Storing digital secrets in a vault
First Claim
1. A method for storing secret information in a digital vault, said method comprising:
- obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and
for each subset of questions, SK;
(a) generating a string TK from the obtained answers for that subset of questions SK;
(b) mathematically combining a value derived from the string, TK, with the secret information to generate a result, FK, that hides the secret information; and
(c) storing FK, wherein the digital vault comprises all stored FK.
23 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.”
284 Citations
61 Claims
-
1. A method for storing secret information in a digital vault, said method comprising:
-
obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and
for each subset of questions, SK;
(a) generating a string TK from the obtained answers for that subset of questions SK;
(b) mathematically combining a value derived from the string, TK, with the secret information to generate a result, FK, that hides the secret information; and
(c) storing FK, wherein the digital vault comprises all stored FK. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of gaining access to secret information contained within a digital vault, said method comprising:
-
obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements;
selecting a first subset from among the subsets SK of questions and for the selected subset;
(a) generating a string VK from the obtained answers for that subset of questions SK;
(b) comparing a value derived from the string, VK to a set of stored values to find a match;
(c) if a match is found, giving the user access to the secret information, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected or until a match is found. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method of gaining access to secret information contained within a digital vault, said method comprising:
-
obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements;
selecting a first subset from among the subsets SK of questions and for the selected subset;
(a) generating a string VK from the obtained answers for that subset of questions SK;
(b) using a value derived from the string, VK, to attempt to access the secret information; and
(c) verifying whether the attempt was successful; and
unless the attempt was successful, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected; and
if the attempt is successful, giving the user access to the secret information.
-
-
40-52. -52. (canceled)
-
53. A method of registering authentication material, said method comprising:
-
obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and
for each subset of questions, SK;
(a) generating a string TK from the obtained answers for that subset of questions SK;
(b) mathematically transforming the string, TK, to generate a value GK;
(c) storing GK, wherein the authentication material comprises all stored GK.
-
-
54-59. -59. (canceled)
-
60. A method of authenticating a user, said method comprising:
-
obtaining from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and
for each subset of questions, SK;
(a) generating a string VK from the obtained answers for that subset of questions SK;
(b) comparing a value derived from the string VK to a set of stored values to find a match; and
(c) if a match is found authenticating the user, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected or until a match is found.
-
-
61-69. -69. (canceled)
Specification