Storing digital secrets in a vault
First Claim
1. A method for storing secret information in a digital vault on a storage medium, said method comprising:
- obtaining from a user, via an input device, an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3;
identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and
for each subset of questions, SK;
(a) generating, via the microprocessor, a string TK from the obtained answers for that subset of questions SK;
(b) mathematically combining, via the microprocessor, a value derived from the string, TK, with the secret information to generate a result, FK, that hides the secret information; and
(c) storing FK, in the digital vault on the storage medium, wherein the digital vault comprises all stored FK;
wherein the string TK is a concatenation consisting of the following elements in this listed order;
K;
immediately followed by a delimiter;
immediately followed by a salt value;
immediately followed by the delimiter;
immediately followed by a pepper value;
immediately followed by the delimiter; and
immediately followed by, for each answer in SK;
a length of that answer;
immediately followed by the delimiter;
immediately followed by that answer; and
immediately followed by;
if that answer is a last answer in SK, no further characters;
otherwise, the delimiter;
wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes;
wherein the pepper value is a randomly generated value.
23 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.”
60 Citations
46 Claims
-
1. A method for storing secret information in a digital vault on a storage medium, said method comprising:
-
obtaining from a user, via an input device, an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3; identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and for each subset of questions, SK; (a) generating, via the microprocessor, a string TK from the obtained answers for that subset of questions SK; (b) mathematically combining, via the microprocessor, a value derived from the string, TK, with the secret information to generate a result, FK, that hides the secret information; and (c) storing FK, in the digital vault on the storage medium, wherein the digital vault comprises all stored FK; wherein the string TK is a concatenation consisting of the following elements in this listed order; K; immediately followed by a delimiter; immediately followed by a salt value; immediately followed by the delimiter; immediately followed by a pepper value; immediately followed by the delimiter; and immediately followed by, for each answer in SK; a length of that answer; immediately followed by the delimiter; immediately followed by that answer; and immediately followed by; if that answer is a last answer in SK, no further characters; otherwise, the delimiter; wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes; wherein the pepper value is a randomly generated value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 41, 46)
-
-
25. A method of gaining access to secret information contained within a digital vault on a storage medium, said method comprising:
-
obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3; identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; selecting, via the microprocessor, a first subset from among the subsets SK of questions and for the selected subset; (a) generating, via the microprocessor, a string VK from the obtained answers for that subset of questions SK; (b) comparing, via the microprocessor, a value derived from the string, VK to a set of stored values to find a match; (c) if a match is found, giving the user access to the secret information in the digital vault on the storage medium, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected or until a match is found; wherein the string VK is a concatenation consisting of the following elements in this listed order; K; immediately followed by a delimiter; immediately followed by a salt value; immediately followed by the delimiter; immediately followed by a pepper value; immediately followed by the delimiter; and immediately followed by, for each answer in VK ; a length of that answer; immediately followed by the delimiter; immediately followed by that answer; and immediately followed by; if that answer is a last answer in VK, no further characters; otherwise, the delimiter; wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes; wherein the pepper value is a randomly generated value. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 42)
-
-
38. A method of gaining access to secret information contained within a digital vault on a storage medium, said method comprising:
-
obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3; identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers provided by an entity will enable that entity to gain access to the secret information in the digital vault, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; selecting, via the microprocessor, a first subset from among the subsets SK of questions and for the selected subset; (a) generating, via the microprocessor, a string VK from the obtained answers for that subset of questions SK; (b) using a value, via the microprocessor, derived from the string, VK, to attempt to access the secret information; and (c) verifying, via the microprocessor, whether the attempt was successful; and
unless the attempt was successful, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected; andif the attempt is successful, giving the user access to the secret information in the digital vault on the storage medium; wherein the string VK is a concatenation consisting of the following elements in this listed order; K; immediately followed by a delimiter; immediately followed by a salt value; immediately followed by the delimiter; immediately followed by a pepper value; immediately followed by the delimiter; and immediately followed by, for each answer in VK; a length of that answer; immediately followed by the delimiter; immediately followed by that answer; and immediately followed by; if that answer is a last answer in VK, no further characters; otherwise, the delimiter; wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes; wherein the pepper value is a randomly generated value. - View Dependent Claims (43)
-
-
39. A method of registering authentication material on a storage medium, said method comprising:
-
obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3; identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and for each subset of questions, SK; (a) generating, via the microprocessor, a string TK from the obtained answers for that subset of questions SK; (b) mathematically transforming, via the microprocessor, the string, TK, to generate a value GK; (c) storing in the digital vault on the storage medium GK, wherein the authentication material comprises all stored GK; wherein the string TK is a concatenation consisting of the following elements in this listed order; K; immediately followed by a delimiter; immediately followed by a salt value; immediately followed by the delimiter; immediately followed by a pepper value; immediately followed by the delimiter; and immediately followed by, for each answer in SK; a length of that answer; immediately followed by the delimiter; immediately followed by that answer; and immediately followed by; if that answer is a last answer in SK, no further characters; otherwise, the delimiter; wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes; wherein the pepper value is a randomly generated value. - View Dependent Claims (44)
-
-
40. A method of authenticating a user, said method comprising:
-
obtaining, via an input device, from a user an answer to each of m different questions to generate a set of m answers, wherein m is an integer greater than or equal to 3; identifying, via a microprocessor, subsets SK of the m questions for which acceptable answers later provided by an entity will enable that entity to authenticate, wherein each subset SK includes a set of nK questions, wherein K is an integer identifying the subset and each nK is an integer that is less than m, wherein at least one subset SK has at least two elements; and for each subset of questions, SK; (a) generating, via the microprocessor, a string VK from the obtained answers for that subset of questions SK; (b) comparing, via the microprocessor, a value derived from the string VK to a set of stored values to find a match; and (c) if a match is found authenticating the user, repeating (a) through (c) for a next selected subset among the subsets SK until all subsets SK have been selected or until a match is found; wherein the string VK is a concatenation consisting of the following elements in this listed order; K; immediately followed by a delimiter; immediately followed by a salt value; immediately followed by the delimiter; immediately followed by a pepper value; immediately followed by the delimiter; and immediately followed by, for each answer in VK; a length of that answer; immediately followed by the delimiter; immediately followed by that answer; and immediately followed by; if that answer is a last answer in VK, no further characters; otherwise, the delimiter; wherein the salt value is a value particular to the user that is stored and retrieved without using encryption or decryption processes; wherein the pepper value is a randomly generated value. - View Dependent Claims (45)
-
Specification