Method and system for enabling secure one-time password authentication
First Claim
1. A method comprising:
- receiving, via an application programming interface, a one-time password authentication request, wherein the application programming interface is a single point of access to a dedicated validation appliance for maintaining one or more secret keys, wherein the application programming interface is associated with an authentication service separate from the dedicated validation appliance, wherein the authentication service is restricted from accessing the one or more secret keys;
receiving, per the request, a one-time password and an identifier of a user for which the one-time password is exclusively generated for a limited period of time for completion of the authentication procedure;
determining, by the dedicated validation appliance, a validity of the request based on a correlation between the identifier of the user and the one-time password with at least one of the one or more secret keys within the limited period of time; and
authenticating the user based on the determined validity of the request, wherein the user is associated with a client device for enabling user entry of the one-time password via an authentication service for initiating the authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for facilitating a one-time password (OTP) authentication procedure is described. A dedicated validation appliance receives a one-time password authentication request via an application programming interface, which is a single point of access to the dedicated validation appliance. The dedicated validation appliance then determines a validity of the request based on the correlating of a submitted OTP against OTP values independently generated by the dedicated validation appliance based on a large secret key exclusive to a client device that initiated the request. The single point of access to the dedicated validation appliance as well as exclusive sharing of the secret key with only another dedicated validation appliance or one-time with the client device reduces the likelihood of attackers discovering the secret keys.
14 Citations
18 Claims
-
1. A method comprising:
-
receiving, via an application programming interface, a one-time password authentication request, wherein the application programming interface is a single point of access to a dedicated validation appliance for maintaining one or more secret keys, wherein the application programming interface is associated with an authentication service separate from the dedicated validation appliance, wherein the authentication service is restricted from accessing the one or more secret keys; receiving, per the request, a one-time password and an identifier of a user for which the one-time password is exclusively generated for a limited period of time for completion of the authentication procedure; determining, by the dedicated validation appliance, a validity of the request based on a correlation between the identifier of the user and the one-time password with at least one of the one or more secret keys within the limited period of time; and authenticating the user based on the determined validity of the request, wherein the user is associated with a client device for enabling user entry of the one-time password via an authentication service for initiating the authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, receive, via an application programming interface, a one-time password authentication request, wherein the application programming interface is a single point of access to a dedicated validation appliance for maintaining one or more secret keys, wherein the application programming interface is associated with an authentication service separate from the dedicated validation appliance, wherein the authentication service is restricted from accessing the one or more secret keys; receive, per the request, a one-time password and an identifier of a user for which the one-time password is exclusively generated for a limited period of time for completion of the authentication procedure; determine, by the dedicated validation appliance, a validity of the request based on a correlation between the identifier of the user and the one-time password with at least one of the one or more secret keys within the limited period of time; and authenticate the user based on the determined validity of the request, wherein the user is associated with a client device for enabling user entry of the token value as a one-time password via an authentication service for initiating the one-time password authentication procedure. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
- one or more dedicated validation appliances for determining a validity of a one-time password authentication request based on a correlation between an identifier of a user and a one-time password with at least one of the one or more secret keys within a limited period of time;
an application programming interface for accessing the one or more dedicated validation appliances to initiate the one-time password authentication request, wherein the application programming interface is a single point of access to the one or more dedicated validation appliances and the dedicated validation appliances maintain one or more secret keys, wherein the application programming interface is associated with an authentication service separate from the dedicated validation appliance, wherein the authentication service is restricted from accessing the one or more secret keys, and said one or more dedicated validation appliances authenticates the user based on the determined validity of the request, wherein the user is associated with a client device for enabling user entry of the one-time password via an authentication service for initiating the authentication. - View Dependent Claims (18)
- one or more dedicated validation appliances for determining a validity of a one-time password authentication request based on a correlation between an identifier of a user and a one-time password with at least one of the one or more secret keys within a limited period of time;
Specification