In many application scenarios, user devices are connected to a server via a non-secure data network. In order that the user devices or client devices can exchange data in a protected format with the server, the user devices are therefore equipped with corresponding security credentials. These security credentials, which can be e.g. passwords or other security tokens, are in many cases generated by a central component, e.g. a server of a service provider, and then distributed to the user devices or to administrators of such user devices or services. In many cases, use is made of so-called one-time passwords (OTP). By virtue of such a one-time password OTP, the user device or the client can register with a server once for a corresponding service directly. For future registrations, the client either has to set a new password or receives a security token, e.g. a digital certificate or a so-called cookie, from the server. It is also possible to use further one-time passwords that are sent beforehand in a list, e.g. TANs or hash strings. Random character strings are normally used as one-time passwords. After generation of a one-time password, the one-time password OTP is stored in a database. If a user device or a client registers with the server, the one-time password (OTP) is flagged as used or is deleted from the database. A second registration of the user device with the server using this one-time password is then no longer possible. Alternatively, it is possible to generate a sufficient quantity of one-time passwords in accordance with a specific established method and to store only those one-time passwords that have already been used in the database. If hash strings are used, provision is then made for storing only the most recently used one-time password OTP in the database, for example. The one-time password OTP is normally stored on the server side, in order that a comparison can be made during the registration of the user device with the server.
Further examples of conventional one-time passwords OTP are so-called transaction numbers TAN and mobile transaction numbers TANs, which are used in the context of online banking, for example.
In the case of conventional one-time passwords OTP, it is however not possible to limit the use of a one-time password OTP or to tie it to a specific condition. This may nonetheless be desirable in many cases, e.g. if a user is expected to register with the server from a specific device, or if the registration of the user device with the server is only allowed to take place at a specific time.