×

Method and apparatus for secure password transmission and password changes

  • US 6,826,686 B1
  • Filed: 04/14/2000
  • Issued: 11/30/2004
  • Est. Priority Date: 04/14/2000
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;

  • said method comprising the steps of;

    sending, by the local computer, the userid and a first nonce to the host computer;

    replying, by the host computer to the local computer, with a second nonce;

    generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;

    creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;

    generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;

    sending, by the local computer to the host computer, the userid, authentication token and the protected digest;

    verifying, by the host computer, the validity of the authentication token; and

    , accepting the new password to replace the existing password if the authentication token is valid.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×