Storing digital secrets in a vault

US 7,739,733 B2
Filed: 11/02/2005
Issued: 06/15/2010
Est. Priority Date: 11/02/2005
Status: Active Grant

First Claim

Patent Images

1. A method for storing secret information in a digital vault on a storage medium, said method comprising:

obtaining from a user, via an input device, an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;

identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements; and

for each subset of questions, S_K;

(a) generating, via the microprocessor, a string T_Kfrom the obtained answers for that subset of questions S_K;

(b) mathematically combining, via the microprocessor, a value derived from the string, T_K, with the secret information to generate a result, F_K, that hides the secret information; and

(c) storing F_K, in the digital vault on the storage medium, wherein the digital vault comprises all stored F_K;

wherein the string T_Kis a concatenation consisting of the following elements in this listed order;

K;

immediately followed by a delimiter;

immediately followed by a salt value;

immediately followed by the delimiter;

immediately followed by a pepper value;

immediately followed by the delimiter; and

immediately followed by, for each answer in S_K;

a length of that answer;

immediately followed by the delimiter;

immediately followed by that answer; and

immediately followed by;

if that answer is a last answer in S_K, no further characters;

otherwise, the delimiter;

wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;

wherein the pepper value is a randomly generated value.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.”

60 Citations

View as Search Results

46 Claims

1. A method for storing secret information in a digital vault on a storage medium, said method comprising:
- obtaining from a user, via an input device, an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
  
  identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements; and
  
  for each subset of questions, S_K;
  
  (a) generating, via the microprocessor, a string T_Kfrom the obtained answers for that subset of questions S_K;
  
  (b) mathematically combining, via the microprocessor, a value derived from the string, T_K, with the secret information to generate a result, F_K, that hides the secret information; and
  
  (c) storing F_K, in the digital vault on the storage medium, wherein the digital vault comprises all stored F_K;
  
  wherein the string T_Kis a concatenation consisting of the following elements in this listed order;
  
  K;
  
  immediately followed by a delimiter;
  
  immediately followed by a salt value;
  
  immediately followed by the delimiter;
  
  immediately followed by a pepper value;
  
  immediately followed by the delimiter; and
  
  immediately followed by, for each answer in S_K;
  
  a length of that answer;
  
  immediately followed by the delimiter;
  
  immediately followed by that answer; and
  
  immediately followed by;
  
  if that answer is a last answer in S_K, no further characters;
  
  otherwise, the delimiter;
  
  wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
  
  wherein the pepper value is a randomly generated value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 41, 46)
- - 2. The method of claim 1, wherein acceptable answers correspond to answers to the subset of questions obtained from the user.
  - 3. The method of claim 1, wherein acceptable answers are derived from answers obtained from the user.
  - 4. The method of claim 1, wherein the digital vault is stored on a remote server.
  - 5. The method of claim 1, wherein the m different questions are stored on a remote server and downloaded to a user computer.
  - 6. The method of claim 1, further comprising generating a result that allows the verification of later decryption of the secret information.
  - 7. The method of claim 1, wherein (b) comprises mathematically transforming the string, T_K, to generate a value, F_K′
    - , and mathematically combining that value, F_K′, with the secret information to generate a result, F_K, that hides the secret information.
  - 8. The method of claim 7, wherein mathematically transforming the string T_Kcomprises hashing T_K.
  - 9. The method of claim 7, wherein mathematically transforming the string T_Kincludes the application of a key derivation function.
  - 10. The method of claim 7, wherein mathematically combining the value, F_K′
    - , with the secret information comprises using an exclusive-or function.
  - 11. The method of claim 7, wherein mathematically combining the value, F_K′
    - , with the secret information comprises using an encryption function.
  - 12. The method of claim 1, further comprising, for each subset of questions, S_K:
    - (d) mathematically transforming the string, T_K, to generate a commitment value, G_K; and
      
      (e) storing G_Kwith F_K;
      
      wherein the digital vault comprises all stored F_Kand G_K.
  - 13. The method of claim 10, wherein the digital vault is stored on a remote server.
  - 14. The method of claim 1, wherein mathematically combining a value derived from the string T_K, and the secret information comprises using an exclusive-or function.
  - 15. The method of claim 1, wherein mathematically combining a value derived from the string T_K, and the secret information comprises using an encryption function.
  - 16. The method of claim 15, wherein the encryption function comprises integrity protection.
  - 17. The method of claim 1, further comprising:
    - (d) generating a confirmation string Z from the secret information which allows the verification of later decryption of the secret information; and
      
      (e) storing Z with F_K;
      
      wherein the digital vault comprises Z and all stored F_K.
  - 18. The method of claim 1, wherein the string T_Kcomprises a concatenation of the obtained answers.
  - 19. The method of claim 18, wherein the string T_Kfurther comprises a random number.
  - 20. The method of claim 18, wherein the string T_Kfurther comprises a number specific to the vault.
  - 21. The method of claim 1, wherein the digital vault further comprises a description of subsets S_K.
  - 22. The method of claim 1, further comprising erasing the obtained answers and the secret information after storing F_K.
  - 23. The method of claim 1, further comprising erasing the intermediate values used in the computation of the vault.
  - 24. The method of claim 1, wherein the subsets S_Kcomprise all possible subsets of n questions, where n is an integer less than m.
  - 41. The method of claim 1, wherein the pepper value has a number of bits that is inversely proportional to m allowing the computational effort of generating the string T_Kto be substantially independent of m.
  - 46. The method of claim 12:
    - wherein mathematically combining the value derived from the string, T_K, with the secret information to generate the result, F_K, includes using a reversible function allowing calculation of the string, T_K, from the result, F_K; and
      
      wherein mathematically transforming the string, T_K, to generate the commitment value, G_kincludes using an irreversible function preventing calculation of the string, T_K, from the commitment value, G_K.

25. A method of gaining access to secret information contained within a digital vault on a storage medium, said method comprising:
- obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
  
  identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements;
  
  selecting, via the microprocessor, a first subset from among the subsets S_Kof questions and for the selected subset;
  
  (a) generating, via the microprocessor, a string V_Kfrom the obtained answers for that subset of questions S_K;
  
  (b) comparing, via the microprocessor, a value derived from the string, V_Kto a set of stored values to find a match;
  
  (c) if a match is found, giving the user access to the secret information in the digital vault on the storage medium,repeating (a) through (c) for a next selected subset among the subsets S_Kuntil all subsets S_Khave been selected or until a match is found;
  
  wherein the string V_Kis a concatenation consisting of the following elements in this listed order;
  
  K;
  
  immediately followed by a delimiter;
  
  immediately followed by a salt value;
  
  immediately followed by the delimiter;
  
  immediately followed by a pepper value;
  
  immediately followed by the delimiter; and
  
  immediately followed by, for each answer in V_K;
  
  a length of that answer;
  
  immediately followed by the delimiter;
  
  immediately followed by that answer; and
  
  immediately followed by;
  
  if that answer is a last answer in V_K, no further characters;
  
  otherwise, the delimiter;
  
  wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
  
  wherein the pepper value is a randomly generated value.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 42)
- - 26. The method of claim 25, wherein acceptable answers correspond to answers to the subset of questions obtained from the user.
  - 27. The method of claim 25, wherein acceptable answers are derived from answers obtained from the user.
  - 28. The method of claim 25, wherein giving the user access to the secret information comprises using a value derived from the string V_Kas a decryption key for the secret information contained within the digital vault.
  - 29. The method of claim 25, wherein giving the user access to the secret information comprises using a value derived from the string V_Kwith an exclusive-or function on the secret information contained within the digital vault.
  - 30. The method of claim 25, wherein (b) comprises mathematically transforming the string, V_K, to generate a value H_K;
    - and comparing a value derived from the value, H_K, to a set of stored values to find a match.
  - 31. The method of claim 30, wherein mathematically transforming the string V_Kcomprises using a one-way hash function.
  - 32. The method of claim 25, further comprising allowing the user to attempt to access at least a portion of the digital information in the vault only after the user successfully authenticates.
  - 33. The method of claim 25, wherein the m different questions are stored on a remote server and downloaded to a user computer.
  - 34. The method of claim 25, wherein the digital vault is stored on a remote server.
  - 35. The method of claim 34, further comprising authenticating the user to the remote server.
  - 36. The method of claim 34, further comprising authenticating the user to the remote server by sending a value derived from the string, V_K, to the server, and comparing a value derived from the string, V_K, to a set of values stored at the server;
    - to find a match; and
      
      , if a match is found, sending the user at least a portion of the vault.
  - 37. The method of claim 25, wherein identifying subsets S_Kof the m questions comprises obtaining identifying information from the digital vault.
  - 42. The method of claim 25, wherein the pepper value has a number of bits that is inversely proportional to m allowing the computational effort of generating the string V_Kto be substantially independent of m.

38. A method of gaining access to secret information contained within a digital vault on a storage medium, said method comprising:
- obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
  
  identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements;
  
  selecting, via the microprocessor, a first subset from among the subsets S_Kof questions and for the selected subset;
  
  (a) generating, via the microprocessor, a string V_Kfrom the obtained answers for that subset of questions S_K;
  
  (b) using a value, via the microprocessor, derived from the string, V_K, to attempt to access the secret information; and
  
  (c) verifying, via the microprocessor, whether the attempt was successful; and
  
  unless the attempt was successful, repeating (a) through (c) for a next selected subset among the subsets S_Kuntil all subsets S_Khave been selected; and
  
  if the attempt is successful, giving the user access to the secret information in the digital vault on the storage medium;
  
  wherein the string V_Kis a concatenation consisting of the following elements in this listed order;
  
  K;
  
  immediately followed by a delimiter;
  
  immediately followed by a salt value;
  
  immediately followed by the delimiter;
  
  immediately followed by a pepper value;
  
  immediately followed by the delimiter; and
  
  immediately followed by, for each answer in V_K;
  
  a length of that answer;
  
  immediately followed by the delimiter;
  
  immediately followed by that answer; and
  
  immediately followed by;
  
  if that answer is a last answer in V_K, no further characters;
  
  otherwise, the delimiter;
  
  wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
  
  wherein the pepper value is a randomly generated value.
- View Dependent Claims (43)
- - 43. The method of claim 38, wherein the pepper value has a number of bits that is inversely proportional to m allowing the computational effort of generating the string V_Kto be substantially independent of m.

39. A method of registering authentication material on a storage medium, said method comprising:
- obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
  
  identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements; and
  
  for each subset of questions, S_K;
  
  (a) generating, via the microprocessor, a string T_Kfrom the obtained answers for that subset of questions S_K;
  
  (b) mathematically transforming, via the microprocessor, the string, T_K, to generate a value G_K;
  
  (c) storing in the digital vault on the storage medium G_K, wherein the authentication material comprises all stored G_K;
  
  wherein the string T_Kis a concatenation consisting of the following elements in this listed order;
  
  K;
  
  immediately followed by a delimiter;
  
  immediately followed by a salt value;
  
  immediately followed by the delimiter;
  
  immediately followed by a pepper value;
  
  immediately followed by the delimiter; and
  
  immediately followed by, for each answer in S_K;
  
  a length of that answer;
  
  immediately followed by the delimiter;
  
  immediately followed by that answer; and
  
  immediately followed by;
  
  if that answer is a last answer in S_K, no further characters;
  
  otherwise, the delimiter;
  
  wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
  
  wherein the pepper value is a randomly generated value.
- View Dependent Claims (44)
- - 44. The method of claim 39, wherein the pepper value has a number of bits that is inversely proportional to m allowing the computational effort of generating the string T_Kto be substantially independent of m.

40. A method of authenticating a user, said method comprising:
- obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
  
  identifying, via a microprocessor, subsets S_Kof the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset S_Kincludes a set of n_Kquestions, wherein K is an integer identifying the subset and each n_Kis an integer that is less than m, wherein at least one subset S_Khas at least two elements; and
  
  for each subset of questions, S_K;
  
  (a) generating, via the microprocessor, a string V_Kfrom the obtained answers for that subset of questions S_K;
  
  (b) comparing, via the microprocessor, a value derived from the string V_Kto a set of stored values to find a match; and
  
  (c) if a match is found authenticating the user, repeating (a) through (c) for a next selected subset among the subsets S_Kuntil all subsets S_Khave been selected or until a match is found;
  
  wherein the string V_Kis a concatenation consisting of the following elements in this listed order;
  
  K;
  
  immediately followed by a delimiter;
  
  immediately followed by a salt value;
  
  immediately followed by the delimiter;
  
  immediately followed by a pepper value;
  
  immediately followed by the delimiter; and
  
  immediately followed by, for each answer in V_K;
  
  a length of that answer;
  
  immediately followed by the delimiter;
  
  immediately followed by that answer; and
  
  immediately followed by;
  
  if that answer is a last answer in V_K, no further characters;
  
  otherwise, the delimiter;
  
  wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
  
  wherein the pepper value is a randomly generated value.
- View Dependent Claims (45)
- - 45. The method of claim 40, wherein the pepper value has a number of bits that is inversely proportional to m allowing the computational effort of generating the string V_Kto be substantially independent of m.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Szydlo, Michael
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Rahman; Mahfuzur

Application Number

US11/265,539
Publication Number

US 20070124321A1
Time in Patent Office

1,686 Days
Field of Search

726/5, 726/17, 726/20, 380/2
US Class Current

726/17
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2131   Lost password, e.g. recover...

G06Q 20/40   Authorisation, e.g. identif...

H04L 9/3218   using proof of knowledge, e...

Storing digital secrets in a vault

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Storing digital secrets in a vault

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links