Invention Grant
US09197411B2 Protocol and method for client-server mutual authentication using event-based OTP
有权
使用基于事件的OTP进行客户机 - 服务器相互验证的协议和方法
- Patent Title: Protocol and method for client-server mutual authentication using event-based OTP
- Patent Title (中): 使用基于事件的OTP进行客户机 - 服务器相互验证的协议和方法
-
Application No.: US13412275Application Date: 2012-03-05
-
Publication No.: US09197411B2Publication Date: 2015-11-24
- Inventor: Salah E. Machani , Konstantin Teslenko
- Applicant: Salah E. Machani , Konstantin Teslenko
- Applicant Address: US CT Danbury
- Assignee: IMS HEALTH INCORPORATED
- Current Assignee: IMS HEALTH INCORPORATED
- Current Assignee Address: US CT Danbury
- Agency: Maldjian Law Group LLC
- Main IPC: H04L9/32
- IPC: H04L9/32 ; H04L9/08 ; G06Q20/38 ; G06Q20/40 ; H04L29/06
Abstract:
A method of authenticating and encrypting a client-server communication is provided. Two one-time passwords (OTP1 and OTP2) are generated from a cryptographic token. An encryption key (K_ENC) and a MAC key (K_MAC) are generated based on OTP2. The client data are prepared and protected using K_ENC and K_MAC. A request message is sent from the client to the server, and contains the protected client data, a cryptographic token identifier and OTP1. OTP1 is validated at the server, and OTP2 is generated at the server upon successful validation. K_ENC and K_MAC are derived from OTP2 at the server. The request message is processed and result data is generated. The result data is encrypted using K_ENC and a digest is created using K_MAC. The encrypted result data is sent to the client, and is decrypted using K_ENC and the authenticity of the result data is verified using K_MAC.
Public/Granted literature
- US20120226906A1 Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP Public/Granted day:2012-09-06
Information query
