Encryption and authentication systems and methods

US 8,893,264 B2
Filed: 03/29/2013
Issued: 11/18/2014
Est. Priority Date: 03/05/2001
Status: Active Grant

First Claim

Patent Images

1. A method of receiving user input of a passphrase on a computing device, the method comprising:

receiving, by the computing device, a plurality of passphrase elements from an input device; and

performing, by the computing device, a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value, said performing of the sequence of secure delay processing operations beginning before all of the plurality of passphrase elements have been received from the input device,wherein the passphrase is verified upon completion of the sequence of secure delay processing operations, andwherein initial values of respective secure delay processing operations are based on;

respective passphrase elements, andfor each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operation.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations.

104 Citations

View as Search Results

19 Claims

1. A method of receiving user input of a passphrase on a computing device, the method comprising:
- receiving, by the computing device, a plurality of passphrase elements from an input device; and
  
  performing, by the computing device, a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value, said performing of the sequence of secure delay processing operations beginning before all of the plurality of passphrase elements have been received from the input device,wherein the passphrase is verified upon completion of the sequence of secure delay processing operations, andwherein initial values of respective secure delay processing operations are based on;
  
  respective passphrase elements, andfor each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the plurality of passphrase elements comprises alphanumeric characters.
  - 3. The method of claim 2, wherein the plurality of passphrase elements further comprises one or more space characters.
  - 4. The method of claim 1, wherein receiving the plurality of passphrase elements comprises receiving keystrokes via a keyboard.
  - 5. The method of claim 1, wherein receiving the plurality of passphrase elements comprises receiving selections of graphical indicia.
  - 6. The method of claim 1, wherein the secure delay processing operations include:
    - performing a plurality of hash operations to generate the delayed output, wherein each hash operation produces a hash code and wherein each hash operation subsequent to an initial hash operation performs a hash on the hash code of a preceding hash operation.
  - 7. The method of claim 6, further comprising computing a sub-hash from the delayed output by performing a sub-hash operation on the delayed output.
  - 8. The method of claim 7, further comprising:
    - repeating said receiving and performing for a plurality of iterations; and
      
      transmitting the sub-hash of each iteration to the input device, the sub-hash formatted for visual display by the input device, wherein the initial hash operation for each successive iteration performs a hash on the hash code on the delayed output of a previous iteration, whereby the sub-hashes are visually comparable as they are computed.
  - 9. The method of claim 1, wherein the delayed output value comprises a value which is computationally infeasible to predict for a specified quantity of computing resources, and wherein the delayed output value comprises a value which is deterministic based on the initial value.

10. A secure computing device comprising:
- a receiver configured to receive a plurality of passphrase elements from an input device; and
  
  a processor configured to perform a sequence of secure delay processing operations comprising, in response to receiving from a user of the input device each individual passphrase element of the plurality of passphrase elements, generating a delayed output value from an initial value,wherein the passphrase is verified upon completion of the sequence of secure delay processing operations, andwherein initial values of respective secure delay processing operations are based on;
  
  respective passphrase elements, andfor each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operation.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The device of claim 10, wherein the plurality of passphrase elements comprises alphanumeric characters.
  - 12. The device of claim 11, wherein the plurality of passphrase elements further comprises one or more space characters.
  - 13. The device of claim 10, wherein receiving the plurality of passphrase elements comprises receiving keystrokes via a keyboard.
  - 14. The device of claim 10, wherein receiving the plurality of passphrase elements comprises receiving selections of graphical indicia.
  - 15. The device of claim 10, wherein the secure delay processing operations include:
    - performing a plurality of hash operations to generate the delayed output, wherein each hash operation produces a hash code and wherein each hash operation subsequent to an initial hash operation performs a hash on the hash code of a preceding hash operation.
  - 16. The device of claim 15, further comprising computing a sub-hash from the delayed output by performing a sub-hash operation on the delayed output.
  - 17. The device of claim 16, further comprising:
    - repeating said receiving and performing for a plurality of iterations; and
      
      transmitting the sub-hash of each iteration to the input device, the sub-hash formatted for visual display by the input device, wherein the initial hash operation for each successive iteration performs a hash on the hash code on the delayed output of a previous iteration, whereby the sub-hashes are visually comparable as they are computed.
  - 18. The device of claim 10, wherein the delayed output value comprises a value which is computationally infeasible to predict for a specified quantity of computing resources, and wherein the delayed output value comprises a value which is deterministic based on the initial value.

19. A non-transitory computer-readable storage medium including instructions executable by a processor of a device, the instructions causing the device to:
- receive a plurality of passphrase elements from an input device; and
  
  perform a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value, said performing of the sequence of secure delay processing operations beginning in response to receipt of a first passphrase element of the plurality of passphrase elements from the input device;
  
  wherein the passphrase is verified upon completion of the sequence of secure delay processing operations, andwherein initial values of respective secure delay processing operations are based on;
  
  respective passphrase elements, andfor each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Bolique Applications Ltd LLC (Intellectual Ventures LLC)
Inventors
Suominen, Edwin A.
Primary Examiner(s)
Dinh, Minh

Application Number

US13/853,799
Publication Number

US 20130239208A1
Time in Patent Office

599 Days
Field of Search

None
US Class Current

726/19
CPC Class Codes

G06F 21/31   User authentication

G06F 21/64   Protecting data integrity, ...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

H04L 67/06   specially adapted for file ...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Encryption and authentication systems and methods

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption and authentication systems and methods

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links