System and method for authentication seed distribution

US 20060256961A1
Filed: 11/02/2005
Published: 11/16/2006
Est. Priority Date: 05/04/1999
Status: Active Grant

First Claim

Patent Images

1. A method for distributing seed information associated with a device, comprising the steps of:

generating a master seed associated with the device;

deriving a derived seed using the master seed and information associated with a security sysem; and

transmitting the derived seed to the security system.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.

Citations

14 Claims

1. A method for distributing seed information associated with a device, comprising the steps of:
- generating a master seed associated with the device;
  
  deriving a derived seed using the master seed and information associated with a security sysem; and
  
  transmitting the derived seed to the security system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising, after generating transmitting the master seed to the device.
  - 3. The method of claim 1, further comprising, after generating sharing the master seed with the device and a server.
  - 4. The method of claim 1, further comprising, after transmitting:
    - deriving a second derived seed using the master seed and information associated with a second security system; and
      
      transmitting the second derived seed to the second security system.
  - 5. The method of claim 1, further comprising, after transmitting generating an authentication code in response to the derived seed.
  - 6. The method of claim 5, wherein authentication code generating further comprises generating an authentication code in response to the derived seed and a time dependent value.
  - 7. The method of claim 5, further comprising authenticating using the authentication code.
  - 8. The method of claim 7, wherein authenticating comprises authenticating a user or a device by verifying the authentication code.
  - 9. The method of claim 8 wherein authenticating further comprises transmitting the authentication code to the security system.
  - 10. The method of claim 1 wherein master seed generating comprises at least one of randomly generating and pseudorandomly generating the master seed.
  - 11. The method of claim 1 wherein deriving further comprises deriving the derived seed in response to a time identifier.
  - 12. The method of claim 1, wherein deriving comprises deriving the derived seed by using the master seed and information associated with a verifier as inputs to a key derivation function.
  - 13. The method of claim 12, wherein the key derivation function comprises a hash function.

14-29. -29. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Kaliski, Burton S. Jr., Rivest, Ronald L., Brainard, John G., Nystrom, Magnus

Granted Patent

US 7,502,467 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 9/0844   with user authentication or...

H04L 9/0869   involving random numbers or...

H04L 9/3234   involving additional secure...

System and method for authentication seed distribution

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication seed distribution

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links