Token seed protection for multi-factor authentication systems
First Claim
1. A method of protecting a token seed, the method comprising:
- inputting, by a user device, a personal identification number from a user of the user device;
deriving a fixed share from the input personal identification number using a key derivation function;
splitting the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares;
storing the remote share on a remote server at least in part by i) generating an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) storing the encrypted version of the remote share on the remote server;
storing an encrypted version of the local share on the user device;
discarding the token seed, fixed share, remote share and local share from the user device; and
after the token seed has been discarded from the user device, i) generating a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) accessing a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.
13 Assignments
0 Petitions
Accused Products
Abstract
New techniques are disclosed for protecting a token seed in a multifactor authentication system. A personal identification number is used to derive a fixed share, and the token seed is split, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, such that the token seed can only be reconstructed using any two of the three shares. The remote share is stored on a remote authentication server, and an encrypted version of the local share is stored on the user device. The remote share may be encrypted by performing a key wrapping operation on the remote share using the local share, and then storing the encrypted version of the remote share on the remote authentication server. The token seed, fixed share, remote share and local share may then be deleted from the user device.
-
Citations
17 Claims
-
1. A method of protecting a token seed, the method comprising:
-
inputting, by a user device, a personal identification number from a user of the user device; deriving a fixed share from the input personal identification number using a key derivation function; splitting the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares; storing the remote share on a remote server at least in part by i) generating an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) storing the encrypted version of the remote share on the remote server; storing an encrypted version of the local share on the user device; discarding the token seed, fixed share, remote share and local share from the user device; and after the token seed has been discarded from the user device, i) generating a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) accessing a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device, comprising:
-
memory; and processing circuitry coupled to the memory, the memory storing program code for protecting a token seed which, when executed by the processing circuitry, causes the processing circuitry to; input a personal identification number from a user of the electronic device, derive a fixed share from the input personal identification number using a key derivation function, split the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares, store the remote share on a remote server at least in part by causing the processing circuitry to i) generate an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) store the encrypted version of the remote share on the remote server, store an encrypted version of the local share on the electronic device, delete the token seed, fixed share, remote share and local share from the memory of the electronic device; and after the token seed has been discarded from the user device, i) generate a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) access a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product having a non-transitory computer readable medium which stores a set of instructions operable to protect a token seed, the set of instructions, when executed by processing circuitry, causing the processing circuitry to:
-
input, by a user device, a personal identification number from a user of the user device; derive a fixed share from the input personal identification number using a key derivation function; split the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares; store the remote share on a remote server at least in part by causing the processing circuitry to i) generate an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) store the encrypted version of the remote share on the remote server; store an encrypted version of the local share on the user device; discard the token seed, fixed share, remote share and local share from the user device; and after the token seed has been discarded from the user device, i) generate a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) access a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource. - View Dependent Claims (14, 15, 16, 17)
-
Specification