Dynamic authentication for a computing system

US 9,742,761 B2
Filed: 11/10/2015
Issued: 08/22/2017
Est. Priority Date: 11/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors, a login request from a client and, in response, issuing, by one or more processors, a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;

receiving, by one or more processors, a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;

generating, by one or more processors, a second ordered set of tokens based on the first seed and the first algorithm;

authenticating, by one or more processors, the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions; and

granting access to an electronic resource by a communications link to the client and a server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer program product, and computer system for authenticating user access to a computing system using dynamic tokens are provided. A login request from a client is received, and in response, a token request from the client is issued. The token request identifies one or more sequence positions. One or more client tokens generated by the client are received based on the one or more sequence positions of the tokens. A sequence of tokens based on a first seed and a first algorithm are generated. The login request is authenticated by comparing the one or more client tokens with the sequence of tokens, based at least in part, on the one or more sequence positions.

17 Citations

17 Claims

1. A method comprising:
- receiving, by one or more processors, a login request from a client and, in response, issuing, by one or more processors, a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  receiving, by one or more processors, a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  generating, by one or more processors, a second ordered set of tokens based on the first seed and the first algorithm;
  
  authenticating, by one or more processors, the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions; and
  
  granting access to an electronic resource by a communications link to the client and a server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the token request identifies the first algorithm.
  - 3. The method of claim 2, further comprising:
    - receiving, by one or more processors, the first seed from the client prior to receiving the login request.
  - 4. The method of claim 3, wherein issuing the token request is in further response to determining that the first seed matches a second seed included in the login request.
  - 5. The method of claim 2, further comprising:
    - providing, by one or more processors, the first algorithm to the client prior to receiving the login request.
  - 6. The method of claim 1, further comprising:
    - selecting, by one or more processors, the first algorithm from among a plurality of algorithms based, at least in part, on the login request.
  - 7. The method of claim 6, wherein the plurality of algorithms correspond to registered users.

8. A computer program product, the computer program product comprising:
- a computer readable storage device and program instructions stored on the computer readable storage device, the program instructions comprising;
  
  program instructions to receive a login request from a client and, in response, issue a token request to the client, wherein the token request identifies a plurality of token-positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  program instructions to receive a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  program instructions to generate a second ordered set of tokens based on the first seed and the first algorithm;
  
  program instructions to authenticate the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions; and
  
  program instructions to grant access to an electronic resource by a communications link to the client and a server.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer program product of claim 8, wherein the token request identifies the first algorithm.
  - 10. The computer program product of claim 9, further comprising:
    - program instructions to receive the first seed from the client prior to receiving the login request, wherein the token request is issued in further response to program instructions to determine that the first seed matches a second seed included in the login request.
  - 11. The computer program product of claim 9, further comprising:
    - program instructions to provide the first algorithm to the client prior to receiving the login request.
  - 12. The computer program product of claim 8, further comprising:
    - program instructions to select the first algorithm from among a plurality of algorithms based, at least in part, on the login request, wherein the plurality of algorithms correspond to registered users.

13. A computer system, the computer system comprising:
- one or more computer processors;
  
  one or more computer readable storage media;
  
  program instructions stored on the computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising;
  
  program instructions to receive a login request from a client and, in response, issue a token request to the client, wherein the token request identifies a plurality of token positions within a first ordered set of tokens generated by the client using a first seed and a first algorithm;
  
  program instructions to receive a plurality of client tokens generated by the client based on the plurality of token positions within the first ordered set of tokens;
  
  program instructions to generate a second ordered set of tokens based on the first seed and the first algorithm;
  
  program instructions to authenticate the login request by comparing the plurality of client tokens with the second ordered set of tokens, based, at least in part, on the plurality of token positions andprogram instructions to grant access to an electronic resource by a communications link to the client and a server.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer system of claim 13, wherein the token request identifies the first algorithm.
  - 15. The computer system of claim 14, further comprising:
    - program instructions to receive the first seed from the client prior to receiving the login request, wherein the token request is issued in further response to program instructions to determine that the first seed matches a second seed included in the login request.
  - 16. The computer system of claim 14, further comprising:
    - program instructions to provide the first algorithm to the client prior to receiving the login request.
  - 17. The computer system of claim 13, further comprising:
    - program instructions to select the first algorithm from among a plurality of algorithms based, at least in part, on the login request, wherein the plurality of algorithms correspond to registered users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Grunin, Galina, Nachman, David E., Nassar, Nader M., Nassar, Tamer M.
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/936,736
Publication Number

US 20170134363A1
Time in Patent Office

651 Days
Field of Search

726 2- 10
US Class Current
CPC Class Codes

G06F 21/33   using certificates

H04L 63/083   using passwords cryptograph...

H04W 12/068   using credential vaults, e....

Dynamic authentication for a computing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication for a computing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links