Transformation rules for one-time passwords

US 9,407,632 B2
Filed: 09/15/2014
Issued: 08/02/2016
Est. Priority Date: 09/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

performing by a processor operations comprising;

receiving from a user, a one-time password transformation rule to be applied by the user to a one-time password that is received, so as to transform the one-time password that is received;

sending a one-time password to the user;

receiving a response to the one-time password from the user; and

selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A one-time password may be used and generated using transformation rules. A one-time password transformation rule is received. The one-time password is sent to a user. A response to the one-time password is received. The user is selectively authenticated based on the response corresponding to the one-time password as transformed by the one-time password transformation rule. The one-time password transformation rule may include one or more operations, such as mathematical operations that may be static operations or dynamic operations that change as a function of time. Related systems, devices, methods and computer program products are described.

7 Citations

View as Search Results

19 Claims

1. A method comprising:
- performing by a processor operations comprising;
  
  receiving from a user, a one-time password transformation rule to be applied by the user to a one-time password that is received, so as to transform the one-time password that is received;
  
  sending a one-time password to the user;
  
  receiving a response to the one-time password from the user; and
  
  selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method according to claim 1 wherein the receiving a one-time password transformation rule comprises:
    - providing a list of a plurality of one-time password transformation rules; and
      
      receiving a selection of one of the plurality of one-time password transformation rules.
  - 3. A method according to claim 1 wherein the receiving a one-time password transformation rule comprises:
    - receiving a proposed one-time password transformation rule; and
      
      selectively sending a confirmation that the proposed one-time password transformation rule is acceptable, responsive to verification that the proposed one-time password transformation rule meets a predefined criterion.
  - 4. A method according to claim 1 further comprising:
    - proceeding with a transaction in response to a confirmation that the response corresponds to the one-time password as transformed by the one-time password transformation rule.
  - 5. A method according to claim 1 wherein the one-time password comprises a number and wherein the one-time password transformation rule comprises a mathematical operation that is performed on the number.
  - 6. A method according to claim 1 wherein the one-time password comprises a first alphabetic character and wherein the one-time password transformation rule comprises a transformation that is performed on the first alphabetic character to produce a second alphabetic character.
  - 7. A method according to claim 1 wherein the one-time password comprises a first symbol and wherein the one-time password transformation rule comprises a transformation that is performed on the first symbol to produce a second symbol.
  - 8. A method according to claim 1 wherein the receiving a one-time password transformation rule to be applied by the user, the sending a one-time password to the user, the receiving a response to the one-time password, and the selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule are all performed by a server that communicates with a user device of the user over a network.
  - 9. A method according to claim 1 wherein the receiving a one-time password transformation rule to be applied by the user, the sending a one-time password to the user, the receiving a response to the one-time password, and the selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule are all performed by a user device of the user.
  - 10. A method according to claim 1 further comprising:
    - defining the one-time password transformation rule;
      
      receiving the one-time password; and
      
      sending the response to the one-time password.
  - 11. A method according to claim 10 wherein the defining the one-time password transformation rule, the receiving the one-time password, and the sending the response to the one-time password are all performed by a user device of the user.
  - 12. A method according to claim 1 wherein the sending is preceded by:
    - receiving a userid and a static password from the user; and
      
      wherein the sending comprises selectively sending the one-time password to the user responsive to validating the userid and the static password.
  - 13. A method according to claim 12 wherein the one-time password transformation rule comprises a plurality of operations to be performed sequentially by the user on the one-time password, the plurality of operations comprising a dynamic operation that changes as a function of time and a static operation that does not change as a function of time.
  - 14. A method according to claim 1 wherein the one-time password transformation rule comprises a plurality of operations to be performed sequentially by the user on the one-time password.
  - 15. A method according to claim 14 wherein the plurality of operations comprises a dynamic operation that changes as a function of time.
  - 16. A method according to claim 15 wherein the plurality of operations further comprises a static operation that does not change as a function of time.
  - 17. A method according to claim 15 wherein the dynamic operation comprises adding a number representing a current day to the one-time password.

18. A computer system comprising:
- a processor; and
  
  a memory coupled to the processor and comprising computer readable code that, when executed by the processor, causes the processor to perform operations comprising;
  
  receiving from a user, a one-time password transformation rule to be applied by the user to a one-time password that is received, so as to transform the one-time password that is received;
  
  sending a one-time password to the user;
  
  receiving a response to the one-time password from the user; and
  
  selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule.

19. A computer program product comprising:
- a computer readable storage medium having computer readable program code embodied in the medium that, when executed by a processor of a computer system, causes the computer system to perform operations comprising;
  
  receiving from a user, a one-time password transformation rule to be applied by the user to a one-time password that is received, so as to transform the one-time password that is received;
  
  sending a one-time password to the user;
  
  receiving a response to the one-time password from the user; and
  
  selectively authenticating the user based on the response corresponding to the one-time password as transformed by the one-time password transformation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Agarwal, Gaurav
Primary Examiner(s)
Lipman, Jacob

Application Number

US14/486,284
Publication Number

US 20160080366A1
Time in Patent Office

687 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

H04L 63/0838 using one-time-passwords

Transformation rules for one-time passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Transformation rules for one-time passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links