Technique for providing multiple levels of security

US 7,596,697 B2
Filed: 02/14/2005
Issued: 09/29/2009
Est. Priority Date: 02/14/2005
Status: Active Grant

First Claim

Patent Images

1. A article of manufacture for user authentication, comprising computer readable storage media;

and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by one or more computers and thereby cause the one or more computers to operate so as to;

receive, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;

authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;

receive, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and

authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;

wherein the private portion of the first type split private key is based on a password of the first user and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based on only a password of the second user.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

29 Citations

View as Search Results

16 Claims

1. A article of manufacture for user authentication, comprising computer readable storage media;
- and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by one or more computers and thereby cause the one or more computers to operate so as to;
  
  receive, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;
  
  authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;
  
  receive, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
  
  authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;
  
  wherein the private portion of the first type split private key is based on a password of the first user and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based on only a password of the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The article of manufacture of claim 1, wherein in the first level of access, first information is available;
    - and in the second level of access, second information is available.
  - 3. The article of manufacture of claim 2, wherein the second information is only a portion of the first information.
  - 4. The article of manufacture of claim 1, wherein the stored computer programming is further configured to thereby cause the one or more computers to operate so as to:
    - transform the received first request with another portion of the first type split private key, the public key of the first asymmetric key pair, and at least one other public key to determine that the received first request is transformed with the first type split private key; and
      
      transform the received second request with only another portion of the second type split private key and the public key of the second asymmetric key pair to determine that the received first request is transformed with the second type split private key.
  - 5. The article of manufacture of claim 1, wherein the private portion of the first type split private key is generated by cryptographically combining the user password and the other factor.
  - 6. The article of manufacture of claim 1, wherein the stored computer programming is further configured to thereby cause the one or more computers to operate so as to:
    - generate the first asymmetric key pair with a first whole private key;
      
      split the first whole private key, based upon the password and the other factor, into a first set of multiple private portions forming the first type split private key;
      
      generate a second asymmetric key pair with second whole private key; and
      
      spit the second whole private key, based upon the password only, into a second set of multiple private portions forming the second type split private key.
  - 7. The article of manufacture of claim 1, wherein:
    - the private portion of the first type split private key is based upon three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a third asymmetric key pair; and
      
      a third factor is a private key of a fourth asymmetric key pair.
  - 8. The article of manufacture of claim 7, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the third asymmetric key pair is stored in a first location; and
      
      the private key of the fourth asymmetric key pair is stored in a second location different than the first location.

9. A system for user authentication, comprising:
- a communications interface configured to receive i) a first authentication request from a first user transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key, and ii) a second authentication request from a second user transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
  
  a processor configured to i) authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key, and ii) authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;
  
  wherein the private portion of the first type split private key is based upon a password and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based upon only a password.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein:
    - in the first level of access, first information is available; and
      
      in the second level of access, second information is available.
  - 11. The system of claim 10, wherein the second information is only a portion of the first information.
  - 12. The system of claim 9, wherein the processor is further configured to i) transform the received first request with another portion of the first type split private key, the public key of the first asymmetric key pair, and at least one other public key to determine that the received first message is transformed with the first type split private key, and ii) transform the received second request with only another portion of the second type split private key and the public key of the second asymmetric key pair to determine that the received first request is transformed with the second type split private key.
  - 13. The system of claim 9, wherein the first portion is generated by cryptographically combining the user password and the other factor.
  - 14. The system of claim 9, wherein the processor is a first processor, and further comprising:
    - a second processor configured to i) generate the first asymmetric key pair with a first whole private key, and ii) split the first whole private key, based upon the password and the other factor, into a first set of multiple private portions forming the first type split private key; and
      
      a third processor configured to i) generate a second asymmetric key pair with a second whole private key, and ii) split the second whole private key, based upon the password only, into a second set of multiple private portions forming the second type split private key.
  - 15. The system of claim 9, wherein:
    - the private portion of the first type split key is based upon three factors;
      
      a first factor is the user password;
      
      a second factor is a private key of a third asymmetric key pair; and
      
      a third factor is a private key of a fourth asymmetric key pair.
  - 16. The system of claim 15, wherein:
    - the password is not stored in a persistent state;
      
      the private key of the third asymmetric key pair is stored in a first location; and
      
      the private key of the fourth asymmetric key pair is stored in a second location different than the first location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
TriCipher, Inc. (Broadcom, Inc.)
Inventors
Ganesan, Ravi, Schoppert, Brett Jason, Sandhu, Ravinderpal Singh, deSa, Colin Joseph, Bellare, Mihir
Primary Examiner(s)
Simitoski; Michael J
Assistant Examiner(s)
Schmidt; Kari L

Application Number

US11/056,115
Publication Number

US 20070055878A1
Time in Patent Office

1,688 Days
Field of Search

726 3- 7, 380/44, 380277-286, 713/155, 713/171, 713/183
US Class Current

713/171
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/105   Multiple levels of security

H04L 9/32   including means for verifyi...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

Technique for providing multiple levels of security

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for providing multiple levels of security

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links