| 摘要 |
The present invention relates to a method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network. In one embodiment this is accomplished by, requesting to receive an application at the first entity from the second entity via the communication network, activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity and allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc. |
| 主权项 |
1. A method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network, the method comprising:
having a pre-installed application or requesting to receive an application at the first entity from the second entity via the communication network; activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity; and allowing the user to register with an application of the second entity by the first entity, wherein the registration includes:
entry of a password on the first entity, and generating a multi-factor encryption key on the second entity, based on a second entity view of the user-entered password, wherein the step of registration with the application of the second entity by the first entity comprising:
initializing once on the first and second entity to generate a random ordered collection of items using a cryptographic random string generator, wherein the random ordered collection of items includes bytes, images, voices, characters;mapping the received user password at the first entity to an ordered list of index positions as per the items positions in the ordered collection of items;transmitting the list of index positions to the second entity;mapping the received list of index positions to the corresponding items in the random ordered collection of items of the second entity in order to decipher the second entity's view of the password entered by the user at the first entity and to derive user specific second entity key; andshuffling the random ordered collection of items of the first entity pseudo randomly after each password entry, and the random ordered collection of items of the second entity after each authentication attempt such that the shuffling is in synchronization with the first entity,wherein the user entered password is always transformed using the random ordered collection of items on the first entity before it is used on the second entity, and wherein the second entity uses another random ordered collection of items to deduce a different password, which is generated in a synchronized manner with the first entity, and at least one of the method steps is implemented by a hardware processor. |
