Secure and Usable Protection of a Roamable Credentials Store

US 20120260325A1
Filed: 06/15/2012
Published: 10/11/2012
Est. Priority Date: 02/25/2008
Status: Active Grant

First Claim

Patent Images

1. A system comprising a roamable credentials store (RCS), the system comprising:

a unified credentials vault (UCV) to facilitate the RCS having minimal impact on usability via a processor utilizing the RCS, the UCV comprising;

at least one vault application programming interface (API); and

a vault engine;

a vault management user interface to manage and to update credentials;

a user application to set and to access the credentials via the at least one vault API;

a secure computing device to facilitate a vault key user interface with the vault engine;

a vault store including a vault store interface to connect to the vault engine; and

a roamable device to store the credentials such that the vault engine reads the credentials from the roamable device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.

17 Citations

View as Search Results

20 Claims

1. A system comprising a roamable credentials store (RCS), the system comprising:
- a unified credentials vault (UCV) to facilitate the RCS having minimal impact on usability via a processor utilizing the RCS, the UCV comprising;
  
  at least one vault application programming interface (API); and
  
  a vault engine;
  
  a vault management user interface to manage and to update credentials;
  
  a user application to set and to access the credentials via the at least one vault API;
  
  a secure computing device to facilitate a vault key user interface with the vault engine;
  
  a vault store including a vault store interface to connect to the vault engine; and
  
  a roamable device to store the credentials such that the vault engine reads the credentials from the roamable device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising a vault handler to receive the credentials from the roamable device.
  - 3. The system of claim 1, further comprising a synchronization center to set synchronization partnerships with the at least one vault API.
  - 4. The system of claim 1, further comprising:
    - a processor;
      
      a removable memory coupled to the processor; and
      
      the UCV embodied on the removable memory and operable by the processor.
  - 5. The system of claim 1, wherein the credentials are to be encrypted.
  - 6. The system of claim 4, wherein the encrypted credentials are stored in the UCV.

7. A method implemented at least in part on a processor, the method comprising:
- creating a unified-credentials-vault (UCV) to access a location;
  
  encrypting entry of an identification of the location, a user-name for accessing the location, and a password for accessing the location, the encrypting of the entry comprises;
  
  generating, by the processor, a first key based on a first iteration count, a salt, and a passphrase; and
  
  generating, by the processor, a second key based on a second iteration count, the salt, and a concatenation of the passphrase and the first key; and
  
  providing access to the location based on at least the encrypted entry stored on the UCV.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the concatenation of the passphrase includes appending the first key to the passphrase.
  - 9. The method of claim 7, wherein the concatenation of the passphrase includes hashing the first key and the passphrase.
  - 10. The method of claim 7, wherein the second iteration count is less than the first iteration count.
  - 11. The method of claim 7, wherein the second iteration count is a calculated derivation represented by the first iteration count.
  - 12. The method of claim 7, further comprising destroying the second key based on actions of a user logging off the location or instructions provided by the user.

13. A method implemented at least in part on a processor, the method comprising:
- producing a unified credentials vault (UCV) to be protected with a password;
  
  encrypting an entry comprising identification of a location, a user-name corresponding to the location, and a passphrase for accessing the location by;
  
  generating a first key based on a first iteration count and the password; and
  
  deriving a second key based on a second iteration count, and the first key; and
  
  creating a credential of the encrypted entry based at least in part on the second key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, wherein the first iteration count represents a value that is predetermined.
  - 15. The method of claim 13, wherein the second iteration count is less than the first iteration count.
  - 16. The method of claim 13, further comprising storing the credential on the UCV of a roamable credentials device to provide access to the location using other computing devices.
  - 17. The method of claim 13, further comprising storing the credential on the UCV of a roamable credentials device to enable accelerated retrieval of information using selected computing devices.
  - 18. The method of claim 13, further comprising:
    - storing the first key on a user'"'"'s computing device; and
      
      providing access to the location that is a secure web site using the user'"'"'s computing device in which the second key has been derived for a browsing session.
  - 19. The method of claim 13, further comprising:
    - storing the first key on a user'"'"'s computing device; and
      
      calling the protected UCV to access the location that is a secure web site using the user'"'"'s computing device.
  - 20. The method of claim 13, further comprising;
    - storing the first key on a user'"'"'s computing device; and
      
      providing access to the location that is a secure web site using the user'"'"'s computing device in which the second key has not been derived for a browsing session on the secure web site; and
      
      deriving the second key to access the secure web site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malpani, Raghavendra

Granted Patent

US 9,262,618 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 2221/2107   File encryption

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

Secure and Usable Protection of a Roamable Credentials Store

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and Usable Protection of a Roamable Credentials Store

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links