Method and apparatus for providing a one-time password

US 8,990,888 B2
Filed: 07/22/2011
Issued: 03/24/2015
Est. Priority Date: 08/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing a one-time password for a user device of a user, said password being intended to register the user device with a server, comprising:

the server generating the one-time password using a cryptographic operation based on a unique use identifier that uniquely identifies the user device, and transmitting said password to the user device,the user device storing the one-time password received from the server and transmitting the one-time password with the use identifier during a registration of the user device with the server, andduring the registration of the user device with the server, the server verifies the user device with reference to the use identifier that is implicitly contained in the received one-time password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for providing a one-time password for a user device belonging to a user, which password is intended to register the user device with a server, the server generates the one-time password using a cryptographic operation on the basis of a unique use identifier and transmits the password to the user device. The method provides a service provider with the possibility of tying additional conditions for registration to the one-time password and thus increases the flexibility of the service provider when configuring the services offered by the latter and increases security against manipulation.

40 Citations

View as Search Results

20 Claims

1. A method for providing a one-time password for a user device of a user, said password being intended to register the user device with a server, comprising:
- the server generating the one-time password using a cryptographic operation based on a unique use identifier that uniquely identifies the user device, and transmitting said password to the user device,the user device storing the one-time password received from the server and transmitting the one-time password with the use identifier during a registration of the user device with the server, andduring the registration of the user device with the server, the server verifies the user device with reference to the use identifier that is implicitly contained in the received one-time password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the unique use identifier is formed by a user ID of the user or by a user device ID of the user device.
  - 3. The method of claim 1, wherein the server generates the one-time password by calculating a cryptographic function value of the unique use identifier.
  - 4. The method of claim 3, wherein the server calculates the cryptographic function value of the use identifier as a one-time password using a secret cryptographic key.
  - 5. The method of claim 4, wherein the server calculates the cryptographic function value as a one-time password using a predetermined cryptographic function for the unique use identifier using the secret cryptographic key.
  - 6. The method of claim 3, wherein the server calculates the cryptographic function value as a one-time password based on a time stamp or random number.
  - 7. The method of claim 1, wherein the server deletes the one-time password it has generated, after said password has been transmitted to the user device.
  - 8. The method of claim 1, wherein the generated one-time password is sent with the user device to the user for registering the user device of the user with the server.
  - 9. The method of claim 1, wherein the generated one-time password is sent from the server via a data network or using a data medium to a user device sited on the premises of the user, for registering said user device with the server.
  - 10. The method of claim 1, wherein a validity of the one-time password that has been generated by the server expires after a predetermined time duration.

11. A server for providing a one-time password for a user device of a user, said password being useful for registering the user device with the server, the server comprising:
- a processor programmed to;
  
  generate the one-time password using a cryptographic operation based on a unique use identifier that uniquely identifies the user device, and transmit said password to the user device,receive from the user device sends both the one-time password previously sent by the server to the user device and the use identifier,verify the user device based on the use identifier that is implicitly contained in the one-time password and the received use identifier, andgrant access to a service based on the verification.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The server of claim 11, wherein the unique use identifier is formed by a user ID of the user or by a user device ID of the user device.
  - 13. The server of claim 11, wherein the server is programmed to generate the one-time password by calculating a cryptographic function value of the unique use identifier.
  - 14. The server of claim 13, wherein the server is programmed to calculates the cryptographic function value of the use identifier as a one-time password using a secret cryptographic key.
  - 15. The server of claim 14. wherein the server is programmed to calculate the cryptographic function value as a one-time password using a predetermined cryptographic function for the unique use identifier using the secret cryptographic key.
  - 16. The server of claim 13, wherein the server is programmed to calculates the cryptographic function value as a one-time password based on a time stamp or random number.
  - 17. The server of claim 11, wherein the server is configured to delete the one-lime password it has generated, after said password has been transmitted to the user device.
  - 18. The server of claim 11, wherein the server is programmed to send the generated one-time password to the user device sited on a premises of the user via a data network or using a data medium.
  - 19. The server of claim 11, wherein a validity of the one-time password that has been generated by the server expires after a predetermined time duration.

20. A method for providing a one-time password for a user device of a user, said password being intended to register the user device with a server, comprising:
- the server generating the one-time password using a cryptographic operation based on a unique use identifier and transmitting said password to the user device,the user device storing the one-time password received from the server and transmitting the one-time password with the use identifier during a registration of the user device with the server, andduring the registration of the user device with the server, the server verifies the user device with reference to the use identifier that is implicitly contained in the received one-time password,wherein the server generates the or time password by calculating a cryptographic function value of the unique use identifier either (a) using a secret cryptographic key or (b) based on a time stamp or random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 12, LLC (Intellectual Ventures LLC)
Original Assignee
Siemens AG
Inventors
Busser, Jens-Uwe, Fries, Steffen
Primary Examiner(s)
Song, Hosuk

Application Number

US13/813,971
Publication Number

US 20130145449A1
Time in Patent Office

1,341 Days
Field of Search

726 2- 7, 726 27- 30, 713168-170, 713/178, 713181-184, 380/44, 380/46
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2117   User registration

G06F 2221/2129   Authenticate client device ...

H04L 63/0838   using one-time-passwords

H04L 9/0866   involving user or device id...

H04L 9/3228   One-time or temporary data,...

Method and apparatus for providing a one-time password

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing a one-time password

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links