首页>
外国专利>
Protecting passwords and biometrics against back-end security breaches
Protecting passwords and biometrics against back-end security breaches
展开▼
机译:保护密码和生物识别技术免受后端安全漏洞的侵害
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.
展开▼