Method for inhibiting mass credential theft
First Claim
1. A method to represent access credentials, the method comprising:
- receiving a first access credential;
generating a random data bit string O with a bit count that is equal to the value of the first access credential, wherein the identities of the bits of the random data bit string O are randomly selected from any of the potential 2n permutations of bits, where n is the bit count of the random data bit string O;
providing the generated random bit string O to a party for use as an authentication credential;
storing a copy of the random data bit string O in an off-line file;
creating a data bit string Ot that has a Hamming distance oft from the random data bit string O (H(O, Ot)=t);
storing the data bit string Ot in a verifier; and
authenticating, by the verifier, a submitter of a received second access credential as the party that was provided the generated random bit string O if and only if the received second access credential has the Hamming distance of t from the stored data bit string Ot.
0 Assignments
0 Petitions
Accused Products
Abstract
Representing personal information and confidential data in a way that allows a data center to authenticate a customer submitting his or her credentials, without having the exact copy of the credentials held by the customer. If the data center is compromised and the customer authentication data is exposed, the data center arms itself with another non-exact copy of the customer authentication data such that only the customer holding the un-compromised data will properly authenticate themselves. A thief, holding the now defunct data center version of the customer authentication data, will not be able to use the stolen customer authentication data to authenticate themselves as the customer.
18 Citations
6 Claims
-
1. A method to represent access credentials, the method comprising:
-
receiving a first access credential; generating a random data bit string O with a bit count that is equal to the value of the first access credential, wherein the identities of the bits of the random data bit string O are randomly selected from any of the potential 2n permutations of bits, where n is the bit count of the random data bit string O; providing the generated random bit string O to a party for use as an authentication credential; storing a copy of the random data bit string O in an off-line file; creating a data bit string Ot that has a Hamming distance oft from the random data bit string O (H(O, Ot)=t); storing the data bit string Ot in a verifier; and authenticating, by the verifier, a submitter of a received second access credential as the party that was provided the generated random bit string O if and only if the received second access credential has the Hamming distance of t from the stored data bit string Ot. - View Dependent Claims (2)
-
-
3. A non-transitory computer-readable storage device with computer-executable instructions stored thereon that, when executed by one or more computer processors, cause the one or more computer processors to perform operations comprising:
-
receiving a first access credential; generating a random data bit string O with a bit count that is equal to the value of the first access credential, wherein the identities of the bits of the random data bit string O are randomly selected from any of the potential 2n permutations of bits, where n is the bit count of the random data bit string O; providing the generated random bit string O to a party for use as an authentication credential; storing a copy of the random data bit string O in an off-line file; creating a data bit string Ot that has a Hamming distance oft from the random data bit string O (H(O, Ot)=t); storing the data bit string Ot in a verifier; and authenticating, by the verifier, a submitter of a received second access credential as the party that was provided the generated random bit string O if and only if the received second access credential has the Hamming distance oft from the stored data bit string Ot. - View Dependent Claims (4)
-
-
5. A computer system, the computer system comprising:
-
a computer processor; and a memory device storing computer-executable instructions that, when executed by the computer processor, causes the computer processor to perform operations comprising; receiving a first access credential; generating a random data bit string O with a bit count that is equal to the value of the first access credential, wherein the identities of the bits of the random data bit string O are randomly selected from any of the potential 2n permutations of bits, where n is the bit count of the random data bit string O; providing the generated random bit string O to a party for use as an authentication credential; storing a copy of the random data bit string O in an off-line file; creating a data bit string Ot that has a Hamming distance oft from the random data bit string O (H(O, Ot)=t); storing the data bit string Ot in a verifier; and authenticating, by the verifier, a submitter of a received second access credential as the party that was provided the generated random bit string O if and only if the received second access credential has the Hamming distance oft from the stored data bit string Ot. - View Dependent Claims (6)
-
Specification