Token recycling
First Claim
1. A method comprising:
- establishing a first secure connection between a locked token and a security server system through a client device coupled to the locked token;
activating a process to unlock the locked token via the first secure connection;
establishing a second secure connection between the client device and the security server system in response to activating the process to unlock the locked token, wherein the second secure connection differs from the first secure connection;
prompting a user for an authentication credential via the second secure connection;
determining that the user has correctly provided the authentication credential; and
unlocking, by a processor, the locked token in response to determining that the user has correctly provided the authentication credential, the unlocking comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide for recycling a locked token in an enterprise. A secure connection can be established between a locked token and a server and a security process activated to determine an identity of an authorized user of the locked token. An unlock procedure can be activated to unlock the locked token upon receipt of an out-of-band parameter associated with a requester of the unlock procedure to produce an unlocked token. The out-of-band parameter can be provided by the requester of the unlock procedure in an independent communication to an enterprise agent associated with the security server so as to verify that the requester is the authorized user of the locked token. A password reset process associated with a new password for the unlocked token can be activated to provide an assigned password or a password entered by the requester.
210 Citations
16 Claims
-
1. A method comprising:
-
establishing a first secure connection between a locked token and a security server system through a client device coupled to the locked token; activating a process to unlock the locked token via the first secure connection; establishing a second secure connection between the client device and the security server system in response to activating the process to unlock the locked token, wherein the second secure connection differs from the first secure connection; prompting a user for an authentication credential via the second secure connection; determining that the user has correctly provided the authentication credential; and unlocking, by a processor, the locked token in response to determining that the user has correctly provided the authentication credential, the unlocking comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
a security server system to; establish a first secure connection between a locked token and the security server system through a client device coupled to the locked token; activate a process to unlock the locked token via the first secure connection; establish a second secure connection between the client device and the security server system in response to activating the process to unlock the locked token, wherein the second secure connection differs from the first secure connection; prompt a user for an authentication credential via the second secure connection; determine that the user has correctly provided the authentication credential; and unlock, by a processor, the locked token in response to determining that the user has correctly provided the authentication credential, the unlock comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system.
-
6. A non-transitory computer readable medium comprising computer executable instructions, that when executed by a processor cause the processor to perform operations comprising:
-
establishing a first secure connection between a locked token and a security server system through a client device coupled to the locked token; activating a process to unlock the locked token via the first secure connection; establishing a second secure connection between the client device and the security server system in response to activating the process to unlock the locked token, wherein the second secure connection differs from the first secure connection; prompting a user for an authentication credential via the second secure connection; determining that the user has correctly provided the authentication credential; and unlocking, by the processor, the locked token in response to determining that the user has correctly provided the authentication credential, the unlocking comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system.
-
-
7. A security server system comprising:
-
a communication interface; a data store; and a processor coupled to the communication interface and the data store, the processor to; establish a first secure channel between a locked token and the security server system through a client device coupled to the locked token; activate a process to unlock the locked token via the first secure channel; establish a second secure channel between the client device and the security server system in response to activating the process to unlock the locked token, wherein the second secure channel differs from the first secure channel; prompt a user for an authentication credential via the second secure channel; determine that the user has correctly provided the authentication credential; and unlock the locked token in response to determining that the user has correctly provided the authentication credential the unlock comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system. - View Dependent Claims (8)
-
-
9. An enterprise security client (ESC) comprising:
-
a token interface; a communication interface; and a processor coupled to the token interface and the communication interface, the processor to; establish a first secure connection between a locked token and a security server system; activate a process to unlock the locked token via the first secure connection; establish a second secure connection with the security server system in response to activating the process to unlock the locked token, wherein the second secure connection differs from the first secure connection; receive an indication that the security server system has verified an identity of a user via the second secure connection; and unlock the locked token in response to the indication, the unlock comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system. - View Dependent Claims (10)
-
-
11. A computer system comprising:
-
a memory; and a processor coupled to the memory, the processor to; establish a first secure channel between a locked token and a security server system through an enterprise security client (ESC), wherein the ESC is coupled to the locked token; activate a process to unlock the locked token via the first secure channel; establish a second secure channel between the ESC and the security server system in response to activating the process to unlock the locked token, wherein the second secure channel differs from the first secure channel; prompt a user for an authentication credential via the second secure channel; determine that the user has correctly provided the authentication credential; and unlock the locked token in response to determining that the user has correctly provided the authentication credential, the unlock comprising mutually authenticating the locked token and the security server system using symmetric keys derived from a master key, wherein the symmetric keys are stored in the locked token and the security server system. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification