Protection and Verification of User Authentication Credentials against Server Compromise
First Claim
Patent Images
1. A computer-implemented method for authenticating a user, the computer-implemented method comprising:
- receiving, by a computer, a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication;
decrypting, by the computer, encrypted authentication credential data corresponding to the user using the received data decryption key;
comparing, by the computer, the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and
deleting, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
138 Citations
22 Claims
-
1. A computer-implemented method for authenticating a user, the computer-implemented method comprising:
-
receiving, by a computer, a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypting, by the computer, encrypted authentication credential data corresponding to the user using the received data decryption key; comparing, by the computer, the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and deleting, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 21, 22)
-
-
5. (canceled)
-
12. A computer system for authenticating a user, the computer system comprising:
-
a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system, wherein the processor executes the program instructions to; receive a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypt encrypted authentication credential data corresponding to the user using the received data decryption key; compare the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and delete, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user. - View Dependent Claims (13, 14, 15)
-
-
16. A computer program product for authenticating a user, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
-
receiving, by the computer, a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypting, by the computer, encrypted authentication credential data corresponding to the user using the received data decryption key; comparing, by the computer, the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and deleting, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user. - View Dependent Claims (17, 18, 19)
-
-
20. (canceled)
Specification