Password protection

US 7,602,910 B2
Filed: 11/17/2004
Issued: 10/13/2009
Est. Priority Date: 11/17/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

concatenating a password with other data;

generating a value based on the concatenated password and the other data;

forming a first asymmetric key pair having a security level by performing a key generation computation on the value, the security level determined by the number of bits of a cryptography algorithm used to perform the key generation computation;

formulating a self-signing pseudo public key certificate that includes the first asymmetric key pair, the self-signing pseudo public key certificate having a Public Key Infrastructure (PKI) format and is not issued by a PKI central certificate server;

exporting the self signing pseudo public key certificate to an external device; and

responsive to an authentication session, forming a second asymmetric key pair by performing a key generation computation as part of a digital signature logon process wherein the process relies at least in part on the self-signing pseudo public key certificate as exported to the external device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for password protection are described. In one aspect, an asymmetric key pair is deterministically formed by combining a password and other data. The public key of the asymmetric key pair is exported to an external device. The private key of the asymmetric key pair is used to effect subsequent authentications to the external device.

Citations

24 Claims

1. A method comprising:
- concatenating a password with other data;
  
  generating a value based on the concatenated password and the other data;
  
  forming a first asymmetric key pair having a security level by performing a key generation computation on the value, the security level determined by the number of bits of a cryptography algorithm used to perform the key generation computation;
  
  formulating a self-signing pseudo public key certificate that includes the first asymmetric key pair, the self-signing pseudo public key certificate having a Public Key Infrastructure (PKI) format and is not issued by a PKI central certificate server;
  
  exporting the self signing pseudo public key certificate to an external device; and
  
  responsive to an authentication session, forming a second asymmetric key pair by performing a key generation computation as part of a digital signature logon process wherein the process relies at least in part on the self-signing pseudo public key certificate as exported to the external device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the forming the first or the second asymmetric key pairs includes performing a key generation computation based on Diffie-Hellman, RSA, DSA, or any other suitable algorithm for generating an asymmetric key pair.
  - 3. A method as recited in claim 1, wherein the password is a plaintext password.
  - 4. A method as recited in claim 1, wherein the password is a weak password generated as a function of encrypted key exchange protocols.
  - 5. A method as recited in claim 1, wherein the other data is a User Principal Name or other value substantially unique to a user.
  - 6. A method as recited in claim 1, wherein the concatenating a password with other data includes combining the password and the other data via a cryptographic function.
  - 7. A method as recited in claim 1, wherein the generating a value includes pseudo-randomly generating a value based on the concatenated password and the other data.
  - 8. A method as recited in claim 1, wherein the external device is a server.

9. A computer-readable storage medium comprising computer-program stored data representing instructions executable by a processor for:
- concatenating a password with other data;
  
  generating a value based on the concatenated password and the other data;
  
  forming a first asymmetric key pair having a security level by performing a key generation commutation on the value, the security level being determined by the number of bits of a cryptography algorithm used to perform the key generation computation;
  
  formulating a self-signing pseudo public key certificate based on that includes the first asymmetric key pair, the self-signing pseudo public key certificate having a Public Key Infrastructure (PKI) format and is not issued by a PKI central certificate server;
  
  exporting the self-signing pseudo public key certificate of the first asymmetric key pair to an external device; and
  
  responsive to an authentication session, forming a second asymmetric key pair by performing a key generation computation as part of a digital signature logon process wherein the process relies at least in part on the self-signing pseudo public key certificate as exported to the external device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A computer-readable storage medium as recited in claim 9, wherein the first and second asymmetric key pairs are generated based on Diffie-Heliman, RSA, DSA, or any other suitable algorithm for generating an asymmetric key pair.
  - 11. A computer-readable storage medium as recited in claim 9, wherein the password is a plaintext password.
  - 12. A computer-readable storage medium as recited in claim 9, wherein the password is a weak password generated as a function of encrypted key exchange protocols.
  - 13. A computer-readable storage medium as recited in claim 9, wherein the other data is a User Principal Name or other value substantially unique to a user.
  - 14. A computer-readable storage medium as recited in claim 9, wherein the computer-program instructions for forming the first asymmetric key pair further comprise instructions for:
    - concatenating the password and the other data;
      
      via a cryptographic function.
  - 15. A computer-readable storage medium as recited in claim 9, wherein the computer-program instructions for forming the first asymmetric key pair further comprise instructions for seeding a pseudo-random number generator with the concatenated password and the other data to generate the first asymmetric key pair.
  - 16. A computer-readable storage medium as recited in claim 9, wherein the external device is a server.

17. A computing device comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for;
  
  concatenating a password with other data;
  
  generating a value based on the concatenated password and the other data;
  
  forming a first asymmetric key pair having a security level by performing a key generation computation on the value, the security level being determined by the number of bits of a cryptography algorithm used to perform the key generation computation;
  
  formulating a self-signing pseudo public key certificate that includes the first asymmetric key pair, the self-signing pseudo public key certificate having a Public Key Infrastructure (PKI) format and is not issued by a PKI central certificate server;
  
  exporting the self-signing pseudo public key certificate of the first asymmetric key pair to an external device; and
  
  responsive to an authentication session, forming a second asymmetric key pair by performing a key generation computation as part of a digital signature logon process wherein the process relies at least in part on the self-signing pseudo public key certificate as exported to the external device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A computing device as recited in claim 17, wherein the first and second asymmetric key pairs are generated based on Diffie-Hellman, RSA, DSA, or any other suitable algorithm for generating an asymmetric key pair.
  - 19. A computing device as recited in claim 17, wherein the password is a plaintext password.
  - 20. A computing device as recited in claim 17, wherein the password is a weak password generated as a function of encrypted key exchange protocols.
  - 21. A computing device as recited in claim 17, wherein the other data is a User Principal Name or other value substantially unique to a user.
  - 22. A computing device as recited in claim 17, wherein the computer-program instructions for forming the first asymmetric key pair further comprise instructions for:
    - concatenating the password and the other data;
      
      via a cryptographic function.
  - 23. A computing device as recited in claim 17, wherein the computer-program instructions for forming the first asymmetric key pair further comprise instructions for seeding a pseudo-random number generator with the concatenated password and the other data to generate the first asymmetric key pair.
  - 24. A computing device as recited in claim 17, wherein the external device is a server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Johansson, Jesper M, Benaloh, Josh D.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US10/990,798
Publication Number

US 20060104441A1
Time in Patent Office

1,791 Days
Field of Search

380/44, 713/175, 713/184
US Class Current

380/44
CPC Class Codes

G06F 21/31 User authentication

G06F 21/33 using certificates

Password protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Password protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links