Automated token renewal using OTP-based authentication codes
First Claim
1. A method performed by a computing system for renewing a remote token, the method comprising:
- receiving an activation code from the remote token across a network, the activation code including an identification of the remote token, the identification of the remote token within the activation code including an incomplete portion of a serial number of the remote token, the activation code serving to identify the remote token to the computing system;
verifying that the activation code was cryptographically generated with reference to a one-time passcode (OTP) generated by the identified remote token using an initial key assigned to the remote token, wherein verifying includes;
identifying a set of test tokens such that;
each identified test token has an expiration date within a fixed time period after receiving the activation code; and
each identified test token has a serial number containing the incomplete portion of the serial number;
calculating a plurality of OTPs based on an initial key assigned to various test tokens of the set of test tokens for a plurality of different time values; and
confirming that the activation code was generated with reference to the plurality of OTPs for the plurality of different time values for a particular test token of the set of test tokens; and
in response to verifying, negotiating a new key with the remote token, the new key to be assigned to the remote token for use in producing OTPs in the future, wherein negotiating the new key with the remote token includes using one of the Cryptographic Token Key Initialization Protocol (CT-KIP) and the Dynamic Symmetric Key Provisioning Protocol (DSK-PP).
18 Assignments
0 Petitions
Accused Products
Abstract
One embodiment is described of a method performed by a computing device for renewing a remote token. The method includes (a) receiving an activation code from the remote token across a network, the activation code including an identification of the token, (b) verifying that the activation code was cryptographically generated with reference to a one-time passcode (OTP) generated by the identified token using an initial key assigned to the token, and (c) in response to verifying, negotiating a new key with the token, the new key to be assigned to the token for use in producing OTPs in the future. Related computer program products, systems, and apparatuses are also described.
-
Citations
12 Claims
-
1. A method performed by a computing system for renewing a remote token, the method comprising:
-
receiving an activation code from the remote token across a network, the activation code including an identification of the remote token, the identification of the remote token within the activation code including an incomplete portion of a serial number of the remote token, the activation code serving to identify the remote token to the computing system; verifying that the activation code was cryptographically generated with reference to a one-time passcode (OTP) generated by the identified remote token using an initial key assigned to the remote token, wherein verifying includes; identifying a set of test tokens such that; each identified test token has an expiration date within a fixed time period after receiving the activation code; and each identified test token has a serial number containing the incomplete portion of the serial number; calculating a plurality of OTPs based on an initial key assigned to various test tokens of the set of test tokens for a plurality of different time values; and confirming that the activation code was generated with reference to the plurality of OTPs for the plurality of different time values for a particular test token of the set of test tokens; and in response to verifying, negotiating a new key with the remote token, the new key to be assigned to the remote token for use in producing OTPs in the future, wherein negotiating the new key with the remote token includes using one of the Cryptographic Token Key Initialization Protocol (CT-KIP) and the Dynamic Symmetric Key Provisioning Protocol (DSK-PP). - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
network interface circuitry for communicating with a remote token over a network; processing circuitry configured to; receive, via the network interface, an activation code from the remote token across the network, the activation code including an identification of the remote token, the identification of the remote token within the activation code including an incomplete portion of a serial number of the remote token, the activation code serving to identify the remote token to the system; verify that the activation code was cryptographically generated with reference to a one-time passcode (OTP) generated by the identified remote token using an initial key assigned to the remote token, wherein verifying includes; identifying a set of test tokens such that; each identified test token has an expiration date within a fixed time period after receiving the activation code; and each identified test token has a serial number containing the incomplete portion of the serial number; calculating a plurality of OTPs based on an initial key assigned to various test tokens of the set of test tokens for a plurality of different time values; and confirming that the activation code was generated with reference to the plurality of OTPs for the plurality of different time values for a particular test token of the set of test tokens; and in response to verifying, negotiate, via the network interface, a new key with the remote token, the new key to be assigned to the remote token for use in producing OTPs in the future, wherein negotiating the new key with the remote token includes using one of the Cryptographic Token Key Initialization Protocol (CT-KIP) and the Dynamic Symmetric Key Provisioning Protocol (DSK-PP). - View Dependent Claims (7, 8, 9)
-
-
10. A computer program product comprising a non-transitory computer-readable storage medium that stores a set of instructions, which, when executed by a computing device, causes the computing device to renew a token operating thereon by:
-
cryptographically generating an activation code with reference to a one-time passcode (OTP) generated by the token using an initial key assigned to the token, wherein cryptographically generating the activation code includes; calculating a plurality of OTPs based on the initial key assigned to the token for a plurality of different time values; cryptographically combining the plurality of OTPs; placing an incomplete portion of a serial number of the token within the activation code; and placing the cryptographic combination of the plurality of OTPs within the activation code; sending the generated activation code to a remote key negotiation service across a network, the activation code serving to identify the token to the remote key negotiation service; in response to the activation code being verified by the remote key negotiation service, negotiating a new key with the remote key negotiation service, wherein negotiating the new key with the token includes using one of the Cryptographic Token Key Initialization Protocol (CT-KIP) and the Dynamic Symmetric Key Provisioning Protocol (DSK-PP); and in response to negotiating the new key, assigning the new key to the token operating on the computing device for use in producing OTPs in the future. - View Dependent Claims (11, 12)
-
Specification