Method for securely using a single password for multiple purposes

US 7,197,765 B2
Filed: 12/29/2000
Issued: 03/27/2007
Est. Priority Date: 12/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method performed by a machine comprising:

receiving a user password;

receiving a user identification;

receiving a plurality of names for independent software applications that require a password for a user to use any of the software applications;

generating a unique and specific randomly generated salt value for each independent software application;

computing a software application dependent password for a user for a selected independent software application, wherein the software application dependent password only depends on the user password, the user identification and the specific randomly generated salt value associated with the selected software application; and

returning the software application dependent password for the selected independent software application to the user,wherein a user does not need to one of remember the selected software application dependent password and record the selected software application dependent password as the software application dependent password is one of computed each time a user requests access to the software application and temporarily stored a first time the user requests access to the software application for a predetermined time period.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method receives input data and determines if a salt value exists. The method generates a salt value and stores the salt value in a table entry if the salt value does not exist. The method further retrieves the salt value from the table entry if the salt value exists and generates a hash from the salt value and the input data. The method further includes generating a password from the hash and returning the password to an application to gain entry to the application. Also a program storage device readable by a machine includes instructions that cause the machine to perform similarly to the method.

82 Citations

View as Search Results

27 Claims

1. A method performed by a machine comprising:
- receiving a user password;
  
  receiving a user identification;
  
  receiving a plurality of names for independent software applications that require a password for a user to use any of the software applications;
  
  generating a unique and specific randomly generated salt value for each independent software application;
  
  computing a software application dependent password for a user for a selected independent software application, wherein the software application dependent password only depends on the user password, the user identification and the specific randomly generated salt value associated with the selected software application; and
  
  returning the software application dependent password for the selected independent software application to the user,wherein a user does not need to one of remember the selected software application dependent password and record the selected software application dependent password as the software application dependent password is one of computed each time a user requests access to the software application and temporarily stored a first time the user requests access to the software application for a predetermined time period.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the computation of the software application dependent password further includes hashing the user name, the user password, and the salt value for the software application.
  - 3. The method of claim 1, further comprising generating an old password if the old password is required.
  - 4. The method of claim 1, wherein a strong password is used to generate a plurality of software application passwords.

5. A method performed by a machine comprising:
- receiving a plurality of names for independent software applications that require a password for a user to use any of the software applications;
  
  generating a plurality of random salt values for each software application;
  
  generating a hash from one random salt value and input data, the one salt value only associated with one specific software application, the input data including a user identification and a strong password;
  
  generating a software application dependent password from the hash; and
  
  returning the software application dependent password to a user to gain entry to the software application,wherein a user does not need to one of remember the software application dependent password and record the software application dependent password as the software application dependent password is one of computed each time a user requests access to the specific software application and temporarily stored a first time the user requests access to the specific software application for a predetermined time period.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 6. The method of claim 5, further comprising:
    - receiving the input data;
      
      determining if the salt value exists;
      
      generating the salt value and storing the salt value in a table entry if the salt value does not exist; and
      
      retrieving the salt value from the table entry if the salt value exists.
  - 7. The method of claim 5, wherein the input data further comprises a software application identification.
  - 8. The method of claim 5, further comprising determining if a new strong password is required;
    - andretrieving the new strong password if the new strong password is required.
  - 9. The method of claim 5, wherein the strong password is used to generate a plurality of software application passwords.
  - 10. The method of claim 5, wherein the salt value is one of predetermined and generated by a random number generator.
  - 11. The method of claim 5, wherein the salt value and the software application are associated in the table entry.
  - 12. The method of claim 5, wherein the software application is run on one of a local computer system and a networked computer system.
  - 13. The method of claim 5, wherein one of a secure hash algorithm (SHA-1) and a message digest (MD5) algorithm are used to generate the hash.
  - 14. The method of claim 5, wherein the generated password is temporarily stored in a memory for a predetermined time period.
  - 15. The method of claim 14, wherein the predetermined time period is based on platform activity.
  - 16. The method of claim 15, wherein the platform is one of a local computer system and a networked computer system.

17. A program storage device readable by a machine comprising instructions that cause the machine to:
- receive a plurality of names for independent software applications that require a password for a user to use any of the software applications;
  
  generate a plurality of random salt values for the software applications;
  
  generate a hash for each of the plurality of random salt values and input data, each salt value only associated with one specific software application, the input data including a user identification and a strong password;
  
  generate a software application dependent password for one hash for a user selected software application; and
  
  return the software application dependent password to a user for the selected software application to gain entry to the selected software application,wherein the user does not need to one of remember the software application dependent password for the selected software application and record the software application dependent password for the selected software application as the software application dependent password is generated each time a user requests access to the selected software application.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. The program storage device of claim 17, further comprises instructions that cause the machine to:
    - receive input data;
      
      determine if a salt value exists;
      
      generate a salt value and store the salt value in a table entry if the salt value does not exist; and
      
      retrieve the salt value from the table entry if the salt value exists.
  - 19. The program storage device of claim 17, wherein the input data further comprises a software application identification.
  - 20. The program storage device of claim 17, further comprises instructions that cause the machine to:
    - determine if a new strong password is required; and
      
      retrieve the new strong password if the new strong password is required.
  - 21. The program storage device of claim 20, wherein the strong password is used by the machine to generate a plurality of software application passwords.
  - 22. The program storage device of claim 17, wherein the salt value is one of predetermined and generated by a random number generator.
  - 23. The program storage device of claim 17, wherein the salt value and the software application are associated in the table entry.
  - 24. The program storage device of claim 17, wherein one of a secure hash algorithm (SHA-1) and a message digest (MD5) algorithm are used in instructions to cause the machine to generate the hash.
  - 25. The program storage device of claim 17, wherein the generated password is temporarily stored in a memory for a predetermined time period.
  - 26. The program storage device of claim 25, wherein the predetermined time period is based on platform activity.
  - 27. The program storage device of claim 25, wherein the platform is one of a local computer system and a networked computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Enest F., Chan, Keen W.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US09/753,257
Publication Number

US 20020087890A1
Time in Patent Office

2,279 Days
Field of Search

713/169, 713/202, 713182-184, 726/8, 726/5, 715/741
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

Method for securely using a single password for multiple purposes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securely using a single password for multiple purposes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links