Secure user authentication from personal computer
First Claim
Patent Images
1. A method for authenticating a user possessing a storage medium for a computing machine having memory, the storage medium tangibly embodying machine executable instructions, a password for the user, and an encrypted long-term secret for the user, the method comprising the steps of:
- (a) receiving from the user the storage medium and booting the computing machine from machine executable instructions thereon;
(b) receiving from the user a password;
(c) initiating a one-way hash of the password according to machine executable instructions embodied on the storage medium; and
(d) decrypting the user'"'"'s encrypted long-term secrete using the hashed password as an decryption key thereby authenticating the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating a human user on a personal computer without requiring the user to expose his password or authentication secret to the personal computer of a server. Also a method for protecting a floppy disk with login software from unauthorized use.
205 Citations
14 Claims
-
1. A method for authenticating a user possessing a storage medium for a computing machine having memory, the storage medium tangibly embodying machine executable instructions, a password for the user, and an encrypted long-term secret for the user, the method comprising the steps of:
-
(a) receiving from the user the storage medium and booting the computing machine from machine executable instructions thereon; (b) receiving from the user a password; (c) initiating a one-way hash of the password according to machine executable instructions embodied on the storage medium; and (d) decrypting the user'"'"'s encrypted long-term secrete using the hashed password as an decryption key thereby authenticating the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security device for authenticating a user on a computer, the security device comprising a machine-readable storage medium on which is recorded:
-
(a) a machine readable embodiment of the user'"'"'s long term private encryption key, wherein the private encryption key is encrypted under a key consisting of a slow hash of the user'"'"'s password; (b) a first group of trusted machine executable instructions for carrying out cryptographic calculations; and (c) a second group of trusted machine executable instructions for performing a slow hash of received passwords. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A security device for authenticating a user on a computer, the user having a public and private key and a certifying authority, comprising a floppy disk containing a machine readable representation of:
-
(a) the user'"'"'s long term secret, a private key encrypted under a key consisting of a slow hash of a password known only to the user; (b) the public key of the user'"'"'s certifying authority; (c) the time of the user'"'"'s last login; (d) the number of incorrect passwords entered; (e) a first machine executable trusted program that can carry out cryptographic calculations and authentications; (f) a second machine executable trusted program that can carry out a slow hash of a password and a trusted message program; and (g) a list of names and message digests of acceptable operating system images with which the user is willing to boot the personal computer.
-
Specification