Securing multifactor split key asymmetric crypto keys
First Claim
1. A method for securing an asymmetric crypto-key having a public key and a split private key with a first private portion and a second private portion, comprising:
- generating a first asymmetric key pair and a second asymmetric key pair, wherein a private key of the first key pair is used as a first factor which is stored on a user device, and wherein a private key of the second key pair is used as a second factor stored on a portable storage device;
generating the first private portion by cryptographically transforming the first factor and second factor;
generating a signature based on a challenge and the first private portion; and
transmitting the signature to an entity,wherein a second private portion of the split private key is stored on the entity;
wherein the first private portion and the second private portion are combinable to form a complete private key; and
wherein the second private portion cannot be accessed by the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.
96 Citations
16 Claims
-
1. A method for securing an asymmetric crypto-key having a public key and a split private key with a first private portion and a second private portion, comprising:
-
generating a first asymmetric key pair and a second asymmetric key pair, wherein a private key of the first key pair is used as a first factor which is stored on a user device, and wherein a private key of the second key pair is used as a second factor stored on a portable storage device; generating the first private portion by cryptographically transforming the first factor and second factor; generating a signature based on a challenge and the first private portion; and transmitting the signature to an entity, wherein a second private portion of the split private key is stored on the entity; wherein the first private portion and the second private portion are combinable to form a complete private key; and wherein the second private portion cannot be accessed by the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. The method of 1, further comprising:
-
non-persistently storing the generated first private portion for a limited time period; and during a limited time period applying the stored first private portion to authenticate a user multiple times.
-
-
8. A system for securing an asymmetric crypto-key having a public key and a split private key with a first private portion and a second private portion, comprising:
-
a cryptographic key generation mechanism configured to generate a first asymmetric key pair and a second asymmetric key pair, wherein a private key of the first key pair is used as a first factor which is stored on a user device, and wherein a private key of the second key pair is used as a second factor stored on a portable storage device; a challenge-response mechanism configured to generate the first private portion by cryptographically transforming the first factor and second factor, and further configured to generate a signature based on a challenge and the first private portion; and a communication mechanism configured to transmit the signature to an entity, wherein a second private portion of the split private key is stored on the entity; wherein the first private portion and the second private portion are combinable to form a complete private key; and wherein the second private portion cannot be accessed by the user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory storage medium storing instructions which when executed by a computer cause the computer to perform a method for securing an asymmetric crypto-key having a public key and a split private key with a first private portion and a second private portion, the method comprising:
-
generating a first asymmetric key pair and a second asymmetric key pair, wherein a private key of the first key pair is used as a first factor which is stored on a user device, and wherein a private key of the second key pair is used as a second factor stored on a portable storage device; generating the first private portion by cryptographically transforming the first factor and second factor; generating a signature based on a challenge and the first private portion; and transmitting the signature to an entity, wherein a second private portion of the split private key is stored on the entity; wherein the first private portion and the second private portion are combinable to form a complete private key; and wherein the second private portion cannot be accessed by the user. - View Dependent Claims (16)
-
Specification