Securing user credentials
First Claim
Patent Images
1. A computing device comprising:
- a processor to;
encrypt a password using a first key to produce an encrypted password;
create a password record having a payload comprising the encrypted password, create a domain name record having a payload comprising a clear text domain name, and create a username record having a payload comprising a clear text username;
encrypt a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination;
create a credentials record based on the encrypted combination of the password record, the domain name record, and the username record;
store the credentials record in a storage medium;
in response to a user authentication request;
retrieve the credentials record from the storage medium;
decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password;
receive an input at the computing device responsive to a user verifying the username and the domain name; and
after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password.
1 Assignment
0 Petitions
Accused Products
Abstract
A password is secured using a first key. At least one of a password record, a username record, and as domain name record is created. The at least one password record, username record, and domain name record are associated. The associated records are encrypted using a second key, where the second key is different from the first key. A credentials record is created based on the encrypted associated records.
11 Citations
20 Claims
-
1. A computing device comprising:
a processor to; encrypt a password using a first key to produce an encrypted password; create a password record having a payload comprising the encrypted password, create a domain name record having a payload comprising a clear text domain name, and create a username record having a payload comprising a clear text username; encrypt a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination; create a credentials record based on the encrypted combination of the password record, the domain name record, and the username record; store the credentials record in a storage medium; in response to a user authentication request; retrieve the credentials record from the storage medium; decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password; receive an input at the computing device responsive to a user verifying the username and the domain name; and after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method of a computing device, comprising:
-
encrypting a password using a first key to produce an encrypted password; creating a password record having a payload comprising the encrypted password; creating a domain name record having a payload comprising a clear text domain name; creating a username record having a payload comprising a clear text username; encrypting a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination; creating a credentials record based on the encrypted combination of the password record, the domain name record, and the username record; storing the credentials record on a storage medium; and in response to a user authentication request; retrieving the credentials record from the storage medium; decrypting the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password; receiving an input at the computing device responsive to a user verifying the username and the domain name; and after receiving the input, decrypting the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising instructions that, when executed cause a computing device to:
-
encrypt a user password using a first key to produce an encrypted password; create a password record having a payload comprising the encrypted password; create a username record and a domain name record, the username record having a payload comprising a clear text username, and the domain name record having a payload comprising a clear text domain name; encrypt a combination of the password record, the username record, and the domain name record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination; create a credentials record based on the encrypted combination of the password record, the username record, and the domain name record; store the credentials record on a storage medium comprising at least one of a memory device or a near field communication (NFC) tag; in response to a user authentication request; retrieve the credentials record from the storage medium; decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password; receive an input at the computing device responsive to a user verifying the username and the domain name; and after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password. - View Dependent Claims (18, 19, 20)
-
Specification