Single-use password authentication

US 20060080545A1
Filed: 10/12/2004
Published: 04/13/2006
Est. Priority Date: 10/12/2004
Status: Active Grant

First Claim

Patent Images

1. In an environment that includes a client, a service provider, and an authentication service, a method of authenticating the client to the service provider using a one-time password, the method comprising the authentication service performing acts of:

generating an authentication service identifier for the client;

receiving a client moniker from the client;

sending a one-time password to the client for the client to use in accessing the service provider;

receiving a one-time password from the service provider; and

if the one-time password received from the service provider matches the one-time password sent to the client, then sending the authentication service identifier for the client to the service provider to authenticate the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer program products and methods for authentication using a one-time password. In system that includes a client, a service provider, and an authentication service, the authentication service generates an authentication service identifier for the client. Any suitable identifier may be used for the authentication service identifier, which generally takes the form of an arbitrary number of characters. From the client, the authentication service receives a client moniker (e.g., a username) for the client to use when accessing the authentication service. The authentication service sends a one-time password to the client for the client to use in accessing the service provider. When the authentication service receives a one-time password from the service provider, the authentication service sends the authentication service identifier for the client to the service provider to authenticate the client if the one-time password received from the service provider matches the one-time password sent to the client.

169 Citations

30 Claims

1. In an environment that includes a client, a service provider, and an authentication service, a method of authenticating the client to the service provider using a one-time password, the method comprising the authentication service performing acts of:
- generating an authentication service identifier for the client;
  
  receiving a client moniker from the client;
  
  sending a one-time password to the client for the client to use in accessing the service provider;
  
  receiving a one-time password from the service provider; and
  
  if the one-time password received from the service provider matches the one-time password sent to the client, then sending the authentication service identifier for the client to the service provider to authenticate the client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as recited in claim 1, wherein the one-time password received from the service provider matches the one-time password sent to the client, the method further comprising the authentication service performing an act of discarding the one-time password to limit further use of the one-time password in authenticating the client.
  - 3. A method as recited in claim 1, further comprising the authentication service performing an act of selecting one-time password sent to the client from a list of random numbers.
  - 4. A method as recited in claim 1, wherein the authentication service generates the authentication service identifier for the client as part of a registration operation during which the authentication service receives the client moniker from the client through a trusted entity that verifies the client'"'"'s identity.
  - 5. A method as recited in claim 1, wherein the authentication service sends the authentication service identifier for the client to the service provider over a secure connection that authenticates the identity of the authentication service to the service provider.

6. In an environment that includes a client, a service provider, and an authentication service, a computer program product comprising one or more computer readable media carrying computer executable instructions that implement a method of authenticating the client to the service provider using a one-time password, the method comprising the authentication service performing acts of:
- generating an authentication service identifier for the client;
  
  receiving a client moniker from the client;
  
  sending a one-time password to the client for use with the service provider;
  
  receiving a one-time password from the service provider; and
  
  if the one-time password received from the service provider matches the one-time password sent to the client, then sending the authentication service identifier for the client to the service provider to authenticate the client.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. A computer program product as recited in claim 6, the method further comprising the authentication service performing an act of discarding the one-time password sent to the client to limit further use of the one-time password in authenticating the client after an expiration time.
  - 8. A computer program product as recited in claim 6, the method further comprising the authentication service performing an act of generating the one-time password sent to the client using an algorithm for generating random numbers.
  - 9. A computer program product as recited in claim 6, wherein the one-time password received from the service provider fails to match the one-time password sent to the client.
  - 10. A computer program product as recited in claim 6, wherein the service provider is a trusted entity for authenticating client information to a new service provider, the method further comprising the authentication service performing acts of:
    - receiving client information from the client;
      
      sending the client information to the trusted entity provider to authenticate;
      
      receiving the one-time password from the trusted entity service provider as an indication that the client information is accurate;
      
      sending the client information to the new service provider;
      
      receiving the one-time password from the new service provider; and
      
      sending the authentication service identifier for the client to the new service provider as an indication that the client information is accurate.
  - 11. A computer program product as recited in claim 10, the method further comprising an act of the authentication service discarding the one-time password after the one-time password is received from the new service provider.
  - 12. A computer program product as recited in claim 10, wherein the service provider is an email recipient.
  - 13. A computer program product as recited in claim 10, further comprising an act of sending the authentication service identifier to the client to be used as an encryption key.

14. In an environment that includes a client, a service provider, and an authentication service, a method of the service provider authenticating the client through a one-time password, the method comprising the service provider performing acts of:
- associating an authentication service identifier for the client with a service provider identifier for the client;
  
  receiving the service provider identifier for the client;
  
  receiving a one-time password from the client to use in authenticating the client through the authentication service;
  
  verifying that the service provider identifier for the client represents a valid service provider identifier;
  
  sending the one-time password to the authentication service so that the authentication service can determine if a client authentication service identifier is associated with the one-time password at the authentication service and can be sent to the service provider; and
  
  if an authentication service identifier for the client received from the authentication service matches the authentication service identifier for the client associated with the service provider identifier for the client at the service provider, then allowing the client access to one or more services offered by the service provider.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. A method as recited in claim 14, wherein the authentication service identifier for the client is associated with a service provider identifier for the client as part of a registration operation during which the service provider first receives the authentication service identifier for the client in order to make the association.
  - 16. A method as recited in claim 15, wherein the registration operation is conducted in connection with activating a credit card.
  - 17. A method as recited in claim 16, further comprising the service provider performing acts of:
    - receiving a credit card number from the client over a telephone connection;
      
      receiving a registration one-time password from the client over the telephone connection;
      
      sending the registration one-time password to the authentication service; and
      
      receiving the authentication service identifier for the client to be associated with the service provider identifier for the client from the authentication service.
  - 18. A method as recited in claim 14, further comprising the service provider performing acts of:
    - receiving an authentication service identifier for the client from the authentication service;
      
      matching the authentication service identifier for the client received from the authentication service with the authentication service identifier for the client that is associated with the service provider identifier for the client at the service provider, and allowing the client access to one or more services offered by the service provider.
  - 19. A method as recited in claim 14, wherein no authentication service identifier for the client is received from the authentication service, indicating that no client authentication service identifier is associated with the one-time password at the authentication service.

20. In an environment that includes a client, a service provider, and an authentication service, a computer program product comprising one or more computer readable media carrying computer executable instructions that implement a method of the service provider authenticating the client through a one-time password, the method comprising the service provider performing acts of:
- associating an authentication service identifier for the client with a service provider identifier for the client;
  
  receiving the service provider identifier for the client;
  
  receiving a one-time password from the client to use in authenticating the client through the authentication service;
  
  verifying that the service provider identifier for the client represents a valid service provider identifier;
  
  sending the one-time password to the authentication service so that the authentication service can determine if a client authentication service identifier is associated with the one-time password at the authentication service and can be sent to the service provider; and
  
  if an authentication service identifier for the client received from the authentication service matches the authentication service identifier for the client associated with the service provider identifier for the client at the service provider, then allowing the client access to one or more services offered by the service provider.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. A computer program product as recited in claim 20, wherein the service provider receives the authentication service identifier for the client over a secure connection that authenticates the identity of the service provider to the authentication service.
  - 22. A computer program product as recited in claim 20, wherein the one or more services offered by the service provider include electronic voting.
  - 23. A computer program product as recited in claim 20, wherein the one or more services offered by the service provider comprise processing electronic mail for one or more electronic mail recipients.
  - 24. A computer program product as recited in claim 20, wherein the authentication service identifier comprises a generic authentication service identifier for multiple clients.
  - 25. A computer program product as recited in claim 22, wherein the one-time password is received from the client in connection with the client casting an electronic vote, the method further comprising an act of the service provider sending the electronic vote to a vote tallying authority if the authentication service identifier for the client received from the authentication service matches the authentication service identifier for the client associated with the service provider identifier for the client at the service provider.
  - 26. A computer program product as recited in claim 20, wherein the service provider is a trusted entity for authenticating client information to a new service provider, the method further comprising the trusted entity service provider performing acts of:
    - receiving client information to authenticate to the new service provider; and
      
      sending the one-time password to the authentication service only if the client information accurately corresponds to the received service provider identifier for the client and the authorization service identifier for the client to authenticate to indicate to the authentication service that the client information is accurate.

27. In an environment that includes a client, a service provider, and an authentication service, a computer program product comprising one or more computer readable media carrying computer executable instructions that implement a method of the client authenticating to the service provider using a one-time password, the method comprising the client performing acts of:
- sending a client moniker to the authentication service;
  
  receiving a one-time password from the authentication service that is associated with an authentication service identifier for the client to use in accessing the service provider;
  
  sending a service provider identifier for the client to the service provider so that the service provider can locate the authentication service identifier for the client that is associated with the service provider identifier for the client at the service provider; and
  
  sending the one-time password to the service provider so that the service provider can send the one-time password to the authentication service, receive the authentication service identifier for the client that is associated with the one-time password from the authentication service, and match the authentication service identifier for the client that is received from the authentication service with the authentication service identifier for the client that is associated with the service provider identifier for the client at the service provider.
- View Dependent Claims (28, 29, 30)
- - 28. A computer program product as recited in claim 27, wherein the service provider is part of a password protected file protocol at the client that requests the one-time password in order to grant access to a protected file.
  - 29. A computer program product as recited in claim 27, wherein the client sends the one-time password to the service provider over a secure connection that authenticates the identity of the client to the service provider.
  - 30. A computer program product as recited in claim 27, the method further comprising the client performing acts of:
    - receiving a registration one-time password from the authentication service that is associated with the authentication service identifier for the client;
      
      sending the service provider identifier for the client to the service provider in preparation for registering the client with the service provider; and
      
      sending the registration one-time password to the service provider so that the service provider can send the registration one-time password to the authentication service, receive the authentication service identifier for the client from the authentication service, and associate the authentication service identifier for the client that is received from the authentication service with the service provider identifier for the client at the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tokenym LLC
Original Assignee
Brian B. Bagley
Inventors
Bagley, Brian B.

Granted Patent

US 7,613,919 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 9/3228   One-time or temporary data,...

Single-use password authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

169 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Single-use password authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links