System and method for implementing a one-time-password using asymmetric cryptography

US 9,749,131 B2
Filed: 07/31/2014
Issued: 08/29/2017
Est. Priority Date: 07/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a challenge at a server;

encrypting the challenge at the server using a public encryption key;

transmitting the encrypted challenge to a connected device having a first connection over a network with the server;

providing the encrypted challenge from the connected device to a user device;

decrypting the encrypted challenge at the user device using a private encryption key corresponding to the public encryption key to determine the challenge;

converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge;

receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server, wherein receiving the converted challenge at the connected device comprises receiving manual user entry of the converted challenge via a user input device coupled to the connected device; and

validating the converted challenge at the server to authenticate the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, method, and machine readable medium are described for authentication with asymmetric cryptography. For example, a method in accordance with one embodiment comprises: generating a challenge at a server; encrypting the challenge at the server using a public encryption key; transmitting the encrypted challenge to a connected device having a first connection over a network with the server; providing the encrypted challenge from the connected device to a user device; decrypting the encrypted challenge using a private encryption key corresponding to the public encryption key to determine the challenge; converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge; receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server; and validating the converted challenge at the server to authenticate the user.

282 Citations

25 Claims

1. A method comprising:
- generating a challenge at a server;
  
  encrypting the challenge at the server using a public encryption key;
  
  transmitting the encrypted challenge to a connected device having a first connection over a network with the server;
  
  providing the encrypted challenge from the connected device to a user device;
  
  decrypting the encrypted challenge at the user device using a private encryption key corresponding to the public encryption key to determine the challenge;
  
  converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge;
  
  receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server, wherein receiving the converted challenge at the connected device comprises receiving manual user entry of the converted challenge via a user input device coupled to the connected device; and
  
  validating the converted challenge at the server to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as in claim 1 wherein the challenge comprises a random challenge generated by a random number generator on the server.
  - 3. The method as in claim 2 wherein converting the challenge comprises truncating a portion of the challenge and using the truncated portion or a remaining portion following truncation for the converted challenge.
  - 4. The method as in claim 3 wherein the challenge is truncated to generate a 6-digit converted challenge.
  - 5. The method as in claim 3 wherein validating the converted challenge comprises truncating the same portion of the challenge on the server and comparing the converted challenge truncated on the server with the converted challenge provided from the connected device.
  - 6. The method as in claim 1 wherein the connected device comprises a networked computer system, a point-of-sale (PoS) terminal, or an automatic teller machine (ATM).
  - 7. The method as in claim 6 wherein the user device comprises a mobile smartphone device.
  - 8. The method as in claim 7 wherein providing the encrypted challenge from the connected device to a user device comprises displaying an optical code on a display of the connected device and reading the optical code by the user device.
  - 9. The method as in claim 8 wherein the optical code comprises a quick response (QR) code or a barcode.
  - 10. The method as in claim 7 wherein providing the encrypted challenge from the connected device to a user device comprises establishing a local wireless communication channel between the user device and the connected device.
  - 11. The method as in claim 10 wherein the local wireless channel comprises a Bluetooth channel, a near field communication (NFC) channel, a WiFi channel, or a wireless USB channel.

12. A system comprising:
- a server generating a challenge, the server encrypting the challenge using a public encryption key;
  
  the server transmitting the encrypted challenge to a connected device having a first connection over a network with the server;
  
  the connected device providing the encrypted challenge to a user device;
  
  the user device decrypting the encrypted challenge using a private encryption key corresponding to the public encryption key to determine the challenge;
  
  the user device converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge;
  
  the connected device receiving the converted challenge and providing the converted challenge from the connected device to the server, wherein receiving the converted challenge at the connected device comprises receiving manual user entry of the converted challenge via a user input device coupled to the connected device; and
  
  the server validating the converted challenge to authenticate the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system as in claim 12 wherein the challenge comprises a random challenge generated by a random number generator on the server.
  - 14. The system as in claim 13 wherein converting the challenge comprises truncating a portion of the challenge and using the truncated portion or a remaining portion following truncation for the converted challenge.
  - 15. The system as in claim 14 wherein the challenge is truncated to generate a 6-digit converted challenge.
  - 16. The system as in claim 14 wherein validating the converted challenge comprises truncating the same portion of the challenge on the server and comparing the converted challenge truncated on the server with the converted challenge provided from the connected device.
  - 17. The system as in claim 12 wherein the connected device comprises a networked computer system, a point-of-sale (PoS) terminal, or an automatic teller machine (ATM).
  - 18. The system as in claim 17 wherein the user device comprises a mobile smartphone device.
  - 19. The system as in claim 18 wherein providing the encrypted challenge from the connected device to a user device comprises displaying an optical code on a display of the connected device and reading the optical code by the user device.
  - 20. The system as in claim 19 wherein the optical code comprises a quick response (QR) code or a barcode.
  - 21. The system as in claim 18 wherein providing the encrypted challenge from the connected device to a user device comprises establishing a local wireless communication channel between the user device and the connected device.
  - 22. The system as in claim 21 wherein the local wireless channel comprises a Bluetooth channel, a near field communication (NFC) channel, a WiFi channel, or a wireless USB channel.

23. A non-transitory machine-readable medium having program code stored thereon which, when executed by a machine, causes the machine to perform the operations of:
- generating a challenge at a server;
  
  encrypting the challenge at the server using a public encryption key;
  
  transmitting the encrypted challenge to a connected device having a first connection over a network with the server;
  
  providing the encrypted challenge from the connected device to a user device;
  
  decrypting the encrypted challenge at the user device using a private encryption key corresponding to the public encryption key to determine the challenge;
  
  converting the challenge to a converted challenge, the converted challenge having a different format than the original challenge;
  
  receiving the converted challenge at the connected device and providing the converted challenge from the connected device to the server, wherein receiving the converted challenge at the connected device comprises receiving manual user entry of the converted challenge via a user input device coupled to the connected device; and
  
  validating the converted challenge at the server to authenticate the user.
- View Dependent Claims (24, 25)
- - 24. The machine-readable medium as in claim 23 wherein the challenge comprises a random challenge generated by a random number generator on the server.
  - 25. The machine-readable medium as in claim 24 wherein converting the challenge comprises truncating a portion of the challenge and using the truncated portion or a remaining portion following truncation for the converted challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nok Nok Labs Incorporated
Original Assignee
Nok Nok Labs Incorporated
Inventors
Baghdasaryan, Davit
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/448,747
Publication Number

US 20170111170A1
Time in Patent Office

1,125 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06Q 20/3829   involving key management

G06Q 20/40145   Biometric identity checks

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0838   using one-time-passwords

H04L 9/0866   involving user or device id...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3271   using challenge-response

H04W 4/80   Services using short range ...

System and method for implementing a one-time-password using asymmetric cryptography

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

282 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing a one-time-password using asymmetric cryptography

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

282 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links