Server mediated security token access
First Claim
1. A server mediated security token access method comprising the steps of:
- a. exchanging one or more critical security parameters between a security token enabled client, a security token operatively coupled to said security token enabled client and an authentication server, wherein said security token is generally unavailable to a user due to implementation of a security policy or a processing limitation, b. performing a plurality of authentication transactions between at least said security token and said authentication server using said one or more critical security parameters, and c. allowing said user access to one or more security token resources following successful completion of said plurality of authentication transactions.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product for accessing one or more security token resources using an authentication server as an intermediary before access is permitted to the security token resources. The server intermediary performs an initial authentication based on a user supplied critical security parameter. To ensure confidentiality of transported critical security parameters, a secure messaging session is established which provides end-to-end security between the authentication server and the security token. A second critical security parameter is then sent to the security token. The security token authenticates the second critical security parameter and allows access token resources. Alternate secure communications mechanisms and an invalid entry counter reset capability are also described.
-
Citations
31 Claims
-
1. A server mediated security token access method comprising the steps of:
-
a. exchanging one or more critical security parameters between a security token enabled client, a security token operatively coupled to said security token enabled client and an authentication server, wherein said security token is generally unavailable to a user due to implementation of a security policy or a processing limitation, b. performing a plurality of authentication transactions between at least said security token and said authentication server using said one or more critical security parameters, and c. allowing said user access to one or more security token resources following successful completion of said plurality of authentication transactions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A server mediated security token access system comprising:
-
a security token enabled client in processing communications with an authentication server and an operatively coupled security token, wherein said security token enabled client includes means for;
receiving a first critical security parameter from a user, exchanging a plurality of critical security parameters between said security token and said authentication server, wherein said first critical security parameter is a member of said plurality of critical security parameters, generating an access request which incorporates a unique identifier associated with said security token, sending an access request and at least one member of said plurality of critical security parameters to said authentication server, and said authentication server including means for;
authenticating said user via at least said at least one member, obtaining a second critical security parameter having an association with said security token, wherein said second critical security parameter is also a member of said plurality of critical security parameters, and sending said second critical security parameter to said security token;
said security token including means for;
authenticating said second critical security parameter, and allowing access to one or more security token resources following successful authentication of said second critical security parameter. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A server mediated security token access system comprising:
-
a security token enabled client in processing communications with an authentication server and an operatively coupled security token including;
a user input means;
a first processor;
a first memory operatively coupled to said first processor;
a client application operatively stored in at least a portion of said first memory having logical instructions executable by said first processor to;
receive a first critical security parameter from said user input means, exchange a plurality of critical security parameters between said security token and said authentication server, wherein said first critical security parameter is a member of said plurality of critical security parameters, generate an access request which incorporates a unique identifier associated with said security token, and send said access request to said authentication server;
said authentication server including;
a second processor;
a second memory operatively coupled to said second processor;
a server application operatively stored in at least a portion of said second memory having logical instructions executable by said second processor to;
authenticate a user via said first critical security parameter, obtain a second critical security parameter associated with said security token via said unique identifier, wherein said second critical security parameter is also a member of said plurality of critical security parameters, and send said second critical security parameter to said security token; and
said security token including;
a third processor;
a third memory operatively coupled to said third processor;
a security executive application operatively stored in at least a portion of said third memory having logical instructions executable by said third processor to;
authenticate said second critical security parameter, and allow access to one or more security token resources following successful authentication of said second critical security parameter;
wherein said security token is generally unavailable to said user due to implementation of a security policy or a processing limitation. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 30, 31)
-
-
29. A computer program product embodied in a tangible form readable by a plurality of processors in processing communications, wherein said computer program product includes executable instructions stored thereon for causing one or more of said plurality of processors to;
-
a. exchange a plurality of critical security parameters between a first processor, a second processor and a third processor, b. authenticate a first member of said plurality of critical security parameters received by said second processor, c. send a second member of said plurality of critical security parameters to said third processor following authentication of said first member of said plurality of critical security parameters by said second processor, d. authenticate said second member of said plurality of critical security parameters by said third processor, and e. allow access to a memory coupled to said third processor following successful authentication of said second member of said plurality of critical security parameters.
-
Specification