Methods and apparatus for obscuring a valid password in a set of passwords in a password-hardening system
First Claim
1. A method comprising:
- storing in a first server a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; and
generating in a second server valid password indication information indicating for each of the sets which of the passwords in that set is a valid password;
wherein the valid password indication information comprises index values that are computed for respective ones of the password sets by the second server and that identify respective valid passwords in the respective password sets;
wherein the second server conditions release of a given one of the index values to the first server on a result of a comparison of a user identifier with a value of a user number counter maintained in the second server;
wherein the given one of the index values is computed using the value of the user number counter;
wherein the user number counter indicates a current number of said users for which corresponding index values have been computed by the second server;
wherein, in conjunction with the conditioned release of the given one of the index values to the first server, the second server increments the user number counter; and
wherein the storing and generating are performed by at least one processing device.
9 Assignments
0 Petitions
Accused Products
Abstract
A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to generate valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The valid password indication information comprises index values computed for respective ones of the password sets by the second server to identify respective valid passwords in the respective password sets. The second server may be further configured to compute the index values utilizing a keyed pseudorandom function, and to send the index values to the first server in association with respective values of a user number counter maintained in the second server.
-
Citations
20 Claims
-
1. A method comprising:
-
storing in a first server a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; and generating in a second server valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; wherein the valid password indication information comprises index values that are computed for respective ones of the password sets by the second server and that identify respective valid passwords in the respective password sets; wherein the second server conditions release of a given one of the index values to the first server on a result of a comparison of a user identifier with a value of a user number counter maintained in the second server; wherein the given one of the index values is computed using the value of the user number counter; wherein the user number counter indicates a current number of said users for which corresponding index values have been computed by the second server; wherein, in conjunction with the conditioned release of the given one of the index values to the first server, the second server increments the user number counter; and wherein the storing and generating are performed by at least one processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture comprising at least one non-transitory processor-readable storage medium having embodied therein one or more software programs, wherein the one or more software programs when executed by at least one processing device cause said at least one processing device:
-
to store in a first server a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; and to generate in a second server valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; wherein the valid password indication information comprises index values that are computed for respective ones of the password sets by the second server and that identify respective valid passwords in the respective password sets; wherein the second server conditions release of a given one of the index values to the first server on a result of a comparison of a user identifier with a value of a user number counter maintained in the second server; wherein the given one of the index values is computed using the value of the user number counter; wherein the user number counter indicates a current number of said users for which corresponding index values have been computed by the second server; and wherein, in conjunction with the conditioned release of the given one of the index values to the first server, the second server increments the user number counter. - View Dependent Claims (18, 19)
-
-
16. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; wherein said at least one processing device comprises; a first server configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user; and a second server configured to generate valid password indication information indicating for each of the sets which of the passwords in that set is a valid password; wherein the valid password indication information comprises index values that are computed for respective ones of the password sets by the second server and that identify respective valid passwords in the respective password sets; wherein the second server conditions release of a given one of the index values to the first server on a result of a comparison of a user identifier with a value of a user number counter maintained in the second server; wherein the given one of the index values is computed using the value of the user number counter; wherein the user number counter indicates a current number of said users for which corresponding index values have been computed by the second server; and wherein, in conjunction with the conditioned release of the given one of the index values to the first server, the second server increments the user number counter. - View Dependent Claims (17, 20)
-
Specification