SECURING PASSWORDS WITH HASH VALUE

US 20140137224A1
Filed: 01/22/2014
Published: 05/15/2014
Est. Priority Date: 05/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server computer system, a client hash value from a client, the client hash value computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value;

computing, by the server computer system, a server hash value using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store;

determining, by the server computer system, whether the server hash value matches the client hash value; and

granting, by the server computer system, data access to the user in view of a determination that the server hash value matches the client hash value and denying data access to the user in view of a determination that the server hash value does not match the client hash value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password security system, hosted by a server, whose method of operation may include receiving a client hash value from a client where the client hash value is computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value. A server hash value is computed using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store. A determination is made whether the server hash value matches the client hash value and data access is granted to the user in view of a determination that the server hash value matches the client hash value, and data access is denied to the user in view of a determination that the server hash value does not match the client hash value.

19 Citations

View as Search Results

11 Claims

1. A method comprising:
- receiving, by a server computer system, a client hash value from a client, the client hash value computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value;
  
  computing, by the server computer system, a server hash value using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store;
  
  determining, by the server computer system, whether the server hash value matches the client hash value; and
  
  granting, by the server computer system, data access to the user in view of a determination that the server hash value matches the client hash value and denying data access to the user in view of a determination that the server hash value does not match the client hash value.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising sending to the client the password and a request for user input of the answer to the challenge.
  - 3. The method of claim 1, wherein the password data comprises a hash value for a password.
  - 4. The method of claim 1, further comprising:
    - removing the challenge and the answer from the data store in view of a determination that the server hash value matches the client hash value.

5. A server computer system comprising:
- a data store to store password data for a user and a server-side answer; and
  
  a processing device coupled to the data store, the processing device to;
  
  receive a client hash value from a client, the client hash value computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value;
  
  compute a server hash value using the password data and the server-side answer;
  
  determine whether the server hash value matches the client hash value; and
  
  grant data access to the client in view of a determination that the server hash value matches the client hash value and denying data access to the client in view of a determination that the server hash value does not match the client hash value
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the processing device is further to send to the client the password and a request for user input of the answer to the challenge.
  - 7. The system of claim 5, wherein the password data comprises a hash value for a password.
  - 8. The system of claim 5, wherein the processing device is further to remove the challenge and the answer from the data store in view of a determination that the server hash value matches the client hash value.

9. A non-transitory computer-readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
- receiving, by the processing device, a client hash value from a client, the client hash value computed by hashing a password to generate a first hash value, and hashing the first hash value combined with a user input of an answer to a challenge to generate the client hash value;
  
  computing, by the processing device, a server hash value using password data for the user that is stored in a data store coupled to the server and a server-side answer that is stored in the data store;
  
  determining, by the processing device, whether the server hash value matches the client hash value; and
  
  granting, by the processing device, data access to the user in view of a determination that the server hash value matches the client hash value and denying data access to the user in view of a determination that the server hash value does not match the client hash value.
- View Dependent Claims (10, 11)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the password data comprises a hash value for a password.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein the processing device is further to send to the client the password and a request for user input of the answer to the challenge

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Todorov, Alexander

Granted Patent

US 9,185,107 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

H04L 63/083   using passwords cryptograph...

H04L 9/3271   using challenge-response

SECURING PASSWORDS WITH HASH VALUE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING PASSWORDS WITH HASH VALUE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links