Security system that uses indirect password-based encryption
First Claim
1. A method for authenticating a user to a file security system, the method comprising:
- receiving notification of a login request that includes at least a password associated with the user;
decrypting an encrypted authentication string with the password received with the login request to produce a decrypted authentication string, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password associated with the user; and
determining whether the user is authenticated based on the decrypting.
8 Assignments
0 Petitions
Accused Products
Abstract
An improved system and approaches for protecting passwords are disclosed. A file security system for an organization operates to protect the files of the organization and thus prevents or limits users from accessing some or all of the files (e.g., documents) associated with the organization. According to one aspect, a password entered by a user is used, provided it is authenticated, to obtain a respective authentication string (a relatively longer string of numbers or characters). The retrieved authentication string is then used to enable the user to enter the file security system and/or to access secured files therein. According to another aspect, user passwords are not stored in the file security system to avoid security breaches due to unauthorized capture of user passwords.
480 Citations
45 Claims
-
1. A method for authenticating a user to a file security system, the method comprising:
-
receiving notification of a login request that includes at least a password associated with the user; decrypting an encrypted authentication string with the password received with the login request to produce a decrypted authentication string, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password associated with the user; and determining whether the user is authenticated based on the decrypting. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authenticating a user to a file security system, the method comprising:
-
receiving a password associated with the user; accessing an encrypted authentication string from a server machine associated with the file security system, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password, wherein the encrypted authentication string is associated with the user; decrypting the encrypted authentication string with the received password to produce a decrypted authentication string; and determining whether the user is authenticated based on the decrypting. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for re-authenticating a user to a file security system, where the user was previously authenticated to the file security system, comprising:
-
determining whether a re-authorization condition exists; and re-authenticating the user to the file security system in response to determining that the re-authorization condition exists, said re-authenticating includes at least; receiving a password associated with the user; accessing an encrypted authentication string from a server machine associated with the file security system; decrypting the encrypted authentication string with the received password to produce an authentication string; and determining whether the user is re-authenticated based on said decrypting. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for changing a password of a user, wherein the password is associated with a file security system, the method comprising:
-
retrieving a stored, existing password associated with the user; accessing an encrypted authentication string from a server machine associated with the file security system, the encrypted authentication string having been created by; generating a random number of a predetermined length; converting the random number into the authentication string; and encrypting the authentication string using the existing password, so as to associate the encrypted authentication string with the user; decrypting the encrypted authentication string with the existing password to produce a decrypted authentication string; and determining whether the user is authenticated based on the decrypting. - View Dependent Claims (21, 22, 23, 24)
-
-
25. An article of manufacture including a computer readable medium having instructions stored thereon, that, in response to execution by a computing device, cause the computing device to perform operations for authenticating a user to a file security system, the operations comprising:
-
receiving a file access request including at least a password associated with the user; decrypting an encrypted authentication string with the password received with the file access request to produce a decrypted authentication string, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password associated with the user; and determining whether the user is authenticated based on the decrypting. - View Dependent Claims (26, 27)
-
-
28. A computer readable medium having stored thereon, computer program code that, in response to execution by a computer, causes the computer to authenticate a user to a file security system by a method comprising:
-
receiving a password associated with the user; accessing an encrypted authentication string from a server machine associated with the file security system, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password, wherein the encrypted authentication string is associated with the user; wherein the encrypted authentication string is associated with the user; decrypting the encrypted authentication string with the received password to produce an authentication string; and determining whether the user is authenticated based on the decrypting by the computer code for decrypting. - View Dependent Claims (29, 30)
-
-
31. A computer readable medium having stored thereon, computer program code that, in response to execution by a computer, causes the computer to re-authenticate a user to a file security system by a method, where the user was previously authenticated to the file security system, the method comprising:
-
accessing an encrypted authentication string from a server machine associated with the file security system, wherein the encrypted authentication string is associated with the user; determining whether a re-authorization condition exists; and re-authenticating the user to the file security system when the re-authorization condition exists, the re-authenticating comprising; receiving a password associated with the user; accessing an encrypted authentication string from a server machine associated with the file security system; decrypting the encrypted authentication string with the received password to produce an authentication string; and determining whether the user is re-authenticated based on the decrypting by the computer code for decrypting. - View Dependent Claims (32, 33)
-
-
34. A tangible computer readable medium having instructions stored thereon to change a password associated with a file security system, the instructions comprising:
-
instructions to receive a new password; instructions to retrieve a stored, existing password associated with the user; instructions to access an encrypted authentication string from a server machine associated with the file security system, the encrypted authentication string having been created by; generating a random number of a predetermined length; converting the random number into the authentication string; and encrypting the authentication string using the existing password, wherein the encrypted authentication string is associated with a user; instructions to decrypt the encrypted authentication string with the existing password to produce a decrypted authentication string; and instructions to determine whether the user is authenticated based on the decrypting. - View Dependent Claims (35, 36)
-
-
37. A method for authenticating a user to a file security system, wherein the file security system includes a server portion and at least one client portion, the server portion residing in a server machine, and the client portion residing in a client machine, the method comprising:
-
receiving a login request including at least a password associated with the user; decrypting an encrypted authentication string with the password received with the login request to produce a decrypted authentication string, the encrypted authentication string having been created using a random number of a predetermined length and encrypted using a previously-received password associated with the user; and determining whether the user is authenticated based on the decrypting. - View Dependent Claims (38, 39)
-
-
40. A method for authenticating a user to a file security system, the method comprising:
-
generating a random number of a predetermined length; converting the random number into an authentication string; encrypting the authentication string using a previously-received password to produce an encrypted authentication string, wherein the encrypted authentication string and the previously-received password are associated with the user; and storing the encrypted authentication string in a server machine associated with the file security system for subsequent usage. - View Dependent Claims (41, 42, 43)
-
-
44. An article of manufacture including a computer readable medium having instructions stored thereon, that, in response to execution by a computing device, cause the computing device to perform operations for authenticating a user to a file security system, the operations comprising:
-
generating a random number of a predetermined length; converting the random number into an authentication string; encrypting the authentication string using a previously-the received password to produce an encrypted authentication string, wherein the encrypted authentication string and the previously-received password are is associated with the user; and storing the encrypted authentication string in a server machine associated with the file security system for subsequent usage.
-
-
45. A method for authenticating a user to a file security system, wherein the file security system includes a server portion and at least one client portion, the server portion residing in a server machine, and the client portion residing in a client machine, the method comprising:
-
generating a random number of a predetermined length; converting the random number into an authentication string; encrypting the authentication string using a previously-received password associated with a user to produce an encrypted authentication string; and storing the encrypted authentication string in the file security system to the server machine for subsequent usage.
-
Specification