Human input security codes

US 7,610,487 B2
Filed: 06/28/2005
Issued: 10/27/2009
Est. Priority Date: 03/27/2003
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer storage media having computer executable instructions, that when implemented, perform a method for generating a security code for communication by a human user to a device, the method comprising:

a) generating by a computing device a hash value based on a combination of a modifier and a first data value;

b) repeating the operations of generating a hash value to generate a plurality of hash values, wherein each time the generating operation is repeated the modifier is changed;

c) terminating the repeating when a termination condition is met, the termination condition comprising a time parameter specifying a time limit for the repeating operation and further comprising a probability below a probability threshold that a more secure hash value will be generated within a remaining time of the time limit;

d) selecting by a computing device a second hash value from the plurality of hash values;

e) generating by a computing device a first hash value based on a combination of the modifier associated with the second hash value and a second data value;

f) generating by a computing device a security code for communication by the human user, the security code containing at least a portion of the first hash value; and

g) communicating by a computing device the security code to the human user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The hash extension technique used to generate an ECGA may be used to increase the strength of one-way hash functions and/or decrease the number of bits in any situation where some external requirement limits the number of hash bits, and that limit is below what is (or may be in the future) considered secure against brute-force attacks. For example, to decrease the length of human entered security codes (and maintain the same security), and/or to increase the strength of a human entered security code (and maintain the length of the security code), the security code may be generated and/or authenticated using an extended hash method.

Citations

18 Claims

1. One or more computer storage media having computer executable instructions, that when implemented, perform a method for generating a security code for communication by a human user to a device, the method comprising:
- a) generating by a computing device a hash value based on a combination of a modifier and a first data value;
  
  b) repeating the operations of generating a hash value to generate a plurality of hash values, wherein each time the generating operation is repeated the modifier is changed;
  
  c) terminating the repeating when a termination condition is met, the termination condition comprising a time parameter specifying a time limit for the repeating operation and further comprising a probability below a probability threshold that a more secure hash value will be generated within a remaining time of the time limit;
  
  d) selecting by a computing device a second hash value from the plurality of hash values;
  
  e) generating by a computing device a first hash value based on a combination of the modifier associated with the second hash value and a second data value;
  
  f) generating by a computing device a security code for communication by the human user, the security code containing at least a portion of the first hash value; and
  
  g) communicating by a computing device the security code to the human user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more computer storage media of claim 1, wherein generating the security code includes combining a hash indicator with the portion of the first hash value, the hash indicator being associated with the set of acceptable hash values.
  - 3. The one or more computer storage media of claim 2, wherein the hash indicator includes a count of bits that have a predetermined value in a selected portion of the second hash value.
  - 4. The one or more computer storage media of claim 1, wherein the first data value is the same as the second data value.
  - 5. The one or more computer storage media of claim 1, wherein the second data value includes the first data value and one or more additional data values.
  - 6. The one or more computer storage media of claim 5, further comprising detecting a collision between the security code and a security code, and incrementing a collision count parameter in one of the one or more additional data values.
  - 7. The one or more computer storage media of claim 1, wherein the termination condition further comprises comparing with a specified threshold a probability of generating another hash value that would be selected within the time limit of the time parameter instead of a currently generated hash value.

8. A computer-implemented method comprising:
- a) generating by a computing device a hash value based on a combination of a modifier and a first data value; and
  
  repeating the operations of generating a hash value to generate a plurality of hash values, wherein each time the generating operation is repeated the modifier is changed;
  
  b) terminating the computing when a termination condition is met, the termination condition comprising a time parameter specifying a time limit for the repeating operation and further comprising a probability below a probability threshold that a more secure hash value will be generated within a remaining time of the time limit;
  
  c) selecting by the computing device a second hash value from the plurality of hash values;
  
  d) computing by the computing device a first hash value using a first hash function, wherein an input to the first hash function includes a concatenation of the data value and the modifier used in computing the second hash value, the first hash value being different from the second hash value;
  
  e) setting by the computing device at least a portion of a security code to a portion of the first hash value, the security code being usable by a human user to authenticate the data value to a device; and
  
  f) communicating by the computing device the security code to the human user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - e) the human user retrieving the security code, wherein the security code is associated with a first device;
      
      f) the human user communicating the security code to a second device;
      
      g) the first device and the second device communicating over a communications network to agree on a data value;
      
      h) the second device using the security code to authenticate the data value.
  - 10. The method of claim 9, further comprising:
    - i) the second device using the data value to authenticate the first device.
  - 11. The method of claim 9, wherein the data value includes a public key of the first device.
  - 12. The method of claim 9, wherein communicating the security code to the second device includes using an alpha-numeric keypad to enter the security code.
  - 13. The method of claim 9, wherein retrieving the security code includes receiving a certificate containing the security code or examining a label associated with the first device.
  - 14. The method of claim 8, further comprising:
    - e) generating a hash indicator indicating a set of acceptable second hash values;
      
      f) encoding the hash indicator into at least a portion of the security code.
  - 15. The method of claim 8, wherein selecting the second hash value includes selecting a hash value in the plurality of hash values having the greatest number of bits with a predetermined value in a predetermined portion of the hash value.

16. A computing device comprising:
- a computer processor for executing computer executable instructions; and
  
  a computer storage medium storing computer executable instructions that when executed by the computer processor perform a method comprising;
  
  generating a hash value based on a combination of a modifier and a first data value; and
  
  repeating the operations of generating a hash value to generate a plurality of hash values, wherein each time the generating operation is repeated the modifier is changed;
  
  terminating the computing when a termination condition is met, the termination condition comprising a time parameter specifying a time limit for the repeating operation and further comprising a probability below a probability threshold that a more secure hash value will be generated within a remaining time of the time limit;
  
  selecting a second hash value from the plurality of hash values;
  
  computing a first hash value using a first hash function, wherein an input to the first hash function includes a concatenation of the data value and the modifier used in computing the second hash value, the first hash value being different from the second hash value;
  
  setting at least a portion of a security code to a portion of the first hash value, the security code being usable by a human user to authenticate the data value to a device; and
  
  communicating the security code to the human user.
- View Dependent Claims (17, 18)
- - 17. The computing device of claim 16, wherein the method further comprises:
    - generating a hash indicator indicating a set of acceptable second hash values; and
      
      encoding the hash indicator into at least a portion of the security code.
  - 18. The computing device of claim 16, wherein selecting the second hash value includes selecting a hash value in the plurality of hash values having the greatest number of bits with a predetermined value in a predetermined portion of the hash value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Aura, Tuomas, Roe, Michael
Primary Examiner(s)
Chai; Longbit

Application Number

US11/170,296
Publication Number

US 20060020796A1
Time in Patent Office

1,582 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 9/3236   using cryptographic hash fu...

Human input security codes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Human input security codes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links