The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jul. 24, 2012
Filed:
Apr. 14, 2009
Trevor William Freeman, Sammamish, WA (US);
Josh Benaloh, Redmond, WA (US);
K John Biccum, Bellevue, WA (US);
Atul Kumar Shah, Sammamish, WA (US);
Trevor William Freeman, Sammamish, WA (US);
Josh Benaloh, Redmond, WA (US);
K John Biccum, Bellevue, WA (US);
Atul Kumar Shah, Sammamish, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
Single-use character combinations are a secure mechanism for user authentication. Such 'one-time passwords' (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.