Methods and systems for replacing shared secrets over networks

US 8,990,906 B2
Filed: 07/20/2011
Issued: 03/24/2015
Est. Priority Date: 07/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method for replacing a shared secret over a network comprising:

receiving, by a communications device from an authorized user, a personal identification number and a request to generate a one-time password;

storing the time and date of the request in the communications device;

hashing the personal identification number;

combining, by the communications device, the hashed personal identification number with a shared secret to generate a modified shared secret, the shared secret being stored in the communications device and in an authentication system;

generating, by the communications device, a one-time password based on the request time and the modified shared secret;

determining, by the communications device, that a security breach occurred when the request time precedes a previous request time stored in the communications device;

determining, by the communications device, that due to the breach the shared secret for the authorized user is to be replaced;

generating a new shared secret and an associated effective life for the authorized user; and

replacing the shared secret and an associated effective life with the new shared secret and associated effective life in the communications device and in the authentication system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for replacing a shared secret over a network is provided that includes determining that a security breach could have occurred, determining that a shared secret of a user is to be replaced, and transmitting a renewal message to an authentication system requesting a new shared secret and an associated effective life for the user. Moreover, the method includes generating a new shared secret and an associated effective life at the authentication system for the user, and replacing the shared secret and associated effective life in an enrollment data record of the user with the new shared secret and associated effective life. Furthermore, the method includes transmitting the new shared secret and associated effective life to a communications device associated with the user, and replacing a shared secret and associated effective life stored in the communications device with the new shared secret and associated effective life.

8 Citations

View as Search Results

9 Claims

1. A method for replacing a shared secret over a network comprising:
- receiving, by a communications device from an authorized user, a personal identification number and a request to generate a one-time password;
  
  storing the time and date of the request in the communications device;
  
  hashing the personal identification number;
  
  combining, by the communications device, the hashed personal identification number with a shared secret to generate a modified shared secret, the shared secret being stored in the communications device and in an authentication system;
  
  generating, by the communications device, a one-time password based on the request time and the modified shared secret;
  
  determining, by the communications device, that a security breach occurred when the request time precedes a previous request time stored in the communications device;
  
  determining, by the communications device, that due to the breach the shared secret for the authorized user is to be replaced;
  
  generating a new shared secret and an associated effective life for the authorized user; and
  
  replacing the shared secret and an associated effective life with the new shared secret and associated effective life in the communications device and in the authentication system.
- View Dependent Claims (2, 3, 4)
- - 2. A method for replacing a shared secret over a network in accordance with claim 1, further comprising:
    - authenticating, by the authentication system, the authorized user;
      
      generating a one-time authentication code when the authorized user is successfully authenticated;
      
      displaying, on a computing device, the one-time authentication code for the authorized user to see; and
      
      validating the one-time authentication code prior to said generating a new shared secret step.
  - 3. A method for replacing a shared secret over a network in accordance with claim 2, said authenticating step comprising:
    - capturing biometric data from the authorized user with the communications device;
      
      transmitting the captured biometric data to the authentication system;
      
      processing the captured biometric data; and
      
      comparing the processed biometric data against user enrollment biometric data and successfully authenticating the authorized user when the processed biometric data matches the user enrollment biometric data.
  - 4. A method for replacing a shared secret over a network in accordance with claim 2, said validating step comprising:
    - entering the one-time authentication code into the communications device;
      
      transmitting the one-time authentication code to the authentication system; and
      
      comparing the transmitted one-time authentication code against the generated one-time authentication code, the authorized user being validated when the transmitted one-time authentication code matches the generated one-time authentication code.

5. A system for replacing a shared secret over networks, said system comprising:
- a service provider system;
  
  a computing device;
  
  an authentication system comprising an authentication database and being configured to generate and store shared secrets and associated effective lives; and
  
  a portable communications device, said service provider system, computing device, authentication system, and communications device being configured to communicate over a network, wherein said communications device is configured toreceive personal identification numbers from authorized users and requests to generate a one-time password,hash received personal identification numbers,store shared secrets and associated effective lives for each authorized user, and the time and date of one-time password requests,combine a hashed personal identification number with a shared secret to generate a modified shared secret,check for security breaches and determine a security breach has occurred when the time and date of the check are earlier than a previous one-time password request time and date,determine that due to a security breach the shared secret for the user is to be replaced,generate a new shared secret and an associated effective life for the authorized user, andreplace the shared secret and associated effective life for the authorized user with the new shared secret and associated effective life, andsaid authentication system is further configured to replace the shared secret and associated effective life stored therein for the authorized user with the new shared secret and associated effective life.
- View Dependent Claims (6, 7, 8)
- - 6. A system for replacing a shared secret over networks in accordance with claim 5, said authentication system being further configured to:
    - generate a one-time authentication code after successfully biometrically authenticating the user; and
      
      generate the new shared secret and associated effective life after validating the one-time authentication code.
  - 7. A system for replacing a shared secret over networks in accordance with claim 5, wherein:
    - said authentication system is further configured to transmit a one-time authentication code to said computing device;
      
      said computing device is configured to display the one-time authentication code for an authorized user to see;
      
      the authorized user enters the one-time authentication code into said communications device; and
      
      said communications device is further configured to transmit the one-time authentication code to said authentication system.
  - 8. A system for replacing a shared secret over networks in accordance with claim 7, said authentication system being further configured to:
    - compare the one-time authentication code received from said communications device against the one-time authentication code transmitted to said computing device;
      
      validate the authorized user when the one-time authentication codes match; and
      
      generate the new shared secret and associated effective life when the authorized user is validated.

9. A method for replacing shared secrets comprising:
- receiving, by a communications device from an authorized user, a personal identification number and a request to generate a one-time password;
  
  storing the time and date of the request in the communications device;
  
  hashing the personal identification number;
  
  combining, by the communications device, the hashed personal identification number with a shared secret to generate a modified shared secret, the shared secret and an associated effective life being stored in the communications device and in an authentication system;
  
  generating, by the communications device, a one-time password based on the request time and the modified shared secret;
  
  checking, by the communications device, for security breaches;
  
  determining a security breach occurred when the time and date of the check are earlier than a one-time password request time and date stored in the communications device;
  
  determining, by the communications device, that due to the breach the shared secret for the authorized user is to be replaced;
  
  generating a new shared secret and an associated effective life for the authorized user; and
  
  replacing the shared secret and an associated effective life with the new shared secret and associated effective life in the communications device and in the authentication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Corporation DAON Technology
Original Assignee
Daon Holdings Limited
Inventors
Holland, Christopher Eric, Webb, Andrew Supplee, Cramer, Jason Scott, White, Conor Robert
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US13/186,964
Publication Number

US 20130024947A1
Time in Patent Office

1,343 Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 21/45   Structures or tools for the...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 21/88   Detecting or preventing the...

G06F 2221/2151   Time stamp

H04L 9/0891   Revocation or update of sec...

H04W 12/068   using credential vaults, e....

Methods and systems for replacing shared secrets over networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for replacing shared secrets over networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others