Systems and methods for password-based authentication

US 10,423,776 B1
Filed: 06/14/2016
Issued: 09/24/2019
Est. Priority Date: 06/14/2015
Status: Active Grant

First Claim

Patent Images

1. A password hardening method, comprising:

receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service;

generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes;

(1) the first user-provided password,(2) an application identifier that uniquely identifies the application, and(3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and

providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and

detecting a system-issued request to change the first user-provided password; and

responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes;

replacing the user-selected image with a second user-selected file;

generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and

providing the different hardened password to the password-based authentication service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for password-based authentication are described. A password hardening method may include a step of receiving input provided by a user, wherein the user-provided input includes a password provided by the user for an application, and wherein at least a portion of the application is protected by a password-based authentication service. The method may also include a step of obtaining a hardened password for the user for the application, wherein the hardened password is based, at least in part, on the user-provided password, identification data associated with the application, and at least a portion of an entropy datastore associated with the user. The method may also include a step of providing the hardened password to the password-based authentication service, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the provided hardened password.

Citations

15 Claims

1. A password hardening method, comprising:
- receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service;
  
  generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes;
  
  (1) the first user-provided password,(2) an application identifier that uniquely identifies the application, and(3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and
  
  providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and
  
  detecting a system-issued request to change the first user-provided password; and
  
  responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes;
  
  replacing the user-selected image with a second user-selected file;
  
  generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and
  
  providing the different hardened password to the password-based authentication service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14)
- - 2. The method of claim 1, wherein the first user-provided password is provided by the user via a keyboard, keypad, or touchscreen of the first user device.
  - 3. The method of claim 1, wherein the user-selected image is a photograph captured using the first user device.
  - 4. The method of claim 1, wherein the application comprises a web page executing within a web browser, and wherein the application identifier that uniquely identifies the application is a uniform resource locator (URL) of the web page or a portion of the URL.
  - 5. The method of claim 1, wherein the second hardened password is configured to authorize the user for accessing plurality of applications including the application.
  - 6. The method of claim 5, further comprising verifying trustworthiness of the application identifier.
  - 7. The method of claim 1, wherein the method is performed by the first user device, and wherein the cryptographic hashed data set is stored in a computer-readable storage medium of the first user device.
  - 8. The method of claim 1, wherein the method is performed by the first user device, and wherein the cryptographic hashed data set is stored in a computer-readable storage medium of a second user device remote from the first user device.
  - 9. The method of claim 8, wherein generating the second hardened password comprises:
    - sending, to the second user device,(1) the first user-provided password;
      
      (2) an application identifier that uniquely identifies the application;
      
      (3) a cryptographic hashed data set that was generated by applying a second hash function on the user-selected image stored on the first user device; and
      
      (4) the user-identification data that uniquely identifies the user to the second user device; and
      
      receiving the second hardened password from the second user device.
  - 10. The method of claim 1, wherein the first user-provided password is entered by the user into a user interface of the application, and wherein providing the second hardened password to the authentication service comprises:
    - intercepting data representing the first user-provided password;
      
      replacing the data representing the first user-provided password with data representing the second hardened password; and
      
      sending the data representing the second hardened password to the authentication service.
  - 12. The method of claim 1, further comprising:
    - obtaining an entropy source; and
      
      creating the entropy datastore from the entropy source;
      
      wherein the first user-provided password is provided by the user via a keyboard, keypad, or touchscreen of the first user device.
  - 13. The method of claim 12, wherein the first user-provided password is provided by the user via a keyboard, keypad, or touchscreen of the first user device.
  - 14. The method of claim 1, wherein the first user-provided password is provided by the user for at least two different applications,wherein, for each of the at least two different applications, a respective second hardened password is generated from respective input data including the first user-provided password, a respective application identifier, and at least a portion of a respective user-selected image, andwherein the hardened passwords generated for the different applications are different from each other.

11. A password hardening system, comprising:
- one or more computers programmed to perform operations including;
  
  receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service;
  
  generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes;
  
  (1) the first user-provided password,(2) an application identifier that uniquely identifies the application, and(3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and
  
  providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and
  
  detecting a system-issued request to change the first user-provided password; and
  
  responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes;
  
  replacing the user-selected image with a second user-selected file;
  
  generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and
  
  providing the different hardened password to the password-based authentication service.
- View Dependent Claims (15)
- - 15. The system of claim 11, wherein the first user-provided password is provided by the user for at least two different applications,wherein, for each of the at least two different applications, a respective second hardened password is generated from respective input data including the first user-provided password, a respective application identifier, and at least a portion of a respective user-selected image, andwherein the hardened passwords generated for the different applications are different from each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pepperword Inc.
Original Assignee
Pepperword Inc.
Inventors
Li, Zhiwei
Primary Examiner(s)
Ullah, Sharif E

Application Number

US15/182,570
Time in Patent Office

1,197 Days
Field of Search

713182, 713150, 713163, 713181, 726 2, 726 21, 726 36, 380255, 380264, 380276
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Systems and methods for password-based authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for password-based authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links