Passcode verification using hardware secrets
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving a request to verify a passcode for an identity, the passcode required for at least one method of obtaining access to a resource;
calculating a reference value based at least in part on the passcode and a hardware secret, the hardware secret comprising secret information maintained within a hardware device so as to be unobtainable without physical intrusion into the hardware device;
using a probabilistic data structure that contains a plurality of obtained values each verifiable based at least in part on the hardware secret to perform a comparison of the reference value with a stored value obtained from persistent data storage, separate from the hardware device, in which the stored value is stored in association with the identity; and
providing a response to the request based at least in part on the comparison, the response being configured to enable access to the resource when the comparison indicates that the calculated reference value matches the stored value.
1 Assignment
0 Petitions
Accused Products
Abstract
A hardware secret is securely maintained in a computing device. The hardware secret is used to generate a hash of a passcode that is persistently stored for later use in verification. When a passcode is received as part of an authentication attempt, the hardware secret is used to generate a reference hash of the received passcode that is then compared with the persistently stored hash to determine whether there is a match.
-
Citations
23 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving a request to verify a passcode for an identity, the passcode required for at least one method of obtaining access to a resource; calculating a reference value based at least in part on the passcode and a hardware secret, the hardware secret comprising secret information maintained within a hardware device so as to be unobtainable without physical intrusion into the hardware device; using a probabilistic data structure that contains a plurality of obtained values each verifiable based at least in part on the hardware secret to perform a comparison of the reference value with a stored value obtained from persistent data storage, separate from the hardware device, in which the stored value is stored in association with the identity; and providing a response to the request based at least in part on the comparison, the response being configured to enable access to the resource when the comparison indicates that the calculated reference value matches the stored value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system, comprising at least one computing device configured to implement a verification server configured to:
-
obtain information based at least in part on a passcode; cause a reference value to be calculated based at least in part on the obtained information and a hardware secret stored inside of a hardware device; and provide information indicating whether the calculated reference value matches a persistently stored value by using the persistently stored value to determine matching of the obtained information by using a filter that contains a plurality of obtained values each verifiable based at least in part on the hardware secret to determine whether obtained information matches one of the plurality of obtained values, the stored value persistently stored outside of the hardware device and having been calculated based at least in part on the passcode. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
-
obtain information based at least in part on a passcode of an identity; obtain a value calculated based at least in part on the obtained information and a hardware secret stored within a hardware device; read a persistently stored value from a data storage device different from the hardware device; and use the persistently stored value and the obtained value to verify, based at least in part on whether the persistently stored value matches the obtained value, at least one authentication attempt, wherein the persistently stored value is encoded in an enumerated plurality of obtained values each verifiable based at least in part on the hardware secret; and using the persistently stored value to verify at least one authentication attempt includes, when received authentication information matches a particular value in the enumerated plurality of obtained values, causing one or more obtained values to be electronically marked as invalid based at least in part on the one or more obtained values'"'"' position(s) in the enumerated plurality of obtained values relative to the particular value. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification