Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: establishing a network connection between a first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes; encrypting the software authenticator data; transferring the encrypted software authenticator data from the first processing device to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device; initiating re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; receiving, at the first processing device from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and removing the first software authenticator from the first processing device responsive to receipt of the confirmation; wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
2. The method of claim 1 , wherein the network connection comprises one of a Bluetooth connection and a near field communication (NFC) connection.
3. The method of claim 1 , wherein the encrypting comprises: retrieving the software authenticator data from a memory of the first processing device; serializing the software authenticator data; and encrypting the software authenticator data with a key derived from a user-specified password.
4. The method of claim 1 , wherein the first and second software authenticators comprise one-time passcode (OTP) generators.
5. The method of claim 1 , wherein the first and second software authenticators comprise software-implemented RSA SecurID® tokens.
6. The method of claim 1 , further comprising exchanging a binding identification between the first processing device and the second processing device, the binding identification being used to encrypt the software authenticator data.
7. The method of claim 1 , wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
8. The method of claim 1 , wherein the software authenticator data further comprises at least one of a serial number, a display interval and one or more display digits utilized by the first software authenticator provisioned on the first processing device.
9. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a first processing device causes the first processing device: to establish a network connection with a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes; to encrypt the software authenticator data; to transfer the encrypted software authenticator data to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device; to initiate re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; to receive, from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and to remove the first software authenticator from the first processing device responsive to receipt of the confirmation; wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
10. An apparatus comprising: a first processing device comprising: network interface circuitry; a memory configured to store data associated with a first software authenticator provisioned on the first processing device; and a processor coupled to the memory; the first processing device under control of the processor being configured to: establish a network connection via the network interface circuitry between the first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by the first software authenticator provisioned on the first processing device to generate one or more passcodes; encrypt the software authenticator data; transfer the encrypted software authenticator data to the second processing device, the software authenticator data being configured to provision a second software authenticator on the second processing device; initiate re-seeding of the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; receive, from the second processing device, a confirmation indicating a successful transfer of the software authenticator data; and remove the first software authenticator from the first processing device responsive to receipt of the confirmation; wherein initiating re-seeding of the second software authenticator comprises registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
11. The apparatus of claim 10 , wherein the first processing device and the second processing device comprise respective source and target mobile devices.
12. The apparatus of claim 10 , wherein the first processing device comprises at least one of a mobile phone, a tablet computing device and a laptop computer.
13. The apparatus of claim 10 , wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
14. A method comprising: establishing a network connection between a first processing device and a second processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes; receiving encrypted data from the first processing device; decrypting the encrypted data to obtain the software authenticator data; importing the software authenticator data into a second software authenticator stored in a memory of the second processing device; provisioning the second software authenticator on the second processing device utilizing the software authenticator data; re-seeding the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and sending a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data; wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device; wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
15. The method of claim 14 , wherein the decrypting comprises: deriving a key from a user-specified password; decrypting the encrypted data using the key; and de-serializing the decrypted data.
16. The method of claim 14 , further comprising exchanging a binding identification between the second processing device and the first processing device, the binding identification being used to decrypt the encrypted data.
17. The method of claim 14 , wherein re-seeding the second software authenticator renders the first processing device unable to utilize the first software authenticator.
18. The method of claim 14 , wherein re-seeding the second software authenticator comprises: generating a new passcode utilizing the seed value transferred from the first processing device; and sending the new passcode to an authentication manager, wherein the new passcode triggers a silent alarm function in the authentication manager and wherein the authentication manager associates a new seed value with the second software authenticator responsive to matching the new passcode to a derived seed value stored in the authentication manager.
19. The method of claim 14 , wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
20. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a second processing device causes the second processing device: to establish a network connection with a first processing device for transfer of software authenticator data from the first processing device to the second processing device, the software authenticator data comprising a seed value utilized by a first software authenticator provisioned on the first processing device to generate one or more passcodes; to receive encrypted data from the first processing device; to decrypt the encrypted data to obtain the software authenticator data; to import the software authenticator data into a second software authenticator stored in a memory of the second processing device; to provision the second software authenticator on the second processing device utilizing the software authenticator data; to re-seed the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and to send a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data; wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device; wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
21. An apparatus comprising: a first processing device comprising: network interface circuitry; a memory configured to store data associated with a first software authenticator; and a processor coupled to the memory; the first processing device under control of the processor being configured to: establish a network connection via the network interface circuitry between the first processing device and a second processing device for transfer of data associated with a software authenticator from the second processing device to the first processing device, the software authenticator data comprising a seed value utilized by a second software authenticator provisioned on the second processing device to generate one or more passcodes; receive encrypted data from the second processing device; decrypt the encrypted data to obtain the software authenticator data; import the software authenticator data into the first software authenticator stored in the memory; provision the first software authenticator on the first processing device utilizing the software authenticator data; re-seed the second software authenticator responsive to a successful provisioning of the second software authenticator on the second processing device; and send a confirmation from the second processing device to the first processing device indicating a successful transfer of the software authenticator data; wherein receipt of the confirmation causes removal of the first software authenticator from the first processing device; wherein re-seeding of the second software authenticator is initiated responsive to registering the second processing device with a software authenticator management server; wherein registering the second processing device causes the software authenticator management server to generate a code which is sent to the second processing device; and wherein the code is configured to enable re-seeding of the second software authenticator.
22. The apparatus of claim 21 , wherein the first processing device and the second processing device comprise respective target and source mobile devices.
23. The apparatus of claim 21 , wherein the first processing device comprises at least one of a mobile phone, a tablet computing device and a laptop computer.
24. The apparatus of claim 21 , wherein the transfer of the software authenticator data from the first processing device to the second processing device does not require communication with the software authenticator management server.
25. The apparatus of claim 21 , wherein the first processing device is further configured to exchange a binding identification with the second processing device, the binding identification being used to encrypt the software authenticator data.
Unknown
February 23, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.