Asymmetric key pair having a kiosk mode

US 20060182276A1
Filed: 02/14/2005
Published: 08/17/2006
Est. Priority Date: 02/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing different levels of access based upon a same authentication factor, comprising;

receiving a first message transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key;

authenticating the user for a first level of network access based upon the received first message being transformed with the first portion;

receiving a second message transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key;

authenticating the user for a second level of network access different that the first level based upon the received second message being transformed with the second portion.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing different levels of access based upon a same authentication factor are provided. A first message is received that is transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key. The user is authenticated for a first level of network access based upon the received first message being transformed with the first portion. A second message is received that is transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key. The user is authenticated for a second level of network access different that the first level based upon the received second message being transformed with the second portion.

Citations

18 Claims

1. A method for providing different levels of access based upon a same authentication factor, comprising;
- receiving a first message transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key;
  
  authenticating the user for a first level of network access based upon the received first message being transformed with the first portion;
  
  receiving a second message transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key;
  
  authenticating the user for a second level of network access different that the first level based upon the received second message being transformed with the second portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein:
    - if authenticated for the first level of access, first information is available to the user; and
      
      if authenticated for the second level of access, second information is available to the user.
  - 3. The method of claim 2, wherein the second information is only a portion of the first information.
  - 4. The method of claim 1, wherein:
    - the first message is received from a first network station;
      
      the other factor is stored at the first network station; and
      
      the second message is received from a second network station at which the other factor is not stored.
  - 5. The method of claim 1, further comprising:
    - generating an asymmetric key pair having a private key and a public key;
      
      splitting the private key, based upon the password and the other factor, into a first set of multiple private portions including the first private portion; and
      
      splitting the private key, based upon the password only, into a second set of multiple private portions including the second private portion.
  - 6. The method of claim 1, further comprising:
    - transforming the received first message with a third portion of the split private key, the public key of the asymmetric key pair, and at least one other public key to determine that the received first message is transformed with the first portion; and
      
      transforming the received second message with only a fourth portion of the split private key and the public key of the asymmetric key pair to determine that the received first message is transformed with the second portion.
  - 7. The method of claim 1, wherein the first portion is generated by cryptographically combining the user password and the other factor.
  - 8. The method of claim 1, wherein:
    - the asymmetric key pair is a first asymmetric key pair;
      
      the first portion is based three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a second asymmetric key pair; and
      
      a third factor is a private key of a third asymmetric key pair.
  - 9. The method of claim 8, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the second asymmetric key pair is stored in a first location; and
      
      the private key of the third asymmetric key pair is stored in a second location different than the first location.

10. A system for providing different levels of access based upon a same authentication factor, comprising:
- a communications interface configured to receive i) a first message transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key, and ii) a second message transformed with a second portion of the split private-key, the second portion based upon the password only and not combinable with the first portion to complete the split private key; and
  
  a processor configured to i) authenticate the user for a first level of network access based upon the received first message being transformed with the first portion, and ii) authenticate the user for a second level of network access different that the first level based upon the received second message being transformed with the second portion.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein:
    - if authenticated for the first level of access, first information is available to the user; and
      
      if authenticated for the second level of access, second information is available to the user.
  - 12. The system of claim 11, wherein the second information is only a portion of the first information.
  - 13. The system of claim 10, wherein:
    - the first message is received from a first network station;
      
      the other factor is stored at the first network station; and
      
      the second message is received from a second network station at which the other factor is not stored.
  - 14. The system of claim 11, wherein the processor is a first processor, and further comprising:
    - a second processor configured to i) generate an asymmetric key pair having a private key and a public key, ii) split the private key, based upon the password and the other factor, into a first set of multiple private portions including the first private portion, and iii) split the private key, based upon the password only, into a second set of multiple private portions including the second private portion.
  - 15. The system of claim 10, wherein the processor is further configured to i) transform the received first message with a third portion of the split private key, the public key of the asymmetric key pair, and at least one other public key to determine that the received first message is transformed with the first portion, and ii) transform the received second message with only a fourth portion of the split private key and the public key of the asymmetric key pair to determine that the received first message is transformed with the second portion.
  - 16. The system of claim 10, wherein the first portion is generated by cryptographically combining the user password and the other factor.
  - 17. The system of claim 10 wherein:
    - the asymmetric key pair is a first asymmetric key pair;
      
      the first portion is based three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a second asymmetric key pair; and
      
      a third factor is a private key of a third asymmetric key pair.
  - 18. The system of claim 17, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the second asymmetric key pair is stored in a first location; and
      
      the private key of the third asymmetric key pair is stored in a second location different than the first location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
TriCipher, Inc. (Broadcom, Inc.)
Inventors
Ganesan, Ravi, Schoppert, Brett Jason, Sandhu, Ravinderpal Singh, deSa, Colin Joseph, Bellare, Mihir

Granted Patent

US 7,599,493 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3271   using challenge-response

Asymmetric key pair having a kiosk mode

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Asymmetric key pair having a kiosk mode

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links