Secure and usable protection of a roamable credentials store

US 9,262,618 B2
Filed: 06/15/2012
Issued: 02/16/2016
Est. Priority Date: 02/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a first key based at least in part on a predetermined first iteration count, a salt, and a user password;

generating a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key;

creating a unified credentials vault (UCV);

encrypting with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and

storing the encrypted credential in the UCV.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.

35 Citations

20 Claims

1. A method comprising:
- generating a first key based at least in part on a predetermined first iteration count, a salt, and a user password;
  
  generating a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key;
  
  creating a unified credentials vault (UCV);
  
  encrypting with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and
  
  storing the encrypted credential in the UCV.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein at least one of the location information, the location-specific user name, or the location-specific password are twice-encrypted.
  - 3. The method of claim 1, wherein the UCV is password-protected.
  - 4. The method of claim 1, further comprising synchronizing the encrypted credentials stored in the UCV with credentials stored in a roamable store.
  - 5. The method of claim 1, further comprising providing access to the encrypted credentials to facilitate authentication of a user associated with the encrypted credentials.
  - 6. The method of claim 1, further comprising providing access to the encrypted credentials to allow the encrypted credentials to be managed, the managing including updating the encrypted credentials.
  - 7. The method of claim 1, further comprising providing access of the encrypted credentials to an application programming interface.
  - 8. The method of claim 1, further comprising providing access of the encrypted credentials to a user application.
  - 9. The method of claim 1, further comprising creating the UCV on one or more of a roamable device or a computer.
  - 10. The method of claim 1, wherein the salt comprises random bits.
  - 11. The method of claim 1, wherein the UCV further comprises at least one vault application programming interface (API) configured to provide a subset of the credentials associated with the user to the computing device to enable access of a secure site by the computing device.

12. A device comprising:
- one or more processing units; and
  
  one or more computer-readable media with modules stored thereon, the modules comprising;
  
  a key generation module configured to;
  
  generate a first key based at least in part on a predetermined first iteration count, a salt, and a user password;
  
  generate a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key;
  
  a vault creation module configured to create a unified credentials vault (UCV);
  
  an encryption module configured to encrypt with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and
  
  a storage module configured to store the encrypted credential in the UCV.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The device of claim 12, wherein the vault creation module is further configured to create the UCV on one or more of a roamable device or a computer.
  - 14. The device of claim 12, wherein the salt comprises random bits.
  - 15. The device of claim 12, wherein the vault creation module is further configured to create the UCV on a roamable device, the roamable device comprising a component configured to detachably connect the roamable device to a computing device.
  - 16. The device of claim 15 wherein the roamable device further comprises a synchronization center configured to set synchronization partnerships with the at least one vault API.
  - 17. The device of claim 12, wherein at least one of the location information, the location-specific user name, or the location-specific password are twice-encrypted.

18. A device comprising:
- a receiver configured to receive a unified credentials vault (UCV), which provides secure storage of multiple encrypted credentials belonging to a user;
  
  a display configured to prompt for a password, wherein the password is a UCV password;
  
  a processor configured to determine whether a first key based on the UCV password exists in storage,in an event that the first key based on the UCV password does exist in storage;
  
  the processor configured to access the first key; and
  
  the processor configured to derive a second key based on a salt, a concatenation of the UCV password and the first key, and a second predetermined iteration count, wherein the second predetermined iteration count is less than the first predetermined iteration count.
- View Dependent Claims (19, 20)
- - 19. The device of claim 18, further comprising a removable memory coupled to the processor, the UCV embodied on the removable memory and operable by the processor.
  - 20. The device of claim 18, the processor further configured to utilize the second key to securely access an encrypted credential in the UCV, wherein the encrypted credential represents a location, a location-specific user name, and a location-specific password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Malpani, Raghavendra
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US13/524,427
Publication Number

US 20120260325A1
Time in Patent Office

1,341 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 2221/2107   File encryption

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

Secure and usable protection of a roamable credentials store

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and usable protection of a roamable credentials store

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links