Method for providing a secure non-reusable one-time password
First Claim
1. A method of securing an access key, comprising the steps of:
- a) encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key;
b) encrypting said access key with a second, asymmetric encryption algorithm to form a second encrypted version of said access key; and
c) storing said first encrypted version of said access key and said second encrypted version of said access key.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is directed toward providing a secure method to access data when the user has lost or forgotten the user password. In accordance with the invention and in a system where decryption of an access key will give access to data, two encrypted versions of the access key are created. A first version is formed using a key formed with the user password. A second version is formed using a public key from a public-private key pair. Generally, data access can be had by decrypting the first encrypted version of the access key with the password key. However, if the password is forgotten, access to data can be accomplished by decrypting the second encrypted version of the access key with the private key from the public-private key pair. One embodiment of the invention requires the private key to be stored at a remote site and for decryption using the private key to take place at the remote site. In this manner the user can gain access to data without significantly compromising the data security.
-
Citations
26 Claims
-
1. A method of securing an access key, comprising the steps of:
-
a) encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key; b) encrypting said access key with a second, asymmetric encryption algorithm to form a second encrypted version of said access key; and c) storing said first encrypted version of said access key and said second encrypted version of said access key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of securing an access key, comprising the steps of:
-
receiving a user password; obtaining a public key from a public-private key pair; creating an encryption key with said user password; encrypting said access key with a first symmetric encryption unit to form a first encrypted version of said access key, said first symmetric encryption unit utilizing said encryption key; encrypting said access key with a second asymmetric encryption unit to form a second encrypted version of said access key, said second asymmetric encryption unit utilizing said public key; and storing said first encrypted version of said access key and storing said second encrypted version of said access key on a storage medium. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of securing computer data, comprising the steps of:
-
generating an access key with a random number generator; receiving a user password; obtaining a public key from a public-private key pair, said public-key generated in accordance with a method of public-key cryptography; encrypting information with a first encryption unit using said access key to create encrypted information; storing said encrypted information; hashing said user password to obtain a password hash; encrypting said access key with a second encryption unit to form a first encrypted version of said access key, said second encryption unit using said password hash, said second encryption unit operating in accordance with a symmetric encryption/decryption algorithm; storing said first encrypted version of said access key; encrypting said access key with a third asymmetric encryption unit to form a second encrypted version of said access key, said third asymmetric encryption unit using said public key, and said asymmetric encryption unit operating in accordance with said method of public-key cryptography; and storing said second encrypted version of said access key. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer readable medium having a set of instructions stored therein, which when executed by a computer, causes the computer to secure an access key by performing the steps of:
-
encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key; encrypting said access key with a second asymmetric encryption algorithm to form a second encrypted version of said access key; and storing the first encrypted version and the second encrypted version of said access key. - View Dependent Claims (24, 25, 26)
-
Specification