As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an information handling system (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Typically, credentials used to access a protected IHS—e.g., a username and password for logging into the IHS—or protected data stored within the IHS can be used multiple times or be “replayed.” In contrast, one-time passwords (OTPs) allow for an IHS to authenticate to an OTP and then remove that OTP from future usage. That is, each time a user wants to authenticate to the IHS, he or she needs to generate a new OTP.
The process of generating an OTP is performed independently on both the client and the authentication sides, which requires that an OTP algorithm be executed on both sides and that a same seed be used. Generally speaking, if a small set of OTPs can be obtained, the seed, and, ultimately, a pattern, may also be obtained.
Time-based OTP (e.g., RFC 6238) is an OTP technique that uses the current time as the seed for the algorithm to generate an OTP. Using this method, “replay” is not a possible attack vector. The inventors hereof have recognized, however, that conventional time-based OTP requires that the time be maintained at a central location and/or the time be distributed to both the client and the authentication sides. This in turn requires a substantial infrastructure setup, and is not conducive to a locally-managed environment.