WO2001001627A3 - Server-assisted regeneration of a strong secret from a weak secret - Google Patents

Server-assisted regeneration of a strong secret from a weak secret Download PDF

Info

Publication number
WO2001001627A3
WO2001001627A3 PCT/US2000/018546 US0018546W WO0101627A3 WO 2001001627 A3 WO2001001627 A3 WO 2001001627A3 US 0018546 W US0018546 W US 0018546W WO 0101627 A3 WO0101627 A3 WO 0101627A3
Authority
WO
WIPO (PCT)
Prior art keywords
secret
server
weak
strong
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2000/018546
Other languages
French (fr)
Other versions
WO2001001627A2 (en
Inventor
Warwick S Ford
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Verisign Inc
Original Assignee
Verisign Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verisign Inc filed Critical Verisign Inc
Priority to AU62066/00A priority Critical patent/AU764909B2/en
Priority to CA2376381A priority patent/CA2376381C/en
Priority to EP00948590A priority patent/EP1197032B1/en
Priority to DE60036112T priority patent/DE60036112T2/en
Publication of WO2001001627A2 publication Critical patent/WO2001001627A2/en
Publication of WO2001001627A3 publication Critical patent/WO2001001627A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • CCHEMISTRY; METALLURGY
    • C07ORGANIC CHEMISTRY
    • C07KPEPTIDES
    • C07K14/00Peptides having more than 20 amino acids; Gastrins; Somatostatins; Melanotropins; Derivatives thereof
    • C07K14/435Peptides having more than 20 amino acids; Gastrins; Somatostatins; Melanotropins; Derivatives thereof from animals; from humans
    • C07K14/46Peptides having more than 20 amino acids; Gastrins; Somatostatins; Melanotropins; Derivatives thereof from animals; from humans from vertebrates
    • C07K14/47Peptides having more than 20 amino acids; Gastrins; Somatostatins; Melanotropins; Derivatives thereof from animals; from humans from vertebrates from mammals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • AHUMAN NECESSITIES
    • A01AGRICULTURE; FORESTRY; ANIMAL HUSBANDRY; HUNTING; TRAPPING; FISHING
    • A01KANIMAL HUSBANDRY; AVICULTURE; APICULTURE; PISCICULTURE; FISHING; REARING OR BREEDING ANIMALS, NOT OTHERWISE PROVIDED FOR; NEW BREEDS OF ANIMALS
    • A01K2217/00Genetically modified animals
    • A01K2217/05Animals comprising random inserted nucleic acids (transgenic)
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61KPREPARATIONS FOR MEDICAL, DENTAL OR TOILETRY PURPOSES
    • A61K38/00Medicinal preparations containing peptides

Landscapes

  • Chemical & Material Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Organic Chemistry (AREA)
  • Medicinal Chemistry (AREA)
  • Proteomics, Peptides & Aminoacids (AREA)
  • Biophysics (AREA)
  • General Health & Medical Sciences (AREA)
  • Genetics & Genomics (AREA)
  • Gastroenterology & Hepatology (AREA)
  • Molecular Biology (AREA)
  • Biochemistry (AREA)
  • Zoology (AREA)
  • Toxicology (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Treatments For Attaching Organic Compounds To Fibrous Goods (AREA)
  • Chemical Or Physical Treatment Of Fibers (AREA)

Abstract

Methods for regenerating a strong secret for a user, based on input of a weak secret, such as a password, are assisted by communications exchanges with a set of independent servers. Each server holds a distinct secret value (i.e., server secret data). The strong secret is a function of the user's weak secret and of the server secret data, and a would-be attacker cannot feasible compute the strong secret without access to both the user's weak secret and the server secret data. Any attacker has only a limited opportunity to guess the weak secret, even if he has access to all messages transmitted in the generation and regeneration processes plus a subset (but not all) of the server secret data.
PCT/US2000/018546 1999-06-29 2000-06-29 Server-assisted regeneration of a strong secret from a weak secret Ceased WO2001001627A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AU62066/00A AU764909B2 (en) 1999-06-29 2000-06-29 Server-assisted regeneration of a strong secret from a weak secret
CA2376381A CA2376381C (en) 1999-06-29 2000-06-29 Server-assisted regeneration of a strong secret from a weak secret
EP00948590A EP1197032B1 (en) 1999-06-29 2000-06-29 Server-assisted regeneration of a strong secret from a weak secret
DE60036112T DE60036112T2 (en) 1999-06-29 2000-06-29 SERVER SUPPORTED RECOVERY OF A STRONG SECRET FROM A WEAK SECRET

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US14157199P 1999-06-29 1999-06-29
US60/141,571 1999-06-29
US16745399P 1999-11-23 1999-11-23
US60/167,453 1999-11-24
US18883400P 2000-03-10 2000-03-10
US60/188,834 2000-03-10
US09/574,687 US6829356B1 (en) 1999-06-29 2000-05-17 Server-assisted regeneration of a strong secret from a weak secret
US09/574,687 2000-05-17

Publications (2)

Publication Number Publication Date
WO2001001627A2 WO2001001627A2 (en) 2001-01-04
WO2001001627A3 true WO2001001627A3 (en) 2001-10-11

Family

ID=27495484

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/018546 Ceased WO2001001627A2 (en) 1999-06-29 2000-06-29 Server-assisted regeneration of a strong secret from a weak secret

Country Status (8)

Country Link
US (1) US6829356B1 (en)
EP (1) EP1197032B1 (en)
AT (1) ATE371314T1 (en)
AU (1) AU764909B2 (en)
CA (1) CA2376381C (en)
DE (1) DE60036112T2 (en)
ES (1) ES2288863T3 (en)
WO (1) WO2001001627A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10091190B2 (en) 2015-12-11 2018-10-02 International Business Machines Corporation Server-assisted authentication

Families Citing this family (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI974341A7 (en) * 1997-11-26 1999-05-27 Nokia Telecommunications Oy Data connection privacy
IL130963A (en) * 1999-07-15 2006-04-10 Nds Ltd Key management for content protection
GB2353682B (en) * 1999-07-15 2004-03-31 Nds Ltd Key management for content protection
US6363480B1 (en) * 1999-09-14 2002-03-26 Sun Microsystems, Inc. Ephemeral decryptability
US7359507B2 (en) * 2000-03-10 2008-04-15 Rsa Security Inc. Server-assisted regeneration of a strong secret from a weak secret
US7716484B1 (en) * 2000-03-10 2010-05-11 Rsa Security Inc. System and method for increasing the security of encrypted secrets and authentication
US8239445B1 (en) * 2000-04-25 2012-08-07 International Business Machines Corporation URL-based sticky routing tokens using a server-side cookie jar
US6934393B2 (en) * 2000-06-09 2005-08-23 Northrop Grumman Corporation System and method for third party recovery of encryption certificates in a public key infrastructure
FR2823398B1 (en) * 2001-04-04 2003-08-15 St Microelectronics Sa EXTRACTION OF PRIVATE DATA FOR AUTHENTICATION OF AN INTEGRATED CIRCUIT
US7076656B2 (en) * 2001-04-05 2006-07-11 Lucent Technologies Inc. Methods and apparatus for providing efficient password-authenticated key exchange
FR2825873A1 (en) * 2001-06-11 2002-12-13 St Microelectronics Sa PROTECTED STORAGE OF DATA IN AN INTEGRATED CIRCUIT
US7428749B2 (en) * 2001-08-03 2008-09-23 International Business Machines Corporation Secure delegation using public key authorization
KR100398161B1 (en) * 2002-02-26 2003-09-26 한국정보보호진흥원 Password-based protocol secure against server's dictionary attack
US20030161472A1 (en) * 2002-02-27 2003-08-28 Tong Chi Hung Server-assisted public-key cryptographic method
US20050044413A1 (en) * 2003-02-05 2005-02-24 Accenture Global Services Gmbh Secure electronic registration and voting solution
US7320073B2 (en) 2003-04-07 2008-01-15 Aol Llc Secure method for roaming keys and certificates
US9412123B2 (en) 2003-07-01 2016-08-09 The 41St Parameter, Inc. Keystroke analysis
JP3854954B2 (en) * 2003-09-05 2006-12-06 キヤノン株式会社 Data sharing device
US7996631B1 (en) * 2004-02-17 2011-08-09 Oracle America, Inc. System and method for accessing storage devices attached to a stateless client
WO2005083610A1 (en) * 2004-02-23 2005-09-09 Verisign, Inc. Token authentication system and method
US10999298B2 (en) 2004-03-02 2021-05-04 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
US7480803B1 (en) * 2004-07-23 2009-01-20 Sprint Communications Company L.P. System and method for securing system content by automated device authentication
US8204232B2 (en) 2005-01-18 2012-06-19 Certicom Corp. Accelerated verification of digital signatures and public keys
US8467535B2 (en) * 2005-01-18 2013-06-18 Certicom Corp. Accelerated verification of digital signatures and public keys
US8181232B2 (en) * 2005-07-29 2012-05-15 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US7904946B1 (en) 2005-12-09 2011-03-08 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US9002750B1 (en) 2005-12-09 2015-04-07 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US9768963B2 (en) 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US11301585B2 (en) 2005-12-16 2022-04-12 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
US8938671B2 (en) 2005-12-16 2015-01-20 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
US20070143830A1 (en) * 2005-12-20 2007-06-21 International Business Machines Corporation Method, apparatus and system for preventing unauthorized access to password-protected system
DE102006013515A1 (en) * 2006-03-23 2007-10-04 Siemens Ag Cryptographic method with elliptic curves
US8151327B2 (en) 2006-03-31 2012-04-03 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
US9258124B2 (en) * 2006-04-21 2016-02-09 Symantec Corporation Time and event based one time password
US8060750B2 (en) * 2007-06-29 2011-11-15 Emc Corporation Secure seed provisioning
US8059814B1 (en) 2007-09-28 2011-11-15 Emc Corporation Techniques for carrying out seed or key derivation
CA2703915C (en) 2007-10-31 2015-02-24 Merck Sharp & Dohme Corp. P2x3 receptor antagonists for treatment of pain
US8495375B2 (en) * 2007-12-21 2013-07-23 Research In Motion Limited Methods and systems for secure channel initialization
US8452017B2 (en) * 2007-12-21 2013-05-28 Research In Motion Limited Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
US8464058B1 (en) 2008-04-08 2013-06-11 Hewlett-Packard Development Company, L.P. Password-based cryptographic method and apparatus
US8307210B1 (en) 2008-05-02 2012-11-06 Emc Corporation Method and apparatus for secure validation of tokens
US7522723B1 (en) * 2008-05-29 2009-04-21 Cheman Shaik Password self encryption method and system and encryption by keys generated from personal secret information
US8312540B1 (en) * 2008-06-13 2012-11-13 Juniper Networks, Inc. System for slowing password attacks
US9112850B1 (en) 2009-03-25 2015-08-18 The 41St Parameter, Inc. Systems and methods of sharing information through a tag-based consortium
US8606234B2 (en) 2009-12-31 2013-12-10 Symantec Corporation Methods and apparatus for provisioning devices with secrets
US9015489B2 (en) 2010-04-07 2015-04-21 Microsoft Technology Licensing, Llc Securing passwords against dictionary attacks
US20120215658A1 (en) * 2011-02-23 2012-08-23 dBay Inc. Pin-based payment confirmation
GB2490483B (en) * 2011-04-26 2019-05-29 Hewlett Packard Entpr Dev Lp Digital signature method and system
US8745376B2 (en) 2011-10-14 2014-06-03 Certicom Corp. Verifying implicit certificates and digital signatures
US10754913B2 (en) 2011-11-15 2020-08-25 Tapad, Inc. System and method for analyzing user device information
US9633201B1 (en) 2012-03-01 2017-04-25 The 41St Parameter, Inc. Methods and systems for fraud containment
US9521551B2 (en) 2012-03-22 2016-12-13 The 41St Parameter, Inc. Methods and systems for persistent cross-application mobile device identification
WO2014022813A1 (en) 2012-08-02 2014-02-06 The 41St Parameter, Inc. Systems and methods for accessing records via derivative locators
US8868919B2 (en) 2012-10-23 2014-10-21 Authernative, Inc. Authentication method of field contents based challenge and enumerated pattern of field positions based response in random partial digitized path recognition system
US8955074B2 (en) 2012-10-23 2015-02-10 Authernative, Inc. Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
US9215072B1 (en) 2012-10-23 2015-12-15 Authernative, Inc. Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security
WO2014078569A1 (en) 2012-11-14 2014-05-22 The 41St Parameter, Inc. Systems and methods of global identification
US10902327B1 (en) 2013-08-30 2021-01-26 The 41St Parameter, Inc. System and method for device identification and uniqueness
GB2529633A (en) 2014-08-26 2016-03-02 Ibm Password-based generation and management of secret cryptographic keys
US10091312B1 (en) 2014-10-14 2018-10-02 The 41St Parameter, Inc. Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups
US9813414B2 (en) 2015-11-30 2017-11-07 International Business Machines Corporation Password-based management of encrypted files
US9565020B1 (en) 2016-02-02 2017-02-07 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
US10250591B2 (en) 2016-02-12 2019-04-02 International Business Machines Corporation Password-based authentication
US9917850B2 (en) * 2016-03-03 2018-03-13 Shape Security, Inc. Deterministic reproduction of client/server computer state or output sent to one or more client computers
US10250576B2 (en) 2017-02-08 2019-04-02 International Business Machines Corporation Communication of messages over networks
KR102008482B1 (en) * 2018-11-21 2019-08-07 제주대학교 산학협력단 CCTV video smart surveillance system and method thereof
SE2151305A1 (en) * 2021-10-26 2023-04-27 Assa Abloy Ab Recovering access to a user account
ES3048519T3 (en) 2021-10-26 2025-12-10 Assa Abloy Ab Authenticating an electronic device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5315658B1 (en) * 1992-04-20 1995-09-12 Silvio Micali Fair cryptosystems and methods of use
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5666414A (en) * 1996-03-21 1997-09-09 Micali; Silvio Guaranteed partial key-escrow
US5850443A (en) * 1996-08-15 1998-12-15 Entrust Technologies, Ltd. Key management system for mixed-trust environments
US6668323B1 (en) * 1999-03-03 2003-12-23 International Business Machines Corporation Method and system for password protection of a data processing system that permit a user-selected password to be recovered

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FORD W ET AL: "Server-assisted generation of a strong secret from a password", PROCEEDINGS IEEE 9TH INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WET ICE 2000), PROCEEDINGS OF WET ICE 2000. 9TH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATI, 2000, Los Alamitos, CA, USA, IEEE Comput. Soc, USA, pages 176 - 180, XP002162294, ISBN: 0-7695-0798-0 *
LI GONG: "INCREASING AVAILABILITY AND SECURITY OF AN AUTHENTICATION SERVICE", IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS,US,IEEE INC. NEW YORK, vol. 11, no. 5, 1 June 1993 (1993-06-01), pages 657 - 662, XP000399661, ISSN: 0733-8716 *
PERLMAN R ET AL: "Secure password-based protocol for downloading a private key", PROCEEDINGS 1999 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM, PROCEEDINGS OF THE INTERNET SOCIETY 1999 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM, SAN DIEGO, CA, USA, 3-5 FEB. 1999, 1999, Reston, VA, USA, Internet Soc, USA, pages 3 - 11, XP000987305, ISBN: 1-891562-04-5 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10091190B2 (en) 2015-12-11 2018-10-02 International Business Machines Corporation Server-assisted authentication

Also Published As

Publication number Publication date
CA2376381A1 (en) 2001-01-04
DE60036112D1 (en) 2007-10-04
AU6206600A (en) 2001-01-31
DE60036112T2 (en) 2007-12-06
ATE371314T1 (en) 2007-09-15
EP1197032B1 (en) 2007-08-22
WO2001001627A2 (en) 2001-01-04
CA2376381C (en) 2011-06-21
ES2288863T3 (en) 2008-02-01
EP1197032A2 (en) 2002-04-17
US6829356B1 (en) 2004-12-07
AU764909B2 (en) 2003-09-04

Similar Documents

Publication Publication Date Title
WO2001001627A3 (en) Server-assisted regeneration of a strong secret from a weak secret
Lee et al. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards
WO1995005712A3 (en) Secret key exchange
CA2267395A1 (en) Method and system for managing keys for encrypted data
CA2335172A1 (en) Secure mutual network authentication and key exchange protocol
WO2000020972A3 (en) Programmable telecommunications security module for key encryption adaptable for tokenless use
KR950701481A (en) VERIFYING SECRET KEYS IN A PUBLIC-KEY CRYPTOSYSTEM
WO2001078298A8 (en) Information processing system and method
WO2002003180A3 (en) Layered defense-in-depth knowledge-based data management
WO2004046849A3 (en) Cryptographic methods and apparatus for secure authentication
DE60310437D1 (en) SECURE COMMUNICATION
EP0792042A3 (en) Method of effecting communications using common cryptokey
CA2291435A1 (en) Encryption/decryption method and authentication method using multiple-affine key system and apparatuses using the same
WO2006113206B1 (en) Providing fresh session keys
WO2002063823A1 (en) Confidential data communication method
Sun et al. A new design of wearable token system for mobile device security
CA2312967A1 (en) System and method of sending and receiving secure data with a shared key
Ku et al. Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme
Ku et al. Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol
WO2001006691A3 (en) Trusted communications between untrusting parties
CA2303508A1 (en) Method and apparatus for a unit locked against use until unlocked and/or activated on a selected network
NO20012463L (en) Procedure and apparatus for securely distributing authentication credentials to roaming users
Li et al. A simple and robust anonymous two‐factor authenticated key exchange protocol
CA2380877A1 (en) System and method for secure transactions over a network
Yeh et al. Security analysis of the generalized key agreement and password authentication protocol

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 62066/00

Country of ref document: AU

ENP Entry into the national phase

Ref document number: 2376381

Country of ref document: CA

Ref country code: CA

Ref document number: 2376381

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2000948590

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000948590

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWG Wipo information: grant in national office

Ref document number: 2000948590

Country of ref document: EP