Initial password security accentuated by triple encryption and hashed cache table management on the hosted site's server

US 7,685,430 B1
Filed: 06/17/2005
Issued: 03/23/2010
Est. Priority Date: 06/17/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing a temporary password in an internet hosted environment comprising:

providing a central user password database including at least one temporary password that is associated with a user, the at least one password being randomly generated and not being known to the user;

receiving a temporary password request from a client machine of the user at a hosted server, the temporary password request including a user ID (“

userID”

) and a business unit ID (“

BUID”

);

extracting the temporary password from the central user password database, the extracting step including using the userID as a key and verifying that the BUID in the temporary password request matches a BUID associated with the temporary password in the central user password database;

triply-sequenced encrypting of the temporary password at the hosted server of the internet hosted environment, the triply-sequenced encrypting including;

encrypting the user'"'"'s client machine'"'"'s domain name using the BUID as a key which results in a “

string X”

;

encrypting the temporary password using string X as a key which results in a “

string Y”

;

encrypting string Y using a public key of the user as the key which results in a “

string Z”

; and

transporting string Z to a client side of the internet hosted environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for remote services authentication in an internet hosted environment includes a high level process and functionality for a secure, practical and logically optimized inter-network authentication mechanism by employees, partners and customers of an enterprise into the hosted Internet site. The lightweight authentication and authorization mechanism can be most effectively implemented in Java as part of the application or web server servlet. The method for remote services authentication includes initial secure password establishment, subsequent authentication and authorization, as well as authentication and authorization upon resuming previously run sessions with the hosted server using Internet cookies.

155 Citations

19 Claims

1. A method for providing a temporary password in an internet hosted environment comprising:
- providing a central user password database including at least one temporary password that is associated with a user, the at least one password being randomly generated and not being known to the user;
  
  receiving a temporary password request from a client machine of the user at a hosted server, the temporary password request including a user ID (“
  
  userID”
  
  ) and a business unit ID (“
  
  BUID”
  
  );
  
  extracting the temporary password from the central user password database, the extracting step including using the userID as a key and verifying that the BUID in the temporary password request matches a BUID associated with the temporary password in the central user password database;
  
  triply-sequenced encrypting of the temporary password at the hosted server of the internet hosted environment, the triply-sequenced encrypting including;
  
  encrypting the user'"'"'s client machine'"'"'s domain name using the BUID as a key which results in a “
  
  string X”
  
  ;
  
  encrypting the temporary password using string X as a key which results in a “
  
  string Y”
  
  ;
  
  encrypting string Y using a public key of the user as the key which results in a “
  
  string Z”
  
  ; and
  
  transporting string Z to a client side of the internet hosted environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising encrypting and doubly-sequenced decrypting by the client machine to use the temporary password on the client side;
    - the encrypting and doubly-sequenced decrypting comprising;
      
      encrypting the user'"'"'s client machine'"'"'s domain name using the BUID as a key which results in string X;
      
      decrypting string Z using a private key of the user as a key which results in string Y; and
      
      decrypting string Y using string X as a key which results in the temporary password.
  - 3. The method of claim 2 further comprising performing an initial login, the performing step comprising:
    - entering by the user of the userID, the temporary password and the BUID into the internet hosted environment.
  - 4. The method of claim 3, further comprising after the entering step, prompting the user to enter a desired password for subsequent logins.
  - 5. The method of claim 1 further comprising after the encrypting string Y step:
    - beginning a time period within which the user can perform an initial login with the temporary password; and
      
      storing the temporary password in a temporary password cache table.
  - 6. The method of claim 5 in which the temporary password cache table comprises an index, a credential, and an encrypted record and a tenant'"'"'s table with records that are individually hashed and encrypted.
  - 7. The method of claim 1, wherein the at least one temporary password does not include a time expiry.

8. A method for use in remote services authentication in an internet hosted environment comprising:
- accepting a login from a user at a hosted server with a combination of a user ID (“
  
  userID”
  
  ) of the user, a business unit ID (“
  
  BUID”
  
  ) of the user, and a random temporary password of the user which was sent earlier to the user using triple encryption and which was subsequently decrypted and entered into a login screen with a predetermined period, the triple encryption including;
  
  encrypting the user'"'"'s client machine'"'"'s domain name using the BUID as a key which results in a “
  
  string X”
  
  ;
  
  encrypting the temporary password using string X as a key which results in a “
  
  string Y”
  
  ; and
  
  encrypting string Y using a public key of the user as the key which results in a “
  
  string Z”
  
  ; and
  
  looking up a record in a cache using the userID as an index key to a cache table;
  
  each record in the cache table including;
  
  a user ID (“
  
  userID”
  
  ); and
  
  a credential comprising a hash of the userID and a temporary password.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The method of claim 8, wherein the predetermined time period is equal to twenty-four hours.
  - 10. The method of claim 8 further comprising in the looking up step,creating a hash of the user'"'"'s userID and temporary password together, using the users BUID as a key, responsive to a record being found having a userID matching the users userID.
  - 11. The method of claim 10 further comprising verifying the hash of the users userID and the temporary password together using the users BUID as a key against the credential in the record being found having a userID matching the users userID.
  - 12. The method of claim 11 further comprising validating the temporary password if the hash of the users userID and the temporary password together using the user'"'"'s BUID as a key is the same as the credential in the record being found having a userID matching the users userID.
  - 13. The method of claim 12, further comprising after the temporary password has been validated, prompting the user to enter a desired password for subsequent logins.
  - 14. The method of claim 11 further comprising discarding the temporary password and reporting an authentication failure if the hash of the users userID and the temporary password together using the users BUID as a key is not the same as the credential in the record being found having a userID matching the users userID.
  - 15. The method in claim 11 further comprising diagnosing a failure in finding a matching userID.
  - 16. The method of claim 15 further comprising traversing persistently-saved decrypted message digests to find a matching userID.
  - 17. The method of claim 8, wherein the cache table further includes an encrypted record comprising an encrypted version of the temporary password.

18. A method for providing a temporary password in an internet hosted environment, the method comprising:
- encrypting a temporary password at a hosted server of the internet hosted environment, the encrypting including;
  
  encrypting a client machine domain name of a user using a business unit ID (“
  
  BUID”
  
  ) of the user as a key which results in a “
  
  string X”
  
  ;
  
  encrypting the temporary password suing string X as a key which results in a “
  
  string Y”
  
  ;
  
  encrypting string Y using a public key of the user as the key which results in a “
  
  string Z”
  
  ; and
  
  transporting string X to a client side of the internet hosted environment; and
  
  obtaining the temporary password by the client side;
  
  wherein the obtaining step includes;
  
  encrypting the client machine domain name using the BUID as a key which results in string X;
  
  decrypting string Z using a private key of the user as a key which results in string Y; and
  
  decrypting string Y using string X as a key which results in the temporary password.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising performing an initial login, the performing step comprising entering by the user of the userID, the temporary password and the BUID into the internet hosted environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Masurkar, Vijay B.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
PHAM, LUU T

Application Number

US11/155,254
Time in Patent Office

1,740 Days
Field of Search

713/151, 713/150, 713/182
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0435   wherein the sending and rec...

H04L 63/0838   using one-time-passwords

H04L 63/1466   Active attacks involving in...

Initial password security accentuated by triple encryption and hashed cache table management on the hosted site's server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Initial password security accentuated by triple encryption and hashed cache table management on the hosted site's server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others