Secure password management systems, methods and apparatuses

US 9,391,778 B2
Filed: 05/15/2015
Issued: 07/12/2016
Est. Priority Date: 06/18/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a non-volatile storage;

a user interface; and

a processor coupled to the non-volatile storage and the user interface, the processor configured to;

retrieve two or more predetermined prompts from the non-volatile storage, each predetermined prompts associated with an expected input stored in the non-volatile storage;

present the two or more predetermined prompts on the user interface to a user;

receive a first set of inputs in response to the two or more predetermined prompts;

create an encryption keyword from a subset of the first set of inputs, the subset omitting input(s) to at least one prompt, wherein the omitted input(s) for the at least one prompt do not match the associated expected input stored in the non-volatile storage; and

use the encryption keyword to authenticate the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein provide a computing environment for authenticating a user. An apparatus according to the present disclosure may comprise a non-volatile storage, a user interface, and a password engine. The password engine is configured to retrieve two or more predetermined prompts from the non-volatile storage, present the two or more predetermined prompts on the user interface to a user in a random order, receive a first set of input(s) in response to the two or more predetermined prompts, create an encryption keyword from the received first set of input(s) according to an original order of the two or more predetermined prompts stored in the non-volatile storage, and use the encryption keyword to authenticate the user.

Citations

19 Claims

1. An apparatus, comprising:
- a non-volatile storage;
  
  a user interface; and
  
  a processor coupled to the non-volatile storage and the user interface, the processor configured to;
  
  retrieve two or more predetermined prompts from the non-volatile storage, each predetermined prompts associated with an expected input stored in the non-volatile storage;
  
  present the two or more predetermined prompts on the user interface to a user;
  
  receive a first set of inputs in response to the two or more predetermined prompts;
  
  create an encryption keyword from a subset of the first set of inputs, the subset omitting input(s) to at least one prompt, wherein the omitted input(s) for the at least one prompt do not match the associated expected input stored in the non-volatile storage; and
  
  use the encryption keyword to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the processor is further configured to:
    - derive a master encryption key from the encryption keyword; and
      
      decrypt content of a password storage using the master encryption key.
  - 3. The apparatus of claim 1, wherein the processor is further configured to:
    - generate a plurality of prompts;
      
      present the generated plurality of prompts on the user interface to the user;
      
      receive a second set of inputs in response to the generated plurality of prompts; and
      
      store, in the non-volatile storage, the generated plurality of prompts as the two or more predetermined prompts, the received second set of inputs as the associated expected input for each of the plurality of prompts, and a result of a calculation using the encryption keyword, wherein the encryption keyword is created from the second set of inputs.
  - 4. The apparatus of claim 3, wherein the processor is further configured to:
    - create a plurality of additional encryption keywords, each being created from a subset of the second set of inputs, the subset of the second set of inputs missing input(s) to at least one prompt respectively.
  - 5. The apparatus of claim 4, wherein the processor is further configured to:
    - derive a plurality of encryption keys from the encryption keyword and the plurality of additional keywords respectively; and
      
      generate a plurality of copies of a secure storage using the plurality of encryption keys respectively.
  - 6. The apparatus of claim 4, wherein the processor is further configured to:
    - derive a plurality of encryption keys from the encryption keyword and the plurality of additional keywords respectively;
      
      generate a symmetric key and use the symmetric key to generate one copy of a secure storage; and
      
      encrypt the symmetric key using the plurality of encryption keys respectively.
  - 7. The apparatus of claim 3, wherein the processor is further configured to generate at least one of the generated plurality of prompts using a camera, an audio recorder or a video recorder.
  - 8. The apparatus of claim 3, wherein the processor is further configured to:
    - generate a hash of the encryption keyword; and
      
      store the generated hash to the non-volatile storage.
  - 9. The apparatus of claim 1, wherein the processor is further configured to:
    - generate a hash of the encryption keyword; and
      
      compare the generated hash to a hash retrieved from the non-volatile storage.
  - 10. The apparatus of claim 1, wherein the first set of inputs include at least one of characters, foreign language characters, or symbols.
  - 11. The apparatus of claim 1, wherein the first set of inputs are a plurality of character strings.

12. An apparatus, comprising:
- a non-volatile storage;
  
  a user interface; and
  
  a processor coupled to the non-volatile storage and the user interface, the processor configured to;
  
  retrieve two or more predetermined prompts from the non-volatile storage;
  
  present the two or more predetermined prompts on the user interface to a user;
  
  receive a first set of inputs in response to the two or more predetermined prompts, each input of the first set of inputs corresponding to one of the two or more predetermined prompts respectively;
  
  create an encryption keyword from the received first set of inputs by organizing each input of the first set of inputs according to an original order of the two or more predetermined prompts stored in the non-volatile storage for organizing the two or more predetermined prompts, wherein the original order is different from the order in which the two or more predetermined prompts are presented and the first set of inputs are received; and
  
  use the encryption keyword to authenticate the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The apparatus of claim 12, wherein in using the encryption keyword to authenticate the user, the processor is further configured to:
    - derive a master encryption key from the encryption keyword; and
      
      decrypt content of a password storage using the master encryption key.
  - 14. The apparatus of claim 12, wherein the processor is further configured to:
    - generate a plurality of prompts;
      
      present the generated plurality of prompts on the user interface to the user;
      
      receive a second set of inputs in response to the generated plurality of prompts; and
      
      store, in the non-volatile storage, the generated plurality of prompts as the two or more predetermined prompts, the original order of the plurality of prompts presented to the user, and a result of a calculation using the encryption keyword, wherein the encryption keyword is created from the second set of inputs.
  - 15. The apparatus of claim 14, wherein the processor is further configured to:
    - create a plurality of additional encryption keywords, each being created from a subset of the second set of inputs, each subset of the second set of inputs missing input(s) to at least one prompt respectively.
  - 16. The apparatus of claim 15, wherein the processor is further configured to:
    - derive a plurality of encryption keys from the encryption keyword and the plurality of additional keywords respectively; and
      
      generate a plurality of copies of a secure storage using the plurality of encryption keys respectively.
  - 17. The apparatus of claim 15, wherein the processor is further configured to:
    - derive a plurality of encryption keys from the encryption keyword and the plurality of additional keywords respectively;
      
      generate a symmetric key and use the symmetric key to generate one copy of a secure storage; and
      
      encrypt the symmetric key using the plurality of encryption keys respectively.
  - 18. The apparatus of claim 14, wherein the processor is configured to generate at least one of the generated plurality of prompts using a camera, an audio recorder or a video recorder.
  - 19. The apparatus of claim 12, wherein the first set of inputs include at least one of characters, foreign language characters, or symbols.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
Ignatchenko, Sergey
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/713,858
Publication Number

US 20150249539A1
Time in Patent Office

424 Days
Field of Search

713/193
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

Secure password management systems, methods and apparatuses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure password management systems, methods and apparatuses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links