SYSTEM AND METHOD FOR INCREASING THE SECURITY OF ENCRYPTED SECRETS AND AUTHENTICATION

US 20100100724A1
Filed: 03/09/2001
Published: 04/22/2010
Est. Priority Date: 03/10/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

implementing a multi-party secure computation protocol between a client which has a client secret and a server which has a server secret to compute a third secret from the client secret and the server secret, wherein the protocol is implemented so that the client obtains the third secret and cannot feasibly determine the server secret, and the server cannot feasibly determine the client secret and cannot feasibly determine the third secret;

authenticating the client by a device, the device storing an encrypted secret and configured not to provide the encrypted secret without authentication and the device being distinct from the server; and

after authenticating, providing to the client by the device the encrypted secret, wherein the encrypted secret is capable of being decrypted using a decryption key derived from the third secret and wherein the multi-party secure computation protocol implemented between the client and the server is the only multi-party computation protocol that is implemented in generating the third secret and the decryption key derived from the third secret;

wherein implementing the multi-party secure computation protocol involves;

at the client, using the client secret to compute client information to harden the client secret and then sending the client information to the server;

at the server, using the client information and the server secret to compute intermediate data and sending the intermediate data to the client; and

at the client, deriving the third secret from the intermediate data.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, in one aspect, the invention relates to a method for accessing encrypted data by a client. The method includes receiving from the client by a server client information derived from a first secret wherein the client information is derived such that the server can not feasibly determine the first secret The method also includes providing to the client by the server intermediate data, which is derived responsive to the received client information, a server secret, and possibly other information. The intermediate data is derived such that the client cannot feasibly determine the server secret. The method also includes authenticating the client by a device that stores encrypted secrets and is configured not to provide the encrypted secrets without authentication. After the authenticating step, the method also includes providing the encrypted secrets to the client. The encrypted secrets 5 are capable of being decrypted using a third secret that is derived from the intermediate data.

Citations

54 Claims

1. A method comprising:
- implementing a multi-party secure computation protocol between a client which has a client secret and a server which has a server secret to compute a third secret from the client secret and the server secret, wherein the protocol is implemented so that the client obtains the third secret and cannot feasibly determine the server secret, and the server cannot feasibly determine the client secret and cannot feasibly determine the third secret;
  
  authenticating the client by a device, the device storing an encrypted secret and configured not to provide the encrypted secret without authentication and the device being distinct from the server; and
  
  after authenticating, providing to the client by the device the encrypted secret, wherein the encrypted secret is capable of being decrypted using a decryption key derived from the third secret and wherein the multi-party secure computation protocol implemented between the client and the server is the only multi-party computation protocol that is implemented in generating the third secret and the decryption key derived from the third secret;
  
  wherein implementing the multi-party secure computation protocol involves;
  
  at the client, using the client secret to compute client information to harden the client secret and then sending the client information to the server;
  
  at the server, using the client information and the server secret to compute intermediate data and sending the intermediate data to the client; and
  
  at the client, deriving the third secret from the intermediate data.
- View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 31, 44, 45, 46, 49, 52)
- - 2. The method of claim 1 wherein the third secret is derived from the intermediate data by use of one of a key derivation function and a hash function.
  - 4. The method of claim 1 wherein the client secret comprises at least one of a PIN, a password, and biometric information.
  - 5. The method of claim 4 wherein the intermediate data is derived from at least the client secret and the server secret by use of a blind function evaluation protocol.
  - 6. The method of claim 5 wherein the security of the blind function evaluation protocol is based on the problem of extracting roots modulo a composite.
  - 7. The method of claim 5 wherein the security of the blind function evaluation protocol uses discrete logarithms.
  - 8. The method of claim 1 wherein authenticating comprises authenticating the client based on a time-dependent code.
  - 9. The method of claim 1 wherein authenticating comprises authenticating the client based on at least one of a PIN, a password, and biometric information.
  - 10. The method of claim 1 wherein authenticating comprises authenticating the client based on a secret other than the client secret.
  - 11. The method of claim 1 wherein authenticating comprises using an authentication secret derived from the third secret.
  - 12. The method of claim 1 wherein the device comprises at least one of a file server, a directory server, a key server, a PDA, a mobile telephone, a smart card, and a desktop computer.
  - 13. The method of claim 12 wherein the device comprises at least one secure data store, the device requiring authentication before allowing the client access to the data store.
  - 14. The method of claim 1 wherein the encrypted secret comprises an encrypted private key of a public/private key pair used for asymmetric cryptography.
  - 15. The method of claim 14 wherein the encrypted secret comprises an encrypted signature key used for creating a digital signature.
  - 16. The method of claim 15 wherein authenticating comprises authenticating the client based on a secret other than the client secret, so that the user provides different information to access the device and access the signature key.
  - 17. The method of claim 1 wherein the encrypted secret comprises an encrypted secret key used for symmetric cryptography.
  - 18. The method of claim 1 wherein the encrypted secret comprises at least one unit of encrypted digital currency.
  - 19. The method of claim 1 further comprising verifying that the client has not exceeded a predetermined number of unsuccessful attempts to obtain the intermediate data.
  - 20. The method of claim 19 wherein verifying further comprises:
    - transmitting a challenge code to the client; and
      
      receiving the result of a cryptographic operation using the challenge code as an input and using a cryptographic key derived from the encrypted secret.
  - 31. The method of claim 1, further comprisingderiving the decryption key from the third secret;
    - anddecrypting the encrypted secret using the decryption key.
  - 44. The method of claim 1, wherein the multi-party secure computation protocol is a blind function evaluation protocol.
  - 45. The method of claim 44, wherein the blind function evaluation protocol is based on discrete-logarithm cryptography.
  - 46. The method of claim 45, wherein the blind function evaluation protocol is based on an RSA algorithm.
  - 49. The method of claim 1, wherein the multi-party secure computation protocol comprises the client and the server providing their respective secrets as input to respective protocol operations that jointly calculate the third secret as a function of the client and server secrets.
  - 52. The method of claim 1, wherein implementing the multi-party secure computation protocol between the client which has the client secret and the server which has the server secret to compute the third secret from the client secret and the server secret comprises implementing the multi-party secure computation protocol between the client which has the client secret and a single server which has the server secret to compute the third secret from the client secret and the server secret.

3. (canceled)

21-30. -30. (canceled)

32-37. -37. (canceled)

38. A method for authenticating to a network server, the method comprising:
- implementing a multi-party secure computation protocol between a client which has a client secret and a server which has a server secret to compute a third secret from the client secret and the server secret, wherein the protocol is implemented so that the client cannot feasibly determine the server secret and the server cannot feasibly determine the client secret and cannot feasibly determine the third secret;
  
  at the client deriving a password from the third secret;
  
  authenticating to the network server using the derived password, wherein the multi-party secure computation protocol implemented between the client and the server is the only multi-party computation protocol that is implemented in generating the third secret and the password derived from the third secret;
  
  wherein implementing the multi-party secure computation protocol involves;
  
  at the client, using the client secret to compute client information to harden the client secret and then sending the client information to the server;
  
  at the server, using the client information and the server secret to compute intermediate data and sending the intermediate data to the client; and
  
  at the client, deriving the third secret from the intermediate data.
- View Dependent Claims (39, 40, 41, 48, 50, 53)
- - 39. The method of claim 38 further comprising transmitting to the first server by the network server verification that the user has authenticated successfully.
  - 40. The method of claim 38 wherein the network server is a web server.
  - 41. The method of claim 38 wherein deriving comprises deriving a server password using a key derivation function.
  - 48. The method of claim 38, wherein the password is derived from the third secret and a server identifier.
  - 50. The method of claim 38, wherein the multi-party secure computation protocol comprises the client and the server providing their respective secrets as input to respective protocol operations that jointly calculate the third secret as a function of the client and server secrets.
  - 53. The method of claim 38, wherein implementing the multi-party secure computation protocol between the client which has the client secret and the server which has the server secret to compute the third secret from the client secret and the server secret comprises implementing the multi-party secure computation protocol between the client which has the client secret and a single server which has the server secret to compute the third secret from the client secret and the server secret.

42-43. -43. (canceled)

47. A method comprising:
- implementing a multi-party secure computation protocol between a client which has a client secret and a server which has a server secret to compute a third secret from the client secret and the server secret, wherein the protocol is implemented so that the client cannot feasibly determine the server secret and the server cannot feasibly determine the client secret and cannot feasibly determine the third secret;
  
  authenticating the client by a device, the device storing an encrypted secret and configured not to provide the encrypted secret without authentication; and
  
  after authenticating, providing to the client by the device the encrypted secret, wherein the encrypted secret is capable of being decrypted using a decryption key derived from the third secret and wherein no additional multi-party secure computation protocol involving any entity other than the server is required to enable the client to generate the third secret and the key derived from the third secret;
  
  wherein implementing the multi-party secure computation protocol involves;
  
  at the client, using the client secret to compute client information to harden the client secret and then sending the client information to the server;
  
  at the server, using the client information and the server secret to compute intermediate data and sending the intermediate data to the client; and
  
  at the client, deriving the third secret from the intermediate data.
- View Dependent Claims (51, 54)
- - 51. The method of claim 47, wherein the multi-party secure computation protocol comprises the client and the server providing their respective secrets as input to respective protocol operations that jointly calculate the third secret as a function of the client and server secrets.
  - 54. The method of claim 47, wherein implementing the multi-party secure computation protocol between the client which has the client secret and the server which has the server secret to compute the third secret from the client secret and the server secret comprises implementing the multi-party secure computation protocol between the client which has the client secret and a single server which has the server secret to compute a third secret from the client secret and the server secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Kaliski, Burton S. JR.

Granted Patent

US 7,716,484 B1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2209/50   Oblivious transfer

H04L 2209/80   Wireless

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 9/002   Countermeasures against att...

H04L 9/3013   involving the discrete loga...

H04L 9/3226   using a predetermined code,...

H04L 9/3249   using RSA or related signat...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

SYSTEM AND METHOD FOR INCREASING THE SECURITY OF ENCRYPTED SECRETS AND AUTHENTICATION

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR INCREASING THE SECURITY OF ENCRYPTED SECRETS AND AUTHENTICATION

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links