Securing user credentials

US 10,341,110 B2
Filed: 03/29/2013
Issued: 07/02/2019
Est. Priority Date: 03/29/2013
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a processor to;

encrypt a password using a first key to produce an encrypted password;

create a password record having a payload comprising the encrypted password, create a domain name record having a payload comprising a clear text domain name, and create a username record having a payload comprising a clear text username;

encrypt a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination;

create a credentials record based on the encrypted combination of the password record, the domain name record, and the username record;

store the credentials record in a storage medium;

in response to a user authentication request;

retrieve the credentials record from the storage medium;

decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password;

receive an input at the computing device responsive to a user verifying the username and the domain name; and

after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password is secured using a first key. At least one of a password record, a username record, and as domain name record is created. The at least one password record, username record, and domain name record are associated. The associated records are encrypted using a second key, where the second key is different from the first key. A credentials record is created based on the encrypted associated records.

11 Citations

20 Claims

1. A computing device comprising:
- a processor to;
  
  encrypt a password using a first key to produce an encrypted password;
  
  create a password record having a payload comprising the encrypted password, create a domain name record having a payload comprising a clear text domain name, and create a username record having a payload comprising a clear text username;
  
  encrypt a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination;
  
  create a credentials record based on the encrypted combination of the password record, the domain name record, and the username record;
  
  store the credentials record in a storage medium;
  
  in response to a user authentication request;
  
  retrieve the credentials record from the storage medium;
  
  decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password;
  
  receive an input at the computing device responsive to a user verifying the username and the domain name; and
  
  after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device of claim 1, the processor to salt the password prior to encrypting the password with the first key to produce the encrypted password.
  - 3. The computing device of claim 1, wherein the password record includes an identifier, the payload comprising the encrypted password, and a payload size specifying a size of the encrypted password, and the domain name record includes an identifier, the payload comprising the clear text domain name, and a payload size of the clear text domain name.
  - 4. The computing device of claim 3, wherein the username record having the payload comprising the clear text username includes a null terminating character, and wherein a payload size in the username record specifies a size of the clear text username plus the null terminating character.
  - 5. The computing device of claim 3, wherein the domain name record having the payload comprising the clear text domain name includes a null terminating character, and wherein the payload size in the domain name record specifies a size of the clear text domain name plus the null terminating character.
  - 6. The computing device of claim 1, wherein the credentials record has a payload size specifying a size of the encrypted combination of the password record, the domain name record, and the username record.
  - 7. The computing device of claim 1, wherein the storage medium comprises at least one of a memory device or a near field communication (NFC) tag.
  - 8. The computing device of claim 1, the processor further to:
    - unsalt the decrypted password;
      
      submit the unsalted decrypted password, the username, and the domain name for authentication; and
      
      erase the unsalted decrypted password.
  - 9. The computing device of claim 1, the processor further to:
    - allow access to a system based on the credentials record in response to the user authentication request.
  - 10. The computing device of claim 1, the processor further to:
    - cause display of the clear text username and the clear text domain name, the displayed clear text username from the username record extracted from the credentials record based on decrypting the credentials record, and the displayed clear text domain name from the domain name record extracted from the credentials record based on decrypting the credentials record,and wherein the input is responsive to the displayed clear text username and the displayed clear text domain name.

11. A method of a computing device, comprising:
- encrypting a password using a first key to produce an encrypted password;
  
  creating a password record having a payload comprising the encrypted password;
  
  creating a domain name record having a payload comprising a clear text domain name;
  
  creating a username record having a payload comprising a clear text username;
  
  encrypting a combination of the password record, the domain name record, and the username record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination;
  
  creating a credentials record based on the encrypted combination of the password record, the domain name record, and the username record;
  
  storing the credentials record on a storage medium; and
  
  in response to a user authentication request;
  
  retrieving the credentials record from the storage medium;
  
  decrypting the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password;
  
  receiving an input at the computing device responsive to a user verifying the username and the domain name; and
  
  after receiving the input, decrypting the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising salting the password prior to encrypting the password with the first key to produce the encrypted password.
  - 13. The method of claim 11, further comprising:
    - in response to the user authentication request from a system;
      
      displaying the clear text username and the clear text domain name in clear text, the displayed clear text username from the username record extracted from the credentials record based on decrypting the credentials record, and the displayed clear text domain name from the domain name record extracted from the credentials record based on decrypting the credentials record,and wherein the input is responsive to the displayed clear text username and the clear text domain name.
  - 14. The method of claim 11, wherein the password record includes an identifier, the payload comprising the encrypted password, and a payload size specifying a size of the encrypted password.
  - 15. The method of claim 14, wherein the domain name record includes an identifier, the payload comprising the clear text domain name, and a payload size based on a size of the clear text domain name, andwherein the username record includes an identifier, the payload comprising the clear text username, and a payload size based on a size of the of the clear text username.
  - 16. The method of claim 11, further comprising:
    - granting, by the computing device in response to the user authentication request, access to a system based on the username, the domain name, and the password of the credentials record.

17. A non-transitory computer-readable medium comprising instructions that, when executed cause a computing device to:
- encrypt a user password using a first key to produce an encrypted password;
  
  create a password record having a payload comprising the encrypted password;
  
  create a username record and a domain name record, the username record having a payload comprising a clear text username, and the domain name record having a payload comprising a clear text domain name;
  
  encrypt a combination of the password record, the username record, and the domain name record using a second key, wherein the second key is different from the first key, and the encrypting of the combination produces an encrypted combination;
  
  create a credentials record based on the encrypted combination of the password record, the username record, and the domain name record;
  
  store the credentials record on a storage medium comprising at least one of a memory device or a near field communication (NFC) tag;
  
  in response to a user authentication request;
  
  retrieve the credentials record from the storage medium;
  
  decrypt the credentials record using the second key to obtain the password record, the domain name record, and the username record, wherein the clear text domain name and the clear text username are obtained from the decrypting of the credentials record without exposing the password;
  
  receive an input at the computing device responsive to a user verifying the username and the domain name; and
  
  after receiving the input, decrypt the password of the password record extracted from the credentials record based on decrypting the credentials record, the decrypting of the password using the first key to produce a decrypted password.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the instructions when executed cause the computing device to:
    - in response to a credentials request;
      
      display the clear text username and the clear text domain name to a user for verification, the displayed clear text username from the username record extracted from the credentials record based on decrypting the credentials record, and the displayed clear text domain name from the domain name record extracted from the credentials record based on decrypting the credentials record,and wherein the input is responsive to the displayed clear text username and the displayed clear text domain name.
  - 19. The non-transitory computer-readable medium of claim 17, wherein the domain name record includes an identifier, the payload comprising the clear text domain name, and a payload size based on a size of the of the clear text domain name, andwherein the username record includes an identifier, the payload comprising the clear text username, and a payload size based on a size of the of the clear text username.
  - 20. The non-transitory computer-readable medium of claim 17, wherein the instructions when executed cause the computing device to:
    - in response to the user authentication request, grant access to a system based on the username, the domain name, and the password of the credentials record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Poole, Gary Lewis, Herndon, John Luke, Gonzalez, Donald
Primary Examiner(s)
Hoffman, Brandon S
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US14/771,901
Publication Number

US 20160020905A1
Time in Patent Office

2,286 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Securing user credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing user credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links