Distributed passcode verification system
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of a computer system configured with executable instructions,receiving passcode information comprising, for each passcode of a plurality of passcodes, a value derived based at least in part on the passcode and usable, with a hardware secret, to verify purported passcodes, the hardware secret maintained in a hardware device so as to be unobtainable to any processor executing code outside of the hardware device;
receiving a purported passcode;
causing the hardware device to provide a reference value calculated based at least in part on the purported passcode and the hardware secret;
determining, based at least in part on whether the calculated reference value matches a corresponding value of the passcode information, whether the purported passcode is valid;
enabling access to computing functionality as a result of determining that the purported passcode is valid; and
as a result of a limit on a number of passcode verifications being exceeded, causing the computer system to become unable to use the hardware secret to verify purported passcodes such that the computer system is unable to unilaterally restore an ability to use the hardware secret to verify purported passcodes.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed passcode verification system includes devices that each have a hardware secret and that are each able to perform a limited number of verifications using their hardware secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a hardware secret, to verify passcodes provided to a verifier.
-
Citations
22 Claims
-
1. A computer-implemented method, comprising:
under the control of a computer system configured with executable instructions, receiving passcode information comprising, for each passcode of a plurality of passcodes, a value derived based at least in part on the passcode and usable, with a hardware secret, to verify purported passcodes, the hardware secret maintained in a hardware device so as to be unobtainable to any processor executing code outside of the hardware device; receiving a purported passcode; causing the hardware device to provide a reference value calculated based at least in part on the purported passcode and the hardware secret; determining, based at least in part on whether the calculated reference value matches a corresponding value of the passcode information, whether the purported passcode is valid; enabling access to computing functionality as a result of determining that the purported passcode is valid; and as a result of a limit on a number of passcode verifications being exceeded, causing the computer system to become unable to use the hardware secret to verify purported passcodes such that the computer system is unable to unilaterally restore an ability to use the hardware secret to verify purported passcodes. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A system, comprising a plurality of computing devices configured to implement at least:
-
one or more passcode verifiers, each passcode verifier of the one or more passcode verifiers configured with a hardware device that maintains a hardware secret so as to be unobtainable outside of the hardware device, the passcode verifier further configured to; receive, from a passcode information manager, passcode information required to perform passcode verifications; and use the hardware device to verify passcodes based at least in part on the hardware secret and in accordance with a limit on a number of passcode verifications performable using the hardware secret such that, as a result of such limit on a number of passcode verifications being exceeded, the passcode verifier is made unable to use the hardware secret to verify purported passcodes such that the passcode verifier is unable to unilaterally restore an ability to use the hardware secret to verify purported passcodes. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to:
-
receive a purported passcode; as a result of receiving the purported passcode; cause to be calculated, based at least in part on the purported passcode and a hardware secret of the computer system, a reference value; determine, based at least in part on the calculated reference value and passcode verification information received from another computer system, whether the purported passcode is valid; enable access to a resource on a condition that the purported passcode is determined to be valid; and perform an operation that contributes to depletion of a limited number of passcode verifications performable by the computer system such that, as a result of the limited number of passcode verifications being fully depleted, the computer system is made unable to use the hardware secret to verify purported passcodes such that the system is unable to unilaterally restore an ability to use the hardware secret to verify purported passcodes. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification