Methods, apparatus and systems for securing user-associated passwords used for identity authentication

US 8,949,616 B2
Filed: 09/13/2011
Issued: 02/03/2015
Est. Priority Date: 09/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting authentication information, comprising:

receiving a request for a user-associated password at a user computing device from a requesting device;

receiving the user-associated password at the user computing device from a user, the user-associated password having a format that comprises a number of characters, wherein the user-associated password is a password that authenticates an identity of the user, thereby being authentication information;

generating a temporary password, by the user computing device;

generating, by the user computing device, a key from the temporary password;

encrypting, by the user computing device, the received user-associated password using at least the key resulting in an encrypted user-associated password having the same format and the same number of characters as the received user-associated password; and

communicating the encrypted user-associated password from the user computing device to the requesting device in place of the received user-associated password in response to the request for the user-associated password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user.

35 Citations

View as Search Results

19 Claims

1. A method of encrypting authentication information, comprising:
- receiving a request for a user-associated password at a user computing device from a requesting device;
  
  receiving the user-associated password at the user computing device from a user, the user-associated password having a format that comprises a number of characters, wherein the user-associated password is a password that authenticates an identity of the user, thereby being authentication information;
  
  generating a temporary password, by the user computing device;
  
  generating, by the user computing device, a key from the temporary password;
  
  encrypting, by the user computing device, the received user-associated password using at least the key resulting in an encrypted user-associated password having the same format and the same number of characters as the received user-associated password; and
  
  communicating the encrypted user-associated password from the user computing device to the requesting device in place of the received user-associated password in response to the request for the user-associated password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein encrypting the user-associated password comprises:
    - generating the key for a block encryption algorithm from the temporary password;
      
      padding the received user-associated password resulting in a padded user-associated password; and
      
      encrypting the padded user-associated password using the generated key.
  - 3. The method of claim 2, wherein the temporary password is a One Time Password (OTP), the block encryption algorithm is the Advanced Encryption Standard (AES), and the user-associated password is in decimal form.
  - 4. The method of claim 1, wherein the temporary password is the same length as or has a greater length than the user-associated password, and encrypting the user-associated password comprises changing an element of the user-associated password based on a corresponding element of the temporary password.
  - 5. The method of claim 1, further comprising generating a cryptogram wherein the temporary password is part of or all of the cryptogram, the encrypting the received user-associated password using at least the temporary password is based on the cryptogram.
  - 6. The method of claim 1, further comprising:
    - adding synchronization information to the encrypted user-associated password; and
      
      communicating the synchronization information from the user computing device to the requesting device together with the encrypted user-associated password in place of the user-associated password.
  - 7. The method of claim 6, wherein the synchronization information comprises data from an Application Transaction Counter (ATC), a timestamp, or a received unique code.
  - 8. The method of claim 1, wherein the format of the received user-associated password comprises a number of decimal digits, wherein the encrypted user-associated password has the same number of decimal digits as the received user-associated password.

9. A method of decrypting authentication information, comprising:
- receiving a user-associated password from a user, the user-associated password having a format that comprises a number of characters;
  
  storing the user-associated password in association with the user;
  
  sending a request to a user computing device for the user-associated password;
  
  receiving an encrypted user-associated password having the same format and the same number of characters from the user computing device in place of the requested user-associated password, wherein the encrypted user-associated password, when decrypted, authenticates an identity of the user by matching the stored user-associated password;
  
  generating a temporary password, at a decryption server as would have been done using the user computing device;
  
  decrypting the encrypted user-associated password using at least the temporary password, resulting in a user-associated password, the user-associated password being authentication information; and
  
  comparing the decrypted user-associated password to the stored user associated password.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising:
    - receiving synchronization information together with the encrypted user-associated password, wherein the temporary password is generated using at least the received synchronization information.
  - 11. The method of claim 10, further comprising:
    - converting the received synchronization information and user-associated password to binary form; and
      
      extracting select bits from the binary form, the select bits representing synchronization information;
      
      wherein the temporary password is generated using at least the select bits.
  - 12. The method of claim 11, wherein the select bits are from an Application Transaction Counter (ATC).

13. A method of encrypting authentication information, comprising:
- receiving a request for a user-associated password at a user computing device from a requesting device;
  
  receiving the user-associated password at the user computing device from a user, the user-associated password having a decimal form, wherein the user-associated password is a password that authenticates an identity of the user, thereby being authentication information;
  
  generating a temporary password, by the user computing device;
  
  converting, by the user computing device, the user-associated password into a binary form;
  
  performing, by the user computing device, a bitwise XOR of the binary form of the user-associated password with at least a portion of the temporary password as represented in a binary form resulting in a binary and encrypted form of the user-associated password;
  
  converting, by the user computing device, the binary form of the encrypted user-associated password into decimal form; and
  
  communicating the decimal form of the encrypted user-associated password from the user computing device to the requesting device in place of the received user-associated password in response to the request for the user-associated password.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the temporary password is a cryptogram.
  - 15. The method of claim 13, further comprising:
    - adding bits from an Application Transaction Counter (ATC) to the binary form of the encrypted user-associated password before converting the binary form of the encrypted user-associated password into decimal form.

16. A device for encrypting authentication information, comprising:
- a communication interface operable to receive a request from a requesting device for a user-associated password and to receive the user-associated password having a format that comprises a number of characters from a user, the user-associated password authenticates an identity of the user, thereby being authentication information; and
  
  a processor operable to generate a temporary password, generate a key from the temporary password, and encrypt the received user-associated password using at least the key resulting in an encrypted user-associated password having the same format and the same number of characters as the received user-associated password, the processor operable to transmit the encrypted user-associated password via the communication interface to the requesting device in place of the received user-associated password in response to the request for the user-associated password.
- View Dependent Claims (17, 18, 19)
- - 17. The device of claim 16, a wherein the communication interface is operable to display the encrypted user-associated password to the user.
  - 18. The device of claim 16, wherein the processor is further operable to generate a cryptogram, wherein the temporary password is part of or all of the cryptogram.
  - 19. The device of claim 16, wherein the processor is further operable to add synchronization information to the encrypted user-associated password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hird, Geoffrey, Lee, Jiann-Shi Andy
Primary Examiner(s)
Vaughan, Michael R

Application Number

US13/231,817
Publication Number

US 20120066504A1
Time in Patent Office

1,239 Days
Field of Search

None
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

Methods, apparatus and systems for securing user-associated passwords used for identity authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatus and systems for securing user-associated passwords used for identity authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links