×

Interlocking plain text passwords to data encryption keys

  • US 8,516,264 B2
  • Filed: 04/27/2010
  • Issued: 08/20/2013
  • Est. Priority Date: 10/09/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method of authenticating a user request for access to at least a portion of an encrypted storage device, the method comprising:

  • generating a unique password for authenticating a user for access to the encrypted storage device by the steps of;

    generating, by a random number generator;

    i) a root key to encrypt and decrypt data;

    ii) a maker'"'"'s password to generate other passwords;

    iii) an authentication hash key to generate hashed values of plaintext passwords; and

    iv) a random data key corresponding to the unique authentication hash key, wherein the root key is stored in a one-time programmable memory in an access control system of an encryption module and not accessible outside of the access control system;

    generating, by the encryption module, an encrypted data key based on the random data key, the authentication hash key and the root key;

    generating, by the encryption module, a unique plaintext password for the user based on a random number and the encrypted data key;

    generating, by a hash module, a hashed value of the generated plaintext password based on the authentication hash key;

    storing the hashed value of the plaintext password and the corresponding encrypted data key to a key storage; and

    providing the plaintext password to the user;

    receiving the request for access to at least a portion of the encrypted storage device, the request including the plaintext password;

    generating, by the hash module, a hashed version of the received plaintext password based on the authentication hash key;

    retrieving, from the key storage, a hashed value of a generated plaintext password;

    comparing, by a hash comparator, the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password; and

    when the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, authenticating the user for access to at least a portion of the encrypted storage device,otherwise, denying the user access to the encrypted storage device;

    changing the user'"'"'s plaintext password, by the steps of;

    receiving a desired plaintext password for the user;

    extracting the authentication hash key and data key from the encrypted data key; and

    generating, by the hash module, a hashed version of the desired plaintext password based upon the extracted authentication hash key and the root key.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×