Invention Grant
- Patent Title: One-time password access to password-protected accounts
- Patent Title (中): 一次性密码访问受密码保护的帐户
-
Application No.: US11852393Application Date: 2007-09-10
-
Publication No.: US08255696B2Publication Date: 2012-08-28
- Inventor: Dinei A. Florencio , Cormac E. Herley
- Applicant: Dinei A. Florencio , Cormac E. Herley
- Applicant Address: US WA Redmond
- Assignee: Microsoft Corporation
- Current Assignee: Microsoft Corporation
- Current Assignee Address: US WA Redmond
- Agency: Lee & Hayes, PLLC
- Main IPC: G06F21/00
- IPC: G06F21/00

Abstract:
Systems and methods facilitate secure one-time-password access to an account in a remote server from an untrusted client. The system consists of an intermediary component whose salient components are a proxy component, a webserver component, and an encryption/decryption component, and it preserves the characteristics of both the server and client. In a man-in-the-middle fashion, the proxy substitutes a one-time password entered at a login interface with a true password, and forwards it to the remote login server. True passwords are encrypted using a seed associated with user identifiers, and a list of one-time passwords is generated/updated and stored on media or transmitted to an electronic device. Substitution takes place by decrypting the one-time password with the seed used for encryption, ensuring the proxy avoids storing the true password.
Public/Granted literature
- US20080276098A1 ONE-TIME PASSWORD ACCESS TO PASSWORD-PROTECTED ACCOUNTS Public/Granted day:2008-11-06
Information query