Authenticated remote PIN unblock
First Claim
1. A system which facilitates an authenticated user to unblock a temporarily blocked security token comprising:
- a security executive associated with said token, an unblock applet associated with said security executive, a first secret associated with at least one unblock inquiry, and a first shared secret associated with said unblock applet;
a client functionally connected to said security token including;
at least one client application for initiating an unblock procedure with said security token and a remote server, said remote server in processing communications with said client including;
said at least one unblock inquiry, at least one unblock service application, responsive to said at least one client application, and a second shared secret, wherein said at least one unblock inquiry and said second shared secret are progressively sent to said unlock applet for unblocking said security token.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases ire stored on a remote sever during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for fixture comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token'"'"'s serial number. A PIN unblock applet provides the administrative mechanisms to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. The administrative unblock shared secret is encrypted with the token'"'"'s public key during transport to maximize security.
-
Citations
24 Claims
-
1. A system which facilitates an authenticated user to unblock a temporarily blocked security token comprising:
-
a security executive associated with said token, an unblock applet associated with said security executive, a first secret associated with at least one unblock inquiry, and a first shared secret associated with said unblock applet;
a client functionally connected to said security token including;
at least one client application for initiating an unblock procedure with said security token and a remote server, said remote server in processing communications with said client including;
said at least one unblock inquiry, at least one unblock service application, responsive to said at least one client application, and a second shared secret, wherein said at least one unblock inquiry and said second shared secret are progressively sent to said unlock applet for unblocking said security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for generating and storing at least one passphrase and answers associated with said at least one passphrase, facilitating an authenticated user to unblock a temporarily blocked security token comprising:
-
generating said at least one passphrase, associating said at least one passphrase with a unique identifier, storing said at least one passphrase on a server in a manner retrievable using said unique identifier, generating said answers associated with said at least one passphrase, performing a message digest function on said answers associated with said at least one passphrase, storing a result of said message digest function in a security token associated with said authenticated user, and wherein said unique identifier is associated with said security token. - View Dependent Claims (16)
-
-
17. A method which facilitates an authenticated user to unblock a temporarily blocked security token composing:
-
a. executing a PIN unblock application on a local client in which said security token operatively is connected, b. passing a set of parameters from said security token via said PIN unblock application to a remote PIN unblock service, c. using at least one of said set of parameters for retrieving and locally displaying at least one passphrase from said PIN unblock service, d. entering an appropriate response to said at least one passphrase, e. performing a mathematical function on said appropriate response, f. comparing said result of said mathematical function to an existing reference, g. sending a confirmatory message to said remote PIN unblock service if said result of said mathematical function matches said existing reference or ending processing if no match is found, h. retrieving an unblocking secret using said at least one of said set of parameters upon receipt of said confirmatory message, i. sending said unblocking secret to said security token, j. unblocking said security token using said unblocking secret. - View Dependent Claims (18, 19, 20)
-
-
21. A computer program product embodied in a tangible form which provides computer executable instructions to perform the steps of:
-
a. generating user display and input dialogs, b. passing a set of parameters from said security token via said PIN unblock application to a remote PIN unblock service, c. using at least one of said set of parameters for retrieving and locally displaying at least one passphrase from said PIN unblock service, d. prompting for entry of an appropriate response to said at least one passphrase, e. performing a mathematical function on said appropriate response, f. comparing said result of said mathematical function to an existing reference, g. sending a confirmatory message to said remote PIN unblock service if said result of said mathematical function matches said existing reference or ending processing if no match is found, h. retrieving an unblocking secret using said at least one of said set of parameters upon receipt of said confirmatory message, i. sending said unblocking secret to said security token, j. unblocking said security token using said unblocking secret. - View Dependent Claims (22, 23, 24)
-
Specification