Numerous techniques are known for providing secure access to protected resources. One widely-used approach involves the use of one-time passcode (OTP) devices such as hardware authentication tokens. Authentication tokens are typically implemented as small, hand-held devices that display a series of passcodes over time. A user equipped with such an authentication token reads the currently displayed passcode and enters it into a computer or other element of an authentication system as part of an authentication operation. This type of dynamic passcode arrangement offers a significant security improvement over authentication based on a static password.
Conventional authentication tokens include both time-synchronous and event-synchronous tokens.
In a typical time-synchronous token, the displayed passcodes are based on a secret value and the time of day. A verifier with access to the secret value and a time of day clock can verify that a given presented passcode is valid. The secret value is an example of what is more generally referred to herein as a “key.”
One particular example of a time-synchronous authentication token is the RSA SecurID® user authentication token, commercially available from RSA, The Security Division of EMC Corporation, of Bedford, Mass., U.S.A.
Event-synchronous tokens generate passcodes in response to a designated event, such as a user pressing a button on the token. Each time the button is pressed, a new passcode is generated based on a secret value and an event counter. A verifier with access to the secret value and the current event count can verify that a given presented passcode is valid.
Many authentication systems are configured to require that a user enter a personal identification number (PIN) or other static access code in addition to entering the passcode from the authentication token. This provides an additional security factor, based on something the user knows, thereby protecting against unauthorized use of an authentication token that is lost or stolen. Such an arrangement is generally referred to as two-factor authentication, in that authentication is based on something the user has (e.g., the authentication token) as well as something the user knows (e.g., the PIN).
Passcodes generated by authentication tokens can also be used as secure service credentials in order to allow service technicians to access storage arrays and other processing equipment for any repairs, tests, upgrades or other service operations that may need to be performed after such equipment is deployed in the field. However, in this secure service access context, issues of key management become increasingly important. For example, a single key may be replicated on multiple storage arrays such that each of the storage arrays can support service technician access control based on passcodes generated using that same key. Such an arrangement is often desirable in that service technicians responsible for servicing a large number of storage arrays deployed in the field will need to keep track of fewer passcodes, but unfortunately it also creates a “break once, run anywhere” vulnerability in that an attacker who is able to compromise one of the storage arrays can then access any of the other storage arrays that share the same key.