SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB

US 20110296509A1
Filed: 05/27/2010
Published: 12/01/2011
Est. Priority Date: 05/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a server computing system programmed to perform the following, comprising:

sending, by the server, a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user;

receiving, by the server, the generated hash value from the client;

computing, by the server, a server hash value for password data for the user that is stored in a data store coupled to the server and a CAPTCHA answer that is stored in the data store;

determining, by the server, whether the server hash value matches the client hash value; and

granting, by the server, data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password security system, hosted by a server, sends a web page over a network to a client, that includes a CAPTCHA challenge, a request for a CAPTCHA answer, a graphical user interface for receiving a user identifier and a password, and a security script. The security script is to be executed by the client to generate a client hash value from password data and a CAPTCHA answer that is received from a user. The system receives the client hash value and computes a server hash value for password data for the user and a CAPTCHA answer that is stored in a data store that is coupled to the server. The system determines whether the server hash value matches the client hash value, and grants data access to the user when the values match and denies data access to the user when the values do not match.

94 Citations

View as Search Results

20 Claims

1. A method, implemented by a server computing system programmed to perform the following, comprising:
- sending, by the server, a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user;
  
  receiving, by the server, the generated hash value from the client;
  
  computing, by the server, a server hash value for password data for the user that is stored in a data store coupled to the server and a CAPTCHA answer that is stored in the data store;
  
  determining, by the server, whether the server hash value matches the client hash value; and
  
  granting, by the server, data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the password data comprises a password.
  - 3. The method of claim 1, wherein the password data comprises a hash value for a password.
  - 4. The method of claim 1, further comprising:
    - removing the CAPTCHA challenge that was included in the web page and the CAPTCHA answer associated with the CAPTCHA challenge from the data store that is coupled to the server based on a determination that the server hash value matches the client hash value.
  - 5. The method of claim 1, further comprising:
    - storing a CAPTCHA answer associated with a CAPTCHA challenge sent to the client, a user identifier for a user, a password for the user, and a hash value for the password in a data store coupled to the server.
  - 6. The method of claim 1, further comprising:
    - storing web page data and a security script in a data store coupled to the server.

7. A system comprising:
- a persistent storage unit to store a CAPTCHA challenge, a CAPTCHA answer, password data for a user, and a security script; and
  
  a processor coupled to the persistent storage unitto send a web page over a network to the client, the web page comprising the CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and the security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from the user,to receive the generated hash value from the client,to compute a server hash value for the password data for the user that is stored in the persistent storage unit and a CAPTCHA answer that is stored in the persistent storage unit,to determine whether the server hash value matches the client hash value, andto grant data access to the user based on a determination that the values match and to deny data access to the user based on a determination that the values do not match.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the password data comprises a password.
  - 9. The system of claim 7, wherein the password data comprises a hash value for a password.
  - 10. The system of claim 7, further comprising the processor:
    - to remove the CAPTCHA challenge that was included in the web page and the CAPTCHA answer associated with the CAPTCHA challenge from the persistent storage unit based on a determination that the server hash value matches the client hash value.
  - 11. The system of claim 7, further comprising the persistent storage unit:
    - to store a user identifier for a user and web page data.

12. A computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
- sending a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user;
  
  receiving the generated hash value from the client;
  
  computing a server hash value for password data for the user that is stored in a data store coupled to the computer system and a CAPTCHA answer that is stored in the data store;
  
  determining whether the server hash value matches the client hash value; and
  
  granting data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match.
- View Dependent Claims (13, 14)
- - 13. The computer-readable storage medium of claim 12, wherein the password data comprises a hash value for a password.
  - 14. The computer-readable storage medium of claim 12, further comprising:
    - removing the CAPTCHA challenge that was included in the web page and the CAPTCHA answer associated with the CAPTCHA challenge from the data store that is coupled to the computer system based on a determination that the server hash value matches the client hash value.

15. A method, implemented by a client computing system programmed to perform the following, comprising:
- receiving, by the client, a web page over a network from a server, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user;
  
  receiving, by the client, user input of a password and a CAPTCHA answer for the CAPTCHA challenge, via presenting the web page to the user;
  
  executing, by the client, the security script to generate the client hash value from the password data and the CAPTCHA answer received from the user; and
  
  sending, by the client, the client hash value to the server.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the password data comprises the password received from the user.
  - 17. The method of claim 15, further comprising:
    - performing a one-way hash function on the password received from the user to generate a hash value for the password.
  - 18. The method of claim 17, wherein the password data comprises the hash value for the password.

19. A computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
- receiving a web page over a network from a server, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the computer system to generate a client hash value from password data and a CAPTCHA answer received from a user;
  
  receiving user input of a password and a CAPTCHA answer for the CAPTCHA challenge, via presenting the web page to the user;
  
  executing the security script to generate the client hash value from the password data and the CAPTCHA answer received from the user; and
  
  sending the client hash value to the server.
- View Dependent Claims (20)
- - 20. The computer-readable storage medium of claim 19, wherein the password data comprises the password received from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Todorov, Alexander

Granted Patent

US 8,640,212 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

H04L 63/083   using passwords cryptograph...

H04L 9/3271   using challenge-response

SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others