METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY

US 20120087493A1
Filed: 10/12/2010
Published: 04/12/2012
Est. Priority Date: 10/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method of securing user credentials in a remote repository, the method comprising:

generating a first private key and a first public key pair from a registered password;

generating a second private key and a second public key pair;

generating a storage key from the second private key and the first public key;

encrypting a set of credentials using the storage key;

creating a encrypted credential signature from the encrypted set of credentials and the first private key; and

storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.

86 Citations

View as Search Results

17 Claims

1. A method of securing user credentials in a remote repository, the method comprising:
- generating a first private key and a first public key pair from a registered password;
  
  generating a second private key and a second public key pair;
  
  generating a storage key from the second private key and the first public key;
  
  encrypting a set of credentials using the storage key;
  
  creating a encrypted credential signature from the encrypted set of credentials and the first private key; and
  
  storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein generating the first private key and the first public key pair from the registered password utilizes an elliptic curve cryptography scheme.
  - 3. The method of claim 1 wherein generating the second private key and the second public key pair utilizes an elliptic curve cryptography scheme.
  - 4. The method of claim 1 wherein generating the storage key from the second private key and the first public key utilizes an elliptic curve Diffie-Hellman scheme.
  - 5. The method of claim 1 wherein creating an encrypted credential signature from the encrypted set of credentials and the first private key utilizes an elliptic curve digital signature algorithm.
  - 6. The method of claim 1 wherein the first private key and first public key pair are a static key pair, and the second private key and second public key pair are an ephemeral key pair.

7. A method of authenticating a request to access user credentials in a remote repository, the remote repository having stored thereon a unique user identification (UID) and an authentication token generated from the UID and a password, the method comprising:
- receiving a user login identification and a first random number from a communication device;
  
  sending a second random number to the communication device;
  
  receiving a response token from the communication device, the response token having been generated from the first random number, the second random number, the user login identification and the password;
  
  generating a verification token from the first random number, the second random number, and the authentication token; and
  
  verifying the response token matches the verification token.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7 wherein generating the verification token comprises applying a hash function to the first random number, the second random number, and the authentication token.
  - 9. The method of claim 7 further comprising when the response token matches the verification token, sending an authorization message to the communication device.

10. A method of accessing secured user credentials in a remote repository, the method comprising:
- receiving an encrypted set of credentials, an encrypted credential signature, and a second public key from the remote repository;
  
  generating a first private key from a user-entered password;
  
  verifying the encrypted credential signature from the encrypted set of credentials and the first private key;
  
  generating a storage key from the first private key and the second public key; and
  
  decrypting the encrypted set of credentials using the storage key.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10 wherein generating the first private key from the user-entered password utilizes an elliptic curve cryptography scheme.
  - 12. The method of claim 10 wherein generating the storage key from the first private key and the second public key utilizes an elliptic curve Diffie-Hellman scheme.
  - 13. The method of claim 10 further comprising populating a communication device with the set of credentials.

14. A server for securing user credentials in a remote repository, the server comprising:
- a processor;
  
  memory; and
  
  an encryption module which, when executed by the processor, configures the processor togenerate a first private key and a first public key pair from a registered password;
  
  generate a second private key and a second public key pair;
  
  generate a storage key from the second private key and the first public key;
  
  encrypt a set of credentials using the storage key;
  
  create a encrypted credential signature from the encrypted set of credentials and the first private key; and
  
  store the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.

15. A server for authenticating a request to access user credentials in a remote repository, the remote repository having stored thereon a unique user identification (UID) and an authentication token generated from the UID and a password, the server comprising:
- a processor;
  
  memory; and
  
  an authentication module which, when executed by the processor, configures the processor toreceive a user login identification and a first random number from a communication device,send a second random number to the communication device,receive a response token from the communication device, the response token having been generated from the first random number, the second random number, the user login identification and the password,generate a verification token from the first random number, the second random number, and the authentication token, andverify the response token matches the verification token.

16. A communication device for authenticating a request to access user credentials in a remote repository, the remote repository having stored thereon a unique user identification (UID) and an authentication token generated from the UID and a password, the communication device comprising:
- a processor;
  
  memory; and
  
  a remote credential management module which, when executed by the processor, configures the processor tosend a user login identification and a first random number to a server;
  
  receive a second random number from the server;
  
  generate a response token from the first random number, the second random number, the user login identification and the password;
  
  send the response token to the server; and
  
  receive an authorization message from the server.

17. A communication device for accessing secured user credentials in a remote repository, the communication device comprising:
- a processor;
  
  memory; and
  
  a remote credential management module which, when executed by the processor, configures the processor toreceive an encrypted set of credentials, an encrypted credential signature, and a second public key from the remote repository;
  
  generate a first private key from a user-entered password;
  
  verify the encrypted credential signature from the encrypted set of credentials and the first private key;
  
  generate a storage key from the first private key and the second public key;
  
  decrypt the encrypted set of credentials using the storage key; and
  
  populate the device with the unencrypted set of credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
CHIDAMBARAM, Avinash, CAMPAGNA, Matthew John

Granted Patent

US 8,756,706 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0863   involving passwords or one-...

H04L 9/32   including means for verifyi...

H04L 9/3252   using DSA or related signat...

H04L 9/3297   involving time stamps, e.g....

METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others