Recovery mechanism for fault-tolerant split-server passcode verification of one-time authentication tokens
First Claim
1. A recovery method for a split-server passcode verification system comprising at least one token and a plurality of authentication servers, said recovery method comprising:
- determining, using at least one processing device, that a first one of said plurality of authentication servers is unavailable;
generating an authenticated message by applying, using said at least one processing device, an authentication mechanism to a message requesting said token to change to a new split-state mode, wherein said new split-state mode modifies one or more computations used to compute a next passcode and wherein said authentication mechanism comprises signing said message using said next passcode of said new split-state mode; and
sending, using said at least one processing device, said authenticated message to said token.
17 Assignments
0 Petitions
Accused Products
Abstract
A recovery mechanism is provided for split-server passcode verification systems. An exemplary token-centric recovery scheme comprises at least one token and a plurality of authentication servers, comprises the steps of: determining that a first one of the plurality of authentication servers is unavailable; applying an authentication mechanism to a message requesting the token to change to a new split-state mode; and sending the authenticated message to the token. The authentication mechanism comprises, for example, a relying party signing the message using a next passcode of the new split-state mode. The new split-state mode comprises, for example, a single server passcode verification and wherein the next passcode of the new split-state mode comprises a next passcode of the single server. A client optionally changes to the new split-state mode after successfully verifying the authentication mechanism.
-
Citations
20 Claims
-
1. A recovery method for a split-server passcode verification system comprising at least one token and a plurality of authentication servers, said recovery method comprising:
-
determining, using at least one processing device, that a first one of said plurality of authentication servers is unavailable; generating an authenticated message by applying, using said at least one processing device, an authentication mechanism to a message requesting said token to change to a new split-state mode, wherein said new split-state mode modifies one or more computations used to compute a next passcode and wherein said authentication mechanism comprises signing said message using said next passcode of said new split-state mode; and sending, using said at least one processing device, said authenticated message to said token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus of a split-server passcode verification system comprising at least one token and a plurality of authentication servers, said apparatus comprising:
-
a memory; and at least one processing device, coupled to the memory, operative to implement the following steps; determining, using said at least one processing device, that a first one of said plurality of authentication servers is unavailable; generating an authenticated message by applying, using said at least one processing device, an authentication mechanism to a message requesting said token to change to a new split-state mode, wherein said new split-state mode modifies one or more computations used to compute a next passcode and wherein said authentication mechanism comprises signing said message using said next passcode of said new split-state mode; and sending, using said at least one processing device, said authenticated message to said token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture for a split-server passcode verification system comprising at least one token and a plurality of authentication servers, said article of manufacture comprising a non-transitory machine readable medium containing one or more programs which when executed implement the steps of:
-
determining, using at least one processing device, that a first one of said plurality of authentication servers is unavailable; generating an authenticated message by applying, using said at least one processing device, an authentication mechanism to a message requesting said token to change to a new split-state mode, wherein said new split-state mode modifies one or more computations used to compute a next passcode and wherein said authentication mechanism comprises signing said message using said next passcode of said new split-state mode; and sending, using said at least one processing device, said authenticated message to said token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification