Patent attributes
A blind authenticator performs an authentication procedure with two devices that provides the convenience offered by password storage but avoids storing the passwords themselves. Generally, the blind authenticator stores on the two devices portions of different code generation algorithms. These algorithms on the devices are incomplete—they may not execute properly on their own. During an authentication procedure, the blind authenticator communicates to the devices the remaining portions of these code generation algorithms so that the devices can execute their respective code generation algorithms. The devices then send the generated codes to the blind authenticator, which performs a code validation algorithm on the received codes to determine whether the codes are valid. The code validation algorithm is not sent to the devices, so the devices do not know what makes a code valid or invalid.
