METHODS, APPARATUS AND SYSTEMS FOR SECURING USER-ASSOCIATED PASSWORDS USED FOR IDENTITY AUTHENTICATION

US 20120066504A1
Filed: 09/13/2011
Published: 03/15/2012
Est. Priority Date: 09/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting authentication information, comprising:

receiving a user-associated password operable to authenticate an identity of a user;

generating a temporary password; and

encrypting the user-associated password using at least the temporary password resulting in an encrypted user-associated password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user.

Citations

20 Claims

1. A method of encrypting authentication information, comprising:
- receiving a user-associated password operable to authenticate an identity of a user;
  
  generating a temporary password; and
  
  encrypting the user-associated password using at least the temporary password resulting in an encrypted user-associated password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - communicating the encrypted user-associated password in response to a request for a user-associated password.
  - 3. The method of claim 2, wherein communicating the encrypted user-associated password includes displaying the encrypted user-associated password to the user.
  - 4. The method of claim 1, wherein encrypting the user-associated password includes:
    - generating a key for a block encryption algorithm from the temporary password;
      
      padding the received user-associated password resulting in a padded user-associated password; and
      
      encrypting the padded user-associated password using the generated key.
  - 5. The method of claim 4, wherein the temporary password is a One Time Password (OTP), the block encryption algorithm is the Advanced Encryption Standard (AES), and the user-associated password is in decimal form.
  - 6. The method of claim 1, wherein the temporary password is the same length as or has a greater length than the user-associated password, and encrypting the user-associated password includes changing an element of the user-associated password based on a corresponding element of the temporary password.
  - 7. The method of claim 1, further comprising generating a cryptogram wherein the temporary password is part of or all of the cryptogram.
  - 8. The method of claim 7, wherein the cryptogram is an Authorization Request Cryptogram (ARQC).
  - 9. The method of claim 8, wherein encrypting the user-associated password includes:
    - converting the user-associated password into binary form;
      
      performing a bitwise XOR of the binary form of the user-associated password with at least a portion of the ARQC as represented in a binary form resulting in a binary form of the encrypted user-associated password; and
      
      converting the binary form of the encrypted user-associated password into decimal form.
  - 10. The method of claim 1, further comprising:
    - adding synchronization information to the encrypted user-associated password; and
      
      communicating the synchronization information together with the encrypted user-associated password in place of the user-associated password.
  - 11. The method of claim 10, wherein the synchronization information includes data from an Application Transaction Counter (ATC), a timestamp, or a received unique code.
  - 12. The method of claim 9, wherein encrypting the user-associated password includes:
    - adding bits from an Application Transaction Counter (ATC) to the binary form of the encrypted user-associated password before converting the binary form of the encrypted user-associated password into decimal form.

13. A method of decrypting authentication information, comprising:
- receiving an encrypted user-associated password, wherein the user-associated password is operable to authenticate an identity of a user;
  
  generating a temporary password; and
  
  decrypting the encrypted user-associated password using at least the temporary password resulting in a user-associated password.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, further comprising:
    - receiving synchronization information together with the encrypted user-associated password, wherein the temporary password is generated using at least the received synchronization information.
  - 15. The method of claim 13, further comprising:
    - converting the received synchronization information and user-associated password to binary form; and
      
      extracting select bits from the binary form of the received data, the select bits representing synchronization information;
      
      wherein the temporary password is generated using at least the select bits.
  - 16. The method of claim 15, wherein the select bits are from an Application Transaction Counter (ATC).

17. A device for encrypting authentication information, comprising:
- a storage element operable to store a user-associated password, the user-associated password being operable to authenticate an identity of a user; and
  
  a processor operable to generate a temporary password and encrypt the user-associated password using at least the temporary password resulting in an encrypted user-associated password.
- View Dependent Claims (18, 19, 20)
- - 18. The device of claim 17, further comprising a communication interface operable to display the encrypted user-associated password to the user.
  - 19. The device of claim 17, wherein the processor is further operable to generate a cryptogram, wherein the temporary password is part of or all of the cryptogram.
  - 20. The device of claim 17, wherein the processor is further operable to add synchronization information to the encrypted user-associated password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Hird, Geoffrey, Lee, Jiann-Shi Andy

Granted Patent

US 8,949,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

METHODS, APPARATUS AND SYSTEMS FOR SECURING USER-ASSOCIATED PASSWORDS USED FOR IDENTITY AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, APPARATUS AND SYSTEMS FOR SECURING USER-ASSOCIATED PASSWORDS USED FOR IDENTITY AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links