| 主权项 |
1. A method comprising:
prompting, by a soft token application installed on a mobile device, a user of the mobile device to input an activation code previously provided to the user by an authentication server, wherein the authentication server authenticates credentials provided by users of a secure network resource that is accessible via an Internet Protocol (IP)-based network; programmatically obtaining, by the soft token application, a unique device ID of the mobile device via an Application Programming Interface (API) of an operating system of the mobile device, wherein the unique device ID uniquely identifies the mobile device; requesting, by the soft token application via the IP-based network, a token seed from a provisioning server associated with the soft token application by sending a request containing (i) a cryptographic hash of the unique device ID or the unique device ID and (ii) the activation code to the provisioning server, wherein the token seed is for use in connection with generating a token for obtaining access to the secure network resource; receiving, by the soft token application, the token seed in encrypted form, wherein an encryption key used to generate the encrypted form is based on a combination of a secret key, the unique device ID and a hardcoded-pre-shared key; binding in a persistent manner, by the soft token application, the token seed to the mobile device by encrypting the token seed based on the unique device ID; and when the token is requested by the user, generating, by the soft token application, the token based on the bound token seed. |
