-
公开(公告)号:US11032271B2
公开(公告)日:2021-06-08
申请号:US16264925
申请日:2019-02-01
Applicant: RSA Security LLC
Inventor: Brian C. Mullins , Kevin Bowers
Abstract: Techniques are provided for authenticating a user using shared secret seed updates for one-time passcode (OTP) generation. One method comprises, in response to a first authentication of a client using a given OTP derived from a given shared secret seed, updating, by a server, the given shared secret seed using the given OTP and/or a timestamp from the first authentication to generate an updated given shared secret seed; and evaluating a second authentication using a new OTP derived from the updated given shared secret seed. An anomaly may be detected when the client attempts the second authentication using an OTP and the server determines that the OTP was generated by a previously used shared secret seed. The server may store a set of previously accepted OTPs, and evaluate the previously accepted OTPs to validate the new OTP.
-
公开(公告)号:US11463430B2
公开(公告)日:2022-10-04
申请号:US16264897
申请日:2019-02-01
Applicant: RSA Security LLC
Inventor: Brian C. Mullins , Kevin Bowers
Abstract: Techniques are provided for authenticating a user using shared secret updates. One method comprises, in response to a first authentication of a client using a given shared secret, updating, by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and evaluating a second authentication using the updated shared secret. An anomaly may be detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication. The server may detect a breach of shared secrets of multiple users by monitoring a number of the detected anomalies across a user population and initiate a predefined recovery flow depending upon a number of impacted users.
-
Search Results
2
records
(took 0.01 seconds)
