Fortinet, Inc.
Transfering soft tokens from one mobile device to another

Abstract:

Systems and methods for securely transferring tokens from one device to another are provided. According to one embodiment, a token transfer request (TTR), requesting transfer of a soft token stored on a first mobile device to a second mobile device, is received by a provisioning server from the first device. A transfer activation code (TAC) is generated by the provisioning server responsive to receipt of token data associated with the soft token from the first device. The token data includes an encrypted token seed bound to the first device. The TAC is delivered to a user of the first device via an authentication server. Unbound token data for the soft token is created by the provisioning server by unbinding the encrypted token seed from the first device. Upon receipt of the TAC from the second device, the unbound token data is transferred to the second device.