Re-initialization of an iterated hash function secure password system over an insecure network connection
First Claim
1. A method of communicating over a transmission medium using an iterated hash function, the method comprising the steps of:
- determining that a first series of communications based on a first password has reached a predetermined minimum number of remaining hash function iterations;
generating an initialization signal relating the first series of communications based on the first password to a second series of communications to be based on a second password, wherein the initialization signal is generated as a function of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password; and
transmitting the initialization signal over the medium prior to commencing the second series of communications.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are disclosed for re-initializing a secure password series based on an iterated hash function. User login information is communicated over an insecure network connection or other transmission medium between a client and a server. The server provides an indication that a first login series based on a first password has reached a predetermined minimum number of remaining hash function iterations. This indication could also be generated by the client. In either case, the client responds to the indication by generating an initialization signal which relates the first login series based on the first password to a second login series based on a second password. The initialization signal may be generated as the exclusive-or of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password. The client transmits the initialization signal to the server, which stores it along with an encrypted password transmitted in a previous valid first series login by the same user. The server then compares a function of the stored initialization signal and an initial second series login to the previously-stored first series login to determine if the initial second series login is valid. The second password may be generated by the client using a pass phrase portion of the first password and a new seed portion which does not require additional user input. The password re-initialization process can thus be performed automatically without any need to notify the user.
-
Citations
24 Claims
-
1. A method of communicating over a transmission medium using an iterated hash function, the method comprising the steps of:
-
determining that a first series of communications based on a first password has reached a predetermined minimum number of remaining hash function iterations; generating an initialization signal relating the first series of communications based on the first password to a second series of communications to be based on a second password, wherein the initialization signal is generated as a function of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password; and transmitting the initialization signal over the medium prior to commencing the second series of communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for communicating over a transmission medium using an iterated hash function, the apparatus comprising:
-
a processor coupled to the transmission medium to receive therefrom an initialization signal relating a first series of communications based on a first password to a second series of communications to be based on a second password, wherein the initialization signal is generated as a function of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password; and a memory coupled to the processor and storing at least a portion of one of the first series of communications, wherein the processor is further operative to subsequently determine if one of the second series of communications is a valid communication by comparing a function of the initialization signal to the stored portion of one of the first series of communications. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus for communicating over a transmission medium using an iterated hash function, comprising:
a processor operative to receive an indication that a first series of communications based on a first password has reached a predetermined minimum number of remaining hash function iterations, to generate in response to the indication an initialization signal relating the first series of communications based on the first password to a second series of communications to be based on a second password, wherein the initialization signal is generated as a function of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password, and to transmit the initialization signal over the medium prior to commencing the second series of communications. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
Specification