Secure Remote Authentication of Local Machine Services Using Secret Sharing

US 20170195118A1
Filed: 03/17/2017
Published: 07/06/2017
Est. Priority Date: 01/09/2015
Status: Active Grant

First Claim

Patent Images

1. A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of:

a. dividing the secret into a first share and a second share;

b. destroying the secret;

c. transmitting the second share, together with a unique identifier, out of band to a pre-designated location;

d. erasing the second share from the computing device;

e. storing the first share at the computing device;

f. broadcasting the unique identifier over the network;

g. accepting a request over the network from an authentication server to initiate an authentication protocol;

f. responding to the request;

g. receiving the second share from the authentication server; and

h. reconstructing the secret using the received second share and the stored first share.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of dividing the secret into a first share and a second share, or more; destroying the secret; transmitting the second share, together with a unique identifier, out of band to a pre-designated location; erasing the second share from the computing device; storing the first share at the computing device; broadcasting the unique identifier over the network; accepting a request over the network from an authentication server to initiate an authentication protocol; responding to the request; receiving the second share from the authentication server; and reconstructing the secret using the received second share and the stored first share.

Citations

7 Claims

1. A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of:
- a. dividing the secret into a first share and a second share;
  
  b. destroying the secret;
  
  c. transmitting the second share, together with a unique identifier, out of band to a pre-designated location;
  
  d. erasing the second share from the computing device;
  
  e. storing the first share at the computing device;
  
  f. broadcasting the unique identifier over the network;
  
  g. accepting a request over the network from an authentication server to initiate an authentication protocol;
  
  f. responding to the request;
  
  g. receiving the second share from the authentication server; and
  
  h. reconstructing the secret using the received second share and the stored first share.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the unique identifier is selected from the group of unique data consisting of a serial number, machine fingerprint data, a network authorization code, a public key, and a session nonce.
  - 3. The method of claim 2, where the unique identifier further comprises a hash of the unique data.
  - 4. The method of claim 1, where the first and second shares have been shrouded.
  - 5. The method of claim 1, where the dividing step comprises dividing the secret into a first share, a second share, and one or more additional shares wherein the total number of shares may be represented by a number N, and such that a threshold number of shares represented by a number K, being less than N, will be required to reconstruct the secret;
    - the transmitting step comprises transmitting the second share and one or more of the additional shares, together with a unique identifier, out of band to a pre-designated location.
  - 6. The method of claim 5, where the erasing step comprises erasing all transmitted shares from the computing device.
  - 7. The method of claim 6, where the transmitting step further comprises transmitting no more than K-1 shares, the storing step further comprises storing no more than K-1 shares, the receiving step comprises receiving one or more shares from the authentication server such that the number of stored shares, plus the number of received shares equals or exceeds K, and the reconstructing step comprises reconstructing the secret using K or more of the received shares and the stored shares.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spyrus, Inc.
Original Assignee
Spyrus, Inc.
Inventors
Perretta, Michael, Tregub, Burton

Granted Patent

US 9,742,561 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/575   Secure boot

G06F 21/606   by securing the transmissio...

H04L 2209/601   Broadcast encryption

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/085   Secret sharing or secret sp...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

H04L 9/3231   Biological data, e.g. finge...

Secure Remote Authentication of Local Machine Services Using Secret Sharing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Remote Authentication of Local Machine Services Using Secret Sharing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links