Systems and methods for password-based authentication
First Claim
1. A password hardening method, comprising:
- receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service;
generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes;
(1) the first user-provided password,(2) an application identifier that uniquely identifies the application, and(3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and
providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and
detecting a system-issued request to change the first user-provided password; and
responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes;
replacing the user-selected image with a second user-selected file;
generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and
providing the different hardened password to the password-based authentication service.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for password-based authentication are described. A password hardening method may include a step of receiving input provided by a user, wherein the user-provided input includes a password provided by the user for an application, and wherein at least a portion of the application is protected by a password-based authentication service. The method may also include a step of obtaining a hardened password for the user for the application, wherein the hardened password is based, at least in part, on the user-provided password, identification data associated with the application, and at least a portion of an entropy datastore associated with the user. The method may also include a step of providing the hardened password to the password-based authentication service, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the provided hardened password.
-
Citations
15 Claims
-
1. A password hardening method, comprising:
-
receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service; generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes; (1) the first user-provided password, (2) an application identifier that uniquely identifies the application, and (3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and detecting a system-issued request to change the first user-provided password; and responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes; replacing the user-selected image with a second user-selected file; generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and providing the different hardened password to the password-based authentication service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14)
-
-
11. A password hardening system, comprising:
-
one or more computers programmed to perform operations including; receiving, at a first user device, input provided by a user, wherein the user-provided input includes a first user-provided password provided by the user for accessing an application, and wherein at least a portion of the application is protected by a password-based authentication service; generating a second hardened password for the user to access the application, wherein the hardened password is different from the first password and is generated by applying a first hash function to input data that includes; (1) the first user-provided password, (2) an application identifier that uniquely identifies the application, and (3) a cryptographic hashed data set that was generated by applying a second hash function on a user-selected image stored on the first user device; and providing the second hardened password to the password-based authentication service for accessing the password-protected portion of the application, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the second hardened password; and detecting a system-issued request to change the first user-provided password; and responsive to detecting the predefined event, changing the second hardened password without requiring the user to modify the first user-provided password, which includes; replacing the user-selected image with a second user-selected file; generating a different hardened password based, at least in part, on the first user-provided password, the application identifier, and a portion of the second user-selected file; and providing the different hardened password to the password-based authentication service. - View Dependent Claims (15)
-
Specification