Information security – Access control or authentication – Network
Reexamination Certificate
2006-05-02
2010-11-23
Arani, Taghi T (Department: 2438)
Information security
Access control or authentication
Network
C713S168000, C380S281000, C380S259000, C726S014000
Reexamination Certificate
active
07840993
ABSTRACT:
To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.
REFERENCES:
patent: 5737419 (1998-04-01), Ganesan
patent: 6148404 (2000-11-01), Yatsukawa
patent: 6161139 (2000-12-01), Win et al.
patent: 6370649 (2002-04-01), Angelo et al.
patent: 6609198 (2003-08-01), Wood et al.
patent: 6908030 (2005-06-01), Rajasekaran et al.
patent: 2002/0002678 (2002-01-01), Chow et al.
patent: 2002/0078344 (2002-06-01), Sandhu et al.
patent: 2002/0087860 (2002-07-01), Kravitz
patent: 2002/0095507 (2002-07-01), Jerdonek
patent: 2002/0095569 (2002-07-01), Jerdonek
patent: 2003/0084304 (2003-05-01), Hon et al.
patent: 2003/0115452 (2003-06-01), Sandhu et al.
patent: 2003/0135739 (2003-07-01), Talton, Sr.
patent: 2004/0008845 (2004-01-01), Le et al.
patent: 2005/0050330 (2005-03-01), Agam et al.
patent: 2005/0132192 (2005-06-01), Jeffries et al.
patent: 03/063411 (2003-07-01), None
Messmer, E., “Authentication services on tap,” NetworkWorld, Sep. 27, 2004, p. 35.
Anderson, et al., “A New Family of Authentication Protocols”, Cambridge University Computer Laboratory, England, pp. 9-20.
Basney, et al., “A Roadmap for Integration of Grid Security with One-Time Passwords”, May 21, 2004, pp. 1-10.
Bicakici, et al., “One-Time Passwords: Security Analysis Using BAN Logic and Integrating with Smartcard Authentication”, Middle East Technical University, 2003, pp. 794-801.
Halevi, et al., “Public-key Cryptography and Password Protocols”, 1998, pp. 122-131.
E Week, The Enterprise Newsweekly, Sep. 20, 2004.
J. Gaskin, “Eliminate static passwords; CryptoCard offers guaranteed two-factor authentication security”, Aug. 8, 2005, pp. 1-2.
C. Garretson, “IronPort looks to be e-mail's guardian”, Enterprise Applications, Sep. 27, 2004.
E. Wine, “Another Obstacle for Hackers to Scale”, The Fitness Report, Jun. 2005.
Gale Group, “Aladdin Granted Second U.S. Patent for Utilizing USB-Based Portable Devices”, PR Newswire, Sep. 7, 2004.
Gale Group, “VeriSign Licenses Mobile Tokens and Mobile Authentication Services from Diversinet”, Business Wire, Jun. 28, 2005.
Gale Group, “Settlement Agreement Affirms Aladdin's Rights Over USB Token Patent”, PR Newswire, Jun. 29, 2005.
Bellare Mihir
Cottrell Andrew Paul
Ganesan Ravi
Sandhu Ravinderpal Singh
Schoppert Brett Jason
Arani Taghi T
Lee Jason
TriCipher Inc.
LandOfFree
Protecting one-time-passwords against man-in-the-middle attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protecting one-time-passwords against man-in-the-middle attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protecting one-time-passwords against man-in-the-middle attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4158204