Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security

a probabilistic authentication and back-end matching technology, applied in the field of computer security, can solve the problems of difficult brute force, if not impossible, of sharing secrets, and achieve the effect of being harder to brute for

Active Publication Date: 2015-11-26
AUTHERNATIVE INC
View PDF0 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The present invention provides a system and method for creating and sharing a strong secret to verify identity. This secret can be split among multiple servers, making it harder to crack. Additional randomness can be added to make it even more difficult to brute force. The invention also includes methods for deriving the strengthened secret using one-way functions such as hashing, matrix multiplication, and exponentiation. In summary, the invention increases security and prevents unauthorized access to information.

Problems solved by technology

Once the split pieces are sent to different servers, if any one server is compromised, or any number of servers less than the max, then the shared secret should be very difficult, if not impossible to brute force.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security
  • Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security
  • Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security

Examples

Experimental program
Comparison scheme
Effect test

first embodiment

[0077]The first embodiment wherein the algorithm chosen is less complex will be detailed. The high level steps for a credential creation operation are as follows (also see FIG. 4):[0078]1. A user enters an identifier and the credential in the client.[0079]2. The client splits the credential into credential elements.[0080]3. The client encodes each credential element into a value M (M1, M2, . . . , Mn).[0081]4. The client randomly generates a value K.[0082]5. The client uses a one-way function to calculate KM for each value M (KM1, KM2, . . . , KMn).[0083]6. If not done so already (depends on the one-way function), the KM's should be hashed.[0084]7. The client encrypts K with the share server's public key, so that K becomes protected data.[0085]8. The client sends the user identifier, K and KM's to the primary server.[0086]9. The primary stores the user identifier and the KM's. The hashed KM's together constitute a representation of the credential characterized by the condition that ...

second embodiment

[0107]The second embodiment wherein the algorithm is more security conscious will be detailed. The high level steps for credential creation are as follows (also see FIG. 6):[0108]1. A user enters an identifier and the credential in the client.[0109]2. The client splits the credential into elements and encodes each one into a value M (M1, M2, . . . , Mn).[0110]3. The client randomly generates a value K.[0111]4. The client uses a one-way function to calculate KM for each value M (KM1, KM2, . . . , KMn) in the authentication credential.[0112]5. The client encrypts all the KM's with the share server's public key.[0113]6. The client sends the user identifier, K and encrypted KM's to the primary server, so that the KM's become protected data.[0114]7. The primary stores the user identifier and K.[0115]8. The primary server sends the encrypted KM's to the share server.[0116]9. The share server decrypts the KM's with its private key.[0117]10. The share server generates a random value S.[0118...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A party can authenticate itself by interacting with multiple servers without revealing the shared secret to any of the involved parties. The stored shared secret is strengthened and broken into shares and saved on the servers. The shared secret is safe against offline brute force attack unless all servers where the shares are stored are compromised. The compromise of any single server, or multiple servers—but less than the maximum number—will not allow the attacker to do a brute force analysis on the shared secret. This back end security enhancement is suitable for probabilistic front end authentication algorithms.

Description

RELATED APPLICATIONS[0001]The present application is related to co-pending U.S. patent application Ser. No. 13 / ______ entitled AUTHENTICATION METHOD OF FIELD CONTENTS BASED CHALLENGE AND ENUMERATED PATTERN OF FIELD POSITIONS BASED RESPONSE IN RANDOM PARTIAL DIGITIZED PATH RECOGNITION SYSTEM (AIDT 1014-1), and co-pending U.S. patent application Ser. No. 13 / ______ entitled AUTHENTICATION METHOD OF ENUMERATED PATTERN OF FIELD POSITIONS BASED CHALLENGE AND ENUMERATED PATTERN OF FIELD POSITIONS BASED RESPONSE THROUGH INTERACTION BETWEEN TWO CREDENTIALS IN RANDOM PARTIAL DIGITIZED PATH RECOGNITION SYSTEM (AIDT 1015-1), both of which are being filed on the same day as the present application, and have the same inventors, and both of which are incorporated by reference as if fully set forth herein.FIELD OF THE INVENTION[0002]The invention relates generally to computer security, and systems that store and authenticate user based credentials using multiple servers. One aspect of the invention...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0853H04L9/3226G06F21/36H04L9/085H04L9/3271H04L63/083
Inventor BARTON, EDWARD M.MIZRAH, LEN L.
Owner AUTHERNATIVE INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com