41 results about "Password hashing" patented technology

Biometric data, suitably transformed are obtained from a biometric input device contained within a stand-alone computing device and used in conjunction with a PIN to authenticate the user to the device. The biometric template and other data residing on the device are encrypted using hardware elements of the device, the PIN and Password hash. A stored obfuscated password is de-obfuscated and released to the device authentication mechanism in response to a successfully decrypted template and matching biometric sample and PIN. The de-obfuscated password is used to authenticate the user to device, the user to a remote computer, and to encrypt device data at rest on the device and in transit to and from the remote computer. This creates a trusted relationship between the stand-alone device and the remote computer. The system also eliminates the need for the user to remember and enter complex passwords on the device.

A computer system provides a unified password prompt for accepting a user power-on password or an administrator password. A password string entered by the system administrator at the unified password prompt is compared with a stored power-on password. If the user password string matches the stored power-on password, then access to system resources is granted. If the user password string does not match the stored power-on password, then the user password string is compared to a stored administrator password. If the user password string matches the stored administrative password, then access to system resources is granted. If the user password string does not match the stored administrative password, then the system administrator is given a predetermined number of times to enter a password string matching either the stored power-on password or the stored administrator password. If a password string matching either the stored power-on password or the stored administrator password is not provided in the predetermined number of times, access to system resources is denied. The unified password prompt does not require a system administrator to know a user's power-on password in order to access system resources. The unified password prompt also permits a system administrator to configure a plurality of computer systems by providing a single administrative password rather than a plurality of user power-on passwords.

Biometric data, which may be suitably transformed are obtained from a biometric input device contained within a stand-alone computer or a mobile device, which may contain an ASIC chip connected to or incorporated within the stand-alone computer or mobile device and which includes the capability for capturing one or more biometric samples and for biometric feature extraction, matching and encryption. For extra security, the biometric matching is used in conjunction with a PIN to authenticate the user to the stand-alone computer or mobile device. The biometric template and other sensitive data residing on the mobile device are encrypted using hardware elements of the mobile device (or the ASIC) together with the PIN hash and/or the Password hash. An obfuscated version of the Password, stored on the ASIC or the mobile device is de-obfuscated and released to the mobile device authentication mechanism, including a Trusted Platform Module if present, in response to a successfully decrypted template and matching biometric sample and PIN. A de-obfuscated password is used to authenticate the user to the mobile device and the same or a different de-obfuscated password may be used to authenticate the user to a remote computer using the SSL/TLS or a process based upon a symmetric encryption algorithm. The locally generated password may be used to encrypt data at rest on the mobile device or ASIC and the remote authentication password may be used to encrypt data in transit to and from a remote computer. This creates a trusted relationship between the stand-alone computer or mobile device and the remote computer. The system also eliminates the need for the user to remember and enter complex passwords on the mobile device or for secure transmission of data. A similar method may be used, with the signature/sign biometric modality to determine whether the holder of an IC chip card is, in fact the card owner.

For example, an implementation of the present invention can comprise a method for authenticating a user. The method can comprise an authentication server receiving from a user a password. The server can then hash the password such that a password hash is created. The server can then receive a second token from the user. Using the second token, the server can identify a sequence of characters associated with the second token within the password hash. The server can create an authentication token by removing the sequence of characters from the password hash. If the authentication token matches a stored value, the server can authenticate the user.

A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.

An electronic device that can automatically unlock an external storage device with a password without adding a function to the external storage device is provided. An electronic device 100B has memory card connection means 108 for connecting a memory card 200 that can be locked with a password, password holding means 101 for holding card unique ID and a password, card unique ID acquisition means 104 for acquiring connection identification information indicating the card unique ID of the memory card 20 connected to the memory card connection means 108, and password deletion means 109 for deleting connection identification information and the password corresponding to the connection identification information stored in the password holding means 101 if the connection identification information is contained in the password holding means 101.

In one embodiment, the invention is directed to a method of reading a marking, comprising a stimulation step, wherein a physical challenge according to a predetermined challenge-response authentication scheme corresponding to the PUF is created and applied to a PUF; a detection step, wherein a response generated by the PUF in accordance with the challenge-response authentication scheme in reaction to the challenge is detected and a digital signal representing the response is generated; a processing step, wherein the digital signal is processed in order to generate a hash value of the response by application of a predetermined cryptographic hash function to the digital signal; and an output step, wherein data representing the generated hash value as a first reading result is output.

The invention provides a secret key separated signing method with a self update capability of a secret key of an assisting device. The method comprises the steps that a singer generates an initial singer secret key SK0 according to two randomly selected parameters which are s0 and h0 and a password hash function H1, the assisting device will send the signer an assisting device update message SKUi at the beginning of each subsequent time slice to help the singer to update a temporary secret key SKi of a current time slice, the assisting device also carries out self update on a secret key of the assisting device in each time slice simultaneously with the operation that the assisting device helps the signer to update the temporary secret key of the signer, a parameter h0 is randomly selected in a time slice 0 to be regarded as the initial secret key HK0 of the assisting device, and the secret key of the assisting device is updated to HKi in a time slice i. The method can reduce the possibility that the secret key of the assisting device is revealed, and therefore the safety of the secret key separated signing method is enhanced greatly.

Embodiments of network devices for access control are described. In some embodiments, an access control processor of a first node receives a request from a requestor node on an unsecure network to join a first group of nodes on a secure network, where the first node coordinates network activities of the first group of nodes including a plurality of partitioned nodes of a network. In response to receiving the request, the access control processor assigns the requestor node to a first pool of the first group of nodes that are configured to perform authorized modifications of data including a cryptographic hash to protect the data against unauthorized modifications. In some embodiments, the access control processor initiates the authorized modifications of the data using one or more nodes assigned to the first pool and one or more nodes of a second pool of the first group of nodes.

The embodiment of the invention discloses a method and device for reducing an operation amount in an SM3 password hashing algorithm. A parallel addition operation is utilized to replace a great number of serial addition operations, and the number of the serial addition operations is reduced, so that operation delay is reduced, and an operation speed of the SM3 password hashing algorithm is improved.

Data stored on a removable storage medium such as a tape cartridge can be protected from unauthorized access by storing a password hash value in a protected manner on the storage medium, where the password hash value is generated from a password by a one-way hash function such as SHA-256, so that the password cannot easily be determined from the hash value. A media drive is then equipped with logic for blocking access to the data unless the password is provided. The password is protected from unauthorized access because the password hash value, not the password itself, is stored on the storage medium.

The invention discloses a credibility detection method based on password hash and biometric feature recognition. The method mainly solves the problems that existing computer information detection codes are likely to be reversely calculated and computers cannot recognize physical identities of users. According to the technical scheme, the method includes the steps that 1, software and hardware information of a computer is obtained, and biological feature information of a user is collected; 2, a device code is generated according to the software and hardware information, a fuzzy vault is generated through the biological feature information, and a user code is generated through the device code and the fuzzy vault; 3, the fuzzy vault and the user code serve as computer integrity check codes to be stored; 4, software and hardware information of the computer is obtained again, biological feature information of the user is recollected, and a new user code is generated; 5, the new user code is compared with the stored user code, if the new user code is identical with the stored user code, credibility verification passes, and otherwise, verification fails. The integrity check codes can be prevented from being changed and replaced, the physical identity of the user can be recognized, and the method can be used for protecting computer security.

A password and/or email address management platform configured to regenerate a previously generated password for a given web domain or digital system without permanently storing the previously generated password. The platform can operate without maintaining a permanent store or list of other user-related information, e.g. a list of web domains or systems for which passwords have been generated. In an embodiment, the platform performs the steps of concatenating a plurality of password input data elements into a requested phantom password input data string, applying a hashing algorithm to the requested phantom password input data string to generate a phantom password hash, applying a hash-to-string function to convert the phantom password hash to a phantom password, and purging the password generation system of the phantom password after it is notified to a user.

A device and a method of cryptographically hashing a message M, including the following steps: forming a sequence (M1, . . . , Mi, . . . , Mc) of data m-tuples M1=(a_1,1, . . . , a_1,m), . . . Mi=(a_i,1, . . . , a_i,m), . . . , Mc=a_c,1, . . . , a_c,m), where m is a strictly positive integer, from said message M; iteratively calculating successive output p-tuples V₁, . . . , v_i, . . . , V_c, where p is a strictly positive integer, corresponding to said sequence (M1, . . . , Mi, . . . , Mc) of data m-tuples as a function of at least one set of multivariate polynomials defined over a finite field; and determining a hashing value of said message M as a function of the last output p-tuple V_c.

A password management service provides automated password management. In one embodiment, a method for automating password changes begins in response to a determination that automated password changes are authorized. In response, a data mining session is initiated. Within the data mining session, a set of third party applications or sites are identified. Then, and responsive to receipt of a password reset flow authorization, a password reset flow to one or more of the third party applications or sites is initiated by the service. Thereafter, and still within the data mining session, and for each of the one or more third party applications or sites, a determination is made whether a password reset confirmation link has been received by the service. In response to a determination that a password reset confirmation link has been received for a given third party application or site, the service uses the password reset confirmation link to perform an automated password reset and thereby obtain a new user password for the application or site.

The invention provides a method and device for detecting an account stealing behavior. The method comprises the steps of obtaining authentication flow between intranet equipment and domain control equipment in an AD domain and flow passing through a target port of the domain control equipment, and executing at least one of password blasting behavior detection, password hash stealing behavior detection and process injection behavior detection. The password blasting behavior detection, the password hash stealing behavior detection and the process injection behavior detection provided by the invention are all determined for typical behaviors of account stealing performed by attackers, so that the pertinence of the password blasting behavior detection, the password hash stealing behavior detection and the process injection behavior detection provided by the invention is stronger, and therefore, the method for detecting the account stealing behavior in the AD domain provided by the invention has a better detection rate, so that the omission ratio can be effectively reduced, and the false detection rate can also be effectively reduced.