主权项 |
1. A software token personalization method comprising the steps of:
at a first authentication token, generating a first dynamic credential by cryptographically combining a value of a first dynamic variable with a first credential generation key that is shared between the first authentication token and an authentication server, wherein said first credential generation key is associated with a specific user; receiving, at a second software authentication token that is different from the first authentication token, the generated first dynamic credential; deriving, at the second software authentication token, a value for a second credential generation key from the received first dynamic credential; generating, at the second software authentication token, a confirmation credential using a cryptographic algorithm parameterized with the derived second credential generation key; receiving, at the authentication server, the confirmation credential; determining, at the authentication server, a server copy of the second credential generation key; validating, at the authentication server, the received confirmation credential using the server copy of the second credential generation key; and if said validation of the confirmation credential at the authentication server is successful, associating at the authentication server the determined server copy of the second credential generation key with the specific user, and storing at the authentication server in non-volatile memory the determined server copy of the second credential generation key associated with the specific user. |