Secure remote password

US 9,531,542 B2
Filed: 09/19/2014
Issued: 12/27/2016
Est. Priority Date: 09/19/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server processor, from a computing device, a request for access to an application provided via a computer network by the server processor;

receiving, by the server processor, a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device;

generating, by the server processor, a conditional seed key fragment associated with the predetermined verifier key fragment;

transmitting, by the server processor, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor;

receiving, by the server processor, a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application;

comparing, by the server processor, the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment;

determining, by the server processor, whether the first hash parameter and the second hash parameter match; and

if the first hash parameter and the second hash parameter match, transmitting, by the server processor, a session security key configured to enable access to the application provided via the computer network by the server processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.

76 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a server processor, from a computing device, a request for access to an application provided via a computer network by the server processor;
  
  receiving, by the server processor, a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device;
  
  generating, by the server processor, a conditional seed key fragment associated with the predetermined verifier key fragment;
  
  transmitting, by the server processor, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor;
  
  receiving, by the server processor, a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application;
  
  comparing, by the server processor, the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment;
  
  determining, by the server processor, whether the first hash parameter and the second hash parameter match; and
  
  if the first hash parameter and the second hash parameter match, transmitting, by the server processor, a session security key configured to enable access to the application provided via the computer network by the server processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 3. The method of claim 1, wherein the first security key fragment comprises a biometric parameter of the user and the predetermined verifier key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 4. The method of claim 1, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises an alphanumeric string of characters.
  - 5. The method of claim 1, wherein the conditional seed key fragment is generated based on a network location associated with the request for access received from the computing device.
  - 6. The method of claim 1, wherein the conditional seed key fragment is generated based on a geographic location associated with the request for access received from the computing device.
  - 7. The method of claim 1, comprising:
    - if the first hash parameter and the second hash parameter do not match, transmitting, by the server processor, to the computing device, a new conditional seed key fragment.
  - 8. The method of claim 1, wherein the application is associated with a plurality of applications.

9. One or more non-transitory computer-readable media storing instructions that, when executed by a server processor, cause the server processor to:
- receive, from a computing device, a request for access to an application provided via a computer network by the server processor;
  
  receive a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device;
  
  generate a conditional seed key fragment associated with the predetermined verifier key fragment;
  
  transmit, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor;
  
  receive a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application;
  
  compare the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment;
  
  determine whether the first hash parameter and the second hash parameter match; and
  
  if the first hash parameter and the second hash parameter match, transmit a session security key configured to enable access to the application provided via the computer network by the server processor.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The one or more non-transitory computer-readable media of claim 9, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 11. The one or more non-transitory computer-readable media of claim 9, wherein the first security key fragment comprises a biometric parameter of the user and the predetermined verifier key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 12. The one or more non-transitory computer-readable media of claim 9, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises an alphanumeric string of characters.
  - 13. The one or more non-transitory computer-readable media of claim 9, wherein the conditional seed key fragment is generated based on a network location associated with the request for access received from the computing device.
  - 14. The one or more non-transitory computer-readable media of claim 9, wherein the conditional seed key fragment is generated based on a geographic location associated with the request for access received from the computing device.
  - 15. The one or more non-transitory computer-readable media of claim 9, having additional instructions stored thereon that, when executed by the server processor, cause the server processor to:
    - if the first hash parameter and the second hash parameter do not match, transmit, to the computing device, a new conditional seed key fragment.
  - 16. The one or more non-transitory computer-readable media of claim 9, wherein the application is associated with a plurality of applications.

17. A server processor comprising:
- at least one processor; and
  
  memory storing instructions that, when executed by the at least one processor, cause the server processor to;
  
  receive, from a computing device, a request for access to an application provided via a computer network by the server processor;
  
  receive a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device;
  
  generate a conditional seed key fragment associated with the predetermined verifier key fragment;
  
  transmit, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor;
  
  receive a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application;
  
  compare the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment;
  
  determine whether the first hash parameter and the second hash parameter match; and
  
  if the first hash parameter and the second hash parameter match, transmit a session security key configured to enable access to the application provided via the computer network by the server processor.
- View Dependent Claims (18, 19, 20)
- - 18. The server processor of claim 17, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 19. The server processor of claim 17, wherein the first security key fragment comprises a biometric parameter of the user and the predetermined verifier key fragment comprises a numeric string comprising a plurality of randomly generated numbers.
  - 20. The server processor of claim 17, wherein the first security key fragment comprises a biometric parameter of the user and the conditional seed key fragment comprises an alphanumeric string of characters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Barbir, Abdulkader, Bridges, Eileen D., Gill, Davindar, LaBella, Lawrence R., Worstell, Craig
Primary Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US14/491,541
Publication Number

US 20160087797A1
Time in Patent Office

830 Days
Field of Search

713/171, 713/2, 713/168, 713/180, 713/183, 713/186, 726/1, 726/6, 726/7, 380/277
US Class Current

1/1
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3273   for mutual authentication n...

Secure remote password

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote password

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links