| 发明名称 |
Secure offline authentication |
| 摘要 |
A user workstation stores a vendor identifier and encrypted data comprising a first string of randomized data, a second string of randomized data, and encrypted text, the encrypted text further comprising a first security answer. The user workstation receives credentials information and a second security answer. The user workstation then generates an encryption key. Further, the user workstation uses the encryption key to decrypt the encrypted text and extract the first security answer. Then, the user workstation compares the second security answer with the first security answer and authenticates the second username if the second security answer is the same as the first security answer. |
| 申请公布号 |
US9602284(B1) |
申请公布日期 |
2017.03.21 |
| 申请号 |
US201514852204 |
申请日期 |
2015.09.11 |
| 申请人 |
Bank of America Corporation |
发明人 |
Iyer Shankar Ramasubramanian;Dominique Maria Auxilia;Khandelwal Ankit A.;Desai Dhrumit;Keerthi Navanith R.;Tangutur Lavanya |
| 分类号 |
H04L9/32;H04L9/08;H04L29/06 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
Springs Michael A. |
| 主权项 |
1. An offline authentication system comprising:
a server configured to:
receive first credentials information and a vendor identifier;apply a hash function to the first credentials information;generate a first encryption key by using the vendor identifier, the hashed first credentials information, and a first string of randomized data;receive a first security answer and apply a hash function to the first security answer;generate encrypted text using the hashed first security answer, the first encryption key, and a second string of randomized data;combine the first string of randomized data, the second string of randomized data, and the encrypted text to generate encrypted data;send the encrypted data to a user workstation associated with the vendor identifier; the user workstation configured to receive and store encrypted data when coupled to the server; the user workstation, when decoupled from the server, configured to:
receive second credentials information;apply a hash function to the second credentials information;receive a second security answer and apply a hash function to the second security answer;generate a second encryption key using the hashed second credentials information, the vendor identifier, and the first string of randomized data;use the second encryption key and the second string of randomized data to decrypt the encrypted text to extract the hashed first security answer;compare the hashed second security answer with the hashed first security answer; andauthenticate the second credentials information if the hashed second security answer is the same as the hashed first security answer. |
| 地址 |
Charlotte NC US |
