公开(公告)号：US20100262834A1

公开(公告)日：2010-10-14

申请号：US12423163

申请日：2009-04-14

申请人： Trevor William Freeman ,  Josh Benaloh ,  K John Biccum ,  Atul Kumar Shah

发明人： Trevor William Freeman ,  Josh Benaloh ,  K John Biccum ,  Atul Kumar Shah

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L9/0891 ,  G06F21/31 ,  G06F21/33 ,  H04L9/3228 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0838 ,  H04L2209/80

摘要： Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.

摘要翻译： 一次性字符组合是用户认证的安全机制。 这种“一次性密码”（OTP）可以由用户另外保持容易访问的移动设备生成。 密钥交换，例如根据Diffie-Hellman算法，可以向移动设备和服务器提供可以从其生成OTP的共享秘密。 共享密钥可以从服务器上发布的参数导出，并定期更新，移动设备可以在生成OTP之前从服务器获取这些参数。 这样的参数也可以指定要使用的OTP机制的类型。 第二个站点可以独立地使用移动设备建立OTP机制。 为了提高效率，第一台服务器可以提供一种以令人信服的方式提供移动设备公钥的身份令牌，从而能够更有效地生成第二台服务器的共享密钥。

公开(公告)号：US08230231B2

公开(公告)日：2012-07-24

申请号：US12423163

申请日：2009-04-14

申请人： Trevor William Freeman ,  Josh Benaloh ,  K John Biccum ,  Atul Kumar Shah

发明人： Trevor William Freeman ,  Josh Benaloh ,  K John Biccum ,  Atul Kumar Shah

IPC分类号： H04L29/06

CPC分类号： H04L9/0891 ,  G06F21/31 ,  G06F21/33 ,  H04L9/3228 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0838 ,  H04L2209/80

摘要： Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.

摘要翻译： 一次性字符组合是用户认证的安全机制。 这种“一次性密码”（OTP）可以由用户另外保持容易访问的移动设备生成。 密钥交换，例如根据Diffie-Hellman算法，可以向移动设备和服务器提供可以从其生成OTP的共享秘密。 共享密钥可以从服务器上发布的参数导出，并定期更新，移动设备可以在生成OTP之前从服务器获取这些参数。 这样的参数也可以指定要使用的OTP机制的类型。 第二个站点可以独立地使用移动设备建立OTP机制。 为了提高效率，第一台服务器可以提供一种以令人信服的方式提供移动设备公钥的身份令牌，从而能够更有效地生成第二台服务器的共享密钥。