公开(公告)号：US08799655B1

公开(公告)日：2014-08-05

申请号：US13627224

申请日：2012-09-26

Applicant: EMC Corporation

Inventor： Yedidya Dotan ,  Jennifer Chong ,  Jonathan Wu ,  David D. Taku

IPC: H04L9/00 ,  H04K1/00 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/3228 ,  H04L63/0838

Abstract: A technique of authenticating a user involves storing a set of expected OTPs in memory of a mobile device, the set of expected OTPs having been previously generated by and acquired from an external authentication server. The technique further involves receiving, after the set of expected OTPs is stored in the memory, an authentication request from a user of the mobile device, the authentication request including a user-provided OTP. The technique further involves performing, by processing circuitry of the mobile device, a local authentication operation which provides an authentication result based on a comparison between the user-provided OTP and an expected OTP of the set of expected OTPs stored in the memory. The authentication result indicates whether authentication of the user is successful or unsuccessful.

Abstract translation: 认证用户的技术涉及将一组期望的OTP存储在移动设备的存储器中，所述一组期望的OTP已经由外部认证服务器先前生成和获取。 该技术还包括在所述一组期望的OTP存储在存储器中之后，接收来自移动设备的用户的认证请求，认证请求包括用户提供的OTP。 该技术还涉及通过处理移动设备的电路来执行本地认证操作，其基于用户提供的OTP与存储在存储器中的一组预期OTP的预期OTP之间的比较来提供认证结果。 验证结果表明用户的身份验证是成功还是不成功。

公开(公告)号：US09917694B1

公开(公告)日：2018-03-13

申请号：US14092028

申请日：2013-11-27

Applicant: EMC Corporation

Inventor： Ari Juels ,  David D. Taku

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L9/0861 ,  H04L9/0825 ,  H04L9/3226 ,  H04L9/3234

Abstract: A processing device is configured to obtain an address and a public key, both associated with an authentication service, to generate a symmetric key as a function of the public key, to configure an authentication token to incorporate the symmetric key, to encrypt the symmetric key utilizing the public key, and to transmit the encrypted symmetric key to the address so as to permit the authentication service to bind the symmetric key to an identifier of the authentication token. By way of example, the authentication token may comprise a software authentication token implemented on the processing device. One or more tokencodes generated by the authentication token utilizing the symmetric key are transmitted to the authentication service for authentication. The authentication by the authentication service is based on the symmetric key bound to the identifier of the authentication token.