Secure transformable password generation
First Claim
1. A computer implemented method for invalidating transformed passwords to protect a user'"'"'s original password, the method comprising:
- associating, by one or more server computing devices, a first encryption key having a first value with a third party for use in accessing a user'"'"'s account;
creating, by the one or more server computing devices, a first transformed password by encrypting a user'"'"'s original password using the first value of the associated first encryption key;
providing, by the one or more server computing devices, the first transformed password to the third party for accessing the user'"'"'s account, wherein the third party cannot obtain the user'"'"'s original password;
recognizing, by the one or more server computing devices, a breach associated with the third party or the associated first encryption key;
changing, by the one or more server computing devices, the first value of the associated first encryption key to a new value based upon the breach;
receiving, by the one or more server computing devices from the third party, a request for access including the first transformed password;
using, by the one or more server computing devices, the new value of the first encryption key and the user'"'"'s original password to create a second transformed password;
comparing, by the one or more server computing devices, the received first transformed password to the second transformed password; and
when the comparison indicates that the first transformed password and the second transformed password are different, denying, by the one or more server computing devices, the request for access.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to generating and using secure transformable passwords. In one example, a user grants a third party access to an online account at a host server, and the user requests a transformed password from the host server. The host server associates an encryption key with the third party and generates a transformed password using the user'"'"'s online account password and the encryption key. The user transmits the transformed password to the third party which may use the transformed password to access the online account. The host server generates a second transformed password and compares it to the password information received from the third party. If the received password information and the second transformed password are identical, access is granted. The invention also includes methods for invalidating the transformed passwords by changing the encryption keys to an invalid state.
11 Citations
20 Claims
-
1. A computer implemented method for invalidating transformed passwords to protect a user'"'"'s original password, the method comprising:
-
associating, by one or more server computing devices, a first encryption key having a first value with a third party for use in accessing a user'"'"'s account; creating, by the one or more server computing devices, a first transformed password by encrypting a user'"'"'s original password using the first value of the associated first encryption key; providing, by the one or more server computing devices, the first transformed password to the third party for accessing the user'"'"'s account, wherein the third party cannot obtain the user'"'"'s original password; recognizing, by the one or more server computing devices, a breach associated with the third party or the associated first encryption key; changing, by the one or more server computing devices, the first value of the associated first encryption key to a new value based upon the breach; receiving, by the one or more server computing devices from the third party, a request for access including the first transformed password; using, by the one or more server computing devices, the new value of the first encryption key and the user'"'"'s original password to create a second transformed password; comparing, by the one or more server computing devices, the received first transformed password to the second transformed password; and when the comparison indicates that the first transformed password and the second transformed password are different, denying, by the one or more server computing devices, the request for access. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for invalidating transformed passwords to protect a user'"'"'s original password, the system comprising one or more server computing devices having one or more processors configured to:
-
associate a first encryption key having a first value with a third party for use in accessing a user'"'"'s account; create a first transformed password by encrypting a user'"'"'s original password using the first value of the associated first encryption key; provide the first transformed password to the third party for accessing the user'"'"'s account, wherein the third party cannot obtain the user'"'"'s original password; recognize a breach associated with the third party or the associated first encryption key; change the first value of the associated first encryption key to a new value based upon the breach; receive, from the third party, a request for access including the first transformed password; use the new value of the first encryption key and the user'"'"'s original password to create a second transformed password; compare the received first transformed password to the second transformed password; and when the comparison indicates that the first transformed password and the second transformed password are different, deny the request for access. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory, computer readable storage medium on which instructions are stored, the instructions when executed by one or more processors cause the one or more processors to perform a method of invalidating transformed passwords to protect a user'"'"'s original password, the method comprising:
-
associating a first encryption key having a first value with a third party for use in accessing a user'"'"'s account; creating a first transformed password by encrypting a user'"'"'s original password using the first value of the associated first encryption key; providing the first transformed password to the third party for accessing the user'"'"'s account, wherein the third party cannot obtain the user'"'"'s original password; recognizing a breach associated with the third party or the associated first encryption key; changing the first value of the associated first encryption key to a new value based upon the breach; receiving, from the third party, a request for access including the first transformed password; using the new value of the first encryption key and the user'"'"'s original password to create a second transformed password; comparing the received first transformed password to the second transformed password; and when the comparison indicates that the first transformed password and the second transformed password are different, denying the request for access. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification