Credential seed provisioning system

US 8,590,030 B1
Filed: 04/14/2011
Issued: 11/19/2013
Est. Priority Date: 04/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a plurality of credential seeds, each credential seed suitable for generating a one time password;

storing the plurality of credential seeds in a pre-active data store;

receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier;

locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier;

reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and

activating, by a computer, the first one of the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response to the indication that the one of the plurality of credential seeds is to be activated.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for efficiently storing and activating credential seeds that are embedded in authentication devices. Device manufacturers provide copies of credential seeds embedded in the devices to an authentication service. The authentication service stores the credential seeds for authentication devices in a pre-active credential seed data store. When a credential seed is needed to perform a real-time or near real-time authentication of a One Time Password, the credential is fetched from the pre-active credential seed data store, used to authenticate the OTP and injected into the active credential seed data store, which can be a database. Thereafter, the credential seed is fetched from the active credential seed data store for real-time and near real-time authentication of OTPs. The credential seeds can be stored in the data stores with additional information, such as user profile data, permissions and authorizations, OTP authentication algorithm information, metadata, OTP moving factor data, time-to-live, and other attributes.

Citations

17 Claims

1. A method comprising:
- receiving a plurality of credential seeds, each credential seed suitable for generating a one time password;
  
  storing the plurality of credential seeds in a pre-active data store;
  
  receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier;
  
  locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier;
  
  reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and
  
  activating, by a computer, the first one of the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response to the indication that the one of the plurality of credential seeds is to be activated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein receiving the indication comprises receiving a request to authenticate the one time password an OTP, the request including the authentication device identifier.
  - 3. The method of claim 1, wherein receiving the indication indicates a request to activate the first one of the plurality of credential seeds based upon the authentication device identifier.
  - 4. The method of claim 2, further comprising authenticating the one time password based upon the first one of the plurality of credential seeds from the pre-active data store.
  - 5. The method of claim 1, wherein the pre-active data store comprises one or more flat files.
  - 6. The method of claim 1, wherein the active data store comprises at least one table in a relational database.
  - 7. The method of claim 1, wherein the active data store further stores at least one from the group of a manufacturer identifier, a token identifier and an authentication algorithm identifier.
  - 8. The method of claim 1, wherein locating the first one of the plurality of credential seeds to be activated comprises searching an index table.
  - 9. The method of claim 1, wherein the plurality of credential seeds stored in the pre-active data store are linked in a group such that activating one credential seed automatically activates the other credential seeds in the group.

10. A system comprising:
- a pre-active data store storing a plurality of non-active credential seeds, each credential seed being suitable for generating a one time password for use by an authentication device;
  
  an active data store storing a plurality of active credential seeds;
  
  an index table that indicates the locations of the plurality of non-active credential seeds in the pre-active data store;
  
  an authentication module in communication with the index table, where the authentication module receives an indication to activate a credential seed, consults the index table, locates the credential seed to be activated and activates the credential seed by sending instructions to fetch the credential seed from the pre-active data store and store a copy of the credential seed in the active data store; and
  
  a data store interface module in communication with the pre-active data store, the active data store and the authentication module, where the data store receives instructions from the authentication module to fetch the credential seed from a data store and store a copy of the credential seed in a data store.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the pre-active data store comprises at least one flat file.
  - 12. The system of claim 10, wherein the active data store comprises at least one table in a relational database.
  - 13. The system of claim 10, wherein the authentication module authenticates the one time password.
  - 14. The system of claim 10, further comprising a credential seed loader module that receives credential seeds through an out-of-band channel and causes the credential seeds to be stored in the pre-active data store.

15. A non-transitory computer readable medium storing a plurality of instructions that cause a computer to perform a method comprising:
- receiving a plurality of credential seeds, each credential seed suitable for generating a being suitable for generating a one time password;
  
  storing the plurality of credential seeds in a pre-active data store;
  
  receiving an indication that a first one of the plurality of credential seeds is to be activated, the indication including an authentication device identifier;
  
  locating the first one of the plurality of credential seeds to be activated in the pre-active data store based upon the authentication device identifier;
  
  reading the first one of the plurality of credential seeds to be activated from the pre-active data store; and
  
  activating the first one of a the plurality of credential seeds by storing a copy of the first one of the plurality of credential seeds in an active data store in response.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer readable medium of claim 15 storing a plurality of instructions that cause a computer to further perform a method comprising receiving a request to authenticate an one time password.
  - 17. The non-transitory computer readable medium of claim 15 storing a plurality of instructions that cause a computer to further perform a method comprising authenticating a one time password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Pei, Mingliang
Primary Examiner(s)
Hirl, Joseph P.
Assistant Examiner(s)
King, John B

Application Number

US13/086,946
Time in Patent Office

950 Days
Field of Search

726 1- 3, 726/5, 726/9
US Class Current

726/9
CPC Class Codes

H04L 63/0838 using one-time-passwords

Credential seed provisioning system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Credential seed provisioning system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links