Authenticated remote PIN unblock
First Claim
Patent Images
1. A system which facilitates an authenticated user to unblock a temporarily blocked security token comprising:
- a security executive associated with said token, an unblock applet associated with said security executive, a first secret associated with at least one unblock inquiry, and a first shared secret associated with said unblock applet;
a client functionally connected to said security token including;
at least one client application for initiating an unblock procedure with said security token and a remote server, said remote server in processing communications with said client including;
said at least one unblock inquiry, at least one unblock service application, responsive to said at least one client application, and a second shared secret, wherein said at least one unblock inquiry and said second shared secret are progressively sent to said unlock applet for unblocking said security token.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases ire stored on a remote sever during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for fixture comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token'"'"'s serial number. A PIN unblock applet provides the administrative mechanisms to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. The administrative unblock shared secret is encrypted with the token'"'"'s public key during transport to maximize security.
-
Citations
24 Claims
-
1. A system which facilitates an authenticated user to unblock a temporarily blocked security token comprising:
-
a security executive associated with said token, an unblock applet associated with said security executive, a first secret associated with at least one unblock inquiry, and a first shared secret associated with said unblock applet;
a client functionally connected to said security token including;
at least one client application for initiating an unblock procedure with said security token and a remote server, said remote server in processing communications with said client including;
said at least one unblock inquiry, at least one unblock service application, responsive to said at least one client application, and a second shared secret, wherein said at least one unblock inquiry and said second shared secret are progressively sent to said unlock applet for unblocking said security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for generating and storing at least one passphrase and answers associated with said at least one passphrase, facilitating an authenticated user to unblock a temporarily blocked security token comprising:
-
generating said at least one passphrase, associating said at least one passphrase with a unique identifier, storing said at least one passphrase on a server in a manner retrievable using said unique identifier, generating said answers associated with said at least one passphrase, performing a message digest function on said answers associated with said at least one passphrase, storing a result of said message digest function in a security token associated with said authenticated user, and wherein said unique identifier is associated with said security token. - View Dependent Claims (16)
-
-
17. A method which facilitates an authenticated user to unblock a temporarily blocked security token composing:
-
a. executing a PIN unblock application on a local client in which said security token operatively is connected, b. passing a set of parameters from said security token via said PIN unblock application to a remote PIN unblock service, c. using at least one of said set of parameters for retrieving and locally displaying at least one passphrase from said PIN unblock service, d. entering an appropriate response to said at least one passphrase, e. performing a mathematical function on said appropriate response, f. comparing said result of said mathematical function to an existing reference, g. sending a confirmatory message to said remote PIN unblock service if said result of said mathematical function matches said existing reference or ending processing if no match is found, h. retrieving an unblocking secret using said at least one of said set of parameters upon receipt of said confirmatory message, i. sending said unblocking secret to said security token, j. unblocking said security token using said unblocking secret. - View Dependent Claims (18, 19, 20)
-
-
21. A computer program product embodied in a tangible form which provides computer executable instructions to perform the steps of:
-
a. generating user display and input dialogs, b. passing a set of parameters from said security token via said PIN unblock application to a remote PIN unblock service, c. using at least one of said set of parameters for retrieving and locally displaying at least one passphrase from said PIN unblock service, d. prompting for entry of an appropriate response to said at least one passphrase, e. performing a mathematical function on said appropriate response, f. comparing said result of said mathematical function to an existing reference, g. sending a confirmatory message to said remote PIN unblock service if said result of said mathematical function matches said existing reference or ending processing if no match is found, h. retrieving an unblocking secret using said at least one of said set of parameters upon receipt of said confirmatory message, i. sending said unblocking secret to said security token, j. unblocking said security token using said unblocking secret. - View Dependent Claims (22, 23, 24)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeActivCard Co.
-
Original AssigneeActivCard Co.
-
InventorsPriebatsch, Mark Herbert
-
Application NumberUS10/305,179Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/202CPC Class CodesG06F 21/31 User authenticationG06F 21/33 using certificatesG06F 21/34 involving the use of extern...G06F 2221/2131 Lost password, e.g. recover...G07F 7/1016 Devices or methods for secu...H04L 63/083 using passwords cryptograph...H04L 63/0853 using an additional device,...H04L 9/3226 using a predetermined code,...H04L 9/3271 using challenge-response
