One-time authentication tokens produce unpredictable one-time passcodes (OTP) typically by extracting pseudorandomness from a secret seed, that is stored at the token and shared with the authentication server. To protect against server-side leakage of the underlying seed, tokens may employ split-server verification protocols (see, e.g., U.S. Pat. No. 7,725,730). In a split-server verification protocol, the underlying authentication secret is split into at least two partial secrets, each one kept by a distinct verification server, so that authentication of a user is performed at these servers in a distributed manner so that certain attacks against one or more servers can be tolerated.
A number of such split-server OTP verification protocols have been proposed. See, for example, U.S. patent application Ser. No. 13/404,737, (now U.S. Pat. No. 9,118,661) entitled “Method and Apparatus for Authenticating a User Using Multi-Server One-Time Passcode Verification;” U.S. patent application Ser. No. 13/795,801, (now U.S. Pat. No. 9,037,858) entitled “Distributed Cryptography Using Distinct Value Sets Each Comprising At Least One Obscured Secret Value;” and U.S. patent application Ser. No. 14/144,707, (now U.S. Pat. No. 9,454,654) entitled “Multi-Server One-Time Passcode Verification of Respective High Order and Low Order Passcode Portions.”
Nonetheless, a need remains for an end-to-end server-side architecture for an OTP authentication system that simultaneously employs split-server verification and one or more of Silent Alarms (See, for example, U.S. patent application Ser. No. 13/404,788, (now U.S. Pat. No. 9,515,989) entitled “Methods and Apparatus for Silent Alarm Channels Using One-Time Passcode Authentication Tokens”) and Drifting Keys (See, for example, U.S. patent application Ser. No. 13/250,225, (now U.S. Pat. No. 8,699,713) entitled “Key Update With Compromise Detection”).