Password-protection module

US 7,886,345 B2
Filed: 06/30/2005
Issued: 02/08/2011
Est. Priority Date: 07/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method, performed in a computer processor, of protecting a password being used to establish interaction between a user and an application, comprising:

detecting, across a user interface, a request for the password from the application by receiving a notification from the user indicating the request;

combining the password with information identifying the application, so as to produce a protected password; and

authenticating to the application using the protected password;

wherein authenticating to the application includes communicating with the application in a challenge-response protocol using a derivative of the protected password;

wherein the method further includes preventing the user from providing the password directly to the application;

wherein the derivative of the protected password includes a key generated from the protected password.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of protecting a password being used to establish interaction between a user and an application includes detecting a request for the password from the application by receiving a notification from the user indicating the request. The method further includes combining the password with information identifying the application, so as to produce a protected password, and authenticating to the application using the protected password. The method may also include a mutual authentication capability between user and the application.

33 Citations

View as Search Results

28 Claims

1. A method, performed in a computer processor, of protecting a password being used to establish interaction between a user and an application, comprising:
- detecting, across a user interface, a request for the password from the application by receiving a notification from the user indicating the request;
  
  combining the password with information identifying the application, so as to produce a protected password; and
  
  authenticating to the application using the protected password;
  
  wherein authenticating to the application includes communicating with the application in a challenge-response protocol using a derivative of the protected password;
  
  wherein the method further includes preventing the user from providing the password directly to the application;
  
  wherein the derivative of the protected password includes a key generated from the protected password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the notification from the user includes entering a control sequence of at least one sequence element from a user input device.
  - 3. The method of claim 1, wherein the notification from the user includes activating a control on a security device that is in communication with a computer platform associated with the user.
  - 4. The method of claim 1, wherein the notification from the user includes establishing communication between a security device and a computer platform associated with the user.
  - 5. The method of claim 1, wherein the information identifying the application is selected from the group consisting of a URL, an IP address, a name in a certificate, and a public key.
  - 6. The method of claim 1, wherein combining the password with information identifying the application includes hashing the password and the information identifying the application.
  - 7. The method of claim 1, wherein combining the password with information identifying the application includes combining additional information with the password and the information identifying the application.
  - 8. The method of claim 1, wherein authenticating to the application includes providing the protected password to the application.
  - 9. The method of claim 1, wherein the password is at least a portion of a one-time password.
  - 10. The method of claim 1, wherein authenticating to the application includes interacting with an authentication authority.
  - 11. The method of claim 1, further including transferring control over user interaction from the application to a password-protection module upon detecting the request for the password.
  - 12. The method of claim 11, further including transferring control back to the application after the protected password is provided to the application.
  - 13. The method of claim 1, further including receiving assurance that the application is entitled to interact with the user.
  - 14. The method of claim 13 wherein receiving assurance includes the application demonstrating knowledge of the password.
  - 15. The method of claim 14, wherein demonstrating knowledge of the password includes communicating with the user via a protocol involving the password.
  - 16. The method of claim 13, wherein receiving assurance includes the application demonstrating knowledge of the protected password.
  - 17. The method of claim 13, wherein receiving assurance includes the application interacting with an authentication authority.
  - 18. The method of claim 1, wherein detecting the request for the password further includes decoding information provided by the application.
  - 19. The method of claim 1 wherein the request for the password from the application is generated in response to the user being subject to a phishing scheme.

20. A method, performed in a computer processor, of protecting a password being used to establish interaction between a user and an application, comprising:
- detecting, across a user interface, a request for the password from the application;
  
  combining the password with information identifying the application, so as to produce a protected password;
  
  authenticating to the application using the protected password; and
  
  determining, based on the password, whether the application is entitled to interact with the user;
  
  wherein determining whether the application is entitled to interact with the user includes the application demonstrating knowledge of the password;
  
  wherein the application demonstrating knowledge of the password includes providing a derivative of the password to the user; and
  
  wherein the derivative of the password is an alternative combination of the password and the value identifying the application, such that the alternative combination is a different combination from the one that produced the protected password.

21. A method, performed in a computer processor, of protecting a password being used to establish interaction between a user and an application, comprising:
- detecting, across a user interface, a request for the password from the application;
  
  combining the password with information identifying the application, so as to produce a protected password;
  
  authenticating to the application using the protected password; and
  
  determining, based on the password, whether the application is entitled to interact with the user;
  
  wherein determining whether the application is entitled to interact with the user includes the application demonstrating knowledge of the password; and
  
  wherein the demonstration of knowledge of the password includes deriving a key from the password, computing message authentication code with the derived key, and sending the message authentication code to the user.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein determining whether the application is entitled to interact with the user includes interacting with an authentication authority.
  - 23. The method of claim 21, further including (i) allowing further user interaction with the application if the application is determined to be entitled to interact with the user, or (ii) preventing user interaction with the application if the application is determined not to be entitled to interact with the user.
  - 24. The method of claim 21 wherein the request for the password from the application is generated in response to the user being subject to a phishing scheme.

25. A non-transitory computer readable storage medium including stored instructions, which, when performed by a computer, are adapted for protecting a password being used to establish interaction between a user and an application, comprising:
- instructions for detecting a request for the password from the application by receiving a notification from the user across a user interface indicating the request;
  
  instructions for combining the password with a value identifying the application, so as to produce a protected password; and
  
  instructions for authenticating to the application using the protected password;
  
  wherein the instructions for authenticating to the application include instructions for communicating with the application in a challenge-response protocol using a derivative of the protected password;
  
  wherein the derivative of the protected password includes a key generated from the protected password.
- View Dependent Claims (26, 27, 28)
- - 26. The non-transitory computer readable medium of claim 25, wherein at least a portion of the stored instructions is designated to be a plug-in associated with a browser.
  - 27. The non-transitory computer readable medium of claim 25, wherein at least a portion of the stored instructions is designated to be run as a component of an operating system.
  - 28. The non-transitory computer readable medium of claim 25 wherein the request for the password from the application is generated in response to the user being subject to a phishing scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Nyström, Magnus, Kaliski, Burton S.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US11/172,378
Publication Number

US 20060041759A1
Time in Patent Office

2,049 Days
Field of Search

380/259, 380/283, 380/281, 713/153, 713/155, 713/169, 713/183, 705/67, 705/72, 726/10, 726/5, 726/6
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

H04L 63/083   using passwords cryptograph...

H04L 63/0869   for achieving mutual authen...

Password-protection module

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Password-protection module

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links