System for controlling access to encrypted data files by a plurality of users
First Claim
Patent Images
1. Apparatus for controlling access to secured data stored in a memory by a plurality of authorized users, each of whom has a password, the apparatus comprising:
- means for creating in the memory for each authorized user an entry having a cryptographically hashed password including the password of the each user cryptographically hashed with a hashing function;
means for receiving a password from one user;
means for cryptographically hashing the received password with the hashing function to produce a request value; and
means responsive to the request value for permitting the one user to access the secured data when the request value matches any of the cryptographically hashed passwords in the memory.
0 Assignments
0 Petitions
Accused Products
Abstract
A system in which an encrypted data file can be protected, accessed, and maintained by a plurality of users using cryptographically hashed passwords. The system provides for the creation in memory for each authorized user of a cryptographically hashed password as an entry in an unencrypted header file. The system compares an authorized user'"'"'s cryptographically hashed password against a corresponding set of cryptographically hashed passwords in memory to determine whether the user is allowed access to the protected data file. The passwords are cryptographically one-way hashed with a “salt” value in such a way as to make reconstruction of original passwords by an unintended party virtually impossible, because the passwords never exist in memory in an unhashed state. Furthermore, the passwords are cryptographically “one-way” hashed so as not to be reconstructible. Upon successful authorization of a user, based on successful comparison of the user'"'"'s hashed password with those in memory, the user gains access to the encrypted data file.
137 Citations
16 Claims
-
1. Apparatus for controlling access to secured data stored in a memory by a plurality of authorized users, each of whom has a password, the apparatus comprising:
-
means for creating in the memory for each authorized user an entry having a cryptographically hashed password including the password of the each user cryptographically hashed with a hashing function;
means for receiving a password from one user;
means for cryptographically hashing the received password with the hashing function to produce a request value; and
means responsive to the request value for permitting the one user to access the secured data when the request value matches any of the cryptographically hashed passwords in the memory. - View Dependent Claims (2, 3, 4)
-
-
5. A method for controlling access to secured data stored in a memory by a plurality of authorized users, each of whom has a password, the method comprising:
-
(a) creating in the memory for each authorized user an entry having a cryptographically hashed password including the password of the each user cryptographically hashed with a hashing function;
(b) receiving a password from one user;
(c) cryptographically hashing the received password with the hashing function to produce a request value; and
(d) permitting, in response to the request value, the one user to access the secured data when the request value matches any of the cryptographically hashed passwords in the memory. - View Dependent Claims (6, 7, 8)
(a1) combining each password with a predetermined salt value; and
(a2) cryptographically hashing the combination of the salt value and the password with the hashing function.
-
-
7. A method according to claim 6 wherein step (a1) comprises concatenating the salt value and the password.
-
8. A method according to claim 6 wherein step (a2) comprises passing the combination through a one-way function.
-
9. A computer program product for controlling access to secured data stored in a memory by a plurality of authorized users, each of whom has a password, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
-
program code for creating in the memory for each authorized user an entry having a cryptographically hashed password including the password of the each user cryptographically hashed with a hashing function;
program code for receiving a password from one user;
program code for cryptographically hashing the received password with the hashing function to produce a request value; and
program code for permitting, in response to the request value, the one user to access the secured data when the request value matches any of the cryptographically hashed passwords in the memory. - View Dependent Claims (10, 11, 12)
program code for combining each password with a predetermined salt value; and
program code for cryptographically hashing the combination of the salt value and the password with the hashing function.
-
-
11. A computer program product according to claim 10 wherein the combining program code comprises program code for concatenating the salt value and the password.
-
12. A computer program product according to claim 10 wherein the program code for cryptographically hashing the combination comprises program code for passing the combination through a one-way function.
-
13. A computer data signal embodied in a carrier wave for controlling access to secured data stored in a memory by a plurality of authorized users, each of whom has a password, the computer data signal comprising:
-
program code for creating in the memory for each authorized user an entry having a cryptographically hashed password including the password of the each user cryptographically hashed with a hashing function;
program code for receiving a password from one user;
program code for cryptographically hashing the received password with the hashing function to produce a request value; and
program code for permitting, in response to the request value, the one user to access the secured data when the request value matches any of the cryptographically hashed passwords in the memory. - View Dependent Claims (14, 15, 16)
program code for combining each password with a predetermined salt value; and
program code for cryptographically hashing the combination of the salt value and the password with the hashing function.
-
-
15. A computer data signal according to claim 14 wherein the combining program code comprises program code for concatenating the salt value and the password.
-
16. A computer data signal according to claim 14 wherein the program code for cryptographically hashing the combination comprises program code for passing the combination through a one-way function.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKaufman, Charles W.
-
Primary Examiner(s)Swann, Tod R.
-
Assistant Examiner(s)Darrow, Justin T.
-
Application NumberUS09/031,150Time in Patent Office1,062 DaysField of Search713/168, 713/183, 713/202, 713/262, 705/72US Class Current713/183CPC Class CodesG06F 21/40 by quorum, i.e. whereby two...G06F 21/6209 to a single file or object,...G06F 21/6218 to a system of files or obj...G06F 21/6227 where protection concerns t...G06F 2221/2107 File encryption
