-
公开(公告)号:US07886345B2
公开(公告)日:2011-02-08
申请号:US11172378
申请日:2005-06-30
申请人: Burton S. Kaliski , Magnus Nyström
发明人: Burton S. Kaliski , Magnus Nyström
IPC分类号: G06F21/00
CPC分类号: H04L63/0869 , G06F21/31 , G06F21/445 , H04L63/083
摘要: A method of protecting a password being used to establish interaction between a user and an application includes detecting a request for the password from the application by receiving a notification from the user indicating the request. The method further includes combining the password with information identifying the application, so as to produce a protected password, and authenticating to the application using the protected password. The method may also include a mutual authentication capability between user and the application.
摘要翻译: 保护用于建立用户和应用之间的交互的密码的方法包括通过从用户接收指示该请求的通知来检测来自应用的密码请求。 该方法还包括将密码与识别应用的信息相结合,以产生受保护的密码,并使用受保护的密码对应用进行认证。 该方法还可以包括用户和应用之间的相互认证能力。
-
公开(公告)号:US07359507B2
公开(公告)日:2008-04-15
申请号:US09804460
申请日:2001-03-12
申请人: Burton S. Kaliski
发明人: Burton S. Kaliski
CPC分类号: H04L9/085 , H04L9/088 , H04L2209/04 , H04L2209/50
摘要: Methods for regenerating a strong secret for a user, based on input of a weak secret, such as a password, are assisted by communications exchanges with a set of independent servers. Each server holds a distinct secret value (i.e., server secret data). The strong secret is a function of the user's weak secret and of the server secret data, and a would-be attacker cannot feasibly compute the strong secret without access to both the user's weak secret and the server secret data. Any attacker has only a limited opportunity to guess the weak secret, even if he has access to all messages transmitted in the generation and regeneration processes plus a subset (but not all) of the server secret data.
摘要翻译: 通过与一组独立服务器的通信交换来辅助基于输入弱密码(例如密码)为用户重新生成用户的强大秘密的方法。 每个服务器保存不同的秘密值(即,服务器秘密数据)。 强大的秘密是用户的弱秘密和服务器秘密数据的功能,一个潜在的攻击者无法可靠地计算强大的秘密,而无需访问用户的弱密码和服务器的秘密数据。 任何攻击者只有有限的机会来猜测弱的秘密,即使他能够访问在生成和再生过程中发送的所有消息以及服务器秘密数据的子集(但不是全部)。
-
搜索结果
2 条记录 (耗时 0.013 秒)
