Event-based data signing via time-based one-time authentication passcodes
First Claim
1. A method for generating one or more user authentication passcodes, comprising:
- generating a time-based user authentication passcode based on a first forward-secure pseudorandom number;
generating an event-based user authentication passcode based on a second forward-secure pseudorandom number, wherein said first forward-secure pseudorandom number is generated using at least one hardware device using a first seed from a first level of a hierarchical forward-secure pseudorandom number tree stored in a memory and wherein said second forward-secure pseudorandom number is generated using said at least one hardware device using a second seed from a different, second level of said hierarchical forward-secure pseudorandom number tree;
providing said generated time-based user authentication passcode for authentication of a user; and
providing said generated event-based user authentication passcode for signing of one or more data transactions of said user during a session of said user.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.
-
Citations
22 Claims
-
1. A method for generating one or more user authentication passcodes, comprising:
-
generating a time-based user authentication passcode based on a first forward-secure pseudorandom number; generating an event-based user authentication passcode based on a second forward-secure pseudorandom number, wherein said first forward-secure pseudorandom number is generated using at least one hardware device using a first seed from a first level of a hierarchical forward-secure pseudorandom number tree stored in a memory and wherein said second forward-secure pseudorandom number is generated using said at least one hardware device using a second seed from a different, second level of said hierarchical forward-secure pseudorandom number tree; providing said generated time-based user authentication passcode for authentication of a user; and providing said generated event-based user authentication passcode for signing of one or more data transactions of said user during a session of said user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine-readable recordable storage medium for generating one or more user authentication passcodes, wherein one or more software programs when executed by one or more processing devices implement the following steps:
-
generating a time-based user authentication passcode based on a first forward-secure pseudorandom number; generating an event-based user authentication passcode based on a second forward-secure pseudorandom number, wherein said first forward-secure pseudorandom number is generated using a first seed from a first level of a hierarchical forward-secure pseudorandom number tree stored in a memory and wherein said second forward-secure pseudorandom number is generated using a second seed from a different, second level of said hierarchical forward-secure pseudorandom number tree; providing said generated time-based user authentication passcode for authentication of a user; and providing said generated event-based user authentication passcode for signing of one or more data transactions of said user during a session of said user.
-
-
9. A time-based authentication token, comprising:
-
a passcode generation function for generating a time-based user authentication passcode based on a first forward-secure pseudorandom number; a transaction passcode generation function for generating an event-based user authentication passcode based on a second forward-secure pseudorandom number, wherein said first forward-secure pseudorandom number is generated using a first seed from a first level of a hierarchical forward-secure pseudorandom number tree stored in a memory and wherein said second forward-secure pseudorandom number is generated using a second seed from a different, second level of said hierarchical forward-secure pseudorandom number tree; wherein said time-based authentication token provides said generated time-based user authentication passcode for authentication of a user and provides said generated event-based user authentication passcode for signing of one or more data transactions of said user during a session of said user. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for generating one or more user authentication passcodes, the apparatus comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; generating a time-based user authentication passcode based on a first forward-secure pseudorandom number, generating an event-based user authentication passcode based on a second forward-secure pseudorandom number, wherein said first forward-secure pseudorandom number is generated using a first seed from a first level of a hierarchical forward-secure pseudorandom number tree stored in a memory and wherein said second forward-secure pseudorandom number is generated using a second seed from a different, second level of said hierarchical forward-secure pseudorandom number tree; providing said generated time-based user authentication passcode for authentication of a user; and providing said generated event-based user authentication passcode for signing of one or more data transactions of said user during a session of said user. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification