Recovery mechanism for fault-tolerant split-server passcode verification of one-time authentication tokens

摘要

A recovery mechanism is provided for split-server passcode verification systems. An exemplary server-centric recovery scheme enables the system to respond to authentication attempts even if an authentication server is unavailable. The exemplary server-centric recovery scheme allows a periodic exchange of encrypted partial secret states among the authentication servers. Recovery occurs by allowing the decryption of the encrypted partial secret state that corresponds to the server that is unresponsive. An exemplary token-centric recovery scheme comprises determining that a first authentication server is unavailable; applying an authentication mechanism to a message requesting a token to change to a new split-state mode; and sending the authenticated message to the token.

主权项

1. A recovery method for a split-server passcode verification system comprising a plurality of authentication servers, said recovery method comprising:
determining that a first one of said plurality of authentication servers is unavailable; instructing a second one of said plurality of authentication servers to enter a recovery mode based on the determination that the first one of said plurality of authentication servers is unavailable, wherein prior to said first authentication server becoming unavailable, at least one of said first and second authentication servers provide a respective secret key used to protect a partial secret state to a relying party and said second authentication server receives an encrypted version of said respective partial secret state of said first authentication server; obtaining said encrypted partial secret state of said first authentication server from said second authentication server; decrypting said received said encrypted partial secret state of said first authentication server to recover said partial secret state of said first authentication server; and employing said recovered partial secret state of said first authentication server to perform a split-server passcode verification of at least one user with said second authentication server.