Method for secure, entryless login using internet connected device

US 9,332,007 B2
Filed: 08/28/2013
Issued: 05/03/2016
Est. Priority Date: 08/28/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for using an entryless One-Time Password (OTP) in an active tag environment, comprising:

receiving authentication credentials and access request data from an active tag device;

processing the authentication credentials and the access request data to generate an OTP credential;

storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service;

performing encryption operations to encrypt the OTP credential;

providing the encrypted OTP credential to the active tag device;

receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device;

processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and

providing the encrypted OTP credential validation data to the active tag terminal.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer-readable medium are disclosed for using an entryless One-Time Password (OTP) in an active tag environment. Authentication credentials associated with a user and an active tag device are submitted with an access request to an authentication server, where they are processed to generate an OTP credential, which is then stored in a directory service. Encryption operations are then performed on the OTP credential to generate an encrypted OTP credential, which is then provided to the active tag device, which in turn provides it to an active tag terminal. The active tag terminal then submits a request to the authentication server to verify the validity of the encrypted OTP credential. In response, the authentication server verifies its validity and then destroys the OTP credential stored in the directory service. The OTP credential is then decrypted by the active tag terminal and subsequently used to login the user.

Citations

18 Claims

1. A computer-implementable method for using an entryless One-Time Password (OTP) in an active tag environment, comprising:
- receiving authentication credentials and access request data from an active tag device;
  
  processing the authentication credentials and the access request data to generate an OTP credential;
  
  storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service;
  
  performing encryption operations to encrypt the OTP credential;
  
  providing the encrypted OTP credential to the active tag device;
  
  receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device;
  
  processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and
  
  providing the encrypted OTP credential validation data to the active tag terminal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the active tag terminal:
    - processes the encrypted OTP credential validation data and the encrypted OTP credential to decrypt the OTP credential from the encrypted OTP credential; and
      
      uses the decrypted OTP credential to perform login operations to login a user of the active tag device.
  - 3. The method of claim 2, wherein the authentication credentials comprise:
    - a first subset of authentication credentials associated with the user of the active tag device; and
      
      a second subset of authentication credentials associated with the active tag device.
  - 4. The method of claim 3, further comprising:
    - appending a Near Field Communication (NFC) header to the encrypted OTP credential, the NFC header containing data associated with the active tag device.
  - 5. The method of claim 3, wherein the encrypted OTP credential is generated using at least one of the set of:
    - the OTP credential;
      
      a hardware identifier associated with the active tag device;
      
      a Globally Unique Identifier (GUID) associated with the active tag device;
      
      a system name associated with the active tag device;
      
      a Quick Fix Engineering (QFE) update associated with the active tag device;
      
      one or more measurements of system components associated with the active tag device;
      
      a BIOS version associated with the active tag device;
      
      a Username associated with the user;
      
      a time; and
      
      a date.
  - 6. The method of claim 1, further comprising:
    - destroying the copy of the OTP credential once the encrypted OTP credential validation data has been provided to the active tag terminal.

7. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  receiving authentication credentials and access request data from an active tag device;
  
  processing the authentication credentials and the access request data to generate an OTP credential;
  
  storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service;
  
  performing encryption operations to encrypt the OTP credential;
  
  providing the encrypted OTP credential to the active tag device;
  
  receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device;
  
  processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and
  
  providing the encrypted OTP credential validation data to the active tag terminal.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the active tag terminal:
    - processes the encrypted OTP credential validation data and the encrypted OTP credential to decrypt the OTP credential from the encrypted OTP credential; and
      
      uses the decrypted OTP credential to perform login operations to login a user of the active tag device.
  - 9. The system of claim 8, wherein the authentication credentials comprise:
    - a first subset of authentication credentials associated with the user of the active tag device; and
      
      a second subset of authentication credentials associated with the active tag device.
  - 10. The system of claim 9, further comprising:
    - appending a Near Field Communication (NFC) header to the encrypted OTP credential, the NFC header containing data associated with the active tag device.
  - 11. The system of claim 9, wherein the encrypted OTP credential is generated using at least one of the set of:
    - the OTP credential;
      
      a hardware identifier associated with the active tag device;
      
      a Globally Unique Identifier (GUID) associated with the active tag device;
      
      a system name associated with the active tag device;
      
      a Quick Fix Engineering (QFE) update associated with the active tag device;
      
      one or more measurements of system components associated with the active tag device;
      
      a BIOS version associated with the active tag device;
      
      a Username associated with the user;
      
      a time; and
      
      a date.
  - 12. The system of claim 7, further comprising:
    - destroying the copy of the OTP credential once the encrypted OTP credential validation data has been provided to the active tag terminal.

13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- receiving authentication credentials and access request data from an active tag device;
  
  processing the authentication credentials and the access request data to generate an OTP credential;
  
  storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service;
  
  performing encryption operations to encrypt the OTP credential;
  
  providing the encrypted OTP credential to the active tag device;
  
  receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device;
  
  processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and
  
  providing the encrypted OTP credential validation data to the active tag terminal.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory, computer-readable storage medium of claim 13, wherein the active tag terminal:
    - processes the encrypted OTP credential validation data and the encrypted OTP credential to decrypt the OTP credential from the encrypted OTP credential; and
      
      uses the decrypted OTP credential to perform login operations to login a user of the active tag device.
  - 15. The non-transitory, computer-readable storage medium of claim 14, wherein the authentication credentials comprise:
    - a first subset of authentication credentials associated with the user of the active tag device; and
      
      a second subset of authentication credentials associated with the active tag device.
  - 16. The non-transitory, computer-readable storage medium of claim 15, further comprising:
    - appending a Near Field Communication (NFC) header to the encrypted OTP credential, the NFC header containing data associated with the active tag device.
  - 17. The non-transitory, computer-readable storage medium of claim 15, wherein the encrypted OTP credential is generated using at least one of the set of:
    - the OTP credential;
      
      a hardware identifier associated with the active tag device;
      
      a Globally Unique Identifier (GUID) associated with the active tag device;
      
      a system name associated with the active tag device;
      
      a Quick Fix Engineering (QFE) update associated with the active tag device;
      
      one or more measurements of system components associated with the active tag device;
      
      a BIOS version associated with the active tag device;
      
      a Username associated with the user;
      
      a time; and
      
      a date.
  - 18. The non-transitory, computer-readable storage medium of claim 13, further comprising:
    - destroying the copy of the OTP credential once the encrypted OTP credential validation data has been provided to the active tag terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Robison, Charles D Jr., Hamlin, Daniel L
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US14/012,038
Publication Number

US 20150067793A1
Time in Patent Office

979 Days
Field of Search

726/5, 713182-185
US Class Current

1/1
CPC Class Codes

G06K 19/073   Special arrangements for ci...

G06Q 20/00   Payment architectures, sche...

G07F 7/10   together with a coded signa...

H04K 3/00   Jamming of communication; C...

H04L 63/0492   by using a location-limited...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/32   including means for verifyi...

H04W 4/80   Services using short range ...

Method for secure, entryless login using internet connected device

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure, entryless login using internet connected device

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links