System and method for authentication seed distribution
First Claim
1. A method for distributing seed information associated with a device, said method comprising:
- generating a master seed associated with the device;
deriving a derived seed from the master seed and information associated with a security system; and
sharing with the security system a value that is derived from the derived seed, wherein the security system cannot access the master seed.
14 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.
-
Citations
42 Claims
-
1. A method for distributing seed information associated with a device, said method comprising:
-
generating a master seed associated with the device; deriving a derived seed from the master seed and information associated with a security system; and sharing with the security system a value that is derived from the derived seed, wherein the security system cannot access the master seed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of authenticating a device to a security system based on a master seed associated with the device, said method comprising:
-
deriving a derived seed using the master seed and information associated with the security system; isolating the master seed from the security system such that the security system cannot access the master seed; in the security system. generating an authentication code based at least in part on the derived seed; using the authentication code to authenticate the device; and storing a static password in the device and using the static password along with the derived seed to perform authentication with the security system.
-
-
30. A method comprising:
-
at a user device, calculating a verifier seed by applying a cryptographic function to a master seed and to a verifier identifier, the master seed being uniquely associated with the user device, the verifier identifier being associated with a security system; at a host server, the host server storing the master seed associated with the user device and the verifier identifier associated with the security system, calculating the verifier seed by applying the cryptographic function to the master seed and to the verifier identifier; transmitting the calculated verifier seed from the host server to the security system by a secure mechanism, the security system having no access to the master seed; transmitting an authentication message from the user device to the security system; and at the security system, authenticating, based on the received authentication message and the received calculated verifier seed, that the user device is in possession of the verifier seed. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification