SECURE LOGIN USING A MULTIFACTOR SPLIT ASYMMETRIC CRYPTO-KEY WITH PERSISTENT KEY SECURITY
First Claim
1. A system for authenticating a user multiple times during a single network session, comprising:
- a storage device configured to concurrently store (i) a second key portion of one of a private key and a public key of an asymmetric crypto-key associated with the user, wherein the stored second key portion and a first key portion form a first split of the one key of the asymmetric crypto-key, and (ii) another second key portion of the one key of the asymmetric crypto-key, wherein the stored other second key portion and another first key portion form a second split, different than the first split, of the one key of the asymmetric crypto-key; and
a processor configured with logic to (i) receive, via a communications network, a first message encrypted with the first key portion of the one key of the asymmetric crypto-key, (ii) decrypt the received encrypted first message with the stored second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to first information available on the communications network during the network session, (iii) subsequently receive, via the communications network, a second message encrypted with the other first key portion of the one key of the asymmetric crypto-key, and (iv) decrypt the received encrypted second message with the stored other second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to second information available on the communications network during the network session.
5 Assignments
0 Petitions
Accused Products
Abstract
A first network station encrypts a first message with a first key portion from a first split of a private or public key of a user'"'"'s asymmetric crypto-key and transmits it during a network session. The second network station decrypts the transmitted encrypted first message with a second key portion from the first split of the one key of the asymmetric crypto-key to initially authenticate the user for access, during the session, to store information. The first network station also encrypts a second message with another first key portion from a second split of that one key, and subsequently transmits it during the same network session. The second network station decrypts the subsequently transmitted encrypted second message with another second key portion from the second split of that same one key to subsequently authenticate the user for access, during the same session, to other stored_information.
236 Citations
23 Claims
-
1. A system for authenticating a user multiple times during a single network session, comprising:
-
a storage device configured to concurrently store (i) a second key portion of one of a private key and a public key of an asymmetric crypto-key associated with the user, wherein the stored second key portion and a first key portion form a first split of the one key of the asymmetric crypto-key, and (ii) another second key portion of the one key of the asymmetric crypto-key, wherein the stored other second key portion and another first key portion form a second split, different than the first split, of the one key of the asymmetric crypto-key; and
a processor configured with logic to (i) receive, via a communications network, a first message encrypted with the first key portion of the one key of the asymmetric crypto-key, (ii) decrypt the received encrypted first message with the stored second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to first information available on the communications network during the network session, (iii) subsequently receive, via the communications network, a second message encrypted with the other first key portion of the one key of the asymmetric crypto-key, and (iv) decrypt the received encrypted second message with the stored other second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to second information available on the communications network during the network session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating a user multiple times during a single network session, comprising:
-
receiving, via a communications network, a first message encrypted with a first key portion of one of a private key and a public key of an asymmetric crypto-key associated with a user;
decrypting the received encrypted first message with a second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to first information available on the communications network during the network session, wherein the first key portion and the second key portion form a first split of the one key of the asymmetric crypto-key;
subsequently receiving, via the communications network, a second message encrypted with another first key portion of the one key of the asymmetric crypto-key; and
decrypting the received encrypted second message with another second key portion of the one key of the asymmetric crypto-key to authenticate the user for access to second information available on the communications network during the network session, wherein the other first key portion and the other second key portion form a second split, different than the first split, of the one key of the asymmetric crypto-key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A networked system for authenticating a user multiple times during a single network session, comprising:
-
a first network station configured with logic to (i) encrypt a first message with a first key portion of one of a private key and a public key of an asymmetric crypto-key associated with a user, and initially transmit the encrypted first message over a communications network during a network session, and (ii) encrypt a second message with another first key portion of the one key of the asymmetric crypto-key, and subsequently transmit the encrypted second message over the communications network during the network session; and
a second network station configured with logic to (i) receive the initially transmitted encrypted first message and decrypt the received encrypted first message with a second key portion of the one key of the asymmetric crypto-key to initially authenticate the user, wherein the first key portion and the second key portion form a first split of the one key of the asymmetric crypto-key, and (ii) receive the subsequently transmitted encrypted second message and decrypt the received encrypted second message with another second key portion of the one key of the asymmetric crypto-key to subsequently authenticate the user, wherein the other first key portion and the other second key portion form a second split, different than the first split, of the one key of the asymmetric crypto-key;
wherein the first network station is further configured to (i) access, during the network session and based on the initial authentication of the user by the second network station, first information stored on the communications network, and (ii) access, during the network session and based on the subsequent authentication of the user by the second network station, second information stored on the communications network. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification