INTERLOCKING PLAIN TEXT PASSWORDS TO DATA ENCRYPTION KEYS
First Claim
1. A method of generating a unique password for authenticating a user for access to an encrypted storage device, the method comprising:
- generating, by a random number generator;
i) a root key to encrypt and decrypt data;
ii) a maker'"'"'s password to generate other passwords;
iii) an authentication hash key to generate hashed values of plaintext passwords; and
iv) a random data key corresponding to the unique authentication hash key;
generating, by an encryption module, an encrypted data key based on the random data key, the authentication hash key and the root key;
generating, by the encryption module, a unique plaintext password for the user based on a random number and the encrypted data key;
generating, by a hash module, a hashed value of the generated plaintext password based on the authentication hash key;
storing the hashed value of the plaintext password and the corresponding encrypted data key to a key storage; and
providing the plaintext password to the user.
11 Assignments
0 Petitions
Accused Products
Abstract
Described embodiments provide for authenticating a user request for access to at least a portion of an encrypted storage device. First, the request for access to at least a portion of the encrypted storage device is received. The request includes a plaintext password. A hash module generates a hashed version of the received plaintext password based on an authentication hash key. A hashed value of the generated plaintext password is retrieved from a key storage. A hash comparator compares the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password. If the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, the user is authenticated for access to at least a portion of the encrypted storage device. Otherwise, the user is denied access to the encrypted storage device.
107 Citations
22 Claims
-
1. A method of generating a unique password for authenticating a user for access to an encrypted storage device, the method comprising:
-
generating, by a random number generator;
i) a root key to encrypt and decrypt data;
ii) a maker'"'"'s password to generate other passwords;
iii) an authentication hash key to generate hashed values of plaintext passwords; and
iv) a random data key corresponding to the unique authentication hash key;generating, by an encryption module, an encrypted data key based on the random data key, the authentication hash key and the root key; generating, by the encryption module, a unique plaintext password for the user based on a random number and the encrypted data key; generating, by a hash module, a hashed value of the generated plaintext password based on the authentication hash key; storing the hashed value of the plaintext password and the corresponding encrypted data key to a key storage; and providing the plaintext password to the user.
-
-
2. A method of authenticating a user request for access to at least a portion of an encrypted storage device, the method comprising:
-
receiving the request for access to at least a portion of the encrypted storage device, the request including a plaintext password; generating, by a hash module, a hashed version of the received plaintext password based on an authentication hash key; retrieving, from a key storage, a hashed value of a generated plaintext password; comparing, by a hash comparator, the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password; and if the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, authenticating the user for access to at least a portion of the encrypted storage device, otherwise, denying the user access to the encrypted storage device. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
-
-
10. A machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method of generating a unique password for authenticating a user for access to an encrypted storage device, the method comprising:
-
generating, by a random number generator;
i) a root key to encrypt and decrypt data;
ii) a maker'"'"'s password to generate other passwords;
iii) an authentication hash key to generate hashed values of plaintext passwords; and
iv) a random data key corresponding to the unique authentication hash key;generating, by an encryption module, an encrypted data key based on the random data key, the authentication hash key and the root key; generating, by the encryption module, a unique plaintext password for the user based on a random number and the encrypted data key; generating, by a hash module, a hashed value of the generated plaintext password based on the authentication hash key; storing the hashed value of the plaintext password and the corresponding encrypted data key to a key storage; and providing the plaintext password to the user.
-
-
11. A machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method of authenticating a user request for access to at least a portion of an encrypted storage device, the method comprising:
-
receiving the request for access to at least a portion of the encrypted storage device, the request including a plaintext password; generating, by a hash module, a hashed version of the received plaintext password based on an authentication hash key; retrieving, from a key storage, a hashed value of a generated plaintext password; comparing, by a hash comparator, the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password; and if the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, authenticating the user for access to at least a portion of the encrypted storage device, otherwise, denying the user access to the encrypted storage device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for authenticating a user for access to an encrypted storage device, the apparatus comprising:
-
a random number generator for generating;
i) a root key to encrypt and decrypt data;
ii) a maker'"'"'s password to generate other passwords;
iii) an authentication hash key to generate hashed values of plaintext passwords; and
iv) a random data key corresponding to the unique plaintext password;an encryption module for generating i) an encrypted data key based on the random data key and the root key, and ii) a unique plaintext password for the user based on a random number and the encrypted data key; a hash module for generating i) a hashed value of the generated plaintext password based on the authentication hash key and ii) generating a hashed version of the received plaintext password based on the authentication hash key; a key storage for storing the hashed value of the plaintext password and the corresponding encrypted data key; a communication link for i) providing the plaintext password to the user, and ii) receiving the request for access to at least a portion of the encrypted storage device, the request including the plaintext password; a hash comparator for comparing the hashed version of the received plaintext password with the hashed value of the generated plaintext password, wherein, if the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, authenticating the user for access to at least a portion of the encrypted storage device, otherwise, denying the user access to the encrypted storage device. - View Dependent Claims (19, 20, 21, 22)
-
Specification