Patent · US Active

Protecting one-time-passwords against man-in-the-middle attacks

US7840993B2 · kind B2 · utility

26Cited by

6References

21Claims

0Family size

Assignee

TriCipher, Inc. · US

Inventors

Ravi Ganesan · Norcross, US
Ravinderpal Singh Sandhu · Oak Hill, US
Andrew Cottrell · Minneapolis, US
Brett Jason Schoppert · Leesburg, US
Mihir Bellare · San Diego, US

Key dates

Filing date	May 2, 2006
Grant date	Nov 23, 2010
Priority date	—
Expiry date	Jul 10, 2029

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/062
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.