Secure software authenticator data transfer between processing devices

US 9,270,649 B1
Filed: 03/11/2013
Issued: 02/23/2016
Est. Priority Date: 03/11/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a network connection between a first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes;

encrypting the software authenticator data;

transferring the encrypted software authenticator data from the first processing device to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device;

initiating re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device;

receiving, at the first processing device from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and

removing the first software authenticator from the first processing device responsive to receipt of the confirmation;

wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server;

wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and

wherein the code is configured to enable re-seeding of the second software authenticator.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method comprises establishing a network connection between the first processing device and the second processing device for transfer of data associated with a software authenticator from the first processing device to the second processing device, encrypting the software authenticator data with encryption that is separate from encryption used for the network connection, and transferring the encrypted software authenticator data from the first processing device to the second processing device. Another method comprises establishing the network connection between the first processing device and the second processing device for transfer of the software authenticator data, receiving encrypted data from the first processing device, wherein the encrypted data has encryption that is separate from encryption used for the network connection, decrypting the encrypted data to obtain data associated with a software authenticator and importing the software authenticator data into a software authenticator stored in a memory of the second processing device.

Citations

25 Claims

1. A method comprising:
- establishing a network connection between a first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes;
  
  encrypting the software authenticator data;
  
  transferring the encrypted software authenticator data from the first processing device to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device;
  
  initiating re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device;
  
  receiving, at the first processing device from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and
  
  removing the first software authenticator from the first processing device responsive to receipt of the confirmation;
  
  wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the network connection comprises one of a Bluetooth connection and a near field communication (NFC) connection.
  - 3. The method of claim 1, wherein the encrypting comprises:
    - retrieving the software authenticator data from a memory of the first processing device;
      
      serializing the software authenticator data; and
      
      encrypting the software authenticator data with a key derived from a user-specified password.
  - 4. The method of claim 1, wherein the first and second software authenticators comprise one-time passcode (OTP) generators.
  - 5. The method of claim 1, wherein the first and second software authenticators comprise software-implemented RSA SecurID®
    - tokens.
  - 6. The method of claim 1, further comprising exchanging a binding identification between the first processing device and the second processing device, the binding identification being used to encrypt the software authenticator data.
  - 7. The method of claim 1, wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
  - 8. The method of claim 1, wherein the software authenticator data further comprises at least one of a serial number, a display interval and one or more display digits utilized by the first software authenticator provisioned on the first processing device.

9. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a first processing device causes the first processing device:
- to establish a network connection with a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes;
  
  to encrypt the software authenticator data;
  
  to transfer the encrypted software authenticator data to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device;
  
  to initiate re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device;
  
  to receive, from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and
  
  to remove the first software authenticator from the first processing device responsive to receipt of the confirmation;
  
  wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.

10. An apparatus comprising:
- a first processing device comprising;
  
  network interface circuitry;
  
  a memory configured to store data associated with a first software authenticator provisioned on the first processing device; and
  
  a processor coupled to the memory;
  
  the first processing device under control of the processor being configured to;
  
  establish a network connection via the network interface circuitry between the first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by the first software authenticator provisioned on the first processing device to generate one or more passcodes;
  
  encrypt the software authenticator data;
  
  transfer the encrypted software authenticator data to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device;
  
  initiate re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device;
  
  receive, from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and
  
  remove the first software authenticator from the first processing device responsive to receipt of the confirmation;
  
  wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.
- View Dependent Claims (11, 12, 13)
- - 11. The apparatus of claim 10, wherein the first processing device and the second processing device comprise respective source and target mobile devices.
  - 12. The apparatus of claim 10, wherein the first processing device comprises at least one of a mobile phone, a tablet computing device and a laptop computer.
  - 13. The apparatus of claim 10, wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.

14. A method comprising:
- establishing a network connection between a first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes;
  
  receiving encrypted data from the first processing device;
  
  decrypting the encrypted data to obtain the software authenticator data;
  
  importing the software authenticator data into a second software authenticator stored in a memory of the second processing device;
  
  provisioning the second software authenticator on the second processing device utilizing the software authenticator data;
  
  re-seeding the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and
  
  sending a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data;
  
  wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device;
  
  wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the decrypting comprises:
    - deriving a key from a user-specified password;
      
      decrypting the encrypted data using the key; and
      
      de-serializing the decrypted data.
  - 16. The method of claim 14, further comprising exchanging a binding identification between the second processing device and the first processing device, the binding identification being used to decrypt the encrypted data.
  - 17. The method of claim 14, wherein re-seeding the second software authenticator renders the first processing device unable to utilize the first software authenticator.
  - 18. The method of claim 14, wherein re-seeding the second software authenticator comprises:
    - generating a new passcode utilizing the seed value transferred from the first processing device; and
      
      sending the new passcode to an authentication manager, wherein the new passcode triggers a silent alarm function in the authentication manager and wherein the authentication manager associates a new seed value with the second software authenticator responsive to matching the new passcode to a derived seed value stored in the authentication manager.
  - 19. The method of claim 14, wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.

20. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a second processing device causes the second processing device:
- to establish a network connection with a first processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes;
  
  to receive encrypted data from the first processing device;
  
  to decrypt the encrypted data to obtain the software authenticator data;
  
  to import the software authenticator data into a second software authenticator stored in a memory of the second processing device;
  
  to provision the second software authenticator on the second processing device utilizing the software authenticator data;
  
  to re-seed the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and
  
  to send a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data;
  
  wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device;
  
  wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.

21. An apparatus comprising:
- a first processing device comprising;
  
  network interface circuitry;
  
  a memory configured to store data associated with a first software authenticator; and
  
  a processor coupled to the memory;
  
  the first processing device under control of the processor being configured to;
  
  establish a network connection via the network interface circuitry between the first processing device and a second processing device for transfer of data associated with a software authenticator from the second processing device to the first processing device, the software authenticator data comprising a seed value utilized by a second software authenticator provisioned on the second processing device to generate one or more passcodes;
  
  receive encrypted data from the second processing device;
  
  decrypt the encrypted data to obtain the software authenticator data;
  
  import the software authenticator data into the first software authenticator stored in the memory;
  
  provision the first software authenticator on the first processing device utilizing the software authenticator data;
  
  re-seed the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and
  
  send a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data;
  
  wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device;
  
  wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server;
  
  wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and
  
  wherein the code is configured to enable re-seeding of the second software authenticator.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The apparatus of claim 21, wherein the first processing device and the second processing device comprise respective target and source mobile devices.
  - 23. The apparatus of claim 21, wherein the first processing device comprises at least one of a mobile phone, a tablet computing device and a laptop computer.
  - 24. The apparatus of claim 21, wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
  - 25. The apparatus of claim 21, wherein the first processing device is further configured to exchange a binding identification with the second processing device, the binding identification being used to encrypt the software authenticator data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Ng, Millie K.
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
Baum, Ronald

Application Number

US13/793,327
Time in Patent Office

1,079 Days
Field of Search

713/181
US Class Current

1/1
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04W 12/106   Packet or message integrity

H04W 4/80   Services using short range ...

Secure software authenticator data transfer between processing devices

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure software authenticator data transfer between processing devices

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links