ROAMING UTILIZING AN ASYMMETRIC KEY PAIR
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.
-
Citations
38 Claims
-
1-18. -18. (canceled)
-
19. A method for authenticating a user seeking access to information via a network from a user network location (UNL), using a asymmetric crypto-key having a private key (Dx) and a public key (Ex), with Dx split into multiple key portions including a user key portion (Dxx) and an trusted server key portion (Dxs), and with Dxx being computable based on a first factor (F1) and a second factor (F2), the method comprising:
-
persistently storing Dxs, F2, and a symmetric crypto-key (S) at a trusted server; and authenticating the user by (i) receiving, at the UNL, initial authentication information as a user input, (ii) transmitting, from the UNL, the received initial authentication information, (iii) initially authenticating the user, at the trusted server, based on the transmitted initial authentication information, (iv) encrypting, at the trusted server after the initial authentication, the stored F2 with the stored S, (v) transmitting, from the trusted server, encrypted F2, (vi) receiving, at the UNL, a user input corresponding to the first factor, (vii) computing S, at the UNL, based on the input initial authentication information, (viii) decrypting the transmitted encrypted F2, at the UNL, with the computed S, (ix) computing Dxx, at the UNL, based on the user input corresponding to F1 and the decrypted F2, (x) encrypting a message, at the UNL, with the computed Dxx, (xi) transmitting the encrypted message from the UNL, and (xii) decrypting, at the trusted server, the transmitted encrypted message with the stored Dxs. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. An article of manufacture for authenticating a user seeking access via a network from a user network station (UNS) using a asymmetric crypto-key having a private key (Dx) and a public key (Ex), with Dx split into multiple key portions including a user key portion (Dxx) and an trusted server key portion (Dxs), and with Dxx being computable based on a first factor (F1) and a second factor (F2), comprising:
-
computer readable storage media; and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by computers and thereby cause the computers to operate so as to; persistently store Dxs, F2, and a symmetric crypto-key (S), at a trusted server, receive initial authentication information as a user input at the UNS, transmit the input initial authentication information from the UNS, initially authenticate the user, at the trusted server, based on the transmitted initial authentication information, encrypt, at the trusted server after the initial authentication, the stored F2 with the stored S, transmit the encrypted F2 from the trusted server, receive a user input corresponding to F1 at the UNS, compute the S, at the UNS, based on the input initial authentication information, decrypt the transmitted encrypted F2, at the UNS, with the computed S, compute Dxx, at the UNS, based on the user input corresponding to F1 and the decrypted F2, encrypt a message, at the UNS, with the computed Dxx, transmit the encrypted message from the UNS, and decrypt the transmitted encrypted message, at the trusted server, with the stored Dxs to thereby authenticate the user for access from the UNS. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. A network device for accessing a network by a user having an asymmetric crypto-key having a private key (Dx) and a public key (Ex), with Dx split into multiple key portions including a user key portion (Dxx) and an trusted server key portion (Dxs), and with Dxx being computable based on a first factor (F1) and a second factor (F2), the device comprising:
-
a user interface for receiving user inputs including a first user input representing initial authentication information and a second user input corresponding to F1; a communications interface (i) for transmitting the first user input via the network, and (ii) for receiving, in response to transmission of the first user input, F2 encrypted with a symmetric crypto-key (S) via the network; and a processor having logic that is executable to (i) compute S based on the received first user input, (ii) decrypt the received encrypted F2 with the computed S, (iii) compute Dxx based on the received second user input and the decrypted F2, (iv) encrypt a message with the computed Dxx, and (vi) direct transmission of the encrypted message; wherein the communications interface is also for transmitting the encrypted message to an authenticating entity in accordance with the processor directive to thereby authenticate the user to the authenticating entity. - View Dependent Claims (34, 35, 36, 37, 38)
-
Specification