Technique for providing multiple levels of security

US 20070055878A1
Filed: 02/14/2005
Published: 03/08/2007
Est. Priority Date: 02/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for user authentication, comprising;

receiving, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;

authenticating the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;

receiving, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and

authenticating the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

42 Citations

View as Search Results

18 Claims

1. A method for user authentication, comprising;
- receiving, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;
  
  authenticating the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;
  
  receiving, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
  
  authenticating the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein:
    - in the first level of access, first information is available; and
      
      in the second level of access, second information is available.
  - 3. The method of claim 2, wherein the second information is only a portion of the first information.
  - 4. The method of claim 1, further comprising:
    - transforming the received first request with another portion of the first type split private key, the public key of the first asymmetric key pair, and at least one other public key to determine that the received first request is transformed with the first type split private key; and
      
      transforming the received second request with only another portion of the second type split private key and the public key of the second asymmetric key pair to determine that the received first request is transformed with the second type split private key.
  - 5. The method of claim 1, wherein:
    - the private portion of the first type split private key is based upon a password of the first user and another factor, and the private portion of the second type split private key is based upon only a password of the second user.
  - 6. The method of claim 5, wherein the private portion of the first type split private key is generated by cryptographically combining the user password and the other factor.
  - 7. The method of claim 5, further comprising:
    - generating the first asymmetric key pair with a first whole private key;
      
      splitting the first whole private key, based upon the password and the other factor, into a first set of multiple private portions forming the first type split private key;
      
      generating a second asymmetric key pair with second whole private key; and
      
      splitting the second whole private key, based upon the password only, into a second set of multiple private portions forming the second type split private key.
  - 8. The method of claim 5, wherein:
    - the private portion of the first type split private key is based upon three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a third asymmetric key pair; and
      
      a third factor is a private key of a fourth asymmetric key pair.
  - 9. The method of claim 8, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the third asymmetric key pair is stored in a first location; and
      
      the private key of the fourth asymmetric key pair is stored in a second location different than the first location.

10. A system for user authentication, comprising:
- a communications interface configured to receive i) a first authentication request from a first user transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key, and ii) a second authentication request from a second user transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
  
  a processor configured to i) authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key, and ii) authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein:
    - in the first level of access, first information is available; and
      
      in the second level of access, second information is available.
  - 12. The system of claim 11, wherein the second information is only a portion of the first information.
  - 13. The system of claim 10, wherein the processor is further configured to i) transform the received first request with a another portion of the first type split private key, the public key of the first asymmetric key pair, and at least one other public key to determine that the received first message is transformed with the first type split private key, and ii) transform the received second request with only another portion of the second type split private key and the public key of the second asymmetric key pair to determine that the received first request is transformed with the second type split private key.
  - 14. The system of claim 10, wherein:
    - the private portion of the first type split private key is based upon a password and another factor;
      
      the private portion of the second type split private key is based upon only a password.
  - 15. The system of claim 14, wherein the first portion is generated by cryptographically combining the user password and the other factor.
  - 16. The system of claim 14, wherein the processor is a first processor, and further comprising:
    - a second processor configured to i) generate the first asymmetric key pair with a first whole private key, and ii) split the first whole private key, based upon the password and the other factor, into a first set of multiple private portions forming the first type split private key; and
      
      a third processor configured to i) generate a second asymmetric key pair with a second whole private key, and ii) split the second whole private key, based upon the password only, into a second set of multiple private portions forming the second type split private key.
  - 17. The system of claim 14 wherein:
    - the private portion of the first type split key is based upon three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a third asymmetric key pair; and
      
      a third factor is a private key of a fourth asymmetric key pair.
  - 18. The system of claim 17, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the third asymmetric key pair is stored in a first location; and
      
      the private key of the fourth asymmetric key pair is stored in a second location different than the first location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
TriCipher, Inc. (Broadcom, Inc.)
Inventors
Ganesan, Ravi, Bellare, Mihir, Sandhu, Ravinderpal, deSa, Colin, Schoppert, Brett

Granted Patent

US 7,596,697 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/105   Multiple levels of security

H04L 9/32   including means for verifyi...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

Technique for providing multiple levels of security

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Technique for providing multiple levels of security

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others