METHODS, DEVICES AND COMPUTER PROGRAM SUPPORTS FOR PASSWORD GENERATION AND VERIFICATION

US 20130067554A1
Filed: 05/06/2011
Published: 03/14/2013
Est. Priority Date: 05/11/2010
Status: Active Grant

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

During log-on of a user to an entity protected by a password, the password is verified by iteratively receiving a password character; and verifying that the received character complies with a predefined property (α) that sets at least one requirement for allowable passwords. If this is not the case, then this can indicate a brute force attack and appropriate action may be taken. The property α may be dependent on the user. Also provided are a corresponding device and a computer program product.

38 Citations

View as Search Results

28 Claims

1-15. -15. (canceled)

16. A method of verification of a password during log-on of a user to an entity protected by a password, the method comprising the steps in a processor of:
- receiving at least one character of the password; and
  
  verifying that the at least one received character compiles with a predefined property that sets at least one requirement for allowable passwords; and
  
  upon reception of all the characters of the password and an indication that the password is complete, the subsequent step of verifying that the complete password corresponds to the password that protects the entity.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein the completed password comprises a first part and a second part and wherein the property is expressed by the second part and wherein compliance with the property is verified by processing the first part to see if the processed first part matches the second part.
  - 18. The method of claim 16, wherein the property is dependent on the user.
  - 19. The method of claim 16, further comprising the step of determining that a brute force attack has been attempted upon detection of a predetermined number of passwords or parts of passwords that do not respect the property for the user.
  - 20. The method of claim 19, further comprising the step of taking appropriate action upon determination that a brute force attack has been attempted.
  - 21. The method of claim 20, wherein appropriate action comprises at least one of issuing a warning to an administrator, issuing a warning to the user, blocking the system and waiting a predetermined time before accepting further log-on attempts.

22. A device for verifying a password during log-on of a user to an entity protected by a password, the device comprising:
- an interface for receiving password characters; and
  
  a processor configured to;
  
  verify that at least one received password character complies with a predefined property that sets at least one requirement for allowable passwords; and
  
  upon reception of all the characters of the password and an indication that the password is complete, subsequently verify that the complete password corresponds to the password that protects the entity.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The device of claim 22, wherein the completed password comprises a first part and a second part and wherein the property is expressed by the second part and wherein the processor is configured to verify compliance with the property by processing the first part to see if the processed first part matches the second part.
  - 24. The device of claim 22, wherein the property is dependent on a user of the password.
  - 25. The device of claim 22, wherein the processor is further configured to determine that a brute force attack has been attempted upon detection of a predetermined number of passwords or parts of passwords that do not respect the property for the user.
  - 26. The device of claim 25, wherein the processor is further configured to take appropriate action upon determination that a brute force attack has been attempted.
  - 27. The device of claim 26, wherein appropriate action comprises at least one of issuing a warning to an administrator, issuing a warning to the user, blocking the system and waiting a predetermined time before accepting further log-on attempts.

28. A computer program product having stored thereon instructions of a software program, wherein the instructions, when executed by a processor performs the steps, during log-on of a user to an entity protected by a password, of:
- receiving at least one character of a password; and
  
  verifying that the at least one received character complies with a predefined property that sets at least one requirement for allowable passwords; and
  
  upon reception of all the characters of the password and an indication that the password is complete, subsequently verifying that the complete password corresponds to the password that protects the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Magnolia Licensing LLC (IP Edge LLC)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Alessio, Davide, Eluard, Marc

Granted Patent

US 9,384,343 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 3/0236   using selection techniques ...

G06F 3/04895   Guidance during keyboard in...

METHODS, DEVICES AND COMPUTER PROGRAM SUPPORTS FOR PASSWORD GENERATION AND VERIFICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, DEVICES AND COMPUTER PROGRAM SUPPORTS FOR PASSWORD GENERATION AND VERIFICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links