SOFT TOKEN SYSTEM

摘要

Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key. The received encrypted seed is decrypted and installed within the application. The OTP is generated by the application based on the seed. The OTP is bound to the mobile device by the application by encrypting the seed with the unique device ID and the hardcoded pre-shared key.

主权项

1. A method comprising:
obtaining, by a soft token application installed on a mobile device, via an Application Programming Interface (API) of an operating system of the mobile device, a unique device ID of the mobile device that uniquely identifies the mobile device; requesting, by the soft token application via an Internet Protocol (IP)-based network to which the mobile device is connected, a seed from a provisioning server coupled to the IP-based network, wherein the seed is for generating a One-Time Password (OTP) for accessing a secure network resource; receiving, by the mobile device, the seed via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key; decrypting, by the soft token application, the received encrypted seed and installing the seed within the soft token application; generating, by the soft token application, the OTP based on the seed; and binding, by the soft token application, the OTP to the mobile device by encrypting the seed with the unique device ID and the hardcoded pre-shared key.