Secure password management systems, methods and apparatuses

US 9,906,364 B2
Filed: 05/15/2017
Issued: 02/27/2018
Est. Priority Date: 06/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a server, a plurality of files from a client device associated with a user;

receiving, by the server, from the client device a plurality of first input values associated with the plurality of files, wherein each respective file is associated with one or more first input values;

storing, by the server, the plurality of files as a plurality of prompts configured to be displayed on a user interface of the client device, wherein each respective prompt comprises data from a file of the plurality of files;

generating, by the server, a first encryption keyword based upon the first input values;

storing, by the server, a first hash value of the first encryption keyword according to a hash function;

transmitting, by the server, to the client device each prompt associated with the user, wherein the server transmits each respective prompt in a random order for displaying each prompt at the client device at the random order;

receiving, by the server, from the client device a second input for each respective prompt;

generating, by the server, a second encryption keyword based upon each second input received from the client device; and

authenticating, by the server, the client device upon determining that a second hash value of the second encryption key matches the first hash value stored in a non-volatile memory of the server and associated with the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein provide a computing environment for authenticating a user. An apparatus according to the present disclosure may comprise a non-volatile storage, a user interface, and a password engine. The password engine is configured to retrieve two or more predetermined prompts from the non-volatile storage, present the two or more predetermined prompts on the user interface to a user in a random order, receive a first set of input(s) in response to the two or more predetermined prompts, create an encryption keyword from the received first set of input(s) according to an original order of the two or more predetermined prompts stored in the non-volatile storage, and use the encryption keyword to authenticate the user.

44 Citations

View as Search Results

18 Claims

1. A computer-implemented method comprising:
- receiving, by a server, a plurality of files from a client device associated with a user;
  
  receiving, by the server, from the client device a plurality of first input values associated with the plurality of files, wherein each respective file is associated with one or more first input values;
  
  storing, by the server, the plurality of files as a plurality of prompts configured to be displayed on a user interface of the client device, wherein each respective prompt comprises data from a file of the plurality of files;
  
  generating, by the server, a first encryption keyword based upon the first input values;
  
  storing, by the server, a first hash value of the first encryption keyword according to a hash function;
  
  transmitting, by the server, to the client device each prompt associated with the user, wherein the server transmits each respective prompt in a random order for displaying each prompt at the client device at the random order;
  
  receiving, by the server, from the client device a second input for each respective prompt;
  
  generating, by the server, a second encryption keyword based upon each second input received from the client device; and
  
  authenticating, by the server, the client device upon determining that a second hash value of the second encryption key matches the first hash value stored in a non-volatile memory of the server and associated with the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein a file of the plurality of files is a type selected from the group comprising:
    - an image file, an audio file, a video file, and a text file.
  - 3. The method of claim 1, wherein the server stores each second input value and the second keyword into a volatile machine-readable memory, and wherein the server does not store each first input value and the first keyword in the non-volatile memory.
  - 4. The method of claim 1, further comprising updating, by the server, the first hash value at a regular interval, wherein updating the first hash value comprises:
    - receiving, by the server, at least one new first input value replacing at least one first input value of the plurality of first input values; and
      
      generating, by the server, an updated first hash value replacing the first hash value based upon the plurality of first input values that includes the at least one new first input value.
  - 5. The method of claim 1, wherein the server comprises a non-volatile machine-readable memory configured to store one or more passwords.
  - 6. The method of claim 5, wherein authenticating the client device further comprises transmitting, by the server, a password of the one or more passwords to the client device.
  - 7. The method of claim 6, wherein the one or more passwords stored on the server are encrypted based on an encryption key, and wherein the method further comprises decrypting, by the server, the one or more passwords stored on the server according to the encryption key prior to transmitting the password to the client device.
  - 8. The method of claim 7, further comprising generating, by the server, the encryption key based upon the first keyword and according to an encryption algorithm associated with the encryption key.
  - 9. The method of claim 5, further comprising receiving, by the server, a request for at least one password of the one or more passwords from the client device prior to transmitting each prompt to the client device.

10. A computing system comprising:
- a non-volatile memory; and
  
  a processor configured to;
  
  receive a plurality of files from the client device;
  
  receive from the client device a plurality of first input values associated with the plurality of files, wherein each respective file is associated with one or more first input values;
  
  store the plurality of files as a plurality of prompts configured to be displayed on a user interface of the client device, wherein each respective prompt comprises data from a file of the plurality of files;
  
  generate a first encryption keyword based upon the first input values;
  
  store into the non-volatile memory a first hash value of the first encryption keyword according to a hash function;
  
  transmit to the client device each prompt associated with the user, wherein the processor transmits each respective prompt in a random order for displaying each prompt at the client device at the random order;
  
  receive from the client device a second input for each respective prompt;
  
  generate a second encryption keyword based upon each second input received from the client device; and
  
  authenticate the client device upon determining that a second hash value of the second encryption key matches the first hash value associated with the user stored in the nonvolatile memory.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computing system of claim 10, wherein a file of the plurality of files is a type selected from the group comprising:
    - an image file, an audio file, a video file, and a text file.
  - 12. The computing system of claim 10, further comprising a volatile machine-readable memory, wherein the processor is further configured to store each second input value and the second keyword into the volatile machine-readable memory, and wherein the processor is further configured to not store each first input value and the first keyword in the non-volatile memory.
  - 13. The computing system of claim 10, wherein the processor is further configured to update the first hash value at a regular interval, and wherein in order to update the first hash value the processor is further configured to:
    - receive at least one new first input value replacing at least one first input value of the plurality of first input values; and
      
      generate an updated first hash value replacing the first hash value based upon the plurality of first input values that includes the at least one new first input value.
  - 14. The computing system of claim 10, wherein the non-volatile memory is further configured to store one or more passwords.
  - 15. The computing system of claim 14, wherein in order to authenticate the client device the processor is further configured to transmit a password of the one or more passwords in the non-volatile memory to the client device.
  - 16. The computing system of claim 15, wherein the one or more passwords stored in the non-volatile memory are encrypted based on an encryption key, andwherein the processor is further configured to decrypt the one or more passwords stored in the non-volatile memory according to the encryption key prior to transmitting the password to the client device.
  - 17. The computing system of claim 16, wherein the processor is further configured to generate the encryption key based upon the first keyword and according to an encryption algorithm associated with the encryption key.
  - 18. The computing system of claim 14, wherein the processor is further configured to receive a request for at least one password of the one or more passwords from the client device prior to transmitting each prompt to the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
Ignatchenko, Sergey
Primary Examiner(s)
Tabor, Amare F

Application Number

US15/594,980
Publication Number

US 20170310481A1
Time in Patent Office

288 Days
Field of Search

713183, 713193
US Class Current
CPC Class Codes

G06F 21/31   User authentication

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

Secure password management systems, methods and apparatuses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure password management systems, methods and apparatuses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links