Forward secure one-time authentication tokens with embedded time hints

US 9,871,785 B1
Filed: 03/14/2013
Issued: 01/16/2018
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A token-side method for generating a passcode from a user authentication token for presentation to an authentication server, comprising:

determining a current state of said token;

generating, using said token, a user authentication passcode based on said current state, wherein said generated user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated; and

communicating said generated user authentication passcode to said authentication server, wherein said authentication server obtains said embedded time hint from said generated user authentication passcode and determines a time interval to search for another user authentication passcode based on said embedded time hint, wherein said communicating step employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Forward-secure one-time authentication tokens are provided with embedded time hints. A token generates a passcode for presentation to an authentication server by determining a current state of the token; generating a user authentication passcode based on the current state, wherein the generated user authentication passcode comprises an embedded time hint; and communicating the generated user authentication passcode to the authentication server. The passcode may be generated with the embedded time hint, for example, each time a user authentication passcode is generated or upon demand when a user authentication passcode is generated. A server processes a user authentication passcode by receiving the user authentication passcode, wherein the received user authentication passcode comprises an embedded time hint; and determining a time interval to search for another user authentication passcode based on the embedded time hint.

17 Citations

View as Search Results

64 Claims

1. A token-side method for generating a passcode from a user authentication token for presentation to an authentication server, comprising:
- determining a current state of said token;
  
  generating, using said token, a user authentication passcode based on said current state, wherein said generated user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated; and
  
  communicating said generated user authentication passcode to said authentication server, wherein said authentication server obtains said embedded time hint from said generated user authentication passcode and determines a time interval to search for another user authentication passcode based on said embedded time hint, wherein said communicating step employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein said generating step is performed each time a user authentication passcode is generated.
  - 3. The method of claim 1, wherein said generating step is performed upon demand when a user authentication passcode is generated.
  - 4. The method of claim 3, wherein said generating step is performed upon detection of a forward clock attack.
  - 5. The method of claim 3, further comprising the step of notifying said authentication server of said embedded time hint.
  - 6. The method of claim 5, wherein said notification comprises setting a flag.
  - 7. The method of claim 1, wherein said embedded time hint comprises an indication of a last used device time during a generation of a user authentication passcode.
  - 8. The method of claim 1, wherein said authentication server evaluates said embedded time hint upon one or more failed authentication attempts.
  - 9. The method of claim 1, wherein said authentication server evaluates said embedded time hint to reduce a search space for another user authentication passcode.
  - 10. The method of claim 1, wherein said embedded time hint is encrypted using a secret key.
  - 11. The method of claim 1, wherein said verification-dependent auxiliary channel and said user authentication passcode employ a second forward-secure pseudorandom generator of said at least two independent forward-secure pseudorandom generators that is independent of a first forward-secure pseudorandom generator employed by said verification-dependent auxiliary channel and said user authentication passcode.
  - 12. The method of claim 11, wherein said second forward-secure pseudorandom generator generates seeds based on a low-rate time based hash chain.
  - 13. The method of claim 11, wherein said second forward-secure pseudorandom generator generates seeds on-demand.
  - 14. The method of claim 13, wherein said second forward-secure pseudorandom generator generates seeds on-demand in a hash chain.
  - 15. The method of claim 11, wherein said second forward-secure pseudorandom generator is used to embed a time hint indicating a current epoch of said first forward-secure pseudorandom generator.
  - 16. The method of claim 11, wherein said authentication server evaluates a received passcode that failed using seeds generated by said first forward-secure pseudorandom generator by employing seeds generated by said second forward-secure pseudorandom generator.
  - 17. The method of claim 16, wherein said second forward-secure pseudorandom generator generates seeds on-demand in a hash chain and wherein said authentication server searches said seeds generated by said second forward-secure pseudorandom generator in a window of said hash chain.
  - 18. The method of claim 16, wherein said authentication server employs said embedded time hint to update a search space with respect to said first forward-secure pseudorandom generator if said received passcode is verified using said seeds generated by said second forward-secure pseudorandom generator.

19. A non-transitory machine-readable recordable storage medium for generating a user authentication passcode for presentation to an authentication server, wherein one or more software programs when executed by one or more processing devices implement the following steps:
- determining a current state of said token;
  
  generating, using said token, a user authentication passcode based on said current state, wherein said generated user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated; and
  
  communicating said generated user authentication passcode to said authentication server, wherein said authentication server obtains said embedded time hint from said generated user authentication passcode and determines a time interval to search for another user authentication passcode based on said embedded time hint, wherein said communicating step employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators.

20. A token apparatus for generating a user authentication passcode for presentation to an authentication server, the apparatus comprising:
- a memory; and
  
  at least one hardware device, coupled to the memory, operative to implement the following steps;
  
  determine a current state of said token;
  
  generate, using said token apparatus, a user authentication passcode based on said current state, wherein said generated user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated; and
  
  communicate said generated user authentication passcode to said authentication server, wherein said authentication server obtains said embedded time hint from said generated user authentication passcode and determines a time interval to search for another user authentication passcode based on said embedded time hint, wherein said communication employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 21. The token apparatus of claim 20, wherein said generation is performed each time a user authentication passcode is generated.
  - 22. The token apparatus of claim 20, wherein said generation is performed upon demand when a user authentication passcode is generated.
  - 23. The token apparatus of claim 22, wherein said generation is performed upon detection of a forward clock attack.
  - 24. The token apparatus of claim 22, wherein said at least one hardware device is further configured to notify said authentication server of said embedded time hint.
  - 25. The token apparatus of claim 24, wherein said notification comprises setting a flag.
  - 26. The token apparatus of claim 20, wherein said embedded time hint comprises an indication of a last used device time during a generation of a user authentication passcode.
  - 27. The token apparatus of claim 20, wherein said authentication server evaluates said embedded time hint upon one or more failed authentication attempts.
  - 28. The token apparatus of claim 20, wherein said authentication server evaluates said embedded time hint to reduce a search space for another user authentication passcode.
  - 29. The token apparatus of claim 20, wherein said embedded time hint is encrypted using a secret key.
  - 30. The token apparatus of claim 20, wherein said verification-dependent auxiliary channel and said user authentication passcode employ a second forward-secure pseudorandom generator of said at least two independent forward-secure pseudorandom generators that is independent of a first forward-secure pseudorandom generator employed by said verification-dependent auxiliary channel and said user authentication passcode.
  - 31. The token apparatus of claim 30, wherein said second forward-secure pseudorandom generator generates seeds based on a low-rate time based hash chain.
  - 32. The token apparatus of claim 30, wherein said second forward-secure pseudorandom generator generates seeds on-demand.
  - 33. The token apparatus of claim 32, wherein said second forward-secure pseudorandom generator generates seeds on-demand in a hash chain.
  - 34. The token apparatus of claim 30, wherein said second forward-secure pseudorandom generator is used to embed a time hint indicating a current epoch of said first forward-secure pseudorandom generator.
  - 35. The token apparatus of claim 30, wherein said authentication server evaluates a received passcode that failed using seeds generated by said first forward-secure pseudorandom generator by employing seeds generated by said second forward-secure pseudorandom generator.
  - 36. The token apparatus of claim 35, wherein said second forward-secure pseudorandom generator generates seeds on-demand in a hash chain and wherein said authentication server searches said seeds generated by said second forward-secure pseudorandom generator in a window of said hash chain.
  - 37. The token apparatus of claim 35, wherein said authentication server employs said embedded time hint to update a search space with respect to said first forward-secure pseudorandom generator if said received passcode is verified using said seeds generated by said second forward-secure pseudorandom generator.

38. A server-side method for processing a user authentication passcode, comprising:
- receiving a user authentication passcode, generated using a token, wherein said received user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated, wherein said receiving step employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators;
  
  obtaining, by at least one processing device of said server, said embedded time hint from said received user authentication passcode; and
  
  determining, by said at least one processing device of said server, a time interval to search for another user authentication passcode based on said embedded time hint.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 39. The server-side method of claim 38, further comprising the step of receiving a notification of said embedded time hint.
  - 40. The server-side method of claim 39, wherein said notification comprises a flag.
  - 41. The server-side method of claim 38, wherein said embedded time hint comprises an indication of a last used device time during a generation of a user authentication passcode.
  - 42. The server-side method of claim 38, further comprising the step of evaluating said embedded time hint upon one or more failed authentication attempts.
  - 43. The server-side method of claim 38, further comprising the step of evaluating said embedded time hint to reduce a search space for another user authentication passcode.
  - 44. The server-side method of claim 38, wherein said embedded time hint is encrypted using a secret key.
  - 45. The server-side method of claim 38, wherein said verification-dependent auxiliary channel and said user authentication passcode employ a second forward-secure pseudorandom generator of said at least two independent forward-secure pseudorandom generators that is independent of a first forward-secure pseudorandom generator employed by said verification-dependent auxiliary channel and said user authentication passcode.
  - 46. The server-side method of claim 45, wherein said second forward-secure pseudorandom generator generates seeds based on a low-rate time based hash chain.
  - 47. The server-side method of claim 45, wherein said second forward-secure pseudorandom generator generates seeds on-demand.
  - 48. The server-side method of claim 45, wherein said second forward-secure pseudorandom generator is used to embed a time hint indicating a current epoch of said first forward-secure pseudorandom generator.
  - 49. The server-side method of claim 45, wherein said authentication server evaluates a received passcode that failed using seeds generated by said first forward-secure pseudorandom generator by employing seeds generated by said second forward-secure pseudorandom generator.
  - 50. The server-side method of claim 45, wherein said authentication server employs said embedded time hint to update a search space with respect to said first forward-secure pseudorandom generator if said received passcode is verified using said seeds generated by said second forward-secure pseudorandom generator.

51. A non-transitory machine-readable recordable storage medium for processing a user authentication passcode, wherein one or more software programs when executed by one or more processing devices implement the following steps:
- receiving a user authentication passcode, generated using a token, wherein said received user authentication passcode comprises an embedded time hint not previously known to an authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated, wherein said receiving step employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators;
  
  obtaining, by at least one processing device of said authentication server, said embedded time hint from said received user authentication passcode; and
  
  determining, by said at least one processing device of said authentication server, a time interval to search for another user authentication passcode based on said embedded time hint.

52. A server apparatus for processing a user authentication passcode, the apparatus comprising:
- a memory; and
  
  at least one processing device, coupled to the memory, operative to implement the following steps;
  
  receive a user authentication passcode, generated using a token, wherein said received user authentication passcode comprises an embedded time hint not previously known to said authentication server, wherein said embedded time hint is embedded in said generated user authentication passcode when said generated user authentication passcode is generated, wherein said receiving employs one or more of (i) a verification-independent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated, and (ii) a verification-dependent auxiliary channel that employs a plurality of auxiliary bits comprising at least one auxiliary bit indicating that said embedded time hint is activated and at least two independent forward-secure pseudorandom generators;
  
  obtain, by said at least one processing device of said server apparatus, said embedded time hint from said received user authentication passcode; and
  
  determine, by said at least one processing device of said server apparatus, a time interval to search for another user authentication passcode based on said embedded time hint.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 53. The server apparatus of claim 52, wherein said at least one hardware device is further configured to receive a notification of said embedded time hint.
  - 54. The server apparatus of claim 53, wherein said notification comprises a flag.
  - 55. The server apparatus of claim 52, wherein said embedded time hint comprises an indication of a last used device time during a generation of a user authentication passcode.
  - 56. The server apparatus of claim 52, wherein said at least one hardware device is further configured to evaluate said embedded time hint upon one or more failed authentication attempts.
  - 57. The server apparatus of claim 52, wherein said at least one hardware device is further configured to evaluate said embedded time hint to reduce a search space for another user authentication passcode.
  - 58. The server apparatus of claim 52, wherein said embedded time hint is encrypted using a secret key.
  - 59. The server apparatus of claim 52, wherein said verification-dependent auxiliary channel and said user authentication passcode employ a second forward-secure pseudorandom generator of said at least two independent forward-secure pseudorandom generators that is independent of a first forward-secure pseudorandom generator employed by said verification-dependent auxiliary channel and said user authentication passcode.
  - 60. The server apparatus of claim 59, wherein said second forward-secure pseudorandom generator generates seeds based on a low-rate time based hash chain.
  - 61. The server apparatus of claim 59, wherein said second forward-secure pseudorandom generator generates seeds on-demand.
  - 62. The server apparatus of claim 59, wherein said second forward-secure pseudorandom generator is used to embed a time hint indicating a current epoch of said first forward-secure pseudorandom generator.
  - 63. The server apparatus of claim 59, wherein said server apparatus evaluates a received passcode that failed using seeds generated by said first forward-secure pseudorandom generator by employing seeds generated by said second forward-secure pseudorandom generator.
  - 64. The server apparatus of claim 59, wherein said server apparatus employs said embedded time hint to update a search space with respect to said first forward-secure pseudorandom generator if said received passcode is verified using said seeds generated by said second forward-secure pseudorandom generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Triandopoulos, Nikolaos, Juels, Ari, Brainard, John
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US13/828,503
Time in Patent Office

1,769 Days
Field of Search

713151-169, 726 2- 7
US Class Current
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 9/0872   using geo-location informat...

H04L 9/3213   using tickets or tokens, e....

Forward secure one-time authentication tokens with embedded time hints

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Forward secure one-time authentication tokens with embedded time hints

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links