| 发明名称 |
One-time passcodes with asymmetric keys |
| 摘要 |
Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device and by the administrator. This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on the rounded time. |
| 申请公布号 |
US9235697(B2) |
申请公布日期 |
2016.01.12 |
| 申请号 |
US201313785766 |
申请日期 |
2013.03.05 |
| 申请人 |
Biogy, Inc. |
发明人 |
Fiske Michael Stephen |
| 分类号 |
G06F21/00;H04L29/06;G06F21/32;H04L9/08;H04L9/32;G06F21/33;G06F21/34 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Lewis David |
| 主权项 |
1. A method comprising:
enrolling, by a device, a user in a system based on at least user information, the device including a processor system having at least one processor and a memory system, the memory system having a nontransitory memory; storing the user information in the memory system of the device; and at a completion of the enrolling, generating asymmetric keys and a registration code based on quantum information from a semiconductor that detects the arrival of photons, the registration code being a sequence of symbols or bits; wherein the asymmetric keys include a user key and an administrator key, which are different from one another, the user key being required to perform one or more operations on a physical token or in a secure area of the device, the administrator key being required to perform one or more operations on at least one backend server, the backend server including a second processor system having at least one processor and a second memory system; wherein the administrator key is generated based on information provided by the user; wherein it is mathematically intractable to guess the user key from the administrator key; and wherein it is mathematically intractable to guess the administrator key from the user key. |
| 地址 |
San Francisco CA US |
