Method for secure, entryless login using internet connected device
First Claim
1. A computer-implementable method for using an entryless One-Time Password (OTP) in an active tag environment, comprising:
- receiving authentication credentials and access request data from an active tag device;
processing the authentication credentials and the access request data to generate an OTP credential;
storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service;
performing encryption operations to encrypt the OTP credential;
providing the encrypted OTP credential to the active tag device;
receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device;
processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and
providing the encrypted OTP credential validation data to the active tag terminal.
14 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer-readable medium are disclosed for using an entryless One-Time Password (OTP) in an active tag environment. Authentication credentials associated with a user and an active tag device are submitted with an access request to an authentication server, where they are processed to generate an OTP credential, which is then stored in a directory service. Encryption operations are then performed on the OTP credential to generate an encrypted OTP credential, which is then provided to the active tag device, which in turn provides it to an active tag terminal. The active tag terminal then submits a request to the authentication server to verify the validity of the encrypted OTP credential. In response, the authentication server verifies its validity and then destroys the OTP credential stored in the directory service. The OTP credential is then decrypted by the active tag terminal and subsequently used to login the user.
-
Citations
18 Claims
-
1. A computer-implementable method for using an entryless One-Time Password (OTP) in an active tag environment, comprising:
-
receiving authentication credentials and access request data from an active tag device; processing the authentication credentials and the access request data to generate an OTP credential; storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service; performing encryption operations to encrypt the OTP credential; providing the encrypted OTP credential to the active tag device; receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device; processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and providing the encrypted OTP credential validation data to the active tag terminal. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for; receiving authentication credentials and access request data from an active tag device; processing the authentication credentials and the access request data to generate an OTP credential; storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service; performing encryption operations to encrypt the OTP credential; providing the encrypted OTP credential to the active tag device; receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device; processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and providing the encrypted OTP credential validation data to the active tag terminal. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
-
receiving authentication credentials and access request data from an active tag device; processing the authentication credentials and the access request data to generate an OTP credential; storing a copy of the OTP credential in an Access Control List (ACL) managed by a directory service; performing encryption operations to encrypt the OTP credential; providing the encrypted OTP credential to the active tag device; receiving a copy of the encrypted OTP credential and verification request data from an active tag terminal in response to the active tag terminal receiving the encrypted OTP credential from the active tag device; processing the copy of the encrypted OTP credential and the verification request data by accessing the directory service and verifying validity of the encrypted OTP credential using the directory service, and generating encrypted OTP credential validation data; and providing the encrypted OTP credential validation data to the active tag terminal. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification