PASSWORD KEY DERIVATION SYSTEM AND METHOD

US 20100208888A1
Filed: 02/13/2009
Published: 08/19/2010
Est. Priority Date: 02/13/2009
Status: Active Grant

First Claim

Patent Images

1. In a computer system, a method for generating and utilizing cryptographic keys comprising:

receiving a password by a key generating system;

measuring by the key generating system strength of the received password and outputting a strength metric in response;

dynamically computing an iteration count I by the key generating system based on the output strength metric, wherein I≧

0;

repeating by the key generating system a cryptographic function the computed I number of times;

generating a cryptographic key based on the repeated cryptographic function and the received password; and

transmitting the generated cryptographic key to a key utilizing system for use therewith.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password-based key derivation function includes a sub-function that gets executed multiple times based on an iteration count. A key derivation module computes the iteration count dynamically with each entered password. The iteration count is computed as a function of the password strength. Specifically, the weaker the password, the higher the iteration count; but the stronger the password, the smaller the interaction count. This helps strengthen weaker passwords without penalizing stronger passwords.

44 Citations

View as Search Results

22 Claims

1. In a computer system, a method for generating and utilizing cryptographic keys comprising:
- receiving a password by a key generating system;
  
  measuring by the key generating system strength of the received password and outputting a strength metric in response;
  
  dynamically computing an iteration count I by the key generating system based on the output strength metric, wherein I≧
  
  0;
  
  repeating by the key generating system a cryptographic function the computed I number of times;
  
  generating a cryptographic key based on the repeated cryptographic function and the received password; and
  
  transmitting the generated cryptographic key to a key utilizing system for use therewith.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the password contains alphanumeric characters.
  - 3. The method of claim 1, wherein the password contains numeric values.
  - 4. The method of claim 1, wherein the password is a secret code associated with a user of the key generating system.
  - 5. The method of claim 1, wherein the measuring of the strength of the received password includes measuring a length of the password, wherein the iteration count decreases as the length of the password increases.
  - 6. The method of claim 1, wherein the measuring of the strength of the received password includes determining whether the password is a word contained in a dictionary, wherein the iteration count for a particular password contained in the dictionary is higher than the iteration count for another password not contained in the dictionary.
  - 7. The method of claim 1, wherein the measuring of the strength of the received password includes:
    - compressing the password by the key generating system; and
      
      measuring efficacy of the compression, wherein the iteration count decreases as the compression efficacy decreases.
  - 8. The method of claim 1, wherein the measuring of the strength of the received password includes:
    - determining by the key generating system the strength of each character in the received password;
      
      aggregating by the key generating system the strength of each character; and
      
      generating the strength metric based on the aggregate strength.
  - 9. The method of claim 1 further comprising:
    - determining that the strength metric is outside a pre-determined strength boundary; and
      
      selecting a pre-defined iteration count as the iteration count I responsive to the determination.
  - 10. The method of claim 1, wherein the cryptographic function is a sub-function of a key derivation function, wherein the cryptographic key is generated by the key derivation function.
  - 11. The method of claim 1 further comprising:
    - establishing a secure communication between the key generating system and the key utilizing system based on the generated cryptographic key.

12. A key generating system comprising:
- a processor; and
  
  a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including;
  
  receiving a password;
  
  measuring strength of the received password and outputting a strength metric in response;
  
  dynamically computing an iteration count I based on the output strength metric, wherein I≧
  
  0;
  
  repeating a cryptographic function the computed I number of times;
  
  generating a cryptographic key based on the repeated cryptographic function and the received keyword; and
  
  transmitting the generated cryptographic key to a key utilizing system for use therewith.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the password contains alphanumeric characters.
  - 14. The system of claim 12, wherein the password contains numeric values.
  - 15. The system of claim 12, wherein the password is a secret code associated with a user of the key generating system.
  - 16. The system of claim 12, wherein the program instructions for measuring the strength of the received password includes program instructions for measuring a length of the password, wherein the iteration count decreases as the length of the password increases.
  - 17. The system of claim 12, wherein the program instructions for measuring the strength of the received password includes program instructions for determining whether the password is a word contained in a dictionary, wherein the iteration count for a particular password contained in the dictionary is higher than the iteration count for another password not contained in the dictionary.
  - 18. The system of claim 12, wherein the program instructions for measuring the strength of the received password includes program instructions for:
    - compressing the password by the key generating system; and
      
      measuring efficacy of the compression, wherein the iteration count decreases as the compression efficacy decreases.
  - 19. The system of claim 12, wherein the program instructions for measuring the strength of the received password includes program instructions for:
    - determining by the key generating system the strength of each character in the received password;
      
      aggregating by the key generating system the strength of each character; and
      
      generating the strength metric based on the aggregate strength.
  - 20. The system of claim 12, wherein the program instructions further comprise:
    - determining that the strength metric is outside a pre-determined strength boundary; and
      
      selecting a pre-defined iteration count as the iteration count I responsive to the determination.
  - 21. The system of claim 12, wherein the cryptographic function is a sub-function of a key derivation function, wherein the cryptographic key is generated by the key derivation function.
  - 22. The system of claim 12 further comprising:
    - establishing a secure communication between the key generating system and the key utilizing system based on the generated cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Original Assignee
Guidance Software Incorporated (Open Text Corporation)
Inventors
Weber, Dominik

Granted Patent

US 8,238,552 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/606 by securing the transmissio...

PASSWORD KEY DERIVATION SYSTEM AND METHOD

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

PASSWORD KEY DERIVATION SYSTEM AND METHOD

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links