System and method for authentication seed distribution

Assignee

• RSA Security LLC · US

Inventors

• John Brainard · Sudbury, US
• Burton S. Kaliski, Jr. · McLean, US
• Magnus Bo Gustaf Nyström · Bedford, US
• Ronald L. Rivest · Arlington, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0428
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.