Mitigating dictionary attacks on password-protected local storage
First Claim
Patent Images
1. A method comprising:
- receiving a password from a user;
selecting at least one puzzle from a puzzle database based on the received password;
for each selected puzzleproviding the puzzle to the user, andreceiving a solution for the puzzle from the user; and
generating a key based at least on the entirety of at least one solution.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention includes a method for key creation and recovery based on solutions to puzzles solvable by humans and not computers. In some exemplary embodiments, the key is created and recovered based on the solution(s) in conjunction with the password entered by the user. The puzzle(s) is selected based on the password used by the user from a puzzle database containing multiple puzzles that is greater in number to the number of puzzles used in conjunction with a particular password.
45 Citations
20 Claims
-
1. A method comprising:
-
receiving a password from a user; selecting at least one puzzle from a puzzle database based on the received password; for each selected puzzle providing the puzzle to the user, and receiving a solution for the puzzle from the user; and generating a key based at least on the entirety of at least one solution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving a password from a user; selecting at least four puzzles indexed with the password from a puzzle database having puzzles solvable by a human and not solvable by a non-human entity; for each selected puzzle providing the puzzle to the user, and receiving a solution for the puzzle from the user; generating a key based on at least the received solutions; and using the key to encrypt files. - View Dependent Claims (15, 16)
-
-
17. A computer program product comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
generate a key including receive a password from a user, compute indices based on the received password, select at least one puzzle from a puzzle database based on the computed indices, for each selected puzzle, query the user for a solution, compute a key based on the received at least one solution and the received password, and discard the solutions.
-
18. A method comprising:
-
receiving information including a password from a user; generating one or more puzzles based on at least some of the received information; for each generated puzzle providing the puzzle to the user, and receiving a solution for the puzzle from the user; and generating a key based at least on the entirety of at least one solution. - View Dependent Claims (19, 20)
-
Specification