Secure and Usable Protection of a Roamable Credentials Store
First Claim
Patent Images
1. A system comprising a roamable credentials store (RCS), the system comprising:
- a unified credentials vault (UCV) to facilitate the RCS having minimal impact on usability via a processor utilizing the RCS, the UCV comprising;
at least one vault application programming interface (API); and
a vault engine;
a vault management user interface to manage and to update credentials;
a user application to set and to access the credentials via the at least one vault API;
a secure computing device to facilitate a vault key user interface with the vault engine;
a vault store including a vault store interface to connect to the vault engine; and
a roamable device to store the credentials such that the vault engine reads the credentials from the roamable device.
2 Assignments
0 Petitions
Accused Products
Abstract
A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.
17 Citations
20 Claims
-
1. A system comprising a roamable credentials store (RCS), the system comprising:
-
a unified credentials vault (UCV) to facilitate the RCS having minimal impact on usability via a processor utilizing the RCS, the UCV comprising; at least one vault application programming interface (API); and a vault engine; a vault management user interface to manage and to update credentials; a user application to set and to access the credentials via the at least one vault API; a secure computing device to facilitate a vault key user interface with the vault engine; a vault store including a vault store interface to connect to the vault engine; and a roamable device to store the credentials such that the vault engine reads the credentials from the roamable device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method implemented at least in part on a processor, the method comprising:
-
creating a unified-credentials-vault (UCV) to access a location; encrypting entry of an identification of the location, a user-name for accessing the location, and a password for accessing the location, the encrypting of the entry comprises; generating, by the processor, a first key based on a first iteration count, a salt, and a passphrase; and generating, by the processor, a second key based on a second iteration count, the salt, and a concatenation of the passphrase and the first key; and providing access to the location based on at least the encrypted entry stored on the UCV. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method implemented at least in part on a processor, the method comprising:
-
producing a unified credentials vault (UCV) to be protected with a password; encrypting an entry comprising identification of a location, a user-name corresponding to the location, and a passphrase for accessing the location by; generating a first key based on a first iteration count and the password; and deriving a second key based on a second iteration count, and the first key; and creating a credential of the encrypted entry based at least in part on the second key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification