| CPC H04L 63/0838 (2013.01) [H04L 63/108 (2013.01); H04L 63/20 (2013.01); H04L 67/02 (2013.01)] | 14 Claims |
|
1. A computer-implemented method comprising:
receiving, by one or more computer processors, a request from a client for a Hypertext Transfer Protocol (HTTP) authentication on a server;
sending, by the one or more computer processors, a challenge to the client, wherein the challenge includes a header that indicates that a Time-based One-time Password (TOTP) is to be used for the HTTP authentication;
receiving, by the one or more computer processors, a first response from the client based on a first TOTP value and a shared secret, wherein the first response is encoded based on an encoding mechanism included in the header; and
responsive to validating the first TOTP value and the shared secret from the client, authenticating, by the one or more computer processors, the client,
wherein the shared secret is used to generate a cryptographic hash of the first TOTP value along with a client identification for validating the first TOTP value,
responsive to validating the first TOTP value and the shared secreted from the client, authenticating the client comprises:
responsive to validating the first TOTP value and the shared secret from the client, sending, by the one or more computer processors, a hint value to the client;
receiving, by the one or more computer processors, a second response from the client, wherein the second response includes a second TOTP value based on the hint value, wherein the second response is encoded based on the encoding mechanism included in the header; and
responsive to validating the second TOTP value, authenticating, by the one or more computer processors, the client, and
the hint value is a previous TOTP in force exactly one year prior to a time specified in a date header in the challenge.
|