Secure storage of private keys
First Claim
Patent Images
1. A method of generating and transmitting a private encryption key, comprising:
- generating a public encryption key and a private encryption key at a client system;
inputting a password and generating a random number;
creating a random private key by exclusive-ORing the private key with the random number;
generating a first hash value by hashing the password, a username, and a constant value;
encrypting the random private key using the first hash value as an encryption key to create an encrypted random key;
generating a second hash value by hashing the password, the username, and a second constant value; and
transmitting the username, the second hash value, and the encrypted random key to a sever for storage.
1 Assignment
0 Petitions
Accused Products
Abstract
To protect a private cryptographic key, two values are derived. The two values together can reconstruct the key. One value is sent to a server and deleted from the local machine. The other value is held by the local machine. To use the key, the user will enter a password, which will be used to authenticate the user to the server, and retrieve the value from the server. The password is also used to unlock the value held by the local machine. The private cryptographic key is thus protected against brute force password attacks without changing the behavior of the user.
-
Citations
13 Claims
-
1. A method of generating and transmitting a private encryption key, comprising:
-
generating a public encryption key and a private encryption key at a client system; inputting a password and generating a random number; creating a random private key by exclusive-ORing the private key with the random number; generating a first hash value by hashing the password, a username, and a constant value; encrypting the random private key using the first hash value as an encryption key to create an encrypted random key; generating a second hash value by hashing the password, the username, and a second constant value; and transmitting the username, the second hash value, and the encrypted random key to a sever for storage. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer readable medium containing instructions for execution by a processor, the instructions, which when executed, cause the processor to:
-
generate a public encryption key and a private encryption key at a client system, which includes the processor; receive a password and generate a random number; create a random private key by exclusive-ORing the private key with the random number; generate a first hash value by hashing the password, a username, and a constant value; encrypt the random private key using the first hash value as an encryption key to create an encrypted random key; generate a second hash value by hashing the password, the username, and a second constant value; and transmit the username, the second hash value, and the encrypted random key to a server for storage. - View Dependent Claims (7, 8, 9)
-
-
10. A method for retrieving a stored password, comprising:
-
receiving a password and a username; generating a first hash value using the password, the username, and a first constant value; generating a second hash value using the password, the username, and a second constant value; transmitting the second hash value and the username to a key server; receiving an encrypted random private key from the key server when the username and the second hash value match a stored username value and a stored hash value; and decrypting the encrypted random private key using the first hash value as an encryption key to generate a random private key. - View Dependent Claims (11)
-
-
12. A computer readable medium containing instructions for execution by a processor, the instructions, which when executed, cause the processor to:
-
receive a password and a username; generate a first hash value using the password, the username, and a first constant value; generate a second hash value using the password, the username, and a second constant value; transmit the second hash value and the username to a key server; receive an encrypted random private key from the key server when the username and the second hash value match a stored username value and a stored hash value; and decrypt the encrypted random private key using the first hash value as an encryption key to generate a random private key. - View Dependent Claims (13)
-
Specification