Secure data storage and retrieval incorporating human participation

US 8,683,549 B2
Filed: 03/23/2007
Issued: 03/25/2014
Est. Priority Date: 03/23/2007
Status: Active Grant

First Claim

Patent Images

1. A computer related security method incorporating human participation, the method comprising:

receiving a request for data stored in a storage medium;

in response thereto, transmitting from a client agent to a server, a puzzle request and a retrieval tag, wherein the retrieval tag identifies a location of a blob comprising a user secret;

receiving from the server, a puzzle that requires human participation, and a correct solution to the puzzle;

transmitting the puzzle from the client agent to a user;

receiving from the user, a proposed solution to the puzzle;

transmitting to the user, a query seeking identification of a stored secret;

receiving from the user, a response to the query seeking identification of the stored secret;

transmitting to the server, the proposed solution to the puzzle and the response to the query;

using in the server, the retrieval tag received from the client agent to retrieve the blob for verification of the stored secret; and

if the proposed solution to the puzzle and the response to the query is correct, allowing access to the data stored in the storage medium.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

44 Citations

View as Search Results

15 Claims

1. A computer related security method incorporating human participation, the method comprising:
- receiving a request for data stored in a storage medium;
  
  in response thereto, transmitting from a client agent to a server, a puzzle request and a retrieval tag, wherein the retrieval tag identifies a location of a blob comprising a user secret;
  
  receiving from the server, a puzzle that requires human participation, and a correct solution to the puzzle;
  
  transmitting the puzzle from the client agent to a user;
  
  receiving from the user, a proposed solution to the puzzle;
  
  transmitting to the user, a query seeking identification of a stored secret;
  
  receiving from the user, a response to the query seeking identification of the stored secret;
  
  transmitting to the server, the proposed solution to the puzzle and the response to the query;
  
  using in the server, the retrieval tag received from the client agent to retrieve the blob for verification of the stored secret; and
  
  if the proposed solution to the puzzle and the response to the query is correct, allowing access to the data stored in the storage medium.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method in accordance with claim 1, further comprising:
    - prior to receiving the proposed solution, requesting a user secret;
      
      receiving the user secret; and
      
      generating the stored secret from the received user secret.
  - 3. A method in accordance with claim 1, wherein:
    - the puzzle is intended to be visually rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the visually rendered puzzle.
  - 4. A method in accordance with claim 1, wherein:
    - the puzzle is intended to be audibly rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the audio rendered puzzle.
  - 5. A method in accordance with claim 1, further comprising obtaining the puzzle from a library of pluggable puzzle generators.
  - 6. A method in accordance with claim 1, further comprising:
    - encrypting the data with a first cryptographic key;
      
      encrypting the first cryptographic key with a second cryptographic key;
      
      storing in the storage medium, the encrypted data and the encrypted first cryptographic key; and
      
      if the proposed solution is correct;
      
      decrypting, with the second cryptographic key, the encrypted first cryptographic key; and
      
      providing the decrypted first cryptographic key.

7. A system for implementing computer related security incorporating human participation, the system comprising:
- a memory portion configured to store data;
  
  an input/output portion configured to receive a request for accessing the data stored in the memory portion;
  
  a first processing portion of a client agent, the first processing portion configured to;
  
  transmit from the client agent to a server, a puzzle request and a retrieval tag, wherein the retrieval tag identifies a location of a blob comprising a user secret;
  
  receive from the server, a puzzle that requires human participation, and a correct solution to the puzzle;
  
  transmit the puzzle from the client agent to a user;
  
  receive from the user, a proposed solution to the puzzle;
  
  transmit to the user, a query seeking identification of a stored secret;
  
  receive from the user, a response to the query seeking identification of the stored secret; and
  
  transmit to the server, the proposed solution to the puzzle and the response to the query; and
  
  a second processing portion of the server, the second processing portion configured to;
  
  use the retrieval tag received from the client agent, to retrieve the blob for verification of the stored secret;
  
  determine if the proposed solution to the puzzle and the received response to the query is correct; and
  
  if correct, allow access to the data stored in the memory portion.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A system in accordance with claim 7, wherein the first processing portion is further configured to:
    - prior to receiving the proposed solution, request a user secret;
      
      receive the user secret; and
      
      generate the stored secret from the received user secret.
  - 9. A system in accordance with claim 7, wherein:
    - the puzzle is intended to be visually rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the visually rendered puzzle.
  - 10. A system in accordance with claim 7, wherein:
    - the puzzle is intended to be audibly rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the audio rendered puzzle.
  - 11. A system in accordance with claim 7, the first processing portion further configured to obtain the puzzle from a library of pluggable puzzle generators.
  - 12. A system in accordance with claim 7, wherein:
    - the second processing portion is further configured to;
      
      encrypt the data with a first cryptographic key;
      
      encrypt the first cryptographic key with a second cryptographic key;
      
      store in the memory portion, the encrypted data and the encrypted first cryptographic key; and
      
      if the proposed solution is correct, decrypt, with the second cryptographic key, the encrypted first cryptographic key; and
      
      the input/output portion is further configured to provide the decrypted first cryptographic key.

13. A computer-readable storage medium having stored thereon computer-executable instructions for performing computer related security incorporating human participation, by performing the steps of:
- receiving from a client agent, a puzzle request and a retrieval tag that identifies a location of a blob comprising a user secret;
  
  responsive to the request, obtaining a puzzle from a library of pluggable puzzle generators;
  
  transmitting to the client agent, the puzzle, wherein human participation is intended to obtain a solution to the puzzle;
  
  receiving a user-provided proposed solution to the puzzle;
  
  receiving a user-provided response to a query seeking identification of the user secret;
  
  using the retrieval tag received from the client agent, to retrieve the blob for verification of the user secret; and
  
  if the proposed solution to the puzzle and the response to the query is correct, allowing user access to a stored data.
- View Dependent Claims (14, 15)
- - 14. A computer-readable storage medium in accordance with claim 13, wherein:
    - the puzzle is intended to be visually rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the visually rendered puzzle.
  - 15. A computer-readable storage medium in accordance with claim 13, wherein:
    - the puzzle is intended to be audibly rendered; and
      
      a solution to the puzzle is intended to be obtained via observation of the audio rendered puzzle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Baker, Arthur H., Guarraci, Brian J., Tucker, Andrew Stewart, Medvinsky, Gennady, Dutta, Tanmoy
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US11/690,685
Publication Number

US 20080320554A1
Time in Patent Office

2,559 Days
Field of Search

726/2, 713/193
US Class Current

726/2
CPC Class Codes

G06F 21/31 User authentication

H04L 9/32 including means for verifyi...

Secure data storage and retrieval incorporating human participation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Secure data storage and retrieval incorporating human participation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others