Soft token posture assessment

Assignee

• EMC Corporation · US

Inventors

• Marten Van Dijk · Eindhoven, NL
• Kevin D. Bowers · Melrose, US
• Samuel J. Curry · North Andover, US
• Sean Doyle · Boston, US
• William M. Duane · Westford, US
• Ari Juels · Brookline, US
• Michael J. O'Malley · Lowell, US
• Nikolaos Triandopoulos · Arlington, US
• Riaz Zolfonoon · Marlborough, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/06
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.