Method and apparatus for strengthening passwords for protection of computer systems

US 6,079,021 A
Filed: 06/02/1997
Issued: 06/20/2000
Est. Priority Date: 06/02/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computer implemented method for accessing a resource, comprising the steps of:

combining a first password with a supplement to generate a full password, wherein the bit length of the supplement is a fixed number of bits and the full password has a larger bit length than the first password;

applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system;

combining a second password with possible supplements to generate trial full passwords, each possible supplement having the fixed number of bits and the trial full passwords each having a larger bit length than the second password;

applying the one-way hash function to the trial full passwords to generate trial access codes; and

allowing access to the resource if one of the trial access codes is identical to the stored access code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method provides access to processes and data using strengthened password. During an initialization phase, an access code is stored in a memory of a computer system. The access code is an application of a one-way hash function to a concatenation of a password and a password supplement. The size of the password supplement is a fixed number of bits. During operation of the system, a user enters a password, and the one-way hash function is applied to concatenations of the password and possible values having the size of the password supplement to yield trial access codes. Access is granted when one of the trial access codes is identical to the stored access code.

Citations

33 Claims

1. A computer implemented method for accessing a resource, comprising the steps of:
- combining a first password with a supplement to generate a full password, wherein the bit length of the supplement is a fixed number of bits and the full password has a larger bit length than the first password;
  
  applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system;
  
  combining a second password with possible supplements to generate trial full passwords, each possible supplement having the fixed number of bits and the trial full passwords each having a larger bit length than the second password;
  
  applying the one-way hash function to the trial full passwords to generate trial access codes; and
  
  allowing access to the resource if one of the trial access codes is identical to the stored access code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, whereinthe full password, generated by the first combining step, includes all bits of the first password and the supplement;
    - andeach of the full trail passwords, generated by the second combining step, includes all bits of the second passwords and a respective one of the possible supplements.
  - 3. The method of claim 1, further comprising:
    - randomly generating a value for the supplement.
  - 4. The method of claim 1, further comprising:
    - discarding the supplement after the first combining step; and
      
      discarding the full password after the first applying step.
  - 5. The method of claim 1, further comprising:
    - storing the access code in an untrusted memory.
  - 6. The method of claim 1, wherein the second password is a partial password with a missing part, and further comprising:
    - generating a possible missing part for each of the possible supplements.
  - 7. The method of claim 1 further comprising:
    - denying access to the resource if none of the trial access codes match the stored access code.

8. A computer implemented method for accessing a resource, comprising the steps of:
- combining a first password with a supplement to generate a full password, wherein the supplement has a fixed number of bits;
  
  applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system;
  
  combining a second password with possible supplements to generate trial full passwords, each possible supplement being the fixed number of bits;
  
  applying the one-way hash function to the trial full passwords to generate trial access codes; and
  
  allowing access to the resource if one of the trial access codes is identical to the stored access code;
  
  whereinthe first combining step includes concatenating the first password and supplement to generate the full password; and
  
  the second combining step includes concatenating the second password and the possible supplements to generate the trial full passwords.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method of claim 8, further comprising:
    - randomly generating a value for the supplement.
  - 10. The method of claim 8, further comprising:
    - discarding the supplement after the first combining step; and
      
      discarding the full password after the first applying step.
  - 11. The method of claim 8, further comprising:
    - storing the access code in an untrusted memory.
  - 12. The method of claim 8 wherein the second password is a partial password with a missing part, and further comprising:
    - generating a possible missing part for each of the possible supplements.
  - 13. The method of claim 8, further comprising:
    - denying access to the resource if none of the trial access codes match the stored access code.
  - 14. The method of claim 8, wherein the resource is data encrypted with the full password.
  - 15. The method of claim 8, wherein the resource is a computer implemented process.
  - 16. The method of claim 8, wherein the resource is a network.

17. A computer implemented method for accessing a resource, comprising the steps of:
- combining a first password with a supplement to generate a full password, wherein the bit length of the supplement is a fixed number of bits and the full password has a larger bit length than the first password;
  
  encrypting data using the full password;
  
  applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system;
  
  combining a second password with possible supplements to generate trial full passwords, each possible supplement having the fixed number of bits and the trial full passwords each having a larger bit length than the second password;
  
  applying the one-way hash function to the trial full passwords to generate trial access codes; and
  
  decrypting the data using a particular trial password, the particular trial password yielding a particular trial access code that is identical to the stored access code.

18. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a first module for establishing a password, including instructions for;
  
  combining a first password with a supplement to generate a full password, wherein the bit length of the supplement is a fixed number of bits and the full password has a larger bit length than the first password; and
  
  applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system; and
  
  a resource access module, including instructions for;
  
  combining a second password with possible supplements to generate trial full passwords, each possible supplement having the fixed number of bits and the trial full passwords each having a larder bit length than the second password;
  
  applying the one-way hash function to the trial full passwords to generate trial access codes; and
  
  allowing access to the resource if one of the trial access codes is identical to the stored access code.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The computer program product of claim 18, wherein the first module includes instructions for:
    - discarding the supplement after combining the first password with the supplement; and
      
      discarding the full password after applying the one-way hash function to the full password.
  - 20. The computer program product of claim 18, whereinthe first module includes instructions for encrypting data using the full password;
    - andthe resource access module includes instructions for decrypting the data using a particular trial password, the particular trial password yielding a particular trial access code that is identical to the stored access code.
  - 21. The computer program of claim 18, whereinthe full password, generated by the first module, includes all bits of the first password and the supplement;
    - andeach of the full trail passwords, generated by the resource access module, includes all bits of the second passwords and a respective one of the possible supplements.
  - 22. The computer program of claim 18, wherein the first module further includes instructions for randomly generating a value for the supplement.
  - 23. The computer program of claim 18, wherein the first module further includes instructions for storing the access code in an untrusted memory.
  - 24. The computer program of claim 18, wherein the second password is a partial password with a missing part, and the resource access module further comprises instructions for generating a possible missing part for each of the possible supplements.
  - 25. The computer program of claim 18, wherein the resource access module further comprises instructions for denying access to the resource if none of the trial access codes match the stored access code.

26. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a first module for establishing a password, including instructions for;
  
  combining a first password with a supplement to generate a full password, wherein the size the supplement is a fixed number of bits; and
  
  applying a one-way hash function to the full password to generate an access code stored in a memory of a computer system; and
  
  a resource access module, including instructions for;
  
  combining a second password with possible supplements to generate trial full passwords, each possible supplement being the fixed number of bits;
  
  applying the one-way hash function to the trial full passwords to generate trial access codes; and
  
  allowing access to the resource if one of the trial access codes is identical to the stored access code;
  
  whereinthe first module includes instructions for concatenating the first password and supplement to generate the full password; and
  
  the resource access module includes instructions for concatenating the second password and the possible supplements to generate the trial full passwords.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The computer program product of claim 26, wherein the first module includes instructions for:
    - discarding the supplement after combining the first password with the supplement; and
      
      discarding the full password after applying the one-way hash function to the full password.
  - 28. The computer program product of claim 26,whereinthe first module includes instructions for encrypting data using the full password;
    - andthe resource access module includes instructions for decrypting the data using a particular trial password, the particular trial password yielding a particular trial access code that is identical to the stored access code.
  - 29. The computer program of claim 26, whereinthe full password, generated by the first module, includes all bits of the first password and the supplement;
    - andeach of the full trail passwords, generated by the resource access module, includes all bits of the second passwords and a respective one of the possible supplements.
  - 30. The computer program of claim 26, wherein the first module further includes instructions for randomly generating a value for the supplement.
  - 31. The computer program of claim 26, wherein the first module further includes instructions for storing the access code in an untrusted memory.
  - 32. The computer program of claim 26, wherein the second password is a partial password with a missing part, and the resource access module further comprises instructions for generating a possible missing part for each of the possible supplements.
  - 33. The computer program of claim 26, wherein the resource access module further comprises instructions for denying access to the resource if none of the trial access codes match the stored access code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Lomas, Thomas Mark Angus, Abadi, Martin, Needham, Roger Michael
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/866,673
Time in Patent Office

1,114 Days
Field of Search

235/379, 235/380, 395/186, 395/187.01, 395/188.01, 340/825.31, 340/825.34, 380/4, 380/9, 380/21, 380/23, 380/24, 380/25, 380/46, 380/49, 380/50, 380/59, 380/255, 380/277, 380/29, 380/30, 380/287, 713/150-152, 713/164, 713/168, 713/182, 713/184, 713/189, 713/200, 713/201, 713/202
US Class Current

726/14
CPC Class Codes

G06F 21/46 by designing passwords or c...

Method and apparatus for strengthening passwords for protection of computer systems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for strengthening passwords for protection of computer systems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links