Password self encryption method and system and encryption by keys generated from personal secret information

US 8,023,647 B2
Filed: 03/12/2009
Issued: 09/20/2011
Est. Priority Date: 05/29/2008
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method comprising:

submitting a user identification for a user from a user computer to a server computer;

receiving a set of information at the user computer from the server computer, in response to the submission of the user identification for the user;

wherein the set of information includes a parameter of a key; and

further comprisingusing the user computer to convert user confidential information to a number x, wherein the number x is dependent on the user confidential information;

using the user computer to compute a number e which is a function of x and which is a function of the user confidential information;

using the user computer to pad the number x to convert x to X_p;using the user computer to encrypt x_pby using the parameter of the key and the number e to form a cipher C, wherein C is a function of the user confidential information; and

submitting the cipher C from the user computer to the server computer.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished.

120 Citations

View as Search Results

19 Claims

1. A method comprising:
- submitting a user identification for a user from a user computer to a server computer;
  
  receiving a set of information at the user computer from the server computer, in response to the submission of the user identification for the user;
  
  wherein the set of information includes a parameter of a key; and
  
  further comprisingusing the user computer to convert user confidential information to a number x, wherein the number x is dependent on the user confidential information;
  
  using the user computer to compute a number e which is a function of x and which is a function of the user confidential information;
  
  using the user computer to pad the number x to convert x to X_p;using the user computer to encrypt x_pby using the parameter of the key and the number e to form a cipher C, wherein C is a function of the user confidential information; and
  
  submitting the cipher C from the user computer to the server computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1 whereinthe parameter of the key is a key modulus.
  - 3. The method of claim 1 whereinthe number e is an odd integer.
  - 4. The method of claim 1the cipher C is formed by the formula:
    - C=x_p^emod n.
  - 5. The method of claim 1 further comprisingusing the user confidential information as a digital certificate of the user and digitally signing messages using a public key generated from the user confidential information.
  - 6. The method of claim 5 whereinthe user confidential information is a user password.
  - 7. The method of claim 1 whereinthe step of encrypting x_pby using the parameter of the key and the number e to form a cipher C is implemented using a layer underlying communication between the user computer and the server computer.
  - 8. The method of claim 7 whereinthe layer includes a web browser.
  - 9. The method of claim 7 whereinthe layer includes a web page.
  - 10. The method of claim 1 further comprisingdecrypting messages from the server computer to the user computer using a public key generated from the user confidential information in order to secure information communicated both from the server computer to the user computer and from the user computer to the server computer.
  - 11. The method of claim 1 whereinthe user confidential information is a user password.
  - 12. The method of claim 1 further comprisingencrypting a message digest by using a public key generated from the user confidential information.
  - 13. The method of claim 12 whereinthe user confidential information is a user password.
  - 14. The method of claim 1 whereinthe set of information received from the server computer comprises a part of a public key used for encryption on the user computer.
  - 15. The method of claim 1 whereinthe server computer is comprised of a plurality of computers.
  - 16. The method of claim 1 further comprisingentering the user identification and the user confidential information in a single web page on the user computer;
    - submitting the user identification from the user computer to the server computer, without the user confidential information; and
      
      subsequently receiving a further set of information at the user computer, from the server computer,and wherein the step of submitting the cipher C from the user computer to the server computer is performed after the set of information is received at the user computer from the server computer.
  - 17. The method of claim 1 further comprisingentering the user identification in a first web page on a user computer;
    - submitting the user identification from the user computer to the server computer, without the user confidential information;
      
      subsequently receiving the set of information at the user computer, from the server computer;
      
      entering the user confidential information in a second web page on the user computer after the set of information has been received at the user computer;
      
      and wherein the step of submitting the cipher C from the user computer to the server computer is performed after the user confidential information is entered in the second web page of the user computer.
  - 18. The method of claim 1 further comprisingreceiving the user confidential information as a text entry into an authentication web page at the user computer prior to using the user computer to convert the user confidential information to the number x;
    - and wherein the user computer uses a text to number conversion scheme to convert the user confidential information to the number x.
  - 19. The method of claim 18 whereinthe user confidential information is a user password.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Cheman Shaik
Original Assignee
Cheman Shaik
Inventors
Shaik, Cheman
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/402,913
Publication Number

US 20090300362A1
Time in Patent Office

922 Days
Field of Search

713/176, 713/184, 713/183, 380/28, 380/29, 380/30, 380/282, 726/5
US Class Current

380/30
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/002   Countermeasures against att...

H04L 9/0844   with user authentication or...

H04L 9/302   involving the integer facto...

Password self encryption method and system and encryption by keys generated from personal secret information

First Claim

3 Assignments

Litigations

2 Petitions

Accused Products

Abstract

120 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Password self encryption method and system and encryption by keys generated from personal secret information

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links