Service credential distribution
US-9294460-B1 · Mar 22, 2016 · US
Distributed password verification
US9537857B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9537857-B1 |
| Application number | US-201615091930-A |
| Country | US |
| Kind code | B1 |
| Filing date | Apr 6, 2016 |
| Priority date | Dec 22, 2015 |
| Publication date | Jan 3, 2017 |
| Grant date | Jan 3, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of distributed password verification to prevent unauthorized access to an account, the method comprising: receiving, from a client, a first set of client identifiers for the client, wherein the first set of client identifiers includes: a first username for the client, a first hashed password for the client, and a first hashed server identifier; creating an account for the client based on the username for the client; creating a first token on a first server based on: an encryption key, a device identifier for a device used by the client, and the first set of client identifiers for the client; transmitting the first token from the first server to the client; adding, to a honeychecker registry on a second server, the username for the client, wherein the honeychecker registry is a list of valid usernames; deleting the first token from the first server; deleting the first set of client identifiers from the first server; receiving, on the first server, a second token, wherein: the second token is encrypted, and the second token is equivalent to the first token; receiving, on the first server, a second set of client identifiers for the client, wherein the second set of client identifiers includes: a second username, a second hashed password, and a second hashed server identifier; decrypting the second token using a decryption key to reveal the first set of client identifiers; verifying the second token with a comparison of: the second hashed server identifier, and the first hashed server identifier in the second token; validating an identity of the client with a comparison of: the second hashed password, and the first hashed password for the client in the second token; logging the second username to an authentication log; determining that the second username does not appear in the honeychecker registry; responsive to determining that the second username does not appear in the honeychecker registry, denying, to the client, access to the account to prevent an unauthorized access; responsive to determining that the second username does not appear in the honeychecker registry, locking the account to prevent a future unauthorized access; responsive to determining that the second username does not appear in the honeychecker registry, determining the first server is compromised; and responsive to determining the first server is compromised, transmitting an alert to the client that the first server is compromised; wherein: at least deleting the first token from the first server is performed by computer software running on computer hardware.
Assignees
Inventors
Classifications
Access control lists [ACL] · CPC title
using cryptographic hash functions · CPC title
Entity profiles · CPC title
- H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9537857B1 cover?
- Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).