Method for providing a secure non-reusable one-time password

US 5,768,373 A
Filed: 05/06/1996
Issued: 06/16/1998
Est. Priority Date: 05/06/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of securing an access key, comprising the steps of:

a) encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key;

b) encrypting said access key with a second, asymmetric encryption algorithm to form a second encrypted version of said access key; and

c) storing said first encrypted version of said access key and said second encrypted version of said access key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed toward providing a secure method to access data when the user has lost or forgotten the user password. In accordance with the invention and in a system where decryption of an access key will give access to data, two encrypted versions of the access key are created. A first version is formed using a key formed with the user password. A second version is formed using a public key from a public-private key pair. Generally, data access can be had by decrypting the first encrypted version of the access key with the password key. However, if the password is forgotten, access to data can be accomplished by decrypting the second encrypted version of the access key with the private key from the public-private key pair. One embodiment of the invention requires the private key to be stored at a remote site and for decryption using the private key to take place at the remote site. In this manner the user can gain access to data without significantly compromising the data security.

255 Citations

26 Claims

1. A method of securing an access key, comprising the steps of:
- a) encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key;
  
  b) encrypting said access key with a second, asymmetric encryption algorithm to form a second encrypted version of said access key; and
  
  c) storing said first encrypted version of said access key and said second encrypted version of said access key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising the step of:
    - decrypting said first encrypted version of said access key with a decryption algorithm.
  - 3. The method of claim 1, further comprising the step of:
    - decrypting said second encrypted version of said access key with an asymmetric decryption algorithm.
  - 4. The method of claim 3, wherein:
    - said step of encrypting said access key with said second asymmetric algorithm includes obtaining a public key from a public-private key pair; and
      
      said step of decrypting said second encrypted version of said access key with an asymmetric decryption algorithm includes obtaining a private key from said public-private key pair.
  - 5. The method of claim 3, wherein said step of decrypting said second encrypted version of said access key with an asymmetric decryption algorithm is performed at a remote site.

6. A method of securing an access key, comprising the steps of:
- receiving a user password;
  
  obtaining a public key from a public-private key pair;
  
  creating an encryption key with said user password;
  
  encrypting said access key with a first symmetric encryption unit to form a first encrypted version of said access key, said first symmetric encryption unit utilizing said encryption key;
  
  encrypting said access key with a second asymmetric encryption unit to form a second encrypted version of said access key, said second asymmetric encryption unit utilizing said public key; and
  
  storing said first encrypted version of said access key and storing said second encrypted version of said access key on a storage medium.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, wherein:
    - the step of encrypting said access key with a first symmetric encryption unit includes encrypting said access key in accordance with a symmetric encryption algorithm; and
      
      the step of encrypting said access key with a second asymmetric encryption unit includes encrypting said access key in accordance with a public-key cryptography algorithm.
  - 8. The method of claim 6, wherein:
    - the step of obtaining a public key includes generating a public key in accordance with a public-key cryptography algorithm.
  - 9. The method of claim 6, wherein:
    - the step of creating an encryption key includes hashing said user password.
  - 10. The method of claim 6, further comprising the step of obtaining a decrypted access key.
  - 11. The method of claim 10, wherein said step of obtaining a decrypted access key includes:
    - receiving said user password;
      
      recreating said encryption key with said user password; and
      
      decrypting said first encrypted version of said access key with a symmetric decryption unit utilizing said encryption key as a decryption key.
  - 12. The method of claim 10, wherein said step of obtaining a decrypted access key includes receiving said decrypted access key, said decrypted access key having been remotely decrypted.
  - 13. The method of claim 10, wherein said step of obtaining a decrypted access key includes:
    - decrypting said second encrypted version of said access key with an asymmetric decryption unit utilizing a private key from said public-private key pair.
  - 14. The method of claim 13, wherein said private key is stored at a remote site and said step of decrypting said second encrypted version of said access key with an asymmetric decryption unit is performed at said remote site.

15. A method of securing computer data, comprising the steps of:
- generating an access key with a random number generator;
  
  receiving a user password;
  
  obtaining a public key from a public-private key pair, said public-key generated in accordance with a method of public-key cryptography;
  
  encrypting information with a first encryption unit using said access key to create encrypted information;
  
  storing said encrypted information;
  
  hashing said user password to obtain a password hash;
  
  encrypting said access key with a second encryption unit to form a first encrypted version of said access key, said second encryption unit using said password hash, said second encryption unit operating in accordance with a symmetric encryption/decryption algorithm;
  
  storing said first encrypted version of said access key;
  
  encrypting said access key with a third asymmetric encryption unit to form a second encrypted version of said access key, said third asymmetric encryption unit using said public key, and said asymmetric encryption unit operating in accordance with said method of public-key cryptography; and
  
  storing said second encrypted version of said access key.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15, further comprising the steps of:
    - obtaining a decrypted access key;
      
      retrieving said encrypted information; and
      
      decrypting said encrypted information with a first decryption unit using said decrypted access key.
  - 17. The method of claim 16, wherein said step of obtaining a decrypted access key includes:
    - receiving said user password;
      
      rehashing said user password to obtain said password hash;
      
      retrieving said first encrypted version of said access key; and
      
      decrypting said first encrypted version of said access key with a second decryption unit using said password hash, said second decryption unit operating in accordance with said symmetric encryption/decryption algorithm.
  - 18. The method of claim 16, wherein said step of obtaining a decrypted access key includes:
    - decrypting said second encrypted version of said access key in an asymmetric decryption unit using a private key from said public-private key pair, said asymmetric decryption unit operating in accordance with said method of public-key cryptography.
  - 19. The method of claim 18, wherein said step of decrypting said second encrypted version of said access key is performed at a remote site.
  - 20. The method of claim 16, wherein said step of obtaining a decrypted access key includes:
    - retrieving said second encrypted version of said access key;
      
      communicating said second encrypted version of said access key to an authenticating entity;
      
      receiving, from said authenticating entity, said decrypted access key, said decrypted access key having been created by decrypting said second encrypted version of said access key in an asymmetric decryption unit with a private key from said public-private key pair, said asymmetric decryption unit operating in accordance with said method of public-key cryptography.
  - 21. The method of claim 15, wherein said step of hashing includes entering said user password into an MD5 algorithm.
  - 22. The method of claim 18, further including the steps of:
    - requiring a user to enter a new user password; and
      
      generating a new access key.

23. A computer readable medium having a set of instructions stored therein, which when executed by a computer, causes the computer to secure an access key by performing the steps of:
- encrypting said access key with a first encryption algorithm to form a first encrypted version of said access key;
  
  encrypting said access key with a second asymmetric encryption algorithm to form a second encrypted version of said access key; and
  
  storing the first encrypted version and the second encrypted version of said access key.
- View Dependent Claims (24, 25, 26)
- - 24. The computer readable medium of claim 23, further comprising instructions for performing the step of:
    - decrypting said first encrypted version of said access key with a decryption algorithm.
  - 25. The computer readable medium of claim 23, wherein the instructions for performing the step of encrypting said access key with a second asymmetric algorithm include instructions for obtaining a public key from a public-private key pair.
  - 26. The computer readable medium of claim 23, further comprising instructions for performing the step of:
    - receiving a decrypted access key, said decrypted access key having been remotely decrypted with an asymmetric decryption algorithm with a private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Grawrock, David, Lohstroh, Shawn R.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/643,742
Time in Patent Office

771 Days
Field of Search

380/4, 380/21, 380/25
US Class Current

380/286
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6209   to a single file or object,...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2131   Lost password, e.g. recover...

Method for providing a secure non-reusable one-time password

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

255 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing a secure non-reusable one-time password

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links