×

Token seed protection for multi-factor authentication systems

  • US 10,289,835 B1
  • Filed: 06/13/2016
  • Issued: 05/14/2019
  • Est. Priority Date: 06/13/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method of protecting a token seed, the method comprising:

  • inputting, by a user device, a personal identification number from a user of the user device;

    deriving a fixed share from the input personal identification number using a key derivation function;

    splitting the token seed, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, wherein the token seed can only be reconstructed using any two of the three shares;

    storing the remote share on a remote server at least in part by i) generating an encrypted version of the remote share by performing a key wrapping operation on the remote share using the local share as a key wrapping key, and ii) storing the encrypted version of the remote share on the remote server;

    storing an encrypted version of the local share on the user device;

    discarding the token seed, fixed share, remote share and local share from the user device; and

    after the token seed has been discarded from the user device, i) generating a current token code by reconstructing the token seed on the user device using two of the three shares and generating the current token code using the reconstructed token seed, and ii) accessing a secure resource from the user device by presenting the current token code to an authentication server that is responsible for controlling access to the secure resource.

View all claims
  • 13 Assignments
Timeline View
Assignment View
    ×
    ×