Method for changing passwords on a remote computer
First Claim
1. A method for registering a new password for an account with a server via a client coupled to the server in a network, the server maintaining an accounts database including account identifications and corresponding passwords, the method comprising the steps of:
- computing, by the client, a first message by encrypting a first data sequence including at least a new clear text password using an authenticating value as an encryption key, a form of the authenticating value being previously stored at the server for verifying the authenticity of a source of the new clear text password;
computing, by the client, a second message by encrypting a second data sequence including at least the authenticating value using a one-way hash of the new clear text password as an encryption key;
transmitting the first message to the server;
transmitting the second message to the server;
computing, by the server, the new clear text password from the first message, including at least the sub-step of decrypting the first message using the authenticating value, a form of which is maintained by the server, as a decryption key;
computing, by the server, the authenticating value from the second message, including at least the sub-step of decrypting the second message using a one-way hash of the new clear text password obtained from the first message as a decryption key;
verifying, by the server, the new password, the verifying step including at least the sub-step of determining that the authenticating value from the second message is the same as a server provided authenticating value that is based upon the form of the authenticating value previously stored at the server; and
conditionally registering a form of the new clear text password in the accounts database based upon the results of the verifying step.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for changing an account password stored at a physically remote location is provided. After initiating a password change sequence, a user submits both an old and a new password to its client machine. Thereafter, the client computes two message values to be transmitted to the server. The first message is computed by encrypting at least the new password using a one-way hash of the old password as an encryption key. The second message is computed by encrypting the one-way hash of the old password using a one-way hash of the new clear text password as the encryption key. The server receives both messages and computes a first decrypted value by decrypting the first message using the one-way hash of the old password, previously stored at the server, as the decryption key. The server computes a second decrypted value by decrypting the second message using a one-way hash of the first decrypted value as the decryption key. The server compares the decrypted one-way hashed value, transmitted in encrypted form in the second message, to the pre-stored hashed old password. If the two values are equal, then the server replaces the old password by the new password.
-
Citations
18 Claims
-
1. A method for registering a new password for an account with a server via a client coupled to the server in a network, the server maintaining an accounts database including account identifications and corresponding passwords, the method comprising the steps of:
-
computing, by the client, a first message by encrypting a first data sequence including at least a new clear text password using an authenticating value as an encryption key, a form of the authenticating value being previously stored at the server for verifying the authenticity of a source of the new clear text password; computing, by the client, a second message by encrypting a second data sequence including at least the authenticating value using a one-way hash of the new clear text password as an encryption key; transmitting the first message to the server; transmitting the second message to the server; computing, by the server, the new clear text password from the first message, including at least the sub-step of decrypting the first message using the authenticating value, a form of which is maintained by the server, as a decryption key; computing, by the server, the authenticating value from the second message, including at least the sub-step of decrypting the second message using a one-way hash of the new clear text password obtained from the first message as a decryption key; verifying, by the server, the new password, the verifying step including at least the sub-step of determining that the authenticating value from the second message is the same as a server provided authenticating value that is based upon the form of the authenticating value previously stored at the server; and conditionally registering a form of the new clear text password in the accounts database based upon the results of the verifying step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a network system having at least one client and at least one server disposed for bi-directional communication, the server having a resource and the client having password-protected access to the resource, a method for changing an old password to a new password for an account comprising the steps of:
-
establishing a communication link between the client and the server; computing a first value by encrypting a first message containing the new password with a one-way hash of the old password as an encryption key; computing a second value by encrypting a second message containing a one-way hash of the old password with a one-way hash of the new password as an encryption key; transmitting the first value and the second value from the client to the server; retrieving at the server a copy of the one-way hash of the old password; computing a third value by decrypting the first value with the copy of the one-way hash of the old password; computing a fourth value by decrypting the second value with a one-way hash of the third value; and verifying that the copy of the one-way hash of the old password is the same as the computed fourth value. - View Dependent Claims (11, 12, 13, 14)
-
-
15. In a network system having a plurality of nodes including at least one client node, a server node and at least one provider node, the nodes being interconnected for bi-directional communication, the server and provider nodes each having a resource, and a first account having password-protected access to the resources of the server and provider nodes, a method for synchronizing a changed account password of the first account at the server node with a provider node comprising the steps of:
-
identifying a provider node at which the first account has password-protected access; transmitting an identification for the first account and a new value for the changed account password in clear text form to a function residing on the server node; and transmitting to the provider node, via the function, a message for updating a password entry, on the provider node corresponding to the first account, to correspond to the new value for the changed account password.
-
-
16. In a network system having at least one client and at least one server disposed for bi-directional communication, the server maintaining an accounts database including account identifications and corresponding passwords, a method for changing an old account password to a new account password comprising the steps of:
-
receiving an encryption of the new account password with a one-way hash of the old account password as an encryption key; receiving an encryption of a one-way hash of the old account password with a one-way hash of the new account password as an encryption key; decrypting the received, encrypted new account password; decrypting the received, encrypted one-way hash of the old account password; verifying the validity of the new account password; determining that the decrypted, encrypted one-way hash of the old account password is the same as a one-way hash of a previously stored old account password, and in response, replacing a value corresponding to the old account password by a new value corresponding to the new account password in the accounts database.
-
-
17. A method for transmitting a new password within an encrypted message to an accounts server via a client coupled to the accounts server such that the network accounts server may retrieve a clear text password from the encrypted message, the accounts server maintaining an accounts database including account identifications and corresponding passwords, the method comprising the steps of:
-
computing, by the client, a first message by encrypting a first data sequence including at least a new clear text password using an authenticating value as an encryption key, a form of the authenticating value being previously stored at the accounts server for verifying the authenticity of the source of the new clear text password; computing, by the client, a second message by encrypting a second data sequence including at least the authenticating value using a one-way hash of the new clear text password as an encryption key; transmitting the first message to the accounts server; and transmitting the second message to the accounts server.
-
-
18. A method for obtaining by an accounts server, a new password for an account from an encrypted password message containing a new clear text password, the server maintaining an accounts database including account identifications and corresponding passwords, the method comprising the steps of:
-
receiving a first message, the first message having been computed by encrypting a first data sequence including at least the new clear text password using an authenticating value as an encryption key, a form of the authenticating value having been previously stored at the accounts server for verifying the authenticity of a source of the new clear text password; receiving a second message, the second message having been computed by encrypting a second data sequence including at least the authenticating value using a one-way hash of the new clear text password as an encryption key; first computing the new clear text password from the first message, the first computing step including at least the sub-step of decrypting the first message using the authenticating value, a form of which is maintained by the accounts server, as a decryption key; second computing the authenticating value from the second message, the second computing step including at least the sub-step of decrypting the second message using a one-way hash of the new clear text password, obtained from the first message during the first computing step, as a decryption key; verifying the new password, the verifying step including at least the sub-step of determining that the authenticating value from the second message is the same as a server provided authenticating value that is based upon the form of the authenticating value previously stored at the server; and conditionally registering a form of the new clear text password in the accounts database based upon the results of the verifying step.
-
Specification