Secure and usable protection of a roamable credentials store
First Claim
Patent Images
1. A method comprising:
- generating a first key based at least in part on a predetermined first iteration count, a salt, and a user password;
generating a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key;
creating a unified credentials vault (UCV);
encrypting with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and
storing the encrypted credential in the UCV.
2 Assignments
0 Petitions
Accused Products
Abstract
A tool facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices. Access to the multiple secure sites and locations occur by utilizing a roamable credential store (RCS), which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.
35 Citations
20 Claims
-
1. A method comprising:
-
generating a first key based at least in part on a predetermined first iteration count, a salt, and a user password; generating a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key; creating a unified credentials vault (UCV); encrypting with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and storing the encrypted credential in the UCV. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A device comprising:
-
one or more processing units; and one or more computer-readable media with modules stored thereon, the modules comprising; a key generation module configured to; generate a first key based at least in part on a predetermined first iteration count, a salt, and a user password; generate a second key based at least in part on a predetermined second iteration count, the salt, and a concatenation of the user password and the first key; a vault creation module configured to create a unified credentials vault (UCV); an encryption module configured to encrypt with the second key location information, a location-specific user name, and a location-specific password to form an encrypted credential; and a storage module configured to store the encrypted credential in the UCV. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A device comprising:
-
a receiver configured to receive a unified credentials vault (UCV), which provides secure storage of multiple encrypted credentials belonging to a user; a display configured to prompt for a password, wherein the password is a UCV password; a processor configured to determine whether a first key based on the UCV password exists in storage, in an event that the first key based on the UCV password does exist in storage; the processor configured to access the first key; and the processor configured to derive a second key based on a salt, a concatenation of the UCV password and the first key, and a second predetermined iteration count, wherein the second predetermined iteration count is less than the first predetermined iteration count. - View Dependent Claims (19, 20)
-
Specification