主权项 |
1. A system for utilizing pre-generated one-time passwords, the system comprising:
a password server executing one or more applications which cause the password server to generate a list of One-Time Passwords (OTPs) comprising multiple OTPs and package the list of OTPs for delivery; and a client device, the client device comprising a processor and a memory, wherein the password server downloads the list of OTPs to the client device in response to a request, and wherein the client device saves the downloaded list of OTPs to the memory of the client device for use in accessing a resource requiring authentication, wherein the client device comprises a client application stored in the memory of the client device, and the client application, when executed by the processor, causes the processor to select one of the OTPs from the list of OTPs in the memory of the client device for use in accessing the resource requiring authentication, the client application causes the processor to access user input being a trial PIN and a counter, the counter having a unique value for each OTP on the list of OTPs, the client application causes the processor to combine the trial PIN and the counter as an input seed to a mask generation function, the processor uses an output of the mask generation function to unmask the selected OTP that corresponds to the counter, the unmasking provides a plausible candidate OTP for every trial PIN that is input and provides a correct OTP when the trial PIN matches a user PIN that was used to mask the list of OTPs. |