Authenticated remote PIN unblock
US8495381B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 6, 2007 |
| Grant date | Jul 23, 2013 |
| Priority date | — |
| Expiry date | Feb 19, 2028 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2131
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. The administrative unblock shared secret is encrypted with the token's public key during transport to maximize security.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.