Secure device onboarding techniques
US-11399285-B2 · Jul 26, 2022 · US
Systems, apparatus, and methods for verifying a password utilizing commitments
US11558374B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11558374-B2 |
| Application number | US-202117219581-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 31, 2021 |
| Priority date | Mar 31, 2021 |
| Publication date | Jan 17, 2023 |
| Grant date | Jan 17, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods that can verify a password utilizing commitments are provided. One method includes receiving from a client device and storing, by a processor, an initial commitment representing a password for a user account without storing the actual password on the apparatus, receiving, from the client device, a subsequent commitment, and verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment. Systems and apparatus that can include, perform, and/or implement the methods are also provided.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus, comprising: a processor of an information handling device; and a memory configured to store code executable by the processor to: receive, from a client device, and store an initial commitment representing a password for a user account without storing the actual password on the apparatus, receive, from the client device, a subsequent commitment, and verify that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment, wherein the initial commitment and the subsequent commitment are each time-based commitments. 2. The apparatus of claim 1 , wherein the initial commitment and the subsequent commitment are each Pedersen time-based commitments. 3. The apparatus of claim 1 , wherein: the initial commitment is represented by a first commitment equation C0=(S0*G+R0*H0), and the subsequent commitment is represented by a second commitment equation C1=(S1*G+R1*H1), where, S0 is a first hashed value of the password, G is an elliptical generator value for an elliptical curve, R0 is a first salt value, H0 is the G elliptical generator value hashed to an initial timestamp value to a point on the elliptical curve, S1 is a second hashed value of the password, R1 is a second salt value, H1 is the G elliptical generator value hashed to a subsequent timestamp value to the point on the elliptical curve. 4. The apparatus of claim 3 , wherein the password is verified in response to C1−C0=(R1*H1—R0*H0). 5. The apparatus of claim 4 , wherein: R0 is a first random salt value; R1 is a second random salt value; and S0 and S1 are a same hashed value for the password. 6. The apparatus of claim 3 , wherein: R0 is a first random salt value; R1 is a second random salt value; and S0 and S1 are a same hashed value for the password. 7. A method, comprising: receiving from a client device and storing, by a processor, an initial commitment representing a password for a user account without storing the actual password on the apparatus; receiving, from the client device, a subsequent commitment; and verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment, wherein the initial commitment and the subsequent commitment are each time-based commitments. 8. The method of claim 7 , wherein the initial commitment and the subsequent commitment are each Pedersen time-based commitments. 9. The method of claim 7 , wherein: the initial commitment is represented by a first commitment equation C0=(S0*G+R0*H0), and the subsequent commitment is represented by a second commitment equation C1=(S1*G+R1*H1), where, S0 is a first hashed value of the password, G is an elliptical generator value for an elliptical curve, R0 is a first salt value, H0 is the G elliptical generator value hashed to an initial timestamp value to a point on the elliptical curve, S1 is a second hashed value of the password, R1 is a second salt value, H1 is the G elliptical generator value hashed to a subsequent timestamp value to the point on the elliptical curve. 10. The method of claim 9 , wherein the password is verified in response to C1−C0=(R1*H1−R0*H0). 11. The method of claim 10 , wherein: R0 is a first random salt value; R1 is a second random salt value; and S0 and S1 are a same hashed value for the password. 12. The method of claim 9 , wherein: R0 is a first random salt value; R1 is a second random salt value; and S0 and S1 are a same hashed value for the password. 13. A computer program product comprising a non-transitory computer-readable storage medium configured to store code executable by a processor, the executable code comprising code to perform: receiving from a client device and storing an initial commitment representing a password for a user account without storing the actual password on the apparatus; receiving, from the client device, a subsequent commitment; and verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment, wherein the initial commitment and the subsequent commitment are each time-based commitments. 14. The computer program product of claim 13 , wherein the initial commitment and the subsequent commitment are each Pedersen time-based commitments. 15. The computer program product of claim 13 , wherein: the initial commitment is represented by a first commitment equation C0=(S0*G+R0*H0), and the subsequent commitment is represented by a second commitment equation C1=(S1*G+R1*H1), where, S0 is a first hashed value of the password, G is an elliptical generator value for an elliptical curve, R0 is a first salt value, H0 is the G elliptical generator value hashed to an initial timestamp value to a point on the elliptical curve, S1 is a second hashed value of the password, R1 is a second salt value, H1 is the G elliptical generator value hashed to a subsequent timestamp value to the point on the elliptical curve. 16. The computer program product of claim 15 , wherein the password is verified in response to C1−C0=(R1*H1—R0*H0). 17. The computer program product of claim 16 , wherein: R0 is a first random salt value; R1 is a second random salt value; and S0 and S1 are a same hashed value for the password. 18. The apparatus of claim 1 , wherein the processor is configured to utilize a time-based commitment schema to verify that the subsequent commitment represents the password for the user account based on the difference between the initial commitment and the subsequent commitment. 19. The method of claim 7 , wherein verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment comprises utilizing a time-based commitment schema to verify that the subsequent commitment represents the password for the user account based on the difference between the initial commitment and the subsequent commitment. 20. The computer program product of claim 13 , wherein the executable code to perform verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment comprises executable code to perform utilizing a time-based commitment schema to verify that the subsequent commitment represents the password for the user account based on the difference between the initial commitment and the subsequent commitment.
Assignees
Inventors
Classifications
- H04L63/0846Primary
using time-dependent-passwords, e.g. periodically changing passwords · CPC title
involving time stamps, e.g. generation of time stamps · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
involving algebraic varieties, e.g. elliptic or hyper-elliptic curves · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11558374B2 cover?
- Methods that can verify a password utilizing commitments are provided. One method includes receiving from a client device and storing, by a processor, an initial commitment representing a password for a user account without storing the actual password on the apparatus, receiving, from the client device, a subsequent commitment, and verifying that the subsequent commitment represents the passwor…
- Who is the assignee on this patent?
- Lenovo Singapore Pte Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0846. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 17 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).