System and method for securing information using remote access control and data encryption
First Claim
1. An authentication system, comprising:
- a cryptograph module, that receives a user password from a client terminal and generates a first password using a first one-way cryptographic scheme and a second password using a second one-way cryptographic scheme;
an access control server, including an access control database that stores an access password, and an interface for communicating with the cryptograph module to obtain the first password from the cryptograph module, and communicating with a service provider to authorize a client terminal when the first password matches the access password;
the service provider having a user information database that stores encrypted user information, and a decryption module that decrypts user information using the second password and grants the client terminal access to services when the access control server authenticates the client terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to a system and method for enhancing the security of information by decoupling the user authentication from the data storage and access. User information, stored by a service provider, is encrypted using a hashed password and access to the encrypted user information is protected by a separate access control server. The access control server and service provider may be provided a uniquely hashed first and second password, respectively. The access control server uses the first hashed password to allow the user access to the service provider, and the service provider then decrypts the user information using the second hashed password. The system ensures that even if the malicious user manages to compromise either the service provider or the access control server the malicious user would remain unable to decrypt and access any stored user information.
22 Citations
24 Claims
-
1. An authentication system, comprising:
-
a cryptograph module, that receives a user password from a client terminal and generates a first password using a first one-way cryptographic scheme and a second password using a second one-way cryptographic scheme; an access control server, including an access control database that stores an access password, and an interface for communicating with the cryptograph module to obtain the first password from the cryptograph module, and communicating with a service provider to authorize a client terminal when the first password matches the access password; the service provider having a user information database that stores encrypted user information, and a decryption module that decrypts user information using the second password and grants the client terminal access to services when the access control server authenticates the client terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An authentication method used by an authentication system, comprising:
-
receiving a user password from a client, at a cryptograph module, and generating a first password using a first one-way cryptographic scheme and a second password using a second one-way cryptographic scheme; receiving the first password, at an access control server, and matching the first password to an access password from an access control database; authenticating a client terminal, to a service provider when the first password matches the access password; storing encrypted user information on a user information database; receiving the second password, at the service provider, and decrypting the encrypted user information using the second password; granting the client terminal access to services after the access control server authenticates the client terminal and decrypts the encrypted user information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An authentication method used by an access control server, comprising:
-
receiving a password, corresponding to a client; matching the password to an access password, from an access database, corresponding to the client; authenticating the client, to a service provider, if the password matches the access password. - View Dependent Claims (18, 19, 20)
-
-
21. An authentication method used by a service provider, comprising:
-
storing encrypted user information on a service database; receiving a password, corresponding to a client; receiving an authentication transmission from an access control server authenticating the client; decrypting the user information, corresponding to the client, using the password; granting the client access to services after receiving the authentication transmission and decrypting the user information. - View Dependent Claims (22, 23, 24)
-
Specification