shibboleth-dev - RE: [Shib-Dev] IdP One Time Password SMS Authentication
Subject: Shibboleth Developers
List archive
- From: Peter Williams <>
- To: "" <>
- Subject: RE: [Shib-Dev] IdP One Time Password SMS Authentication
- Date: Mon, 29 Nov 2010 12:34:30 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
April cites: Cell Phone - your ID to get a Onetime Password U.S. Patent
no. 6,993,658
Assuming this is the patent one has licensed, the disclosed method basically
requires that the OTP request be communicated over cell (and not the
internet) - it's an old, manual 2 way pager concept, that is.
There are no general claims about any and all OTP tokens delivered over the
internet. The claim construction is very specific to the art of the method,
as you'd expect the PO to insist upon. Use a different method, the patent
power is not relevant (as is always true).
The method is linked to particular system claims, which have particular
control protocols. One can easily deviate from their peculiarity, since its
tied to particular account lockout behaviors at an SP. Perhaps SPs... don't
have "user account", being stateless.
In the openid world, IDPs often integrate with "phonefactor." The request to
generate the key/otp (duely relayed to a pager feature over SMS) is
communicated WITHOUT using the user's personal device as a bearer for the
request, and without using a cell network to communicate the request.
-----Original Message-----
From:
[mailto:]
On Behalf Of Paul Hethmon
Sent: Monday, November 29, 2010 9:29 AM
To: Shibboleth Dev
Subject: Re: [Shib-Dev] IdP One Time Password SMS Authentication
On 11/29/10 12:20 AM, "RL 'Bob' Morgan"
<>
wrote:
>> As far as the OTP feature is concerned, I can be very specific about
>> the desired timeline: We would like to demo a new login interface
>> (based on
>> OTP) to our tools at Fall 2011 I2MM.
>
> Any number of extensions to the current IdP have been developed,
> including login handlers of various kinds. A featureful OTP login
> handler written for IdPv2 would have to be modified to work with
> IdPv3, but presumably most of it would still apply. So if you really
> want OTP functionality in a Shib IdP real soon, you'll need to see
> that it gets developed as an extension by someone outside the current
> funded project team.
On a more technical note, what level of OTP are you considering? Meaning I
know of 3 approaches:
1. email to sms
2. sms via a sms "modem"
3. sms via an integrator (direct IP connect)
I'm figuring approach #1 or #2 based on cost. #3 has a very high cost to
simply set it up and have it available.
Also, just for the record, there is a patent in the US for the delivery of
OTP via SMS. Held by April Systems out of Sweden (www.april.se). My company
has licensed that from them at one time but I have no other connection to
them or the patent.
thanks,
Paul
- [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, RL 'Bob' Morgan, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, RL 'Bob' Morgan, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Paul Hethmon, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/29/2010
- RE: [Shib-Dev] IdP One Time Password SMS Authentication, Peter Williams, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
Archive powered by MHonArc 2.6.16.