Token seed protection for multi-factor authentication systems

US 10,289,835 B1
Filed: 06/13/2016
Issued: 05/14/2019
Est. Priority Date: 06/13/2016
Status: Active Grant

First Claim

Patent Images

1. A method of protecting a token seed, the method comprising:

inputting, by a user device, a personal identification number from a user of the user device;

deriving a fixed share from the input personal identification number using a key derivation function;

splitting the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares;

storing the remote share on a remote server at least in part by i) generating an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) storing the encrypted version of the remote share on the remote server;

storing an encrypted version of the local share on the user device;

discarding the token seed, fixed share, remote share and local share from the user device; and

after the token seed has been discarded from the user device, i) generating a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) accessing a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

New techniques are disclosed for protecting a token seed in a multifactor authentication system. A personal identification number is used to derive a fixed share, and the token seed is split, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, such that the token seed can only be reconstructed using any two of the three shares. The remote share is stored on a remote authentication server, and an encrypted version of the local share is stored on the user device. The remote share may be encrypted by performing a key wrapping operation on the remote share using the local share, and then storing the encrypted version of the remote share on the remote authentication server. The token seed, fixed share, remote share and local share may then be deleted from the user device.

Citations

17 Claims

1. A method of protecting a token seed, the method comprising:
- inputting, by a user device, a personal identification number from a user of the user device;
  
  deriving a fixed share from the input personal identification number using a key derivation function;
  
  splitting the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares;
  
  storing the remote share on a remote server at least in part by i) generating an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) storing the encrypted version of the remote share on the remote server;
  
  storing an encrypted version of the local share on the user device;
  
  discarding the token seed, fixed share, remote share and local share from the user device; and
  
  after the token seed has been discarded from the user device, i) generating a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) accessing a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein storing the encrypted version of the local share on the user device comprises:
    - generating a wrapped version of the local share by performing a key wrapping operation on the local share using a key wrapping key that is unique to the user device; and
      
      storing the wrapped version of the local share on the user device.
  - 3. The method of claim 2, and further comprising generating the current token code by:
    - determining whether the user device is online or offline; and
      
      in response to detecting that the user device is offline, reconstructing the token seed on the user device by a) inputting the personal identification number from the user of the user device, b) deriving the fixed share from the input personal identification number using the key derivation function, c) generating the local share by decrypting the encrypted version of the local share, d) reconstructing the token seed using the fixed share and the local share, and e) generating a current token code using the reconstructed token seed and a current time.
  - 4. The method of claim 2, and further comprising generating the current token code by:
    - determining whether the user device is online or offline; and
      
      in response to detecting that the user device is online, reconstructing the token seed on the user device by a) inputting a biometric sample from the user of the user device, b) in response to the biometric sample matching a biometric template of an authorized user for the user device, establishing a secure communication connection between the user device and the remote server, c) retrieving the encrypted version of the remote share from the remote server over the secure communication connection between the user device and the remote server, d) decrypting the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the user device, e) decrypting the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstructing the token seed using the remote share and the local share, and g) generating a current token code using the reconstructed token seed and a current time.
  - 5. The method of claim 1, further comprising:
    - receiving an indication that the user of the user device has forgotten their personal identification number; and
      
      in response to the indication that the user of the user device has forgotten their personal identification number, a) inputting a biometric sample from the user of the user device, b) in response to the biometric sample matching a biometric template for an authorized user of the user device, establishing a secure communication connection between the user device and the remote server, c) retrieving the encrypted version of the remote share from the remote server over the secure communication connection between the user device and the remote server, d) decrypting the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the user device, e) decrypting the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstructing the token seed using the remote share and the local share, g) receiving a new personal identification number, h) deriving a new fixed share from the new personal identification number using the key derivation function, i) splitting the token seed, using the secret sharing technique, into a set of three shares made up of the new fixed share, a new remote share, and a new local share, wherein the token seed can only be reconstructed using any two of the three shares, j) storing the new remote share on the remote server, k) storing an encrypted version of the new local share on the user device, and l) discarding the token seed, new fixed share, new remote share and new local share from the user device.
  - 6. The method of claim 1, further comprising, after the token seed has been discarded from the user device, subsequently reconstructing the token seed by:
    - at a first time while the user device is offline by i) deriving the fixed share from the personal identification number as input again from the user, ii) decrypting the encrypted version of the local share, and iii) reconstructing the token seed using the fixed share and the local share, andat a second time while the user device is online and the user has forgotten the personal identification number by i) retrieving the encrypted version of the remote share from the remote server, ii) decrypting the encrypted version of the local share, iii) decrypting the encrypted version of the remote share using the local share, and iv) reconstructing the token seed using the remote share and the local share.
  - 7. The method of claim 1, further comprising, after the token seed has been discarded from the user device, and without maintaining a complete copy of the token seed within the user device, reconstructing the token seed both i) at times when the user device is offline, and ii) at other times when the user device is online and the user has forgotten the personal identification number.

8. An electronic device, comprising:
- memory; and
  
  processing circuitry coupled to the memory, the memory storing program code for protecting a token seed which, when executed by the processing circuitry, causes the processing circuitry to;
  
  input a personal identification number from a user of the electronic device,derive a fixed share from the input personal identification number using a key derivation function,split the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares,store the remote share on a remote server at least in part by causing the processing circuitry to i) generate an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) store the encrypted version of the remote share on the remote server,store an encrypted version of the local share on the electronic device,delete the token seed, fixed share, remote share and local share from the memory of the electronic device; and
  
  after the token seed has been discarded from the user device, i) generate a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) access a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The electronic device of claim 8, wherein the program code, when executed by the processing circuitry, causes the processing circuitry to store the encrypted version of the local share on the electronic device by:
    - generating a wrapped version of the local share by performing a key wrapping operation on the local share using a key wrapping key that is unique to the electronic device; and
      
      storing the wrapped version of the local share on the electronic device.
  - 10. The electronic device of claim 9, wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to:
    - generate the current token code by causing the processing circuitry to;
      
      determine whether the electronic device is online or offline, andin response to detecting that the electronic device is offline, reconstruct the token seed on the device by a) inputting the personal identification number from the user of the electronic device, b) deriving the fixed share from the input personal identification number using the key derivation function, c) generating the local share by decrypting the encrypted version of the local share, d) reconstructing the token seed using the fixed share and the local share, and e) generating a current token code using the reconstructed token seed and a current time.
  - 11. The electronic device of claim 9, wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to:
    - generate the current token code by causing the processing circuitry to;
      
      determine whether the electronic device is online or offline, andin response to detecting that the electronic device is online, reconstruct the token seed on the device by a) inputting a biometric sample from the user of the electronic device, b) in response to the biometric sample matching a biometric template of an authorized user for the electronic device, establishing a secure communication connection between the electronic device and the remote server, c) retrieving the encrypted version of the remote share from the remote server over the secure communication connection between the electronic device and the remote server, d) decrypting the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the electronic device, e) decrypting the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstructing the token seed using the remote share and the local share, and g) generating a current token code using the reconstructed token seed and a current time.
  - 12. The electronic device of claim 8, wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to:
    - receive an indication that the user of the electronic device has forgotten their personal identification number; and
      
      in response to the indication that the user of the electronic device has forgotten their personal identification number, a) input a biometric sample from the user of the electronic device, b) in response to the biometric sample matching a biometric template for an authorized user of the electronic device, establish a secure communication connection between the electronic device and the remote server, c) retrieve the encrypted version of the remote share from the remote server over the secure communication connection between the electronic device and the remote server, d) decrypt the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the electronic device, e) decrypt the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstruct the token seed using the remote share and the local share, g) receive a new personal identification number, h) derive a new fixed share from the new personal identification number using the key derivation function, i) split the token seed, using the secret sharing technique, into a set of three shares made up of the new fixed share, a new remote share, and a new local share, wherein the token seed can only be reconstructed using any two of the three shares, j) store the new remote share on the remote server, k) store an encrypted version of the new local share on the electronic device, and l) delete the token seed, new fixed share, new remote share and new local share from the memory of the electronic device.

13. A computer program product having a non-transitory computer readable medium which stores a set of instructions operable to protect a token seed, the set of instructions, when executed by processing circuitry, causing the processing circuitry to:
- input, by a user device, a personal identification number from a user of the user device;
  
  derive a fixed share from the input personal identification number using a key derivation function;
  
  split the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares;
  
  store the remote share on a remote server at least in part by causing the processing circuitry to i) generate an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) store the encrypted version of the remote share on the remote server;
  
  store an encrypted version of the local share on the user device;
  
  discard the token seed, fixed share, remote share and local share from the user device; and
  
  after the token seed has been discarded from the user device, i) generate a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) access a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the set of instructions operable to protect the token seed, when executed by processing circuitry, further cause the processing circuitry to:
    - store the encrypted version of the local share on the user device at least in part by causing the processing circuitry to i) generate a wrapped version of the local share by performing a key wrapping operation on the local share using a key wrapping key that is unique to the user device, and ii) store the wrapped version of the local share on the user device.
  - 15. The computer program product of claim 14, wherein the set of instructions operable to protect the token seed, when executed by processing circuitry, further cause the processing circuitry to:
    - generate the current token code by causing the processing circuitry to;
      
      determine whether the user device is online or offline; and
      
      in response to detecting that the user device is offline, reconstruct the token seed on the user device by a) inputting the personal identification number from the user of the user device, b) deriving the fixed share from the input personal identification number using the key derivation function, c) generating the local share by decrypting the encrypted version of the local share, d) reconstructing the token seed using the fixed share and the local share, and e) generating a current token code using the reconstructed token seed and a current time.
  - 16. The computer program product of claim 14, wherein the set of instructions operable to protect the token seed, when executed by processing circuitry, further cause the processing circuitry to:
    - generate the current token code by causing the processing circuitry to;
      
      determine whether the user device is online or offline; and
      
      in response to detecting that the user device is online, reconstruct the token seed on the user device by a) inputting a biometric sample from the user of the user device, b) in response to the biometric sample matching a biometric template of an authorized user for the user device, establishing a secure communication connection between the user device and the remote server, c) retrieving the encrypted version of the remote share from the remote server over the secure communication connection between the user device and the remote server, d) decrypting the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the user device, e) decrypting the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstructing the token seed using the remote share and the local share, and g) generating a current token code using the reconstructed token seed and a current time.
  - 17. The computer program product of claim 13, wherein the set of instructions operable to protect the token seed, when executed by processing circuitry, further cause the processing circuitry to:
    - receive an indication that the user of the electronic device has forgotten their personal identification number; and
      
      in response to the indication that the user of the electronic device has forgotten their personal identification number, a) input a biometric sample from the user of the electronic device, b) in response to the biometric sample matching a biometric template for an authorized user of the electronic device, establish a secure communication connection between the electronic device and the remote server, c) retrieve the encrypted version of the remote share from the remote server over the secure communication connection between the electronic device and the remote server, d) decrypt the encrypted version of the local share by unwrapping the encrypted version of the local share using the key wrapping key that is unique to the electronic device, e) decrypt the encrypted version of the remote share by unwrapping the encrypted version of the remote share using the local share, f) reconstruct the token seed using the remote share and the local share, g) receive a new personal identification number, h) derive a new fixed share from the new personal identification number using the key derivation function, i) split the token seed, using the secret sharing technique, into a set of three shares made up of the new fixed share, a new remote share, and a new local share, wherein the token seed can only be reconstructed using any two of the three shares, j) store the new remote share on the remote server, k) store an encrypted version of the new local share on the electronic device, and l) delete the token seed, new fixed share, new remote share and new local share from the memory of the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Machani, Salah
Primary Examiner(s)
Lemma, Samson B
Assistant Examiner(s)
Amorin, Carlos E

Application Number

US15/180,284
Time in Patent Office

1,065 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/45   Structures or tools for the...

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

G06F 2221/2131   Lost password, e.g. recover...

H04L 2463/062   applying encryption of the ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3231   Biological data, e.g. finge...

Token seed protection for multi-factor authentication systems

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Token seed protection for multi-factor authentication systems

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links