Secure remote password
First Claim
1. A method comprising:
- receiving, by a server processor, from a computing device, a request for access to an application provided via a computer network by the server processor;
receiving, by the server processor, a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device;
generating, by the server processor, a conditional seed key fragment associated with the predetermined verifier key fragment;
transmitting, by the server processor, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor;
receiving, by the server processor, a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application;
comparing, by the server processor, the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment;
determining, by the server processor, whether the first hash parameter and the second hash parameter match; and
if the first hash parameter and the second hash parameter match, transmitting, by the server processor, a session security key configured to enable access to the application provided via the computer network by the server processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.
76 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a server processor, from a computing device, a request for access to an application provided via a computer network by the server processor; receiving, by the server processor, a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device; generating, by the server processor, a conditional seed key fragment associated with the predetermined verifier key fragment; transmitting, by the server processor, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor; receiving, by the server processor, a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application; comparing, by the server processor, the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment; determining, by the server processor, whether the first hash parameter and the second hash parameter match; and if the first hash parameter and the second hash parameter match, transmitting, by the server processor, a session security key configured to enable access to the application provided via the computer network by the server processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computer-readable media storing instructions that, when executed by a server processor, cause the server processor to:
-
receive, from a computing device, a request for access to an application provided via a computer network by the server processor; receive a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device; generate a conditional seed key fragment associated with the predetermined verifier key fragment; transmit, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor; receive a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application; compare the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment; determine whether the first hash parameter and the second hash parameter match; and if the first hash parameter and the second hash parameter match, transmit a session security key configured to enable access to the application provided via the computer network by the server processor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A server processor comprising:
-
at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the server processor to; receive, from a computing device, a request for access to an application provided via a computer network by the server processor; receive a first security key fragment from the computing device, the first security key fragment being paired with a predetermined verifier key fragment unknown to the computing device; generate a conditional seed key fragment associated with the predetermined verifier key fragment; transmit, to the computing device, the conditional seed key fragment while maintaining the predetermined verifier key fragment at the server processor; receive a first hash parameter generated based on a hash function of the conditional seed key fragment and the first security key fragment, wherein the first security key fragment is associated with a username, the conditional seed key fragment is associated with a plurality of computing devices comprising the computing device, and the predetermined verifier key fragment is associated with the application, and wherein the username comprises multiple cascaded components for authorizations to the computer network per computing device of a user and per application for access by an associated computing device with separate authorization sessions per computing device and application; compare the first hash parameter to a second hash parameter, the second hash parameter being generated by the server processor based on the predetermined verifier key fragment and the conditional seed key fragment; determine whether the first hash parameter and the second hash parameter match; and if the first hash parameter and the second hash parameter match, transmit a session security key configured to enable access to the application provided via the computer network by the server processor. - View Dependent Claims (18, 19, 20)
-
Specification