Client-based authentication

US 8,595,507 B2
Filed: 02/16/2011
Issued: 11/26/2013
Est. Priority Date: 02/16/2011
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

a secure storage area in a storage device coupled to a client node; and

one or more processing devices configured;

to invoke N multiple authentication mechanisms to encrypt N split-keys using credentials associated with corresponding ones of the N authentication mechanisms, to transform the split-keys into N encrypted split-keys,to store each of the encrypted split-keys, with an associated local user identity and an identity of one of the corresponding ones of the N authentication mechanisms in the secure storage area; and

to decrypt an encrypted system password associated with a system user identity using a security key reconstructed from the split-keys to replicate successful login to the client node and to enable access to a client application.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.

Citations

18 Claims

1. An apparatus, comprising:
- a secure storage area in a storage device coupled to a client node; and
  
  one or more processing devices configured;
  
  to invoke N multiple authentication mechanisms to encrypt N split-keys using credentials associated with corresponding ones of the N authentication mechanisms, to transform the split-keys into N encrypted split-keys,to store each of the encrypted split-keys, with an associated local user identity and an identity of one of the corresponding ones of the N authentication mechanisms in the secure storage area; and
  
  to decrypt an encrypted system password associated with a system user identity using a security key reconstructed from the split-keys to replicate successful login to the client node and to enable access to a client application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the client node is housed together with the storage device.
  - 3. The apparatus of claim 1, further comprising:
    - a user input device to receive at least one of the credentials as a biometric measurement.
  - 4. The apparatus of claim 1, further comprising:
    - a user input device to receive at least one of the credentials as data provided by a smart card or a cellular telephone.
  - 5. The apparatus of claim 1, wherein the storage device comprises non-volatile memory.
  - 6. The apparatus of claim 1, further comprising:
    - an encryption module to encrypt the split-keys.

7. A processor-implemented method to execute on one or more processors that perform the method, comprising:
- invoking N multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the N authentication mechanisms, transforming the split-keys to provide N encrypted split-keys; and
  
  storing each of the encrypted split-keys with an associated local user identity and an identity of one of the corresponding ones of the N authentication mechanisms; and
  
  decrypting an encrypted system password associated with a system user identity using a security key reconstructed from the split-keys to replicate successful login to the client node and to enable access to a client application.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, further comprising:
    - generating, by the client node, a security key that is to be split into the N split-keys.
  - 9. The method of claim 7, further comprising:
    - responsive to receiving an indication that a network login has been attempted and that an authentication server node is not accessible by the client node, decrypting the split-keys using the credentials at the client node.
  - 10. The method of claim 8, further comprising:
    - after the security key has been discarded by the client node, merging the split-keys to regenerate the security key as a reconstructed key.
  - 11. The method of claim 7, further comprising:
    - splitting a security key into the N split-keys by the client node; and
      
      encrypting each of the N split-keys using one of a password or an encrypted version of the password, the password corresponding to one of the N authentication mechanisms associated with one of the split-keys to be encrypted.

12. A processor-implemented method to execute on one or more processors that perform the method, comprising:
- splitting, by a client node, a security key to provide N split-keys corresponding to N authentication mechanisms executable on the client node, and discarding the security key;
  
  invoking the authentication mechanisms, by the client node, to encrypt the N split-keys using credentials associated with the N authentication mechanisms, transforming the split-keys to provide N encrypted split-keys; and
  
  responsive to receiving an indication that a network login has been attempted at the client node and that an authentication server node is not accessible by the client node, decrypting, at the client node, the split-keys with the credentials associated with corresponding ones of the authentication mechanisms so that the security key can be reconstructed as a reconstructed key at the client node to replicate the network login.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, further comprising:
    - storing each of the encrypted split-keys with an associated local user identity and an identity of one of the corresponding ones of the authentication mechanisms in a secure storage area.
  - 14. The method of claim 13, wherein the secure storage area comprises a registry,
  - 15. The method of claim 12, further comprising:
    - responsive to receiving, at the client node, an indication of a successful network login comprising acceptance of the credentials by the corresponding ones of the authentication mechanisms, encrypting the local user identity and a corresponding password with a reconstructed version of the security key to provide an encrypted identity and password, the reconstructed version of the security key generated from a combination of the N split-keys.
  - 16. The method of claim 15, further comprising:
    - storing a system user identity and the encrypted identity and password in a secure storage area.
  - 17. The method of claim 16 wherein the system user identity comprises a network user name.
  - 18. The method of claim 12, wherein at least some of the authentication mechanisms are invoked to encrypt the N split-keys using random keys encrypted by password that form a portion of the credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Panchapakesan, Santosh Kumar, Hegde, Vinayak
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US13/028,401
Publication Number

US 20120210135A1
Time in Patent Office

1,014 Days
Field of Search

713182-185, 726 1- 36, 708/135
US Class Current

713/184
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/0822   using key encryption key

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

H04W 12/041   Key generation or derivation

H04W 12/06   Authentication

Client-based authentication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Client-based authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links