Token sharing system and method

US 9,185,108 B2
Filed: 05/05/2006
Issued: 11/10/2015
Est. Priority Date: 05/06/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first one time password generation device to generate one time passwords, wherein the first one time password generation device corresponds to a first one time password generation device identifier;

a first entity to receive a first one time password generated by the first one time password generation device and to provide a first service to a user of the first one time password generation device in response to successful validation of the first one time password;

a second entity to receive a second one time password generated by the first one time password generation device and to provide a second service to the user of the first one time password generation device in response to successful validation of the second one time password;

a first one time password validation server to receive the first one time password from the first entity, validate the first one time password, and provide results of the validation of the first one time password to the first entity, wherein the first one time password validation server is further to receive the second one time password from the second entity, validate the second one time password, and provide results of the validation of the second one time password to the second entity; and

a one time password generation device lookup server comprising a database to store correlations between a plurality of one time password generation device identifiers and a plurality of network addresses, wherein each of the plurality of network addresses corresponds to one of a plurality of one time password validation servers, wherein the plurality of one time password validation servers is to validate one time passwords generated by a plurality of one time password generation devices that each correspond to one of the plurality of token one time password generation device identifiers, wherein the plurality of one time password validation servers comprises the first one time password validation server having a network address among the plurality of network addresses, wherein the plurality of one time password generation devices comprises the first one time password generation device having a first one time password generation device identifier among the plurality of token one time password generation device identifiers, and wherein the stored correlations comprise a correlation between the network address of the first one time password validation server and the first one time password generation device identifier of the first one time password generation device, wherein the one time password generation device lookup server is to receive the first one time password generation device identifier from the first entity and send the network address of the first one time password validation server to the first entity in view of the first one time password generation device identifier received from the first entity and the stored correlation, wherein the first entity is to send the first one time password to the first one time password validation server in view of the network address of the first one time password validation server received from the one time password generation device lookup server, wherein the one time password generation device lookup server is to receive the first one time password generation device identifier from the second entity and send the network address of the first one time password validation server to the second entity in view of the first one time password generation device identifier received from the second entity and the stored correlation, and wherein the second entity is to send the second one time password to the first one time password validation server in view of the network address of the first one time password validation server received from the one time password generation device lookup server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scalable system and method for authenticating entities such as consumers to entities with a diverse set of authentication requirements, such as merchants, banks, vendors, other consumers, and so on. An authentication credential such as a token can be shared among several resources as a way to authenticate the credential owner.

23 Citations

View as Search Results

8 Claims

1. A system comprising:
- a first one time password generation device to generate one time passwords, wherein the first one time password generation device corresponds to a first one time password generation device identifier;
  
  a first entity to receive a first one time password generated by the first one time password generation device and to provide a first service to a user of the first one time password generation device in response to successful validation of the first one time password;
  
  a second entity to receive a second one time password generated by the first one time password generation device and to provide a second service to the user of the first one time password generation device in response to successful validation of the second one time password;
  
  a first one time password validation server to receive the first one time password from the first entity, validate the first one time password, and provide results of the validation of the first one time password to the first entity, wherein the first one time password validation server is further to receive the second one time password from the second entity, validate the second one time password, and provide results of the validation of the second one time password to the second entity; and
  
  a one time password generation device lookup server comprising a database to store correlations between a plurality of one time password generation device identifiers and a plurality of network addresses, wherein each of the plurality of network addresses corresponds to one of a plurality of one time password validation servers, wherein the plurality of one time password validation servers is to validate one time passwords generated by a plurality of one time password generation devices that each correspond to one of the plurality of token one time password generation device identifiers, wherein the plurality of one time password validation servers comprises the first one time password validation server having a network address among the plurality of network addresses, wherein the plurality of one time password generation devices comprises the first one time password generation device having a first one time password generation device identifier among the plurality of token one time password generation device identifiers, and wherein the stored correlations comprise a correlation between the network address of the first one time password validation server and the first one time password generation device identifier of the first one time password generation device, wherein the one time password generation device lookup server is to receive the first one time password generation device identifier from the first entity and send the network address of the first one time password validation server to the first entity in view of the first one time password generation device identifier received from the first entity and the stored correlation, wherein the first entity is to send the first one time password to the first one time password validation server in view of the network address of the first one time password validation server received from the one time password generation device lookup server, wherein the one time password generation device lookup server is to receive the first one time password generation device identifier from the second entity and send the network address of the first one time password validation server to the second entity in view of the first one time password generation device identifier received from the second entity and the stored correlation, and wherein the second entity is to send the second one time password to the first one time password validation server in view of the network address of the first one time password validation server received from the one time password generation device lookup server.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the first entity is further to receive a first authentication factor from the user of the first one time password generation device and to authenticate the first authentication factor, and wherein the first entity is to provide the first service to the user of the first one time password generation device further in view of successful authentication of the first authentication factor.
  - 3. The system of claim 2, wherein the first authentication factor provided by the user of the first one time password generation device comprises a username or a secret shared between the user of the first one time password generation device and the first entity.
  - 4. The system of claim 1, wherein the first entity comprises a second one time password validation server among the plurality of one time password validation servers to validate one time passwords generated by a second one time password generation device among the plurality of one time password generation devices.

5. A system comprising:
- a memory to store correlations between a plurality of one time password generation device identifiers and a plurality of network addresses, wherein each of the plurality of network addresses corresponds to one of a plurality of one time password validation servers, wherein the plurality of one time password validation servers is to validate one time passwords generated by a plurality of one time password generation devices that each correspond to one of the plurality of one time password generation device identifiers, wherein the plurality of one time password validation servers comprises a first one time password validation server having a network address among the plurality of network addresses, wherein the plurality of one time password generation devices comprises a first one time password generation device having a first one time password generation device identifier among the plurality of one time password generation device identifiers, and wherein the stored correlations comprise a correlation between the network address of the first one time password validation server and the first one time password generation device identifier of the first one time password generation device; and
  
  a processor to communicate with the memory to;
  
  receive the first one time password generation device identifier from a first entity;
  
  send the network address of the first one time password validation server to the first entity in view of the first one time password generation device identifier received from the first entity and the stored correlation, wherein the first entity is to receive a first one time password generated by the first one time password generation device, send the first one time password to the first one time password validation server in view of the received network address of the first one time password validation server, and provide access to a first service in view of successful authentication of the first one time password by the first one time password validation server;
  
  receive the first one time password generation device identifier from a second entity; and
  
  send the network address of the first one time password validation server to the second entity in view of the first one time password generation device identifier received from the second entity and the stored correlation, wherein the second entity is to receive a second one time password generated by the first one time password generation device, send the second one time password to the first one time password validation server in view of the received network address of the first one time password validation server, and provide access to a second service in view of successful authentication of the second one time password by the first one time password validation server.
- View Dependent Claims (6)
- - 6. The system of claim 5, wherein the first entity comprises a second one time password validation server among the plurality of one time password validation servers to validate one time passwords generated by a second one time password generation device among the plurality of one time password generation devices.

7. A method comprising:
- storing in a database correlations between a plurality of one time password generation device identifiers and a plurality of network addresses, wherein each of the plurality of network addresses corresponds to one of a plurality of one time password validation servers, wherein the plurality of one time password validation servers is to validate one time passwords generated by a plurality of one time password generation devices that each correspond to one of the plurality of one time password generation device identifiers, wherein the plurality of one time password validation servers comprises a first one time password validation server having a network address among the plurality of network addresses, wherein the plurality of one time password generation devices comprises a first one time password generation device having a first one time password generation device identifier among the plurality of one time password generation device identifiers, and wherein the stored correlations comprise a correlation between the network address of the first one time password validation server and the first one time password generation device identifier of the first one time password generation device;
  
  receiving the first one time password generation device identifier from a first entity;
  
  sending, by a processor, the network address of the first one time password validation server to the first entity in view of the first one time password generation device identifier received from the first entity and the stored correlation, wherein the first entity is to receive a first one time password generated by the first one time password generation device, send the first one time password to the first one time password validation server in view of the received network address of the first one time password validation server, and provide access to a first service in view of successful authentication of the first one time password by the first one time password validation server;
  
  receiving the first one time password generation device identifier from a second entity; and
  
  sending, by the processor, the network address of the first one time password validation server to the second entity in view of the first one time password generation device identifier received from the second entity and the stored correlation, wherein the second entity is to receive a second one time password generated by the first one time password generation device, send the second one time password to the first one time password validation server in view of the received network address of the first one time password validation server, and provide access to a second service in view of successful authentication of the second one time password by the first one time password validation server.
- View Dependent Claims (8)
- - 8. The method of claim 7, wherein the first entity comprises a second one time password validation server among the plurality of one time password validation servers to validate one time passwords generated by a second one time password generation device among the plurality of one time password generation devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
M'Raihi, David, Bajaj, Siddharth, Popp, Nicolas
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
An, Wayne

Application Number

US11/418,227
Publication Number

US 20070016943A1
Time in Patent Office

3,476 Days
Field of Search

707/200, 713/153, 713155-156, 713/159, 713/172, 713/185, 726/5, 380/4, 380/21, 380/259, 380/264, 380/282, 380/286, 380/247, 235/380, 235/441, 235/451, 705/56, 705 64- 67, 705 71- 73, 705/76
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/44   Program or device authentic...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06F 2221/2129   Authenticate client device ...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/27   with central registration

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/0877   using additional device, e....

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Token sharing system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Token sharing system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others