AUTHENTICATED REMOTE PIN UNBLOCK

摘要

This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases arc hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. The administrative unblock shared secret is encrypted with the token's public key during transport to maximize security.

主权项

1. A system which facilitates an authenticated user to unblock a temporarily blocked security token comprising:
a security executive associated with said token, an unblock applet associated with said security executive, a first secret associated with at least one unblock inquiry, and a first shared secret associated with said unblock applet; to a client functionally connected to said security token including; at least one client application for initiating an unblock procedure with said security token and a remote server, said remote server in processing communications with said client including; said at least one unblock inquiry, at least one unblock service application, responsive to said at least one client application, and a second shared secret, wherein said at least one unblock inquiry and said second shared secret are progressively sent to said unlock applet for unblocking said security token.