Method of creating password list for remote authentication to services

US 7,194,762 B2
Filed: 11/30/2001
Issued: 03/20/2007
Est. Priority Date: 11/30/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for improving security in a computer network utilizing password-based access, the method comprising:

signing a phrase using a private key assigned to a remote user;

associating the signed phrased with the remote user; and

storing the private key assigned to the remote user in a key chain of a provided security chip, wherein the key chain is formed by wrapping the private key using at least one child key pair assigned to the computer network, wrapping the at least one child key pair using at least one parent key pair assigned to the computer network, wrapping the at least one parent key pair using at least one grandparent key pair assigned to the computer network, and wrapping the at least one grandparent key pair using an encryption key assigned to the provided security chip.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing security in password-based access to computer networks, the network including a server and a remote user, includes: signing a phrase by a security chip of the server using an encryption key; associating the signed phrase with the remote user; signing the phrase with an encryption key obtained by the security chip when a request for access to the computer network is received from the remote user; comparing the phrase signed with the obtained encryption key with the signed phrase associated with the remote user; and granting access to the remote user if the phrase signed with the obtained encryption key is the same as the stored signed phrase associated with the remote user. The use of the encryption key protects against “dictionary attacks”. Use of the security chip protects against offline attacks. These provide greater security for the computer network.

29 Citations

View as Search Results

24 Claims

1. A method for improving security in a computer network utilizing password-based access, the method comprising:
- signing a phrase using a private key assigned to a remote user;
  
  associating the signed phrased with the remote user; and
  
  storing the private key assigned to the remote user in a key chain of a provided security chip, wherein the key chain is formed by wrapping the private key using at least one child key pair assigned to the computer network, wrapping the at least one child key pair using at least one parent key pair assigned to the computer network, wrapping the at least one parent key pair using at least one grandparent key pair assigned to the computer network, and wrapping the at least one grandparent key pair using an encryption key assigned to the provided security chip.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the phrase is a password of the remote user.
  - 3. The method of claim 1, wherein the phase is separate from a password of the remote user.
  - 4. The method of claim 1, further comprising:
    - using the signed phrase associated with the remote user to determine whether to grant the remote user access to the computer network.
  - 5. The method of claim 1, wherein the private key assigned to the remote user, the encryption key assigned to the provided security chip, and the at least one child key pair, the at least one parent key pair, and the at least one grandparent key pair assigned to the computer network are created within the provided security chip.
  - 6. The method of claim 1, wherein both the private key assigned to the remote user and the encryption key assigned to the provided security chip are known only to the provided security chip.
  - 7. The method of claim 1, wherein the provided security chip is a Trusted Platform Module (TPM).
  - 8. The method of claim 1, further comprising:
    - storing the signed phrase associated with the remote user.

9. A computer readable medium including a computer program for improving security in a computer network utilizing password-based access, the computer program comprising instructions for:
- signing a phrase using a private key assigned to a remote user;
  
  associating the signed phrased with the remote user; and
  
  storing the private key assigned to the remote user in a key chain of a provided security chip, wherein the key chain is formed by wrapping the private key using at least one child key pair assigned to the computer network, wrapping the at least one child key pair using at least one parent key pair assigned to the computer network, wrapping the at least one parent key pair using at least one grandparent key pair assigned to the computer network, and wrapping the at least one grandparent key pair using an encryption key assigned to the provided security chip.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable medium of claim 9, wherein the phrase is a password of the remote user.
  - 11. The computer readable medium of claim 9, wherein the phrase is separate from a password of the remote user.
  - 12. The computer readable medium of claim 9, wherein the computer program further comprises instructions for:
    - using the signed phrase associated with the remote user to determine whether to grant the remote user access to the computer network.
  - 13. The computer readable medium of claim 9, wherein the private key assigned to the remote user, the encryption key assigned to the provided security chip, and the at least one child key pair, the at least one parent key pair, and the at least one grandparent key pair assigned to the computer network are created within the provided security chip.
  - 14. The computer readable medium of claim 9, wherein both the private key assigned to the remote user and the encryption key assigned to the provided security chip are known only to the provided security chip.
  - 15. The computer readable medium of claim 9, wherein the provided security chip is a Trusted Platform Module (TPM).
  - 16. The computer readable medium of claim 9, wherein the computer program further comprises instructions for:
    - storing the signed phrase associated with the remote user.

17. A system for improving security in a computer network utilizing password-based access, the system being operable to:
- sign a phrase using a private key assigned to a remote user;
  
  associate the signed phrased with the remote user; and
  
  store the private key assigned to the remote user in a key chain of a provided security chip, wherein the key chain is formed by wrapping the private key using at least one child key pair assigned to the computer network, wrapping the at least one child key pair using at least one parent key pair assigned to the computer network, wrapping the at least one parent key pair using at least one grandparent key pair assigned to the computer network, and wrapping the at least one grandparent key pair using an encryption key assigned to the provided security chip.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the phrase is a password of the remote user.
  - 19. The system of claim 17, wherein the phrase is separate from a password of the remote user.
  - 20. The system of claim 17, wherein the system is further operable to:
    - use the signed phrase associated with the remote user to determine whether to grant the remote user access to the computer network.
  - 21. The system of claim 17, wherein the private key assigned to the remote user, the encryption key assigned to the provided security chip, and the at least one child key pair, the at least one parent key pair, and the at least one grandparent key pair assigned to the computer network are created within the provided security chip.
  - 22. The system of claim 17, wherein both the private key assigned to the remote user and the encryption key assigned to the provided security chip are known only to the provided security chip.
  - 23. The system of claim 17, wherein the provided security chip is a Trusted Platform Module (TPM).
  - 24. The system of claim 17, wherein the system is further operable to:
    - store the signed phrase associated with the remote user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Goodman, Steven Dale, Challener, David Carroll
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US09/998,484
Publication Number

US 20030105980A1
Time in Patent Office

1,936 Days
Field of Search

713/155, 713/183, 713/202, 713/168, 713/171, 713/177, 705/51, 726/8, 726/9, 726/7, 380/284
US Class Current

726/7
CPC Class Codes

G06F 21/46 by designing passwords or c...

Method of creating password list for remote authentication to services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method of creating password list for remote authentication to services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links