US2021211287A1PendingUtilityA1

Systems and methods of authentication using entropic threshold

43
Assignee: BLOCKGEN CORPPriority: Jan 3, 2020Filed: Oct 15, 2020Published: Jul 8, 2021
Est. expiryJan 3, 2040(~13.5 yrs left)· nominal 20-yr term from priority
H04L 9/50H04L 9/3226H04L 9/3236G06F 21/46H04L 9/3213H04L 9/3218G06F 21/64H04L 9/14G06F 21/602H04L 9/0863
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Disclosed herein are embodiments of systems, methods, and products for authentication using entropic threshold. A server may require a user to create a series of security questions to which only the user has the answers. The answers to the security questions may satisfy an entropic threshold. Based on the answers to the security questions, the client device may generate a passphrase and encrypt the user's private key based on the passphrase. The server may also store the encrypted private key and the series of security questions into a database. When the user tries to access the private key, the server may send the user's security questions and encrypted private key. The client device may require the user to provide the answer to each security question. When the client device receives answers to all security questions, the client device may use the resulting passphrase to decrypt the user's encrypted private key.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A device-implemented method comprising:
 receiving, by a client device, a set of one or more security questions and a set of one or more security answers via a user interface, wherein a security question is at least one of a text and an image;   calculating, by the client device, an entropy score for each security answer and a total entropy score for the set of security answers based upon the entropy score for each of the security answers;   in response to the client device determining that the total entropy score for the set of security answers satisfies an entropic threshold:
 encrypting, by the client device, one or more private keys using the set of security answers; and 
 transmitting, by the client device, to a server the set of security questions and the one or more private keys. 
   
     
     
         2 . The method according to  claim 1 , further comprising:
 encrypting, by the client device, private data associated with a user using a private key of the one or more private keys,   wherein the client device uses the set of security answers to encrypt the one or more private keys and uses the private key to encrypt the private data.   
     
     
         3 . The method according to  claim 1 , further comprising:
 generating, by the client device, a passphrase based on the set of security answers satisfying the entropic threshold,   wherein the client device encrypts the one or more private keys using the security answers according to the passphrase generated from the set of security answers.   
     
     
         4 . The computer-implemented method of  claim 3 , further comprising:
 generating, by the client device, an encryption key using a key-stretching algorithm based on the passphrase; and   encrypting, by the client device, the one or more private keys using the encryption key.   
     
     
         5 . The method according to  claim 1 , further comprising:
 receiving, by the client device, a request to protect the one or more private keys, the request indicating a security level associated with the entropic threshold; and   establishing, by the client device, the entropic threshold associated with the security level indicated by the request.   
     
     
         6 . The method according to  claim 1 , wherein the client device iteratively receives each respective security answer, iteratively calculates the entropy score for the security answer, and iteratively updates the total entropy score based upon each of the entropy scores calculated for each of the security answers received. 
     
     
         7 . The method according to  claim 6 , the method further comprising:
 in response to the client device determining that the total entropy score fails to satisfy the entropic threshold for a given iteration:
 presenting, by the client device, a request via the user interface for an additional security question for the set of security questions and a corresponding additional security answer for the set of security answers. 
   
     
     
         8 . The method according to  claim 1 , further comprising:
 receiving, by the client device, a set of locator questions and a set of locator answers via the user interface;   calculating, by the client device, a locator entropy score for each locator answer and a total locator entropy score for the set of locator answers based upon each of the locator entropy scores;   in response to the client device determining that the total locator entropy score for the set of locator answers satisfies a locator entropic threshold:
 generating, by the client device, an account key for determining user account data using the set of locator answers. 
   
     
     
         9 . The method according to  claim 1 , further comprising generating, by the client device, an account identifier for identifying user account data stored in a database using an account key. 
     
     
         10 . The method according to  claim 1 , further comprising:
 generating, by the client device, an account data key based upon an account key; and   encrypting, by the client device, the set of security questions using the account data key when transmitting the set of security questions to the server.   
     
     
         11 . The method according to  claim 1 , further comprising generating, by the client device, a proof of knowledge token for the set of security answers using an account key and the set of security answers, wherein the client device transmits the proof of knowledge token to the server for storage in a database with the set of security questions. 
     
     
         12 . The method according to  claim 1 , further comprising:
 displaying, by the client device, a canvas via the user interface to receive one or more shapes drawn by user input; and   generating, by the client device, the one or more private keys based upon the one or more shapes.   
     
     
         13 . A computer-implemented method comprising:
 transmitting, by a client device, to a server an account identifier and a request to access one or more private keys associated with a user;   displaying, by the client device, via a user interface one or more security questions associated with the account identifier and received from the server, wherein a security question is at least one of a text and an image;   receiving, by the client device, via the user interface one or more security answers corresponding to the one or more security questions, wherein a total entropy score for the one or more security answers satisfies an entropic threshold;   generating, by the client device, a passphrase using the one or more security answers; and   decrypting, by the client device, the one or more private keys associated with the user using the passphrase.   
     
     
         14 . The method according to  claim 13 , further comprising:
 generating, by the client device, an encryption key using a key-stretching algorithm based on the passphrase,   wherein the client device decrypts the one or more private keys using the encryption key generated from the passphrase.   
     
     
         15 . The method according to  claim 13 , further comprising:
 displaying, by the client device, a set of locator questions in response to receiving the request to access the one or more private keys;   receiving, by the client device, a set of locator answers corresponding to the set of locator questions; and   generating, by the client device, an account key for determining user account data using the set of locator answers.   
     
     
         16 . The method according to  claim 13 , further comprising:
 generating, by the client device, the account identifier for identifying user account data stored in a database using an account key, the user account data including the one or more security questions,   wherein the client device transmits the account identifier to the server with the request for access to the one or more private keys.   
     
     
         17 . The method according to  claim 13 , further comprising:
 generating, by the client device, an account data key based upon an account key; and   decrypting, by the client device, the one or more security questions received from the server using the account data key.   
     
     
         18 . The method according to  claim 13 , further comprising:
 generating, by the client device, a proof of knowledge token based upon an account key and the one or more security answers received via the user interface; and   transmitting, by the client device, the proof of knowledge token to the server.   
     
     
         19 . The method according to  claim 18 , further comprising:
 receiving, by the client device, from the server the one or more private keys in an encrypted form,   wherein the proof of knowledge token transmitted to the server matches a stored proof of knowledge token, and wherein the client device decrypts the one or more private keys using the passphrase generated from the set of security answers.   
     
     
         20 . The method according to  claim 1 , wherein the one or more private keys are stored in a blockchain.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.