Secure storage of private keys

US 6,950,523 B1
Filed: 09/29/2000
Issued: 09/27/2005
Est. Priority Date: 09/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating and transmitting a private encryption key, comprising:

generating a public encryption key and a private encryption key at a client system;

inputting a password and generating a random number;

creating a random private key by exclusive-ORing the private key with the random number;

generating a first hash value by hashing the password, a username, and a constant value;

encrypting the random private key using the first hash value as an encryption key to create an encrypted random key;

generating a second hash value by hashing the password, the username, and a second constant value; and

transmitting the username, the second hash value, and the encrypted random key to a sever for storage.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To protect a private cryptographic key, two values are derived. The two values together can reconstruct the key. One value is sent to a server and deleted from the local machine. The other value is held by the local machine. To use the key, the user will enter a password, which will be used to authenticate the user to the server, and retrieve the value from the server. The password is also used to unlock the value held by the local machine. The private cryptographic key is thus protected against brute force password attacks without changing the behavior of the user.

Citations

13 Claims

1. A method of generating and transmitting a private encryption key, comprising:
- generating a public encryption key and a private encryption key at a client system;
  
  inputting a password and generating a random number;
  
  creating a random private key by exclusive-ORing the private key with the random number;
  
  generating a first hash value by hashing the password, a username, and a constant value;
  
  encrypting the random private key using the first hash value as an encryption key to create an encrypted random key;
  
  generating a second hash value by hashing the password, the username, and a second constant value; and
  
  transmitting the username, the second hash value, and the encrypted random key to a sever for storage.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further including further authenticating a user at the server.
  - 3. The method of claim 2, wherein the method of authenticating is using a biometric device.
  - 4. The method of claim 1, further including deleting the private encryption key from the client system.
  - 5. The method of claim 1, further including deleting the constant value from the client system.

6. A computer readable medium containing instructions for execution by a processor, the instructions, which when executed, cause the processor to:
- generate a public encryption key and a private encryption key at a client system, which includes the processor;
  
  receive a password and generate a random number;
  
  create a random private key by exclusive-ORing the private key with the random number;
  
  generate a first hash value by hashing the password, a username, and a constant value;
  
  encrypt the random private key using the first hash value as an encryption key to create an encrypted random key;
  
  generate a second hash value by hashing the password, the username, and a second constant value; and
  
  transmit the username, the second hash value, and the encrypted random key to a server for storage.
- View Dependent Claims (7, 8, 9)
- - 7. The computer-readable medium of claim 6, including instructions, which when executed causes the processor to delete the private encryption key from the client system.
  - 8. The computer-readable medium of claim 6, including instructions, which when executed causes the processor to delete the constant value.
  - 9. The computer-readable medium of claim 6, including instructions, which when executed causes the processor to delete the second constant value.

10. A method for retrieving a stored password, comprising:
- receiving a password and a username;
  
  generating a first hash value using the password, the username, and a first constant value;
  
  generating a second hash value using the password, the username, and a second constant value;
  
  transmitting the second hash value and the username to a key server;
  
  receiving an encrypted random private key from the key server when the username and the second hash value match a stored username value and a stored hash value; and
  
  decrypting the encrypted random private key using the first hash value as an encryption key to generate a random private key.
- View Dependent Claims (11)
- - 11. The method of claim 10, further including exclusive-ORing a random number with the random private key to generate a private key.

12. A computer readable medium containing instructions for execution by a processor, the instructions, which when executed, cause the processor to:
- receive a password and a username;
  
  generate a first hash value using the password, the username, and a first constant value;
  
  generate a second hash value using the password, the username, and a second constant value;
  
  transmit the second hash value and the username to a key server;
  
  receive an encrypted random private key from the key server when the username and the second hash value match a stored username value and a stored hash value; and
  
  decrypt the encrypted random private key using the first hash value as an encryption key to generate a random private key.
- View Dependent Claims (13)
- - 13. The computer-readable medium of claim 12, including instructions, which when executed causes the processor to exclusive-OR a random number with the random private key to generate a private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wood, Matthew D., Brickell, Ernie
Primary Examiner(s)
Rimell, Sam
Assistant Examiner(s)
Betit, Jacob F.

Application Number

US09/672,496
Time in Patent Office

1,824 Days
Field of Search

380/21, 380/49, 380/25, 380/23, 380/30, 380/28, 380/286, 380/281, 380282- 83, 380277- 79, 713/189, 713/184, 713/197, 707/9
US Class Current

380/286
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 9/0822   using key encryption key

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Y10S 707/99939   Privileged access

Secure storage of private keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage of private keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links