In order to gain access to applications or other resources via a computer or another user device, users are often required to authenticate themselves by entering authentication information. Such authentication information may comprise, for example, passwords that are generated by a security token carried by a user. A number of techniques have been proposed or suggested to reduce the susceptibility of authentication systems to attacks. For example, U.S. Pat. No. 7,725,730 discloses secure authentication protocols for authenticating a client device, such as a mobile communications device having limited computational resources, using at least two servers. The two servers utilize information generated from a password to collectively authenticate the client device.
Proactive security techniques update split secret values used by at least two authentication servers. See, for example, A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung in: Proactive Secret Sharing, or: How to Cope with Perpetual Leakage, Advances in Cryptology—Crypto 95 Proceedings, Lecture Notes in Computer Science, Vol. 963, D. Coppersmith ed., Springer-Verlag, 339-352 (1995). Proactive security protects distributed cryptographic keys using a periodic refreshing of the contents stored by the distributed authentication servers. Generally, if proactive security is employed and an attacker initially breaches one server, and then breaches a second server, the two halves of the secret cannot be combined to form the overall secret.
Proactive security techniques typically require synchronization between authentication servers. A need remains for improved methods for updating the secret values used in a multi-server authentication scheme. A further need remains for improved proactivization methods for updating the secret values in a multi-server authentication scheme that does not require strict synchronization among the various authentication servers.