Password-based generation and management of secret cryptographic keys
First Claim
1. A user computer, comprising:
- a memory having computer readable program instructions;
a processor, wherein the processor, in response to retrieval and execution of the computer readable program instructions, causes the user computer to perform operations comprising;
communicating by the user computer with a server via a network to generate a secret cryptographic key of the user computer,the server storing a secret server value and a check value which encodes a secret user value of the user computer and a user password,the communicating comprising;
encoding, in response to input via the user interface of an input password, the secret user value and the input password to produce a first value corresponding to the check value, and to communicate the first value to the server via the communications interface;
generating,in response to receiving from the server a second value produced by encoding the first value and the secret server value when the first value and the check value are compared to determine that the input password equals the user password,the secret cryptographic key by encoding the second value, the input password and the secret user value;
and performing, using the secret cryptographic key, a cryptographic operation on data.
1 Assignment
0 Petitions
Accused Products
Abstract
A user computer generates a secret cryptographic key through communication with a server. A secret user value is provided at the user computer. A secret server value is provided at the server with a check value which encodes the secret user value and a user password. In response to input of an input password, the user computer encodes the secret user value and the input password to produce a first value corresponding to said check value, and communicates the first value to the server. The server compares the first value and check value to check whether the input password equals the user password. If so, the server encodes the first value and secret server value to produce a second value and communicates the second value to the user computer. The user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
Citations
20 Claims
-
1. A user computer, comprising:
-
a memory having computer readable program instructions; a processor, wherein the processor, in response to retrieval and execution of the computer readable program instructions, causes the user computer to perform operations comprising; communicating by the user computer with a server via a network to generate a secret cryptographic key of the user computer, the server storing a secret server value and a check value which encodes a secret user value of the user computer and a user password, the communicating comprising; encoding, in response to input via the user interface of an input password, the secret user value and the input password to produce a first value corresponding to the check value, and to communicate the first value to the server via the communications interface; generating, in response to receiving from the server a second value produced by encoding the first value and the secret server value when the first value and the check value are compared to determine that the input password equals the user password, the secret cryptographic key by encoding the second value, the input password and the secret user value; and performing, using the secret cryptographic key, a cryptographic operation on data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server comprising:
-
a memory having computer readable program instructions and storing a secret user value, a secret server value and a check value which encodes the secret user value and a user password; a processor, wherein the processor, in response to retrieval and execution of the computer readable program instructions, causes the server to perform operations comprising; communicating by the server with a user computer for use in generating a secret cryptographic key of the user computer, which is connectable to the server via a network, the communicating comprising; comparing, in response to receipt from the user computer of a first value which corresponds to the check value and is produced by encoding the secret user value and an input password, the first value and the check value to check whether the it password equals the user password; encoding, in response to the checked input password equaling the user password, the first value and the secret server value to produce a second value; and communicating the second value to the user computer, the second value to be used by the user computer for use in generating the secret cryptographic key of the user computer by encoding the second value, the input password, and the secret user value. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
communicating by the user computer with a server via a network to generate a secret cryptographic key of the user computer, the server storing, a secret server value and a check value which encodes a secret user value of the user computer and a user password, the communicating comprising; encoding, in response to input via the user interface of an input password, the secret user value and the input password to produce a first value corresponding to the check value, and to communicate the first value to the server via the communications interface; generating, in response to receiving from the server a second value produced by encoding the first value and the secret server value when the first value and the check value are compared to determine that the input password equals the user password, the secret cryptographic key by encoding the second value, the input password and the secret user value; and performing, using the secret cryptographic key, a cryptographic operation on data. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification