Browse Prior Art Database

Method for Managing One-Time Passwords

IP.com Disclosure Number: IPCOM000241882D
Publication Date: 2015-Jun-05
Document File: 1 page(s) / 20K

Publishing Venue

The IP.com Prior Art Database

Related People

Scott Halliday: INVENTOR [+2]

Abstract

A method is disclosed for managing one time passwords for a user to provide a secured login on a website. The method includes generating a key pair, wherein a private key is encrypted with a password chosen by the user and a public key is retained with the website.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 61% of the total text.

Method for Managing One-Time Passwords

Abstract

A method is disclosed for managing one time passwords for a user to provide a secured login on a website.  The method includes generating a key pair, wherein a private key is encrypted with a password chosen by the user and a public key is retained with the website.

Description

Disclosed is a method for managing one time passwords for a user to provide a secured login on a website. 

In accordance with the method, the user creates an account on the website.  A JavaScript* (JS) on the account creation page of the website is used to create a key pair.  The key pair includes a public key and a private key.  The private key is encrypted on the user’s system with a password chosen by the user.  The encrypted private key and public key are stored by the website.

Thereafter, when the user wants to login to the website, a one-time password is generated.  The one-time password is encrypted with the public key.  Subsequently, the website sends the one-time password along with the private key to the user.  The JS on the login page uses the password specified by the user to decrypt the private key.  Thereafter, the JS uses the private key to decrypt the one-time password.  The user is then authenticated upon verification of the one-time password.

The method involves storing one or more keys of the user by the website.  The website performs periodic backups of the one or more keys and the one or more keys may be accessed from a...