WO2010117329A1 - Method and system for generating one-time passwords - Google Patents

Method and system for generating one-time passwords Download PDF

Info

Publication number
WO2010117329A1
WO2010117329A1 PCT/SE2010/050386 SE2010050386W WO2010117329A1 WO 2010117329 A1 WO2010117329 A1 WO 2010117329A1 SE 2010050386 W SE2010050386 W SE 2010050386W WO 2010117329 A1 WO2010117329 A1 WO 2010117329A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
user
restricted resource
password generation
time
Prior art date
Application number
PCT/SE2010/050386
Other languages
French (fr)
Inventor
Jesper Tohmo
Original Assignee
Nordic Edge Ab
Roslund, Christer
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nordic Edge Ab, Roslund, Christer filed Critical Nordic Edge Ab
Publication of WO2010117329A1 publication Critical patent/WO2010117329A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • the present invention relates to the field of one-time password generation and in particular to generation of onetime passwords in mobile devices, in particular, the present invention relates to a method for generating one-time passwords according to the preamble of claim 1 and a device according to the preamble of claim 13.
  • the invention also relates to a system according to claim 15, a computer program according to claim 17 and a computer program product according to claim 18.
  • Internet banking, electronic commerce and e-mail constitute but a few examples of the possibilities that the electronic world offer, thus omitting the need for a user to actually visit a Bank, stores for purchasing goods, etc.
  • a general Internet user is often registered to (member of) a plurality of different Internet sites, and when the user identifies himself/herself with such sites, this is often performed by entering a login name and a corresponding password. Every now and then, however, Internet sites are "hacked", with the possible result that login (user) names and associated passwords of users (members) of the said site come into the hands of unauthorized and, at worst, criminal persons .
  • login information such as user names and passwords
  • users of a hacked site can suffer substantial damage, e.g. by finding themselves with cleared out bank accounts.
  • a member of one Internet site "rates" login name and password from one site to another, with the further risk of suffering unauthorized access not only to the site being hacked, but at other sites as well.
  • One-time passwords are constantly and inherently altered, which thus substantially reduces the risk of the passwords falling into the wrong hands.
  • One-time passwords thus make it more difficult to gain unauthorized access to user accounts.
  • a method for one-time password generation the said one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter.
  • a first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource
  • a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct .
  • the use of different password generation parameters for different restricted resources ensure that the hardware device cannot be utilized to gain unauthorized access to any restricted resource other than the ones to which the user does belong.
  • the said first and second password generation parameters can, for example, constitute different encryption keys such as symmetric keys.
  • a one-time password is generated using not only one password generation parameter, but using at least two password generation parameters, such as, e.g. an encryption key and a counter.
  • Counters for different restricted resources can also be arranged to be distinct. The counters are preferably incremented for each generation of a one-time password, wherein one increment can be, e.g., 1, -1 or any suitable number.
  • a parameter that is dependent on the formerly generated one-time password can be used together with the said first password generation parameter .
  • Fig. 1 schematically shows a system in which the present invention advantageously can be utilized.
  • Fig. 2 shows an exemplary embodiment of the present invention .
  • Fig. 3 shows an exemplary procedure for setting up a user device according to the present invention.
  • Fig. 4 shows an example of offline authentication according to the present invention.
  • Fig. 5 shows an example of on-line signing according to the present invention
  • restricted resource is used to represent any kind Internet site that require user identification, e.g. by means of user name and associated password.
  • examples of such restricted resources include online banking services, e-mail service providers, e-commerce stores, user forums, government web site services etc.
  • restricted resource as used herein also includes non-Internet resources, such as, e.g., telephone services (e.g. government or bank telephone services) requiring user identification, and also services provided by computer networks other than the Internet.
  • a mathematical algorithm stored in a hardware device can be used to generate one-time passwords, where, following generation of a first one-time password, the next one-time password is at least partially dependent on the formerly generated password, or where consecutive passwords are generated by incrementing a counter prior to or following each password generation.
  • the generated passwords can be verified by the restricted resource by performing the same calculations using the same algorithm and, if used, counter.
  • One-time passwords utilizes time- synchronisation, that is, the restricted resource and the hardware device generating a password must be time- synchronised, i.e. the password is time dependent.
  • a further kind of one-time passwords is use of a list of (randomly) generated passwords which is handed to the user, the passwords then being used one after another in consecutive access requests .
  • different restricted resources may utilize the same general method for the generation of one-time passwords (OTPs) the devices that are used for generating these OTPs are incompatible with each other, that is, a user being registered at plural restricted resources in general is required to keep track of and carry around separate hardware devices for each restricted resource. This is not only cumbersome to the user but also inefficient from a cost perspective point of view.
  • OTPs one-time passwords
  • the present invention provides a method and device that provides for secure authentication to a plurality of restricted resources using a single hardware device, such as e.g. a mobile device such as mobile phone, smartphone, Personal Digital Assistant, handheld computer etc..
  • a single hardware device such as e.g. a mobile device such as mobile phone, smartphone, Personal Digital Assistant, handheld computer etc.
  • cumbersome use of plural hardware devices can be mitigated to a substantial extent.
  • the single remaining hardware device constitutes an integrated part of a mobile phone, or a software application in a mobile phone, the user, in principle, need not carry any further hardware devices than the ones he/she carries around anyway.
  • a user computer 101 such as a laptop or desk top computer, which is used by a user to electronically access various restricted resources, e.g. using the Internet.
  • the user interacts with the restricted resources he/she is registered to, e.g. an online banking service 102, an e-commerce store 103, and an e-mail service 104.
  • the computer 101 is also utilized to telecommute, e.g. using VPN software, to the user's place of work 105.
  • restricted resources of this kind utilize, or have an increasing tendency to utilize, stronger authentication than a mere use of user name and associated password.
  • the present invention provides stronger authentication using a system wherein a single hardware device is used.
  • a system wherein all restricted resources, e.g. restricted resources 102-105, utilize a joint security system to reduce the number of user hardware devices may not, e.g. for security reasons, be acceptable to the restricted resources. For example, this may require that the various restricted resources must be interconnected, which can be difficult to accomplish.
  • such systems can be vulnerable, for example, if a user being registered to plural restricted resources looses his/her hardware device, not only restricted resources to which the user belongs are exposed, but also other restricted resources of the system.
  • the present invention therefore, provides a system in which, while still reducing the number of hardware devices to a single hardware device for restricted resources of the system, the communication between user and a particular restricted resource is independent of the communication between the user and any other restricted resource, and in which registration to one restricted resource does not increase the risk of unauthorized access to other restricted resources of the system.
  • the present invention provides a system wherein a user of computer 101 can access each of the various restricted resources 102-105 by means of a single hardware device 107, however without any interaction between any of the restricted resources 102-105.
  • the present invention is made possible by a general OTP generation application that is common for each of the restricted resources but which is only a dummy until it is provided with restricted resource "profiles" for the restricted resources to which the user is registered. These profiles contain OTP generation parameters that are different (distinct) for each restricted resource, thereby ensuring that the hardware device 107 cannot be utilized to gain unauthorized access to any restricted resource other than the ones to which the user does belong.
  • a user' s mobile phone is used as hardware device according to the present invention.
  • the user's mobile phone 201 is first provided with the said OTP generation application, which in principle consists of a software application 202 that preferably is downloadable.
  • the OTP generation application includes an algorithm by means of which OTPs can be generated, and which is capable of receiving OTP generation parameters (restricted resource profiles) according to what will be described below.
  • the user can, for example, download the OTP generation application, e.g., from a web site or an application store like Apple Inc. App Store or Google Inc. Android Market.
  • the download and installation of the OTP generation application is preferably an automated process like many other applications are today, and dependent on the particular device being used. If, for example an Apple Inc.
  • the application can be downloaded and installed from the App Store. If a Java MicroEdition (JME) -enabled device is used the application can, for example be downloaded and installed by entering a URL in the web browser application in the user device instead. It is also contemplated that the application can be installed in the device during the manufacturing process, or constitute an integral part of the mobile phone.
  • JME Java MicroEdition
  • the device 201 When the device 201 has been provided with the OTP generation application 202, the device 201 is ready for use according to the present invention.
  • a user that, e.g., requests to become customer of online banking service 204, which utilizes OTP protection according to the present invention, must first get his/her device 201 "set up" for use with the online banking service 204.
  • the request for becoming a customer of the online banking service 204 can, for example, be communicated via the user's computer 205 or by means of visiting a conventional bank office or via a telephone service.
  • a non-limiting exemplary procedure for setting up a user device is disclosed in fig. 3.
  • the method starts with a request 301 according to the above.
  • the restricted resource online banking service 204
  • the online banking service 204 preferably following a validity check of the request (i.e. a verification of the user actually being the user he/she claims to be, which can be accomplished in any suitable manner) requests generation of an online banking service 204 user profile from a trusted entity 207, step 302.
  • the trusted entity 207 can, for example, constitute an entity that supplies user profiles for a plurality, or all restricted resources that utilizes a system according to the present invention. Alternatively, plural trusted entities can be used, or as a further alternative the trusted entity can constitute part of the restricted resource itself. It can, however, be advantageous and convenient for the restricted resources to utilize an external trusted entity as in the disclosed example.
  • the trusted entity 207 receives a user profile request 302, a user profile is generated following the request.
  • the OTP generation application can, in principle, be seen as an empty shell that includes an algorithm by means of which generation of OTPs are possible if proper password generation parameters are supplied.
  • the algorithm can, for example, consist of the HOTP algorithm (also known as OATH) .
  • the OATH algorithm is a standardized open source algorithm. This algorithm generates one-time passwords from a secret shared encryption key and a counter. Naturally, other kinds of algorithms can be used as well, i.e. the RSA algorithm.
  • the user profile request 302 from the restricted resource 204 includes a user ID and, optionally, a mobile phone number (use of the mobile phone number will be described below) .
  • the trusted entity 207 When the trusted entity 207 generates the user profile, this consists of generating a unique symmetric key and a corresponding counter. The unique symmetric key will, once the profile has been stored in the user device, be used to generate one-time passwords that can be verified by the restricted resource.
  • the trusted entity can optionally "personalize" the profile by means of logotypes, icons, backgrounds etc. of the restricted resource so that the profile will be easily distinguishable once plural profiles have been stored in the user device 201.
  • the trusted entity 207 further generates a unique profile name (e.g. a number or alphanumeric character sequence) , which constitutes the identity of the profile, and which is used for subsequent download to the user device 201.
  • the unique symmetric key, corresponding counter, profile name and optional images etc. are then packed in a suitable manner, e.g. into an XML message, whereupon the trusted entity 207 replies back to the restricted resource with the unique symmetric key, corresponding counter and the user ID and optionally the unique profile name, step 303.
  • the restricted resource then prompts the user, e.g. via a text message, to get the profile, 304.
  • the prompt for getting a profile also includes the unique profile name.
  • the prompt for getting a profile can be transmitted directly to the user device 201 from the trusted entity 207 instead, 304' .
  • the user starts the OTP generation application and selects, e.g., option "get profile” and enters the profile name.
  • the trusted entity 207 receives the profile request, 305
  • the profile 211 associated with the profile name i.e. key, counter, images, etc.
  • the user device 201 can optionally acknowledge receipt of the profile, step 307, and the restricted resource is then informed of the transmission (transmission/reception) of the profile, step 308.
  • the profile 211 is received by the user device, it is installed into the OTP generation application 202 for subsequent use when generating OTPs.
  • the generated profile 211 can be deleted from the trusted entity (the unique profile name can be stored so as to ensure that no two profiles having the same name will be generated to avoid possible ambiguities at restricted resources and/or OTP generation applications.
  • the profile 211 has been stored in the application 202 it is ready to be used.
  • the steps of fig. 3 can then be repeated each time the user starts using services of a new restricted resource (e.g. restricted resources 208, 209, 210 ...) supporting the system. Since the restricted resource has access to the same key and counter as the user, the restricted resource can verify a OTP that has been generated by the user device by performing the same calculation using the same algorithm, key and counter. As was mentioned above, other kinds of parameters than counters can also be used.
  • a new restricted resource e.g. restricted resources 208, 209, 210 .
  • the profile can optionally require use of a PIN code, i.e. upon download of the profile, the user can be prompted to enter a PIN code, which then must be entered each time the particular profile is used to generate a OTP.
  • PIN code can also be selectable by the user, or be a mandatory requirement by the restricted resource.
  • the PIN codes can also be required to be different for different restricted resources and this can, for example, be ascertained by the trusted entity or the OTP generation application. If a PIN code is selected, the symmetric key and counter is the encrypted with the PIN code, e.g. using AES-256 bit encryption or any other suitable encryption method.
  • the user device is provided with a unique symmetric key-counter combination (preferably the symmetric key is unique by itself) for each restricted resource that the user registers with, which thus means that once the user and restricted resource have been provided with the key and counter, secure authentication can be obtained without any interaction between restricted resources.
  • the present invention thus provides for a system that mitigates disadvantages of having plural hardware devices, while at the same time ensuring independency between different restricted resources .
  • step 401 the user enters user name and (static) password, whereupon the user will be prompted to enter a one-time password.
  • the user then starts the application 202 in the device 201 and selects the appropriate profile 211 (which is recognizable, e.g. by logotype, icon, name etc.) . If the profile requires a PIN code, the user enters the PIN code which decrypts the symmetric key and the counter so as to allow OTP generation.
  • the key and counter are then used to generate a one-time password, 403, by means of the algorithm in the application 202 which then is presented to the user for entering into the restricted resource log-in procedure (via user computer), 404.
  • the application increases the counter by a predetermined value, e.g. 1, and the corresponding counter at the restricted resource is increased by the same value, 405. Since the restricted resource will always have knowledge of symmetric key and counter, the key and counter are used to verify the OTP by applying key and counter on the same algorithm.
  • the restricted resource tests all counters within the allowed interval to see if any of the such generated passwords are correct.
  • the present invention also provides a method for on-line signing, see fig. 5.
  • a restricted resource service such as a user requesting a bank account transaction, 501
  • the transaction can be temporarily stored in a data base in the restricted resource.
  • the restricted resource can prompt the user to use the device 201 to sign the transactions, 502.
  • the user then starts the application 202 and selects appropriate profile according to the above.
  • the user selects, e.g., "signing”, and enters, if so required, the PIN code.
  • An OTP is then generated and, together with user ID, the device uses an on-line URL (Uniform Resource Locator) stored in the profile to connect to the restricted resource and ask for transactions to be signed, 503, and the application increases the counter by one step.
  • the URL can be specified by the restricted resource and, e.g., be transmitted to the trusted entity in step 302 to be included in the profile that subsequently is downloaded by the user device.
  • the on-line URL can then be used by the end user to download "confirmation requests" from the restricted resource. The requests are then presented to the end user as questions or information, and can be answered to by selecting a button and by entering information into one or more data fields in the OTP generation application.
  • the restricted resource first verifies that the OTP is correct for the specific end-user and then creates a message, e.g. an XML message comprising all outstanding requests.
  • the message also includes a unique transaction number.
  • the corresponding counter for the particular user at the restricted resource is also increased by one step.
  • the message is sent to the user device, 504, which present the signing requests to the user and prompt for a reply.
  • the user can reply, e.g. by selecting a button or entering a value into a text field.
  • a new OTP is generated with corresponding increase of counter by one step.
  • a reply message is then generated which will be sent back to the restricted resource and which includes the transaction (signing) number and the generated OTP, 505. Similar to the above, if the profile requires a PIN code, the user must first enter the PIN code before signing can take place.
  • the reply has been sent back to the restricted resource, the signing request is removed from the user device.
  • the restricted resource receives the reply, verifies the OTP and executes the transactions if the OTP is valid. If not, the transactions will not be executed and the user is notified thereof. Finally, the restricted resource user counter is increased by one step.
  • the present invention thus provides for a novel method of generating OTPs for a plurality of restricted resources, which substantially reduces the burden of a user to keep track of multiple hardware devices, while at the same time providing a system to which restricted resources easily can be added without affecting already existing restricted resources of the system.
  • the present invention has been described with reference to Internet sites above, it is to be understood that it can be utilized in any kind of system wherein strong user authentication is required.
  • the hardware device has been described as a mobile phone.
  • the hardware device can, however, be of any kind that is capable of receiving profiles according to the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method for one-time password generation, the said one-time password being used for user authentication by a restricted resource, wherein the one- time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter. A first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource, and a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct.

Description

METHOD AND SYSTEM FOR GENERATING ONE-TIME PASSWORDS
Field of the invention
The present invention relates to the field of one-time password generation and in particular to generation of onetime passwords in mobile devices, in particular, the present invention relates to a method for generating one-time passwords according to the preamble of claim 1 and a device according to the preamble of claim 13. The invention also relates to a system according to claim 15, a computer program according to claim 17 and a computer program product according to claim 18.
Background of the invention The evolvement of the Internet has in many ways changed behaviours that have prevailed for a long time. Peer-to-peer communication and the ease by means of which exchange of information now can be performed have opened up for limitless ways of utilizing the Internet for everyday use.
Internet banking, electronic commerce and e-mail constitute but a few examples of the possibilities that the electronic world offer, thus omitting the need for a user to actually visit a Bank, stores for purchasing goods, etc.
Unfortunately, however, the possibilities of doing business over the Internet, instead of physically visiting various physical locations, has also given rise to its own set of challenges and security issues, primarily in the areas of user authentication and secure data transfer.
A general Internet user is often registered to (member of) a plurality of different Internet sites, and when the user identifies himself/herself with such sites, this is often performed by entering a login name and a corresponding password. Every now and then, however, Internet sites are "hacked", with the possible result that login (user) names and associated passwords of users (members) of the said site come into the hands of unauthorized and, at worst, criminal persons .
If login information, such as user names and passwords, come into the hands of the wrong persons, users of a hacked site can suffer substantial damage, e.g. by finding themselves with cleared out bank accounts. Further, it is common that a member of one Internet site "reuses" login name and password from one site to another, with the further risk of suffering unauthorized access not only to the site being hacked, but at other sites as well. There is also an inherent risk that a potiential intruder, given enough time and attempts, can obtain login information simply by "trial-and-error" .
Further, there is also an increasing desire from governments to be able to electronically communicate with citizens in a safe and secure manner with regard to various social services, and such social services often involve large amounts of personal and confidential data, with associated strict requirements on the ability to ascertain the identity of a particular user. Simpler authentication methods, such as user name and password, are simply not strong enough but must be strengthened.
Due to the above, it is becoming more and more common to strengthen the protection against unauthorized access by the use of one-time passwords in addition to the conventional (static) passwords. One-time passwords are constantly and inherently altered, which thus substantially reduces the risk of the passwords falling into the wrong hands. One-time passwords thus make it more difficult to gain unauthorized access to user accounts.
Consequently, there exist ways of strengthening security when accessing restricted resources. A drawback, however, in utilizing such stronger authentication methods is that one-time passwords often require, from the user point of view, some kind of hardware device, such as a digipass or code card or other means, for generating the one-time passwords, with the result that a user often ends up with various different methods of accessing the different restricted resources to which he or she belongs. Therefore, there exists a need for a simplified method of accessing restricted resources.
Summary of the invention
It is an object of the present invention to provide a method and device for generating one-time passwords that at least mitigates the above mentioned problems. This object is achieved by a method according to the characterizing portion of claim 1 and a device according to the characterizing portion of claim 13, respectively.
According to the present invention, it is provided a method for one-time password generation, the said one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter. A first password generation parameter is used for generating a first one-time password for use in user authentication by a first restricted resource, and a second password generation parameter is used for generating a second one-time password for use in user authentication by a second restricted resource, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct .
This has the advantage that a method is provided wherein a user can access a plurality of restricted resources by means of a single hardware device, however without any interaction between any of the restricted resources. The use of different password generation parameters for different restricted resources ensure that the hardware device cannot be utilized to gain unauthorized access to any restricted resource other than the ones to which the user does belong.
The said first and second password generation parameters can, for example, constitute different encryption keys such as symmetric keys. In one embodiment a one-time password is generated using not only one password generation parameter, but using at least two password generation parameters, such as, e.g. an encryption key and a counter. Counters for different restricted resources can also be arranged to be distinct. The counters are preferably incremented for each generation of a one-time password, wherein one increment can be, e.g., 1, -1 or any suitable number.
Other kinds of parameter combinations can also be used. For example, instead of using a counter, e.g., a parameter that is dependent on the formerly generated one-time password can be used together with the said first password generation parameter . Further characteristics of the present invention, and advantages thereof, will be evident from the following detailed description of preferred embodiments and appended drawings, which are given by way of example only, and are not to be construed as limiting in any way.
Brief description of the drawings
Fig. 1 schematically shows a system in which the present invention advantageously can be utilized.
Fig. 2 shows an exemplary embodiment of the present invention .
Fig. 3 shows an exemplary procedure for setting up a user device according to the present invention.
Fig. 4 shows an example of offline authentication according to the present invention.
Fig. 5 shows an example of on-line signing according to the present invention
Brief description of exemplary embodiments In the present description and the appended claims, the term "restricted resource" is used to represent any kind Internet site that require user identification, e.g. by means of user name and associated password. Examples of such restricted resources include online banking services, e-mail service providers, e-commerce stores, user forums, government web site services etc. Further, the term "restricted resource" as used herein also includes non-Internet resources, such as, e.g., telephone services (e.g. government or bank telephone services) requiring user identification, and also services provided by computer networks other than the Internet.
As was mentioned above, the possibilities of doing business over the Internet, such as, e.g., online banking, purchasing and selling goods, etc. has had as result that users increasingly tend to electronically access restricted resources, such as Online Banking Service, e-commerce stores, government web site services etc.
When a user request access to such restricted resources, the user, in general, enters a user name and associated password, which password is often kept unchanged for longer periods of time. However, since such "static" passwords suffers the risk of being gained access to by an unauthorized person, e.g. by
"hacking" or other fraudulent conduct, security, at least with regard to restricted sites that contain sensitive and/or confidential user data, such as Internet banks, is often strengthened by the use of one-time passwords.
There are various methods of generating one-time passwords. For example, a mathematical algorithm stored in a hardware device can be used to generate one-time passwords, where, following generation of a first one-time password, the next one-time password is at least partially dependent on the formerly generated password, or where consecutive passwords are generated by incrementing a counter prior to or following each password generation. The generated passwords can be verified by the restricted resource by performing the same calculations using the same algorithm and, if used, counter.
Another kind of one-time passwords utilizes time- synchronisation, that is, the restricted resource and the hardware device generating a password must be time- synchronised, i.e. the password is time dependent. A further kind of one-time passwords is use of a list of (randomly) generated passwords which is handed to the user, the passwords then being used one after another in consecutive access requests .
Consequently, there exists a plurality of methods for generating one-time passwords. This, however, has the inherent result that users being registered to multiple restricted resources often utilize plural different methods to enter these sites.
Further, although different restricted resources may utilize the same general method for the generation of one-time passwords (OTPs) the devices that are used for generating these OTPs are incompatible with each other, that is, a user being registered at plural restricted resources in general is required to keep track of and carry around separate hardware devices for each restricted resource. This is not only cumbersome to the user but also inefficient from a cost perspective point of view.
The present invention, however, provides a method and device that provides for secure authentication to a plurality of restricted resources using a single hardware device, such as e.g. a mobile device such as mobile phone, smartphone, Personal Digital Assistant, handheld computer etc.. Thereby cumbersome use of plural hardware devices can be mitigated to a substantial extent. If the single remaining hardware device constitutes an integrated part of a mobile phone, or a software application in a mobile phone, the user, in principle, need not carry any further hardware devices than the ones he/she carries around anyway.
A first exemplary embodiment of the present invention will be described with reference to figs. 1-3. In fig. 1 is shown a user computer 101, such as a laptop or desk top computer, which is used by a user to electronically access various restricted resources, e.g. using the Internet. By means of the computer 101 the user interacts with the restricted resources he/she is registered to, e.g. an online banking service 102, an e-commerce store 103, and an e-mail service 104. The computer 101, is also utilized to telecommute, e.g. using VPN software, to the user's place of work 105. As was mentioned above, in general, restricted resources of this kind utilize, or have an increasing tendency to utilize, stronger authentication than a mere use of user name and associated password.
As was also mentioned above, the present invention provides stronger authentication using a system wherein a single hardware device is used. However, a system wherein all restricted resources, e.g. restricted resources 102-105, utilize a joint security system to reduce the number of user hardware devices, may not, e.g. for security reasons, be acceptable to the restricted resources. For example, this may require that the various restricted resources must be interconnected, which can be difficult to accomplish. Further, such systems can be vulnerable, for example, if a user being registered to plural restricted resources looses his/her hardware device, not only restricted resources to which the user belongs are exposed, but also other restricted resources of the system. The present invention, therefore, provides a system in which, while still reducing the number of hardware devices to a single hardware device for restricted resources of the system, the communication between user and a particular restricted resource is independent of the communication between the user and any other restricted resource, and in which registration to one restricted resource does not increase the risk of unauthorized access to other restricted resources of the system.
Consequently, the present invention provides a system wherein a user of computer 101 can access each of the various restricted resources 102-105 by means of a single hardware device 107, however without any interaction between any of the restricted resources 102-105. The present invention is made possible by a general OTP generation application that is common for each of the restricted resources but which is only a dummy until it is provided with restricted resource "profiles" for the restricted resources to which the user is registered. These profiles contain OTP generation parameters that are different (distinct) for each restricted resource, thereby ensuring that the hardware device 107 cannot be utilized to gain unauthorized access to any restricted resource other than the ones to which the user does belong.
This will be explained more in detail with reference to figs. 2-3.
In the following exemplary embodiment a user' s mobile phone is used as hardware device according to the present invention. The user's mobile phone 201 is first provided with the said OTP generation application, which in principle consists of a software application 202 that preferably is downloadable. The OTP generation application includes an algorithm by means of which OTPs can be generated, and which is capable of receiving OTP generation parameters (restricted resource profiles) according to what will be described below. The user can, for example, download the OTP generation application, e.g., from a web site or an application store like Apple Inc. App Store or Google Inc. Android Market. The download and installation of the OTP generation application is preferably an automated process like many other applications are today, and dependent on the particular device being used. If, for example an Apple Inc. iPhone or iPod is used, the application can be downloaded and installed from the App Store. If a Java MicroEdition (JME) -enabled device is used the application can, for example be downloaded and installed by entering a URL in the web browser application in the user device instead. It is also contemplated that the application can be installed in the device during the manufacturing process, or constitute an integral part of the mobile phone.
When the device 201 has been provided with the OTP generation application 202, the device 201 is ready for use according to the present invention. A user that, e.g., requests to become customer of online banking service 204, which utilizes OTP protection according to the present invention, must first get his/her device 201 "set up" for use with the online banking service 204. The request for becoming a customer of the online banking service 204 can, for example, be communicated via the user's computer 205 or by means of visiting a conventional bank office or via a telephone service.
A non-limiting exemplary procedure for setting up a user device is disclosed in fig. 3. The method starts with a request 301 according to the above. When the restricted resource (online banking service 204) has received the request, the online banking service 204, preferably following a validity check of the request (i.e. a verification of the user actually being the user he/she claims to be, which can be accomplished in any suitable manner) requests generation of an online banking service 204 user profile from a trusted entity 207, step 302.
The trusted entity 207 can, for example, constitute an entity that supplies user profiles for a plurality, or all restricted resources that utilizes a system according to the present invention. Alternatively, plural trusted entities can be used, or as a further alternative the trusted entity can constitute part of the restricted resource itself. It can, however, be advantageous and convenient for the restricted resources to utilize an external trusted entity as in the disclosed example. When the trusted entity 207 receives a user profile request 302, a user profile is generated following the request. As was mentioned, the OTP generation application can, in principle, be seen as an empty shell that includes an algorithm by means of which generation of OTPs are possible if proper password generation parameters are supplied. The algorithm can, for example, consist of the HOTP algorithm (also known as OATH) . The OATH algorithm is a standardized open source algorithm. This algorithm generates one-time passwords from a secret shared encryption key and a counter. Naturally, other kinds of algorithms can be used as well, i.e. the RSA algorithm. The user profile request 302 from the restricted resource 204 includes a user ID and, optionally, a mobile phone number (use of the mobile phone number will be described below) . When the trusted entity 207 generates the user profile, this consists of generating a unique symmetric key and a corresponding counter. The unique symmetric key will, once the profile has been stored in the user device, be used to generate one-time passwords that can be verified by the restricted resource. Apart from generating this unique symmetric key and counter, the trusted entity can optionally "personalize" the profile by means of logotypes, icons, backgrounds etc. of the restricted resource so that the profile will be easily distinguishable once plural profiles have been stored in the user device 201. The trusted entity 207 further generates a unique profile name (e.g. a number or alphanumeric character sequence) , which constitutes the identity of the profile, and which is used for subsequent download to the user device 201.
The unique symmetric key, corresponding counter, profile name and optional images etc. are then packed in a suitable manner, e.g. into an XML message, whereupon the trusted entity 207 replies back to the restricted resource with the unique symmetric key, corresponding counter and the user ID and optionally the unique profile name, step 303.
The restricted resource then prompts the user, e.g. via a text message, to get the profile, 304. The prompt for getting a profile also includes the unique profile name. Alternatively, if the user mobile phone number was included with the user profile request, the prompt for getting a profile can be transmitted directly to the user device 201 from the trusted entity 207 instead, 304' .
Once prompted to get the profile, the user starts the OTP generation application and selects, e.g., option "get profile" and enters the profile name. When the trusted entity 207 receives the profile request, 305, the profile 211 associated with the profile name (i.e. key, counter, images, etc.) is sent to the user device 201, e.g. as an XML message, step 306. The user device 201 can optionally acknowledge receipt of the profile, step 307, and the restricted resource is then informed of the transmission (transmission/reception) of the profile, step 308. When the profile 211 is received by the user device, it is installed into the OTP generation application 202 for subsequent use when generating OTPs. Once transmitted to the user device 201, the generated profile 211 can be deleted from the trusted entity (the unique profile name can be stored so as to ensure that no two profiles having the same name will be generated to avoid possible ambiguities at restricted resources and/or OTP generation applications.
Once the profile 211 has been stored in the application 202 it is ready to be used. The steps of fig. 3 can then be repeated each time the user starts using services of a new restricted resource (e.g. restricted resources 208, 209, 210 ...) supporting the system. Since the restricted resource has access to the same key and counter as the user, the restricted resource can verify a OTP that has been generated by the user device by performing the same calculation using the same algorithm, key and counter. As was mentioned above, other kinds of parameters than counters can also be used.
The profile can optionally require use of a PIN code, i.e. upon download of the profile, the user can be prompted to enter a PIN code, which then must be entered each time the particular profile is used to generate a OTP. Use of PIN code can also be selectable by the user, or be a mandatory requirement by the restricted resource. The PIN codes can also be required to be different for different restricted resources and this can, for example, be ascertained by the trusted entity or the OTP generation application. If a PIN code is selected, the symmetric key and counter is the encrypted with the PIN code, e.g. using AES-256 bit encryption or any other suitable encryption method.
Consequently, the user device is provided with a unique symmetric key-counter combination (preferably the symmetric key is unique by itself) for each restricted resource that the user registers with, which thus means that once the user and restricted resource have been provided with the key and counter, secure authentication can be obtained without any interaction between restricted resources. The present invention thus provides for a system that mitigates disadvantages of having plural hardware devices, while at the same time ensuring independency between different restricted resources .
Use of the present invention will now be described in connection with two different scenarios, the first being conventional "offline authentication", see fig. 4. When the user requests access to the restricted resource 204, e.g. by means of the user computer 205, step 401, the user enters user name and (static) password, whereupon the user will be prompted to enter a one-time password. The user then starts the application 202 in the device 201 and selects the appropriate profile 211 (which is recognizable, e.g. by logotype, icon, name etc.) . If the profile requires a PIN code, the user enters the PIN code which decrypts the symmetric key and the counter so as to allow OTP generation.
The key and counter are then used to generate a one-time password, 403, by means of the algorithm in the application 202 which then is presented to the user for entering into the restricted resource log-in procedure (via user computer), 404. Following the OTP generation, the application increases the counter by a predetermined value, e.g. 1, and the corresponding counter at the restricted resource is increased by the same value, 405. Since the restricted resource will always have knowledge of symmetric key and counter, the key and counter are used to verify the OTP by applying key and counter on the same algorithm.
Consequently, it is not only required that the correct key is used to generate the OTP, but also that the counters correspond to each other (it is possible to allow a certain difference in counter values, e.g. one or two or three or an appropriate number of counts so that log-in can be successfully accomplished even if the counters are not perfectly synchronized. In such situations, the restricted resource tests all counters within the allowed interval to see if any of the such generated passwords are correct.)
The present invention also provides a method for on-line signing, see fig. 5. When a restricted resource service, such as a user requesting a bank account transaction, 501, requires the transaction to be signed or verified, the transaction can be temporarily stored in a data base in the restricted resource. Immediately following the transaction request, or after a user has requested a number of transactions, the restricted resource can prompt the user to use the device 201 to sign the transactions, 502. The user then starts the application 202 and selects appropriate profile according to the above. The user then selects, e.g., "signing", and enters, if so required, the PIN code. An OTP is then generated and, together with user ID, the device uses an on-line URL (Uniform Resource Locator) stored in the profile to connect to the restricted resource and ask for transactions to be signed, 503, and the application increases the counter by one step. The URL can be specified by the restricted resource and, e.g., be transmitted to the trusted entity in step 302 to be included in the profile that subsequently is downloaded by the user device. The on-line URL can then be used by the end user to download "confirmation requests" from the restricted resource. The requests are then presented to the end user as questions or information, and can be answered to by selecting a button and by entering information into one or more data fields in the OTP generation application.
The restricted resource first verifies that the OTP is correct for the specific end-user and then creates a message, e.g. an XML message comprising all outstanding requests. The message also includes a unique transaction number. The corresponding counter for the particular user at the restricted resource is also increased by one step. The message is sent to the user device, 504, which present the signing requests to the user and prompt for a reply.
Depending on the format of the message, the user can reply, e.g. by selecting a button or entering a value into a text field. A new OTP is generated with corresponding increase of counter by one step. A reply message is then generated which will be sent back to the restricted resource and which includes the transaction (signing) number and the generated OTP, 505. Similar to the above, if the profile requires a PIN code, the user must first enter the PIN code before signing can take place. When the reply has been sent back to the restricted resource, the signing request is removed from the user device. The restricted resource receives the reply, verifies the OTP and executes the transactions if the OTP is valid. If not, the transactions will not be executed and the user is notified thereof. Finally, the restricted resource user counter is increased by one step.
In sum, the present invention thus provides for a novel method of generating OTPs for a plurality of restricted resources, which substantially reduces the burden of a user to keep track of multiple hardware devices, while at the same time providing a system to which restricted resources easily can be added without affecting already existing restricted resources of the system.
Further, although the present invention has been described with reference to Internet sites above, it is to be understood that it can be utilized in any kind of system wherein strong user authentication is required. Also, hitherto the hardware device has been described as a mobile phone. The hardware device can, however, be of any kind that is capable of receiving profiles according to the present invention.

Claims

C L A I M S
1. Method for one-time password generation, the said one-time password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user-specific device, and wherein the one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter, characterized in the steps of, by means of the said device:
— using a first password generation parameter for generating a first one-time password for use in user authentication by a first restricted resource, and
- using a second password generation parameter for generating a second one-time password for use in user authentication by a second restricted resource, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct.
2. Method according to claim 1, wherein the said first onetime password is generated by means of the said first and a third password generation parameter, and wherein the said second one-time password is generated by means of the said second and a fourth password generation parameter.
3. Method according to claim 2, wherein the said first and second password generation parameters consist of distinct encryption keys, and wherein the said third and fourth password generation parameters consist of a first and second counter, respectively.
4. Method according to any of the preceding claims,
- wherein, when a user requests access to said first restricted resource, a one-time password is generated by means of the said first and third password generation parameters, and
- wherein, when a user requests access to said second restricted resource, a one-time password is generated by means of the said second and fourth password generation parameters.
5. Method according to claim 3, wherein the said counters are incremented in the device and at the restricted resource each time a one-time password is generated.
6. Method according to any of the preceding claims, characterized in that it further includes the step of,
- prior to the first generation of a one-time password and by means of the said device, receiving the said password generation parameter (s) together with an identity of the associated restricted resource to which said password generation parameters make authentication possible.
7. Method according to claim 6, characterized in that the said password generation parameters are transmitted to the said device from the associated restricted resource or from a trusted entity.
8. Method according to claim 7, characterized in that the said trusted entity is a trusted entity that transmits password generation parameters for a plurality of restricted resources.
9. Method according to any of the preceding claims, characterized in that, prior to the generation of a one-time password, the user is required to enter a PIN code associated with the password generation parameter (s) by means of which the one-time password is to be generated.
10. Method according to any of the preceding claims, characterized in that it further includes the steps of, when a restricted resource service requires one or more user actions to be signed and/or verified,
- prompting the user to use the device to sign and/or verify the action, - by means of the said device, in a signing mode, generating a one-time password and connecting to the restricted resource to request action (s) to be signed and/or verified using the said generated one-time password and a user ID,
- by means of the said restricted resource, verifying the one- time password and transmitting a message comprising action signing requests to the said user device, and
- by means of the said device, generating a new one-time password and generating a reply message for transmission to the restricted resource, the message including an identity of the action to be signed and the generated one-time password.
11. Method according to any of the preceding claims, characterized in that the said device is a mobile device consisting of any from the group: mobile phone, smartphone, Personal Digital Assistant, handheld computer.
12. Method according to any of the preceding claims, wherein the said encryption keys are symmetric keys.
13. Device for one-time password generation, the said onetime password being used for user authentication by a restricted resource, wherein the device is provided with a mathematical algorithm for generating one-time passwords, and wherein a one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter, characterized in that the said device further is arranged to: - use a first password generation parameter for generating a one-time password for use in user authentication at a first restricted resource, and
- use a second password generation parameter for generating a one-time password for use in user authentication at a second restricted resource, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct.
14. Device according to claim 13, characterized in that it further includes means for,
- prior to the first generation of a one-time password for use in user authentication at a restricted resource, receiving password generation parameter (s) associated with the said restricted resource.
15. System for one-time password generation, the said onetime password being used for user authentication by a restricted resource, wherein the one-time password is generated by means of a mathematical algorithm in a user- specific device, and wherein the one-time password is generated by the said mathematical algorithm using at least one user-specific password generation parameter, characterized in the system comprises: - means for, upon request by a first restricted resource, generating a first password generation parameter for use when generating one-time passwords to be used in user authentication at the said first restricted resource, and transmitting the said first password generation parameter to the said user-specific device, and
- means for, upon request from a second restricted resource, generating a second password generation parameter for use when generating one-time passwords to be used in user authentication by the said second restricted resource, and transmitting the said second password generation parameter to the said user device, wherein said second restricted resource is different from said first restricted resource, and wherein the said first and second password generation parameters are distinct .
16. System according to claim 15, characterized in that the said password generation parameters are arranged to be transmitted to the said user-specific device from a trusted entity that is common to a plurality of restricted resources, wherein the said trusted entity is arranged to generate the said password generation parameters.
17. Computer program, characterized in code means, which when run by a processor in a device causes the device to execute the method according to any of the claims 1-12.
18. Computer program product including a computer readable medium and a computer program according to claim 17, characterized in that said computer program is included in the computer readable medium.
PCT/SE2010/050386 2009-04-09 2010-04-09 Method and system for generating one-time passwords WO2010117329A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US16800109P 2009-04-09 2009-04-09
SE0900477-1 2009-04-09
US61/168,001 2009-04-09
SE0900477 2009-04-09

Publications (1)

Publication Number Publication Date
WO2010117329A1 true WO2010117329A1 (en) 2010-10-14

Family

ID=42936436

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2010/050386 WO2010117329A1 (en) 2009-04-09 2010-04-09 Method and system for generating one-time passwords

Country Status (1)

Country Link
WO (1) WO2010117329A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083228A1 (en) * 2004-10-20 2006-04-20 Encentuate Pte. Ltd. One time passcode system
US20070016943A1 (en) * 2005-05-06 2007-01-18 M Raihi David Token sharing system and method
US20070130463A1 (en) * 2005-12-06 2007-06-07 Eric Chun Wah Law Single one-time password token with single PIN for access to multiple providers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083228A1 (en) * 2004-10-20 2006-04-20 Encentuate Pte. Ltd. One time passcode system
US20070016943A1 (en) * 2005-05-06 2007-01-18 M Raihi David Token sharing system and method
US20070130463A1 (en) * 2005-12-06 2007-06-07 Eric Chun Wah Law Single one-time password token with single PIN for access to multiple providers

Similar Documents

Publication Publication Date Title
US8898749B2 (en) Method and system for generating one-time passwords
US11184343B2 (en) Method for carrying out an authentication
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
EP1807966B1 (en) Authentication method
KR101019458B1 (en) Extended one­time password method and apparatus
EP3138265B1 (en) Enhanced security for registration of authentication devices
US20180150830A1 (en) System, process and device for e-commerce transactions
US9344896B2 (en) Method and system for delivering a command to a mobile device
EP2894891B1 (en) Mobile token
US9124571B1 (en) Network authentication method for secure user identity verification
JP2013527708A (en) Flexible quasi-out-of-band authentication structure
US20200196143A1 (en) Public key-based service authentication method and system
US20120221862A1 (en) Multifactor Authentication System and Methodology
JP6370771B2 (en) Method and system for providing secure transactions using cyber IDs
US11601807B2 (en) Mobile device authentication using different channels
EP2916509B1 (en) Network authentication method for secure user identity verification
EP3343494A1 (en) Electronic signature of transactions between users and remote providers by use of two-dimensional codes
KR102123405B1 (en) System and method for providing security membership and login hosting service
WO2010117329A1 (en) Method and system for generating one-time passwords
KR101576038B1 (en) Network authentication method for secure user identity verification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10761939

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10761939

Country of ref document: EP

Kind code of ref document: A1