Transferring soft token authentication capabilities to a new device
First Claim
1. A method of transferring soft token authentication capabilities from an old device to a new device, the method comprising:
- receiving, by processing circuitry, a transfer initiation message from the old device while the old device is currently provisioned with a first seed-based data structure as at least some of the soft token authentication capabilities, the transfer initiation message including new device binding information obtained by the old device from the new device;
providing, by the processing circuitry, a reply message to the old device in response to the transfer initiation message, the reply message directing the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information and on the first seed-based data structure;
receiving, by the processing circuitry, a provisioning message from the new device, the provisioning message including the authentication code from the old device; and
provisioning, by the processing circuitry, the new device with a second seed-based data structure as at least some of the soft token authentication capabilities in response to receipt of the provisioning message from the new device;
wherein receiving the transfer initiation message includes;
obtaining, as parts of the transfer initiation message, (i) a first message portion which includes the new device binding information in non-signed form and (ii) a second message portion which includes the new device binding information in a signed form, the second message portion operating as a signature of the old device; and
wherein the processing circuitry resides in an external server which is external to both the old device and the new device, the server being constructed and arranged to communicate with the old device and the new device over a network.
18 Assignments
0 Petitions
Accused Products
Abstract
A technique transfers soft token authentication capabilities from an old device to a new device. The technique involves receiving a transfer initiation message from the old device while the old device is currently provisioned with the soft token authentication capabilities. The transfer initiation message includes new device binding information obtained by the old device from the new device. The technique further involves providing a reply message to the old device in response to the transfer initiation message. The reply message directs the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information. The technique further involves receiving, from the new device, a provisioning message including the authentication code, and provisioning the new device with the soft token authentication capabilities in response to receipt of the provisioning message from the new device.
-
Citations
22 Claims
-
1. A method of transferring soft token authentication capabilities from an old device to a new device, the method comprising:
-
receiving, by processing circuitry, a transfer initiation message from the old device while the old device is currently provisioned with a first seed-based data structure as at least some of the soft token authentication capabilities, the transfer initiation message including new device binding information obtained by the old device from the new device; providing, by the processing circuitry, a reply message to the old device in response to the transfer initiation message, the reply message directing the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information and on the first seed-based data structure; receiving, by the processing circuitry, a provisioning message from the new device, the provisioning message including the authentication code from the old device; and provisioning, by the processing circuitry, the new device with a second seed-based data structure as at least some of the soft token authentication capabilities in response to receipt of the provisioning message from the new device; wherein receiving the transfer initiation message includes; obtaining, as parts of the transfer initiation message, (i) a first message portion which includes the new device binding information in non-signed form and (ii) a second message portion which includes the new device binding information in a signed form, the second message portion operating as a signature of the old device; and wherein the processing circuitry resides in an external server which is external to both the old device and the new device, the server being constructed and arranged to communicate with the old device and the new device over a network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An electronic apparatus, comprising:
-
a communications interface; memory; and control circuitry coupled to the communications interface and the memory, the memory storing instructions which, when carried out by the control circuitry, cause the control circuitry to; receive a transfer initiation message from an old device through the communications interface while the old device is currently provisioned with a first seed-based data structure as at least some of soft token authentication capabilities, the transfer initiation message including new device binding information obtained by the old device from a new device, provide a reply message to the old device through the communications interface in response to the transfer initiation message, the reply message directing the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information and on the first seed-based data structure, receive a provisioning message from the new device through the communications interface, the provisioning message including the authentication code from the old device, and provision the new device with a second seed-based data structure as at least some of the soft token authentication capabilities in response to receipt of the provisioning message from the new device; wherein the control circuitry, when receiving the transfer initiation message, is constructed and arranged to; obtain, as parts of the transfer initiation message, (i) a first message portion which includes the new device binding information in non-signed form and (ii) a second message portion which includes the new device binding information in a signed form, the second message portion operating as a signature of the old device; and wherein the control circuitry resides in an external server which is external to both the old device and the new device, the server being constructed and arranged to communicate with the old device and the new device over a network. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program product having a non-transitory computer readable medium which stores a set of instructions to transfer soft token authentication capabilities from an old device to a new device, the set of instructions, when carried out by computerized circuitry, causing the computerized circuitry to perform a method of:
-
receiving, by the computerized circuitry, a transfer initiation message from the old device while the old device is currently provisioned with a first seed-based data structure as at least some of the soft token authentication capabilities, the transfer initiation message including new device binding information obtained by the old device from the new device; providing, by the computerized circuitry, a reply message to the old device in response to the transfer initiation message, the reply message directing the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information and on the first seed-based data structure; receiving, by the computerized circuitry, a provisioning message from the new device, the provisioning message including the authentication code from the old device; and provisioning, by the computerized circuitry, the new device with a second seed-based data structure as at least some of the soft token authentication capabilities in response to receipt of the provisioning message from the new device; wherein receiving the transfer initiation message includes; obtaining, as parts of the transfer initiation message, (i) a first message portion which includes the new device binding information in non-signed form and (ii) a second message portion which includes the new device binding information in a signed form, the second message portion operating as a signature of the old device; and wherein the computerized circuitry resides in an external server which is external to both the old device and the new device, the server being constructed and arranged to communicate with the old device and the new device over a network. - View Dependent Claims (20, 21, 22)
-
Specification