摘要 |
A PIN unblock mechanism for use with a security token (5) is provided. A set of one or more passphrases are stored on a remote server (15) during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user interfaces and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token. A PIN unblock applet (25) provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated. <IMAGE> |