Single one-time password token with single PIN for access to multiple providers
First Claim
1. A mechanism to generate a one-time password using a single personal identification number, the mechanism comprising:
- an input configured to receive the personal identification number;
a token application including a token dataset, the token dataset including a plurality of compartments, each compartment corresponding to a reciprocal transaction party, the compartment including a token secret and a token parameter, the token application configured to generate a one-time password in response to the received personal identification number, the one time password generated from the token dataset and the token parameter of the compartment corresponding to the reciprocal transaction party;
an output configured to transmit a unique identifier and the one time password to the reciprocal transaction party.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and a method are disclosed that includes a first party with a terminal and a one-time password token, one or more second parties, each with a host application system and a service provider authentication server, and a third party with a host application system and a master authentication server. The first party uses a single one-time password token with a single personal identification number (PIN) to access the one or more second parties. A third party issues the token to the first party and synchronizes token secrets and parameters with the one or more second parties. This offloads token management from the second parties and allows the second parties to directly authenticate the first party. The authentication of the first party by the second party does not involve the third party.
310 Citations
23 Claims
-
1. A mechanism to generate a one-time password using a single personal identification number, the mechanism comprising:
-
an input configured to receive the personal identification number;
a token application including a token dataset, the token dataset including a plurality of compartments, each compartment corresponding to a reciprocal transaction party, the compartment including a token secret and a token parameter, the token application configured to generate a one-time password in response to the received personal identification number, the one time password generated from the token dataset and the token parameter of the compartment corresponding to the reciprocal transaction party;
an output configured to transmit a unique identifier and the one time password to the reciprocal transaction party. - View Dependent Claims (2, 3, 4)
-
-
5. A method to issue a token for secured transactions, the method comprising:
-
generating, in response to a request for a token, a token dataset, the token dataset including a token secret and a token parameter;
transmitting a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
receiving a request for authentication from a first party, the request including a unique identifier and a physical device identifier;
transmitting a request containing an authorization code to the first party;
receiving the authorization code from the first party;
transmitting a one-time password token dataset and application to a physical device corresponding to the physical device identifier of the first party; and
transmitting synchronization information of the one-time password token dataset and application to a second party. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A system including a first party, at least one second party, and a third party, the system comprising:
-
a token generator configured to generate a token dataset in response to a request for a token, the token dataset including a token secret and a token parameter;
a transmission interface to transmit a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
a master authentication server of the third party configured to either issue or update a one-time password token dataset and application for the first party and to notify the second party of the token secrets and parameters corresponding to the one-time password token of the first party; and
a service provider authentication server of the second party configured to verify the one-time password submitted by the first party to the second party. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer readable medium adapted to store instructions executable by a processor, the instructions for issuance of a token dataset and application for secured transactions that when executed by the processor cause the processor to:
-
generate, in response to a request for a token, a token dataset, the token dataset including a token secret and a token parameter;
transmit a token application to a first party, the token application including a cryptographic algorithm and the token dataset;
receive a request for authentication from a first party, the request including a unique identifier and a physical device identifier;
transmit a request containing an authorization code to the first party;
receive the authorization code from the first party;
transmit a one-time password token dataset and application to a physical device corresponding to the physical device identifier of the first party; and
transmit synchronization information of the one-time password token dataset and application to a second party. - View Dependent Claims (20, 21, 22, 23)
-
Specification