METHOD AND SYSTEM FOR TOKEN RECYCLING
First Claim
1. A method of recycling a locked token in an enterprise having an enterprise security client (ESC) including a token interface and a security server, the locked token locked in accordance with a security operation including a response to a failed authentication attempt, the method comprising:
- establishing a secure connection between the locked token and the security server;
activating a security process in the security server to determine an identity of an authorized user of the locked token; and
activating an unlock procedure to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token,wherein the out-of-band parameter is provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide for recycling a locked token in an enterprise. A secure connection can be established between a locked token and a server and a security process activated to determine an identity of an authorized user of the locked token. An unlock procedure can be activated to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token. The out-of-band parameter can be provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token. A password reset process associated with a new password for the unlocked token can be activated to provide an assigned password or a password entered by the requester.
-
Citations
19 Claims
-
1. A method of recycling a locked token in an enterprise having an enterprise security client (ESC) including a token interface and a security server, the locked token locked in accordance with a security operation including a response to a failed authentication attempt, the method comprising:
-
establishing a secure connection between the locked token and the security server; activating a security process in the security server to determine an identity of an authorized user of the locked token; and activating an unlock procedure to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token, wherein the out-of-band parameter is provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security server in an enterprise computer system for recycling a locked token, the enterprise computer system including at least an enterprise security client (ESC) and a token interface, the security server comprising:
-
a communication interface; a data store; and a processor coupled to the communication interface and the data store, the processor configured to; establish a secure channel between the security server and the locked token over the communication interface to process a request from a requester associated with the ESC to unlock the locked token; locate a first identity of an owner of the locked token, the first identity stored in the data store with information associated with the locked token; and unlock the locked token if a flag stored in the data store in association with the information indicates that a second identity of the requester has been independently verified as matching the first identity of the owner of the locked token. - View Dependent Claims (9, 10)
-
-
11. An enterprise security client (ESC) in a computer system for facilitating the unlocking of a locked token, the computer system including a security server, the enterprise security client comprising:
-
a token interface; a communication interface; and a client processor coupled to the token interface and the communication interface, the client processor configured to; activate a token unlock process associated with the connection of the locked token to the token interface, the activation of the token unlock process associated with a request to the server by a requester to unlock the token; and facilitate a secure channel established between a server-based authentication process and token unlock process in response to the request to unlock the token, wherein; the server-based authentication process and the token unlock process mutually authenticate a security parameter independently stored in the locked token and the security server; and the server-based authentication process unlocks the locked token after independently verifying that an identity of the requester matches an identity of the owner of the locked token stored in the security server. - View Dependent Claims (12)
-
-
13. A computer system for recycling a locked token in an enterprise, the computer system comprising:
-
a server; an enterprise security client (ESC); a token interface; and a communication channel connecting the server, the ESC and the token interface, wherein; a secure communication is established between the locked token and the server through the ESC and the communication channel in response to a request made by a requester to unlock the locked token; the server and the locked token are configured to mutually authenticate upon successfully validating an authentication credential independently obtained by an enterprise agent, the authentication credential verifying an identity of the requester; and the locked token is unlocked based on a successful result of the mutual authentication and the validation of the authentication credential. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification