Password-based generation and management of secret cryptographic keys
First Claim
1. A method for generating, at a user computer connectable to a server via a network, a secret cryptographic key of the user computer, the method comprising:
- providing at the user computer a secret user value;
providing at the server a secret server value and a check value which encodes the secret user value and a user password;
at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network;
at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and
at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for generating a secret cryptographic key of a user computer connectable to a server via a network. A secret user value is provided at the user computer. A secret server value is provided at the server with a check value which encodes the secret user value and a user password. The user computer encodes the secret user value and an input password to produce a first value corresponding to said check value, and communicates the first value to the server. The server compares the first and the check values to check whether the input password equals the user password. If so, the server encodes the first and the secret server values to produce a second value and communicates the second value to the user computer. The user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
Citations
15 Claims
-
1. A method for generating, at a user computer connectable to a server via a network, a secret cryptographic key of the user computer, the method comprising:
-
providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform:
-
providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
-
14. A user computer for communicating with a server via a network to generate a secret cryptographic key of the user computer, said server storing a secret server value and a check value which encodes a secret user value of the user computer and a user password, wherein the user computer comprises memory for storing said secret user value, a user interface, a communications interface for communicating with the server via the network, and control logic adapted:
-
in response to input via said user interface of an input password, to encode said secret user value and the input password to produce a first value corresponding to said check value, and to communicate the first value to the server via said communications interface; and in response to communication by the server of a second value produced by encoding the first value and said secret server value, to generate the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
-
15. A server for use in generating a secret cryptographic key of a user computer, storing a secret user value, which is connectable to the server via a network, the server comprising:
-
memory for storing a secret server value and a check value which encodes said secret user value and a user password; a communications interface for communicating with the user computer via the network; and control logic adapted, in response to receipt from the user computer of a first value which corresponds to said check value and encodes said secret user value and an input password, to compare the first value and the check value to check whether said input password equals said user password and, if so, to encode the first value and said secret server value to produce a second value, and to communicate the second value to the user computer via said communications interface.
-
Specification