Authentication protocol using a multi-factor asymmetric key pair
First Claim
1. A method for user authentication based upon an asymmetric key pair having a public key and a split private key, comprising:
- generating a first portion of the split private key based upon multiple factors under control of the user, the multiple factors including a user password;
cryptographically combining a challenge with a first one of the multiple factors other than the user password to form a first message;
transforming the first message with the generated first portion to form a second message;
transmitting the second message to an authentication entity; and
transforming the transmitted second message to authenticate the user, the transformation of the transmitted second message providing direct verification of user control of the first factor.
8 Assignments
0 Petitions
Accused Products
Abstract
Techniques for user authentication based upon an asymmetric key pair having a public key and a split private key are provided. A first portion of the split private key is generated based upon multiple factors under control of the user. The factors include a password. A challenge is cryptographically combined with a first one of the multiple factors, but not the user password, to form a first message. The first message is transformed with the generated first portion to form a second message, which is then sent to an authentication entity. The sent second message is transformed to authenticate the user by proving direct verification of user control of the first factor.
66 Citations
22 Claims
-
1. A method for user authentication based upon an asymmetric key pair having a public key and a split private key, comprising:
-
generating a first portion of the split private key based upon multiple factors under control of the user, the multiple factors including a user password; cryptographically combining a challenge with a first one of the multiple factors other than the user password to form a first message; transforming the first message with the generated first portion to form a second message; transmitting the second message to an authentication entity; and transforming the transmitted second message to authenticate the user, the transformation of the transmitted second message providing direct verification of user control of the first factor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for user authentication based upon an asymmetric key pair having a public key and a split private key, comprising:
-
a first network station configured to i) generate a first portion of the split private key based upon multiple factors under control of the user, the multiple factors including a user password, ii) cryptographically combine a challenge with a first one of the multiple factors other than the user password to form a first message, iii) transform the first message with the generated first portion to form a second message, and iv) transmitting the second message; and a second network station configured to i) receive the transmitted second message, and ii) transform the transmitted second message to authenticate the user; wherein the transformation of the transmitted second message provides direct verification of user control of the first factor. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for user authentication based upon an asymmetric key pair having a first key and a second key, with the first key split into multiple portions, with a first of the multiple portions of the split first key being based on multiple factors, including a user password, the apparatus comprising:
-
a communications port configured to receive a message transformed with the first portion of the split first key, wherein the message includes a challenge and a first of the multiple factors, other than the user password, cryptographically combined; and a processor configured with logic that is executable to further transform the received transformed message to authenticate the user and directly verify user control of the first factor. - View Dependent Claims (22)
-
Specification