Method and apparatus for generating one-time passwords

摘要

A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications.

主权项

1. A method of using one-time passwords to authenticate access to one or more accounts of a user, the method comprising the steps of:
assigning, upon input from the user, each one of multiple sequence generators in a communications device to a different one of multiple corresponding service entities each having an account of the user and a server assigned to a corresponding one of the multiple sequence generators, wherein, upon being reset by the user, each one of the multiple sequence generators is assignable to a second different one of the multiple corresponding service entities, and wherein the assigning step further comprises the step of providing the server corresponding to each service entity with
i) a seed to a specific one of the multiple sequence generators,ii) a key for the specific one of the multiple sequence generators, andiii) a current pseudorandom sequence value displayed by the specific one of the multiple sequence generators, wherein the specific one of the multiple sequence generators encrypts the seed with the key to produce the current pseudorandom sequence value; generating a subsequent pseudorandom sequence value from each one of the multiple sequence generators, wherein each of the multiple sequence generators provides access to a different one of the one or more accounts of the user; transmitting to each assigned server a one-time password formed from concatenating a personal identification number (PIN) with a corresponding one of the subsequent pseudorandom sequence values; receiving a confirmation from each assigned server that the server has authenticated the user for access to one of the one or more accounts on a condition that a login identification (ID) received by the server from the user matches a login ID stored by the server, and the one-time password received by the server matches a server-generated one-time password; and receiving a second one-time password from each assigned server.