Password encryption key
First Claim
1. A secure transaction process, comprising generating a key from a user-supplied unencrypted password, encrypting the user'"'"'s password with the key, creating a user record, storing the encrypted password in the user record.
3 Assignments
0 Petitions
Accused Products
Abstract
A password-encrypted key (PEK) is generated from a user-supplied password or other identifyting data and then used to encrypt the user'"'"'s password. The encrypted password is stored in a user record on a server. At login a would-be user'"'"'s password is again used to make a key, which is then used to decrypt and compare the stored encrypted password with the would-be user'"'"'s password to complete the login. The successful PEK is stored in a temporary session record and can be used to decrypt other sensitive user information previously encrypted and stored in the user record as well as to encrypt new information for storage in the user record. A public/private key system can also be used to maintain limited access for the host to certain information in the user record.
-
Citations
10 Claims
-
1. A secure transaction process, comprising
generating a key from a user-supplied unencrypted password, encrypting the user'"'"'s password with the key, creating a user record, storing the encrypted password in the user record.
-
7. A secure transaction process, comprising
generating an encryption key from user-supplied identification data, encrypting the user'"'"'s identification data with the key, creating a user record, storing the encrypted identification data in the user record.
Specification