主权项 |
1. A software token personalization method comprising the steps of:
generating, at an authentication server, a first personalization seed; generating, at the authentication server, a first personalization initiating message comprising said first personalization seed; receiving, at a first authentication token associated with a specific user, said first personalization initiating message; retrieving, at the first authentication token, said first personalization seed from the received first personalization initiating message; generating, at the first authentication token, a second personalization seed from said retrieved first personalization seed; generating, at the first authentication token, a second personalization message comprising said generated second personalization seed; receiving, at a second software authentication token that is different from the first authentication token, said second personalization message; retrieving, at the second software authentication token, said second initialization seed from the received second personalization message; deriving, at the second software authentication token, a value for a credential generation key from the retrieved second personalization seed; generating, at the second software authentication token, a confirmation credential using a cryptographic algorithm parameterized with the derived value of the credential generation key; receiving, at the authentication server, the confirmation credential; determining, at the authentication server, a server copy of the credential generation key; and validating at the authentication server the received confirmation credential using the server copy of the credential generation key. |