Password encryption key

US 8,447,990 B2
Filed: 10/23/2003
Issued: 05/21/2013
Est. Priority Date: 10/25/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for a secure transaction, comprising:

generating a first key from a user-supplied unencrypted password provided by a user computing device, wherein generating the first key includes calculating a checksum,encrypting the user-supplied unencrypted password using the first key,creating a user record,storing the encrypted password in the user record,upon user login, generating a second key from a would-be user'"'"'s password using the same algorithm used to generate the first key from the user-supplied unencrypted password,retrieving the corresponding user record,decrypting the encrypted password in the user record using the second key, andcomparing the decrypted password with the would-be user-supplied password to see if they match.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password-encrypted key (PEK) is generated from a user-supplied password or other identifying data and then used to encrypt the user'"'"'s password. The encrypted password is stored in a user record on a server. At login a would-be user'"'"'s password is again used to make a key, which is then used to decrypt and compare the stored encrypted password with the would-be user'"'"'s password to complete the login. The successful PEK is stored in a temporary session record and can be used to decrypt other sensitive user information previously encrypted and stored in the user record as well as to encrypt new information for storage in the user record. A public/private key system can also be used to maintain limited access for the host to certain information in the user record.

Citations

10 Claims

1. A computer-implemented method for a secure transaction, comprising:
- generating a first key from a user-supplied unencrypted password provided by a user computing device, wherein generating the first key includes calculating a checksum,encrypting the user-supplied unencrypted password using the first key,creating a user record,storing the encrypted password in the user record,upon user login, generating a second key from a would-be user'"'"'s password using the same algorithm used to generate the first key from the user-supplied unencrypted password,retrieving the corresponding user record,decrypting the encrypted password in the user record using the second key, andcomparing the decrypted password with the would-be user-supplied password to see if they match.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprisingif the decrypted password and user-supplied password match, creating a temporary session record and storing the second key in the session record, otherwise aborting the user login.
  - 3. The computer-implemented method of claim 2, further comprisingencrypting other sensitive user data using the first key and storing the encrypted data in the user record, andduring a session wherein a session record has been created, using the second key stored in the session record to decrypt other encrypted information stored in the user record for use in carrying out some desired action.
  - 4. The computer-implemented method of claim 1, further comprisinggenerating a public/private key pair,storing the public key on an application server and the mating private key only on another server,encrypting the original user-supplied unencrypted password with the public key and storing the public-key encrypted password on the application server, andfetching the private key from the other server and using it to decrypt selected information on the application server.
  - 5. The computer-implemented method of claim 4, wherein the other server is a secure off-site server.

6. A computer-executable program residing on a computer, the execution of the program causing the computer to:
- generate a first key from user-supplied identification data provided by a user computing device, wherein generating the first key includes calculating a checksum,encrypt the user-supplied identification data using the first key,create a user record,store the encrypted identification data in the user record,upon user login, generate a second key from a would-be user'"'"'s identification data supplied at login using the same algorithm used to generate the first key from the user-supplied unencrypted identification data,retrieve the corresponding user record,decrypt the encrypted identification data in the user record using the second key, andcompare the decrypted identification data with the would-be user-supplied identification data to see if they match.
- View Dependent Claims (7, 8)
- - 7. The computer-executable program of claim 6, further causing the computer toif the decrypted identification data and user-supplied identification data match, create a temporary session record and storing the second key in the session record, otherwise aborting the user login.
  - 8. The computer-executable program of claim 7, further causing the computer toencrypt other sensitive user data using the first key and storing the encrypted data in the user record, andduring a session wherein a session record has been created, use the second key stored in the session record to decrypt other encrypted information stored in the user record for use in carrying out some desired action.

9. A computing device comprising:
- a memory configured to store a first unencrypted password supplied from a user computing device; and
  
  a processor configured to execute instructions to perform a method comprising;
  
  generating a first key from the first user-supplied unencrypted password, wherein generating the first key includes calculating a checksum;
  
  encrypting the first user-supplied unencrypted password using the first key;
  
  storing the encrypted user-supplied password in a user record;
  
  upon receiving a login request that includes a second unencrypted password from a would-be user, generating a second key from the second user-supplied unencrypted password in a manner equivalent to generating the first key from the first user-supplied unencrypted password;
  
  using the second key to decrypt the first encrypted user-supplied password in the user record;
  
  comparing the decrypted password and the second user-supplied unencrypted password to identify a match; and
  
  upon identifying a match, creating a temporary user session record and storing the second key in the temporary user session record.
- View Dependent Claims (10)
- - 10. The computing device of claim 9 further including:
    - encrypting sensitive user data using the first key;
      
      storing the encrypted sensitive user data in the user record;
      
      using the second key to decrypt the stored encrypted sensitive user data; and
      
      storing the decrypted sensitive user data in the temporary user session record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mangas Gaming Malta Limited
Original Assignee
Cambridge Interactive Development Corporation (Giga Media Limited)
Inventors
Utin, Daniil
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Vaughan, Michael R

Application Number

US10/532,541
Publication Number

US 20060156026A1
Time in Patent Office

3,498 Days
Field of Search

None
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0863   involving passwords or one-...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3226   using a predetermined code,...

Password encryption key

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Password encryption key

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links