Soft token posture assessment
First Claim
1. A method of assessing a security status of a device on which a soft token is run, comprising:
- collecting device posture information by the device pertaining to at least one of the device'"'"'s software status hardware status or environmental context, the device posture information providing an indication of whether the device has been subjected to malicious activity;
generating token codes by the soft token on the device for enabling a user of the device to authenticate to a server; and
initiating transmission of the collected device posture information from the device to the server,wherein collectin device posture information includes running multiple inquiry procedures on the device, receiving respective responses to the inquiry procedures, and storing the responses to the inquiry procedures for transmission to the server, andwherein initiating transmission of the collected device posture information from the device to the server includes;
assigning different portions of the device posture information to multiple sequences of auxiliary bits;
blending different sequences of auxiliary bits with respective token codes from the soft token on the device to generate respective passcodes; and
displaying the passcodes to the user for manual transfer by the user to a computing machine connected to the server over a network.
18 Assignments
0 Petitions
Accused Products
Abstract
An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
-
Citations
20 Claims
-
1. A method of assessing a security status of a device on which a soft token is run, comprising:
-
collecting device posture information by the device pertaining to at least one of the device'"'"'s software status hardware status or environmental context, the device posture information providing an indication of whether the device has been subjected to malicious activity; generating token codes by the soft token on the device for enabling a user of the device to authenticate to a server; and initiating transmission of the collected device posture information from the device to the server, wherein collectin device posture information includes running multiple inquiry procedures on the device, receiving respective responses to the inquiry procedures, and storing the responses to the inquiry procedures for transmission to the server, and wherein initiating transmission of the collected device posture information from the device to the server includes; assigning different portions of the device posture information to multiple sequences of auxiliary bits; blending different sequences of auxiliary bits with respective token codes from the soft token on the device to generate respective passcodes; and displaying the passcodes to the user for manual transfer by the user to a computing machine connected to the server over a network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A device including a soft token for generating token codes for authenticating a user to a server, the device comprising:
-
a set of processors; and memory, coupled to the set of processors, the memory constructed and arranged to store instructions executable by the set of processors, wherein the set of processors executing instructions from the memory forms a specialized circuit constructed and arranged to; collect device posture information by the device pertaining to at least one of the device'"'"'s software status, hardware status, or environmental context, the device posture information providing an indication of whether the device has been subjected to malicious activity; generate token codes by the soft token on the device for enabling the user of the device to authenticate to the server; and initiate transmission of the collected device posture information from the device to the server, wherein when constructed and arranged to initiate transmission of the collected device posture information from the device to the server, the specialized circuit is further constructed and arranged to; assign different portions of the device posture information to multiple sequences of auxiliary bits; blend different sequences of auxiliary bits with respective token codes from the soft token on the device to generate respective passcodes; and display the passcodes to the user for manual transfer by the user to a computing machine connected to the server over a network.
-
-
19. A non-transitory computer readable medium including instructions which, when executed by a set of processors of a device, cause the set of processors to perform a method of assessing a security status of a device on which a soft token is run, the method comprising:
-
collecting device posture information by the device pertaining to at least one of the device'"'"'s software status, hardware status, or environmental context, the device posture information providing an indication of whether the device has been subjected to malicious activity; generating token codes by the soft token on the device for enabling a user of the device to authenticate to a server; generating a set of passcodes that include a combination of token codes generated by the soft token on the device and device posture information collected by the device and initiating transmission of the collected device posture information from the device to the server, wherein initiating transmission of the collected device posture information from the device to the server includes; assigning different portions of the device posture information to multiple sequences of auxiliary bits; blending different sequences of auxiliary bits with respective token codes from the soft token on the device to generate respective passcodes; and displaying the passcodes to the user for manual transfer by the user to a computing machine connected to the server over a network. - View Dependent Claims (20)
-
Specification