has not previously been used for the secure communication;

providing, by the validation processor, an indication that the plurality of received first credentials and the second credential constitute the first unique pair that is valid for a one-time validation to an intermediate processor;

tracking, by the intermediate processor, the validation based on the indication provided by the validation processor; and

initiating the secure communication via a computer network using the first unique pair.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user'"'"'s valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.

40 Citations

View as Search Results

16 Claims

1. A method comprising:
- receiving, in a validation processor, a plurality of a predetermined number of first credentials of the same type that uniquely identifies a user, the plurality of received first credentials indicative of being from a first client processor;
  
  receiving, in the validation processor, a second credential that uniquely identifies the first client processor, the second credential indicative of being from the first client processor;
  
  determining, by the validation processor, each of the received plurality of first credentials and the second credential, as respective pairs, constitute a first unique pair that is valid for a one-time validation based on;
  
  finding each of the received first credentials is determined, by the validation processor, to be valid;
  
  finding it is a first occurrence, as respective pairs, of each of the received plurality of first credentials and the second credential;
  
  finding that the respective pairs of the received plurality of first credentials and the second credential has not been previously used for a secure communication;
  
  finding that the plurality of received first credentials is received in a predetermined order; and
  
  based on the result of the one-time validation, rejecting the respective pair of the received plurality of first credentials and the second credential if the respective pair has been previously used for the secure communication, and accepting the respective pair, as the first unique respective pair, if the plurality of received first credentials and the second credential pair if the first unique pair has not previously been used for the secure communication;
  
  providing, by the validation processor, an indication that the plurality of received first credentials and the second credential constitute the first unique pair that is valid for a one-time validation to an intermediate processor;
  
  tracking, by the intermediate processor, the validation based on the indication provided by the validation processor; and
  
  initiating the secure communication via a computer network using the first unique pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method in accordance with claim 1, wherein:
    - the type of the received plurality of first credentials comprises a passcode that is uniquely associated with a single user; and
      
      the second credential comprises a source identifier indicative of the first client processor.
  - 3. A method in accordance with claim 2, wherein the source identifier is indicative of at least one of a serial number of the first client processor or a network assigned value of the first client processor.
  - 4. A method in accordance with claim 2, wherein the source identifier is indicative of a location of the first client processor.
  - 5. A method in accordance with claim 2, wherein the source identifier is indicative of an IP address of the first client processor.
  - 6. A method in accordance with claim 1, wherein the received plurality of first credentials and the second credential are valid for a predetermined amount of time.
  - 7. A method in accordance with claim 1, further comprising determining the received plurality of first credentials and the second credential, as respective pairs, valid by receiving the respective pairs within a predetermined period of time.
  - 8. A method in accordance with claim 1, further comprising:
    - receiving in the validation processor, from a second client processor, the plurality of first credentials of the same type that uniquely identifies the user;
      
      receiving in the validation processor, from the second client processor, a third credential that uniquely identifies the second client processor;
      
      determining, by the validation processor, that each of the received plurality of first credentials and the third credential, as respective pairs, constitute a second unique pair, wherein the determination comprises;
      
      finding that it is a first occurrence, as respective pairs, of the received plurality of first credentials and the third credential; and
      
      finding that the respective pairs of the received plurality of first credentials and the third credential has not been previously received from the second client processor;
      
      providing, by the validation processor, the determination to the intermediate processor; and
      
      tracking, by the intermediate processor, the determination.

9. A validation processor comprising:
- a processor; and
  
  a memory coupled to the processor, the memory having stored thereon executable instructions that when executed by the processor cause the processor to effectuate operations comprising;
  
  receiving a plurality of a predetermined number of first credentials of the same type that uniquely identifies a user, the plurality of received first credentials indicative of being from a first client processor;
  
  receiving a second credential that uniquely identifies the first client processor, the second credential indicative of being from the first client processor;
  
  determining that each of the received plurality of first credentials and the second credential, as respective pairs, constitute a first unique pair that is valid for a one-time validation based on;
  
  finding each of the received first credentials is determined, by the validation processor, to be valid;
  
  finding it is a first occurrence, as respective pairs, of each of the received plurality of first credentials and the second credential;
  
  finding that the respective pairs of the received plurality of first credentials and the second credential has not been previously used for a secure communication; and
  
  finding that the plurality of received first credentials is received in a predetermined order; and
  
  based on the result of the one-time validation, rejecting the respective pair of the received plurality of first credentials and the second credential if the respective pair has been previously used for the secure communication, and accepting the respective pair, as the first unique respective pair, if the plurality of received first credentials and the second credential pair if the first unique pair has not previously been used for the secure communication;
  
  providing an indication that the plurality of received first credentials and the second credential constitute the first unique pair that is valid for a one-time validation to an intermediate processor;
  
  tracking, by the intermediate processor, the validation based on the indication provided by the validation processor; and
  
  initiating the secure communication via a computer network the first unique pair.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A validation processor in accordance with claim 9, wherein:
    - the type of the received plurality of first credentials comprises a passcode that is uniquely associated with a single user; and
      
      the second credential comprises a source identifier indicative of the first client processor.
  - 11. A validation processor in accordance with claim 10, wherein the source identifier is indicative of at least one of a serial number of the first client processor or a network assigned value of the first client processor.
  - 12. A validation processor in accordance with claim 10, wherein the source identifier is indicative of a location of the first client processor.
  - 13. A validation processor in accordance with claim 10, wherein the source identifier is indicative of an IP address of the first client processor.
  - 14. A validation processor in accordance with claim 9, wherein the plurality of received first credential and the second credential are valid for a predetermined amount of time.
  - 15. A validation processor in accordance with claim 9, the executable instructions further comprising:
    - receiving, from a second client processor, the plurality of first credentials of the same type that uniquely identifies the user;
      
      receiving, from the second client processor, a third credential that uniquely identifies the second client processor; and
      
      determining that each of the received plurality of first credentials and the third credential, as respective pairs, constitute a second unique pair, wherein the determination comprises;
      
      finding that it is a first occurrence, as respective pairs, of the received plurality of first credentials and the third credential; and
      
      finding that the respective pairs of the received plurality of first credentials and the third credential has not been previously received from the second client processor; and
      
      providing the determination to the intermediate processor, wherein the intermediate processor tracks the determination.

16. A computer readable storage memory comprising computer executable instructions that when executed by a validation processor cause the validation to perform the instructions comprising:
- receiving, in the validation processor, a plurality of first credentials of the same type that uniquely identifies a user, the received plurality of first credentials indicative of being from a first client processor;
  
  receiving, in the validation processor, a second credential that uniquely identifies the first client processor, the second credential indicative of being from the first client processor;
  
  determining, by a validation processor, each of the received plurality of first credentials and the second credential, as respective pairs, constitute a first unique pair that is valid for a one-time validation based on;
  
  finding each of the received first credentials is determined to be valid;
  
  finding it is a first occurrence, as respective pairs, of each of the received plurality of first credentials and the second credential;
  
  finding that the respective pairs of the received plurality of first credentials and the second credential has not been previously used for a secure communication;
  
  finding that the plurality of received first credentials is received in a predetermined order; and
  
  based on the result of the one-time validation, rejecting the respective pair of the received plurality of first credentials and the second credential if the respective pair has been previously used for the secure communication, and accepting the respective pair, as the first unique respective pair, if the plurality of received first credentials and the second credential pair if the first unique pair has not previously been used for the secure communication;
  
  providing, by the validation processor, an indication that the plurality of received first credentials and the second credential constitute the first unique pair that is valid for a one-time validation to an intermediate processor;
  
  tracking, by the intermediate processor, the validation based on the indication provided by the validation processor; and
  
  initiating the secure communication via a computer network using the first unique pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nice, Nir, Mondri, Ron, Shiran, Tomer, Ein-Gil, Boaz
Primary Examiner(s)
Patel, Nirav B

Application Number

US11/454,373
Publication Number

US 20070294749A1
Time in Patent Office

3,169 Days
Field of Search

726 2- 10, 726 17- 20, 713182-185, 235/280, 235/282.5, 709/219, 709/217, 709223-225, 709/229, 705/72, 705/71, 705/65, 705/66, 705/67, 340/5.74, 340/5.8, 340/5.81, 340/5.85
US Class Current

726/5
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

One-time password validation in a multi-entity environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

One-time password validation in a multi-entity environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others