Authentication system using one-time passwords

Assignee

• International Business Machines Corporation · US

Inventors

• Richard Henry Guski · Red Hook, US
• Raymond Craig Larson · Rhinebeck, US
• Stephen M. Matyas · Manassas, US
• Donald B. Johnson · Manassas, US
• Don Coppersmith · Ossining, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/61
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system for authenticating a user located at a requesting node to a resource such as a host application located at an authenticating node using one-time passwords that change pseudorandomly with each request for authentication. At the requesting node a non-time-dependent value is generated from nonsecret information identifying the user and the host application, using a secret encryption key shared with the authenticating node. The non-time-dependent value is combined with a time-dependent value to generate a composite value that is encrypted to produce an authentication parameter. The authentication parameter is reversibly transformed into an alphanumeric character string that is transmitted as a one-time password to the authenticating node. At the authenticating node the received password is transformed back into the corresponding authentication parameter, which is decrypted to regenerate the composite value. The non-time-dependent value is replicated at the authenticating node using the same nonsecret information and encryption key shared with the requesting node. The locally generated non-time-dependent value is combined with the regenerated composite value to regenerate the t…