| 发明名称 |
Secure Login Without Passwords |
| 摘要 |
A process is disclosed for authorizing a user's access to a limited access network. The process comprises sending an encrypted server random number to a previously registered user. If the user can demonstrate an ability to successfully decrypt the server random number, the user is authenticated and access is authorized.;The process further comprises an encrypted user random number. Encryption of the user random number comprises the use of a server-controlled value. The web server's ability to return to the user a decryption of the encrypted user random number serves as confirmation that the web site is legitimate.;In a preferred embodiment all communications of login values between the user and the web server are encrypted.;In an embodiment a user is provided with a key for encrypting user random numbers and for decrypting server random numbers. The key may be automatically updated on a predetermined schedule. |
| 申请公布号 |
US2016337132(A1) |
申请公布日期 |
2016.11.17 |
| 申请号 |
US201515111876 |
申请日期 |
2015.01.15 |
| 申请人 |
XORKEY B.V. |
发明人 |
Ruiter Timotheus Martinus Cornelis |
| 分类号 |
H04L9/32;H04L9/30;H04L9/14;H04L29/06;H04L9/00 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A process for authorizing a user's access to a limited access network, said process comprising:
a. receiving at a server a user's connection request; b. upon establishing the requested connection, communicating to the user a server-controlled value; c. receiving at the server a user's login request comprising a UserID or a derivative thereof, and a user challenge encrypted with a key held by the user and the server-controlled value; d. locating a user key associated with the UserID; e. generating a server random number and encrypting the server random number with the user key; f. sending the encrypted server random number to the user; g. receiving a value from the user confirming the user's ability to decrypt the encrypted server random number. |
| 地址 |
Zuid-Scharwoude NL |
