Secure distributed authentication data
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for secure authentication for access to a restricted resource, the operations comprising:
- receiving a request for access to the restricted resource by a client identity;
identifying asserted authentication data associated with the request;
generating, in response to the request, an encryption key, the encryption key being uniquely generated based on the asserted authentication data;
generating, in response to the request, a non-restorable digital representation of the asserted authentication data;
retrieving an encrypted digital representation of authentication data associated with the client identity, wherein;
the encrypted digital representation of authentication data is retrieved as a plurality of data portions stored in a plurality of data storage locations; and
retrieving the encrypted digital representation of authentication data comprises reconstructing the encrypted digital representation of authentication data from at least a portion of the plurality of data portions;
decrypting the retrieved encrypted digital representation of authentication data using the encryption key to produce a decrypted digital representation of authentication data;
comparing the decrypted digital representation of authentication data to the generated digital representation of the asserted authentication data; and
generating a token for use in an authentication process for the client identity upon determining, based on the comparing, a match between the stored digital representation of authentication data and the digital representation of the asserted authentication data.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed embodiments relate to systems and methods for secure distributed authentication data. Techniques include identifying asserted authentication data associated with the request, generating an encryption key based on the asserted authentication data, generating a non-restorable digital representation of the asserted authentication data, retrieving an encrypted non-restorable digital representation of authentication data associated with the client identity, decrypting the retrieved encrypted non-restorable digital representation of authentication data using the encryption key, comparing the decrypted non-restorable digital representation of authentication data to the non-restorable digital representation of asserted authentication data; and providing a token for use in an authentication process for the client identity upon determining, based on a match between the stored non-restorable digital representation of authentication data and the non-restorable digital representation of version of the asserted authentication data.
-
Citations
18 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for secure authentication for access to a restricted resource, the operations comprising:
-
receiving a request for access to the restricted resource by a client identity; identifying asserted authentication data associated with the request; generating, in response to the request, an encryption key, the encryption key being uniquely generated based on the asserted authentication data; generating, in response to the request, a non-restorable digital representation of the asserted authentication data; retrieving an encrypted digital representation of authentication data associated with the client identity, wherein; the encrypted digital representation of authentication data is retrieved as a plurality of data portions stored in a plurality of data storage locations; and retrieving the encrypted digital representation of authentication data comprises reconstructing the encrypted digital representation of authentication data from at least a portion of the plurality of data portions; decrypting the retrieved encrypted digital representation of authentication data using the encryption key to produce a decrypted digital representation of authentication data; comparing the decrypted digital representation of authentication data to the generated digital representation of the asserted authentication data; and generating a token for use in an authentication process for the client identity upon determining, based on the comparing, a match between the stored digital representation of authentication data and the digital representation of the asserted authentication data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for secure authentication for access to a restricted resource, the method comprising:
-
receiving a request for access to the restricted resource by a client identity; identifying asserted authentication data associated with the request; generating, in response to the request, an encryption key, the encryption key being uniquely generated based on the asserted authentication data; generating, in response to the request, a non-restorable digital representation of the asserted authentication data; retrieving an encrypted digital representation of authentication data associated with the client identity, wherein; the encrypted digital representation of authentication data is retrieved as a plurality of data portions stored in a plurality of data storage locations; and retrieving the encrypted digital representation of authentication data comprises reconstructing the encrypted digital representation of authentication data from at least a portion of the plurality of data portions; decrypting the retrieved encrypted digital representation of authentication data using the encryption key to produce a decrypted digital representation of authentication data; comparing the decrypted digital representation of authentication data to the generated digital representation of the asserted authentication data; and generating a token for use in an authentication process for the client identity upon determining, based on the comparing, a match between the stored digital representation of authentication data and the digital representation of the asserted authentication data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification