Credential seed provisioning system
First Claim
1. A method comprising:
- receiving a plurality of credential seeds, each credential seed suitable for generating a one time password;
storing the plurality of credential seeds in a pre-active data store;
receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier;
locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier;
reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and
activating, by a computer, the first one of the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response to the indication that the one of the plurality of credential seeds is to be activated.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for efficiently storing and activating credential seeds that are embedded in authentication devices. Device manufacturers provide copies of credential seeds embedded in the devices to an authentication service. The authentication service stores the credential seeds for authentication devices in a pre-active credential seed data store. When a credential seed is needed to perform a real-time or near real-time authentication of a One Time Password, the credential is fetched from the pre-active credential seed data store, used to authenticate the OTP and injected into the active credential seed data store, which can be a database. Thereafter, the credential seed is fetched from the active credential seed data store for real-time and near real-time authentication of OTPs. The credential seeds can be stored in the data stores with additional information, such as user profile data, permissions and authorizations, OTP authentication algorithm information, metadata, OTP moving factor data, time-to-live, and other attributes.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving a plurality of credential seeds, each credential seed suitable for generating a one time password; storing the plurality of credential seeds in a pre-active data store; receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier; locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier; reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and activating, by a computer, the first one of the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response to the indication that the one of the plurality of credential seeds is to be activated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a pre-active data store storing a plurality of non-active credential seeds, each credential seed being suitable for generating a one time password for use by an authentication device; an active data store storing a plurality of active credential seeds; an index table that indicates the locations of the plurality of non-active credential seeds in the pre-active data store; an authentication module in communication with the index table, where the authentication module receives an indication to activate a credential seed, consults the index table, locates the credential seed to be activated and activates the credential seed by sending instructions to fetch the credential seed from the pre-active data store and store a copy of the credential seed in the active data store; and a data store interface module in communication with the pre-active data store, the active data store and the authentication module, where the data store receives instructions from the authentication module to fetch the credential seed from a data store and store a copy of the credential seed in a data store. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium storing a plurality of instructions that cause a computer to perform a method comprising:
-
receiving a plurality of credential seeds, each credential seed suitable for generating a being suitable for generating a one time password; storing the plurality of credential seeds in a pre-active data store; receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier; locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier; reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and activating the first one of a the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response. - View Dependent Claims (16, 17)
-
Specification