Single one-time password token with single PIN for access to multiple providers

US 20070130463A1
Filed: 03/15/2006
Published: 06/07/2007
Est. Priority Date: 12/06/2005
Status: Abandoned Application

First Claim

Patent Images

1. A mechanism to generate a one-time password using a single personal identification number, the mechanism comprising:

an input configured to receive the personal identification number;

a token application including a token dataset, the token dataset including a plurality of compartments, each compartment corresponding to a reciprocal transaction party, the compartment including a token secret and a token parameter, the token application configured to generate a one-time password in response to the received personal identification number, the one time password generated from the token dataset and the token parameter of the compartment corresponding to the reciprocal transaction party;

an output configured to transmit a unique identifier and the one time password to the reciprocal transaction party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method are disclosed that includes a first party with a terminal and a one-time password token, one or more second parties, each with a host application system and a service provider authentication server, and a third party with a host application system and a master authentication server. The first party uses a single one-time password token with a single personal identification number (PIN) to access the one or more second parties. A third party issues the token to the first party and synchronizes token secrets and parameters with the one or more second parties. This offloads token management from the second parties and allows the second parties to directly authenticate the first party. The authentication of the first party by the second party does not involve the third party.

310 Citations

23 Claims

1. A mechanism to generate a one-time password using a single personal identification number, the mechanism comprising:
- an input configured to receive the personal identification number;
  
  a token application including a token dataset, the token dataset including a plurality of compartments, each compartment corresponding to a reciprocal transaction party, the compartment including a token secret and a token parameter, the token application configured to generate a one-time password in response to the received personal identification number, the one time password generated from the token dataset and the token parameter of the compartment corresponding to the reciprocal transaction party;
  
  an output configured to transmit a unique identifier and the one time password to the reciprocal transaction party.
- View Dependent Claims (2, 3, 4)
- - 2. The mechanism of claim 1, wherein the token secret comprises at least one of a cryptographic key, random number, a control vector or combinations thereof.
  - 3. The mechanism of claim 2, wherein the token parameter comprises at least one of an encrypted personal identification number and a monotonically increasing or decreasing sequence number.
  - 4. The mechanism of claim 1, further comprising at least one cryptographic module for at least one of encrypting signals to transmit through the output and decrypting signals received through the input.

5. A method to issue a token for secured transactions, the method comprising:
- generating, in response to a request for a token, a token dataset, the token dataset including a token secret and a token parameter;
  
  transmitting a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
  
  receiving a request for authentication from a first party, the request including a unique identifier and a physical device identifier;
  
  transmitting a request containing an authorization code to the first party;
  
  receiving the authorization code from the first party;
  
  transmitting a one-time password token dataset and application to a physical device corresponding to the physical device identifier of the first party; and
  
  transmitting synchronization information of the one-time password token dataset and application to a second party.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5, wherein the unique identifier is an electronic mail address.
  - 7. The method of claim 5, wherein the physical device identifier comprises a mobile telephone identifier.
  - 8. The method of claim 5, wherein the physical device identifier comprises a media access control identifier.
  - 9. The method of claim 5, further comprising receiving a hash of a personal identification number (PIN), the PIN set in response to the one-time password token application.
  - 10. The method of claim 5, further comprising receiving from the second party a request for synchronization information.
  - 11. The method of claim 10, wherein the synchronization information comprises an identifier for the second party and a token update list, the token update list includes the one-time password token dataset or its subset.
  - 12. The method of claim 11, wherein the synchronization information further comprises the unique user identifier, a token dataset including token secrets and a hashed and/or encrypted personal identification number (PIN) received from the first party.

13. A system including a first party, at least one second party, and a third party, the system comprising:
- a token generator configured to generate a token dataset in response to a request for a token, the token dataset including a token secret and a token parameter;
  
  a transmission interface to transmit a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
  
  a master authentication server of the third party configured to either issue or update a one-time password token dataset and application for the first party and to notify the second party of the token secrets and parameters corresponding to the one-time password token of the first party; and
  
  a service provider authentication server of the second party configured to verify the one-time password submitted by the first party to the second party.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the one-time password token dataset in the token of the first party is logically partitioned for each second party.
  - 15. The system of claim 13, wherein the one-time password token application of the first party operates with the same personal identification number (PIN) for each second party interacting with the first party.
  - 16. The system of claim 13, wherein the second party verifies one-time passwords generated from the tokens of a plurality of first parties.
  - 17. The system of claim 14, wherein the third party issues or updates one-time password token datasets and applications of a plurality of first parties.
  - 18. The system of claim 17, wherein the third party synchronizes the one-time password token datasets and applications of the plurality of first parties with a plurality of second parties.

19. A computer readable medium adapted to store instructions executable by a processor, the instructions for issuance of a token dataset and application for secured transactions that when executed by the processor cause the processor to:
- generate, in response to a request for a token, a token dataset, the token dataset including a token secret and a token parameter;
  
  transmit a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
  
  receive a request for authentication from a first party, the request including a unique identifier and a physical device identifier;
  
  transmit a request containing an authorization code to the first party;
  
  receive the authorization code from the first party;
  
  transmit a one-time password token dataset and application to a physical device corresponding to the physical device identifier of the first party; and
  
  transmit synchronization information of the one-time password token dataset and application to a second party.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer readable medium of claim 19, wherein the unique identifier is one of an electronic mail address and a mobile telephone identifier.
  - 21. The computer readable medium of claim 19, further comprising instructions that cause the processor to receive a hash of a personal identification number (PIN), the PIN set in response to the one-time password token application.
  - 22. The computer readable medium of claim 19, further comprising instructions to cause the processor to receive from the second party a request for synchronization information.
  - 23. The computer readable medium of claim 22, wherein the synchronization information comprises an identifier for the second party and a token update list, the token update list includes the one-time password token dataset or its subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boncle, Inc.
Original Assignee
Boncle, Inc.
Inventors
Law, Eric Chun Wah, Yam, Lap

Application Number

US11/376,771
Publication Number

US 20070130463A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

Single one-time password token with single PIN for access to multiple providers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

310 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Single one-time password token with single PIN for access to multiple providers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

310 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links