GB2620388A - Secure storage of data - Google Patents

Secure storage of data Download PDF

Info

Publication number
GB2620388A
GB2620388A GB2209779.4A GB202209779A GB2620388A GB 2620388 A GB2620388 A GB 2620388A GB 202209779 A GB202209779 A GB 202209779A GB 2620388 A GB2620388 A GB 2620388A
Authority
GB
United Kingdom
Prior art keywords
mask
data
password
data item
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2209779.4A
Other versions
GB202209779D0 (en
Inventor
Chawdhry Herschel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oxford University Innovation Ltd
Original Assignee
Oxford University Innovation Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oxford University Innovation Ltd filed Critical Oxford University Innovation Ltd
Priority to GB2209779.4A priority Critical patent/GB2620388A/en
Publication of GB202209779D0 publication Critical patent/GB202209779D0/en
Priority to PCT/GB2023/051620 priority patent/WO2024009052A1/en
Publication of GB2620388A publication Critical patent/GB2620388A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Electromagnetism (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Securely storing a data item by obtaining the item; generating a mask from a password using a deterministic algorithm, the mask matching the length of the data item; and using the mask to determine the basis for each qubit used to store the item in quantum memory. A key may be produced S1 from a random number, the key may be the data item to be stored. A password is received S3 and processed S4 to form a sequence of equal length to the key. The sequence may act as a mask for password storage, this mask determines the basis of each qubit for storage S5. During retrieval a password is received (fig. 4 S6) and processed (fig. 4 S7) to form a sequence which allows the relevant qubits to be read (fig. 4 S8) in the correct basis so the item may be retrieved and used (fig. 4 S9). The basis is unknown to those without the password, if the wrong password and therefore basis is used it may be impossible to retrieve the stored item as the old basis may be irretrievably lost. A plurality of data items may be stored in a plurality of separate quantum memories.

Description

SECURE STORAGE OF DATA
Field
100011 The present invention relates to the storage of data in a secure manner, in particular to the storage of data in such a manner that an adversary is limited in the number of guesses of a password required for access that can be made.
Background
100021 Many computer systems and data need to be secured against unauthorised access.
Passwords are a very convenient form of authentication used to gain authorised access Unlike physical authentication tokens (e.g. an ATM card or a door key), a password is ideally memorised and therefore cannot be physically stolen or lost. However, since most people are not capable of memorising long strings of random characters, many people choose short and/or common passwords. Therefore, there is a risk that an adversary might break into a password-protected system by simply guessing the right password. In many situations, the adversary has the advantage of being able to use a computer to try millions of passwords until they find the correct one: this is known as a brute-force attack. Brute-force attacks are a major vulnerability of password-protected systems, particularly in cases where the adversary has physical access to the system (e.g. a thief trying to access the data on a stolen laptop) or an off-line copy of encrypted data To protect against brute-force attacks, users are typically required to choose complicated passwords, but this increases the risk of forgetting the password. Writing the password down is not desirable as it makes it vulnerable to either misplacement or theft.
Summary
100031 It is an aim of the invention to improve security and/or user convenience, e.g. by allowing users to use simple passwords without becoming vulnerable to brute-force attacks, even if an adversary gains full physical access to a protected system.
100041 According to the invention there is provided a method of securely storing data comprising: obtaining a data item to be stored; receiving a user password; generating a mask from the user password using a deterministic algorithm, the mask matching the length of the data item; and storing the data item in a quantum memory using the mask to determine the basis for storage.
100051 According to the invention there is provided a method of retrieving securely stored data comprising: receiving a user password; generating a mask from the user password using a deterministic algorithm, the mask matching the length of a data item to be retrieved; and accessing the data item in a quantum memory using the mask to determine the basis for access to the quantum memory.
100061 According to the invention there is provided a computer program comprising computer-readable code means for instructing a computer system to perform a method as described above.
100071 According to the invention there is provided a security device comprising a processor, a quantum memory and a memory storing instructions to perform a method as described above.
Brief Description of the Drawings
100081 The present invention is described below with reference to exemplary embodiments and the accompanying schematic drawings, in which: 100091 Figure 1 depicts a computer system in which the present invention may be embodied; 100101 Figure 2 depicts a security device according to an embodiment of the invention; 100111 Figure 3 is a flow chart of an encryption method according to an embodiment of the invention; and 100121 Figure 4 is a flow chart of an decryption method according to an embodiment of the invention.
100131 In the drawings, like parts are indicated by like references.
Detailed Description of Embodiments
100141 The strength of a password is quantified by its entropy, which is measured in bits. If a password consists of randomly-chosen case-insensitive letters, each letter carries log7(26) r-r, 4.7 bits of entropy. If rather than being random, the letters spell out a sentence, then the entropy is generally estimated to be approximately 1 bit per letter. The difficulty of a brute-force attack increases exponentially with the total entropy of a password. In high-security domains, it is standard practice to use encryption keys that are at least 256 bits long. This is equivalent to a sequence of 55 random letters, and is therefore too difficult to memorise (for most users). The authentication protocol presented here allows encryption/authentication keys of arbitrarily high entropy to be used, while only requiring the user to memorise a simple low-entropy password.
100151 The quantum-mechanical aspects of the protocol are described in terms orqubits", which are the quantum-mechanical equivalent of the "0"s and "I"s of classical computing/communication. There are numerous different ways to implement qubits in practice, and the protocol is not affected by the choice of implementation. Just like its classical analogue, a qubit can take one of two values, 0 or 1. In contrast to the classical case, however, a "basis" must be chosen before reading from or writing to a qubit. If one first writes to a qubit using one basis and later reads the qubit using a different basis, the qubit will spontaneously adopt a random value (0 or I) along the new basis, and the former value in the old basis will be irretrievably destroyed. This property, known as conjugate coding, is widely used in quantum communications and is used in the present invention.
100161 This invention uses quantum mechanics to improve on password-based authentication systems. A secure (but long) password is randomly generated and stored inside qubits, in a basis that depends on a simple password chosen by the user. Any suitable random or pseudo-random number generating process may be used, the more truly random the better.
The qubits are stored by the "host" (e.g. the server), not the user. To prove their identity, the only thing the user needs is knowledge of the password; there is no requirement for them to carry a physical authentication token (such as a smart card, key fob, or other cryptographic device). However an additional factor, such as a physical token or biometric sensor, can be used as well for additional security. The process and an exemplary system in which it can be implemented is described in more detail below.
100171 Figure 1 depicts a system in which the present invention may be embodied. A user device 10 communicates with a security device 20 which controls access to a secured system 30 which, in turn, controls access to securely stored data 40.
100181 As depicted in Figure 2, security device 20 includes a random number generator 21 for generating a long random number. An input interface 22 receives a user password or pin, e.g. from user terminal 10. Mask generator 23 processes the user password or pin into a bit sequence of equal length of the long random number generated by random number generator 21. Write module 26 uses a bit sequence generated by mask generator 23 to control storage of the random number generated by random number generator 21 into a quantum memory 28 which comprises qubits QB_1 to QB N, equal in number to the length in bits of the random number. As discussed further below, multiple parallel qubit memories 28 may be provided. For readout, readout module 27 similarly uses the mask generated from the user's password or pin to readout from quantum memory 28. Output processor 24 performs any desired processes on the data item retrieved from quantum memory 28 and output interface 25 communicates the processed output for the desired use 100191 Part A: "encryption" -depicted in Figure 3 Sl. A secure N-bit key S= {S /, ..."S NI is randomly generated by a classical or quantum method (with e.g. N=256 bits). S is an example of a data item to be securely stored.
S2. S is used for the process that originally required a strong password (e.g. encrypting a hard drive, registering an account, etc.) 53. The user's password, i ived, e.g. from the user or an automatic password generator.
54. The user's password, which can be simple, is deterministically compressed to produce a high-entropy-per-bit sequence P = {P 1, P m). Note that m is typically small if the user's password is simple. P is repeated to obtain a bit string B = {P 1, Pm, P I, . Pm, } of the same length as S. S5. S is stored in the qubits QB 1 to QB N, with B determining the basis for each qubit.
(Specifically, store Si in qubit QB_i using the x-basis if B_i = 0 and the y-basis if B_i = 1 (or vice versa)). For this purpose, B may be considered an example of a mask for storing the 30 password s rece 100201 Part B: "decryption" depicted in Figure 4 S6. The user's password, is received, e.g from the user.
57. Same as step 4.
S8, Obtain S by reading QB 1 to QB N in the basis B 1 to B N. S9, Use S for the purpose that is complementary to step 2 (e.g. decrypting a hard drive, logging into an account, etc.) [0021] The security of the system arises because an adversary who does not know the user's password would not know which basis to use in step 58. Without knowing the correct basis, any measurement made on quantum memory 28 will alter the state of quantum memory 28, making it forever impossible thereafter to retrieve S. Technically, random measurements on quantum memory 28 provide the adversary with some information about S, but this can be mitigated by increasing N by a small factor e.g. about 2 to 4.
100221 Various modifications and extensions of the above protocol are possible. For example, when storing Sin the qubits QB_1 to QB_N, it is possible to use 3 mutually orthogonal bases rather than 2. (These 3 bases correspond to the x, y, z directions on the Bloch sphere.) To do this, P and B should be sequences of trits (i.e. numbers from the set {0,1,2}) rather than bits (numbers from the set {0,11). This means an adversary who tries to randomly guess B will only obtain the correct basis for one third of the qubits, rather than one half 100231 Another variation is, if S has N bits, to use N*IVI qubits for some small M (e.g. M=5) to exponentially reduce power of random guessing. An algorithm (which may or may not be deterministic) -e.g. secret sharing, finite-field-based encoding, or salting -is used to generate a longer number S' to store, such that on retrieval S can be obtained from ' by a deterministic algorithm such as hashing or decryption. This has the advantage that even if an adversary obtains some information about S' they have virtually no useful information about S. 100241 It could be beneficial to modify the method in order to accommodate noisy qubits, e.g. by using Reed-Solomon encoding to store S. (However, it may be advantageous to tolerate only a small amount of noise, since high tolerance to noise could benefit an adversary.) 100251 Instead of steps S4 and S7, one can generate an alternative basis B' (instead of B) by applying an N-bit cryptographic hash to the user's password.
100261 In the form described above, the protocol only allows a single password attempt. This maximises the difficulty of a brute-force attack. However, it may be beneficial to allow more than one attempt, in order to tolerate user mistakes. T attempts can be allowed by providing T parallel quantum memories 28, each storing a distinct, independently-generated value of 5, which can be denoted £2. Note that by allowing the user to make T attempts, we also allow an adversary to make T attempts, so it is desirable that T is a small number (e.g. 10) -enough to help an honest user but not enough to significantly help an adversary. The parallel quantum memories should not store the same value S using the same basis as this would allow the adversary to determine the value S by making multiple read attempts. Also, note that to have T parallel quantum memories, we of course require T times more qubits.
100271 Given that each of the parallel memories 28 stores a different value 522, each of the values Su must give access to the protected system. Since S, can be made almost arbitrarily long, this does not significantly reduce security. However if the protected system is encrypted data, it would be inconvenient to store multiple copies of the data, each encrypted with a different SH. This can be avoided by storing the data encrypted by an intermediate key S", again which can be almost arbitrarily long, and storing multiple copies of the intermediate key Si, each encrypted by a different one of Sy, as a plurality of encrypted key files. The use of an intermediate key in this way may be advantageous in other circumstances, e.g. to avoid having to re-encrypt the protected data after a successful access or to allow multiple users to access the data.
100281 The protocol is not limited to the use of a specific form of qubit; any type of quantum system that provides multiple bases for storing can be used, irrespective of the underlying technology. It is desirable that the quantum information storage device used provides longterm storage, in order to allow Part B of the protocol to take place several hours/days/months after Part A. Current candidates for long-term quantum information storage (or "quantum memory") include: an optically trapped ultracold gas of RbCs molecules; a 171Yb+ single on qubit memory; an ion-doped crystal. The exact length of time required will depend on the application. In some cases, e.g. to allow time-limited access to data or a facility or to authorise high value rapid transactions, a short storage time may be an advantage.
100291 In some types of qubit, a successful read with the correct basis will leave the content of the qubit unchanged. In that case no additional measures are required to allow multiple use. In other cases, read out of the qubit effectively erases it, in which case the key S is stored again into memory using the same basis. Keeping S the same in this case likely does not reduce security to a significant extent but it is also possible to generate a new key S to store again.
100301 Unlike many applications of quantum memory, this protocol does not require the qubits to be entangled with each other. This means that the protocol can be implemented using a series of single-qubit memories, rather than requiring a (much more challenging) multi-qubit quantum memory.
100311 There are numerous applications of this protocol, since password-based authentication is so common in the modem world. It would be particularly valuable in offline authentication situations that lack a secure authority who can limit the number of password attempts. Examples include protecting portable devices like laptops and mobile phones. The protocol is also valuable in situations with online authentication: recent years have seen numerous cases where the secure authority (e.g. a web server) has been hacked, leading to the theft of databases of hashed/encrypted passwords which the attacker can then attempt to decode via brute force.
100321 Other applications of the protocol include controlling access to buildings, bank vaults, confidential archives, sensitive information, etc.. These applications do not require miniaturisation of the qubit storage technology. The data item to be stored is not restricted to a key for encryption of other data but may have other uses, e.g, an access token or address.
100331 An advantageous application of the invention for access control is as follows. A strong key S is generated for a user to access a protected system. The protected system stores a hash of strong key Sin its own secured memory. An access control device stores the strong key Sin a quantum storage system of the invention, protected by the user's memorable password. When seeking access to the protected system, the user provides their memorable password to the access control device, which recovers the secure key from the quantum memory and supplies it to the protected system, which grants access if the hash of the supplied key matches the hash previously stored in its secure memory. If an adversary breaches the access control device and gains full access to the qubits contained inside it, the adversary is limited in the number of guesses they can make of the user's memorable password in order to recover the strong key S and gain access to the protected system. Even if an adversary breaches the access control device and, by other means, also breaches the protected system, thereby obtaining full access to the qubits and the hash of the secure password S, the adversary is limited in the number of guesses they can make to determine the user's memorable password with the aim of subsequently accessing other independent systems on which the user has re-used their memorable password. Thus a common weakness that a breach of one system leads to a breach of other independent systems (due to password re-use by users) is avoided.
100341 The methods of the present invention may be performed by computer systems comprising one or more computers. A computer used to implement the invention may comprise one or more processors, including general purpose CPUs, graphical processing units (GPUs), tensor processing units (TPU) or other specialized processors. A computer used to implement the invention may be physical or virtual. A computer used to implement the invention may be a server, a client or a workstation. Multiple computers used to implement the invention may be distributed and interconnected via a network such as a local area network (LAN), wide area network (WAN) or quantum communication network. Individual steps of the method may be carried out by a computer system but not necessarily the same computer system. For example, the invention may be applied in an arrangement where the user interacts with a mobile device whilst the quantum memory is maintained by a server, which carries out at least steps S5 and S8. Results of a method of the invention may be displayed to a user or stored in any suitable storage medium. The present invention may be embodied in a non-transitory computer-readable storage medium that stores instructions to carry out a method of the invention. The present invention may be embodied in a computer system comprising one or more processors and memory or storage storing instructions to carry out a method of the invention. The present invention may be incorporated into software updates or add-ons for a pre-existing system or device.
100351 Having described the invention it will be appreciated that variations may be made to the above described embodiments which are not intended to be limiting. The invention is defined in the appended claims and their equivalents.

Claims (1)

  1. CLAIMS1. A method of securely storing data comprising: obtaining a data item to be stored; receiving a user password; generating a mask from the user password using a deterministic algorithm, the mask matching the length of the data item, and storing the data item in a quantum memory using the mask to determine the basis for storage 2. A method according to any one of the preceding claims wherein obtaining a data item comprises generating a random or pseudo-random number.3. A method according to any one of the preceding claims further comprising encrypting a data file using the data item as a key to generate an encrypted data file 4. A method according to claim 3 further comprising storing the encrypted file in a classical memory.5. A method according to any one of the preceding claims wherein storing the data item comprises storing a plurality of data items in a plurality of separate quantum memories.6. A method according to claim 5 further comprising encrypting a data file using an intermediate key to generate an encrypted data file; encrypting the intermediate key separately with each of the data items as secondary keys to generate a plurality of encrypted key files.7. A method of retrieving securely stored data comprising: receiving a user password; generating a mask from the user password using a deterministic algorithm, the mask matching the length of a data item to be retrieved; and accessing the data item in a quantum memory using the mask to determine the basis for access to the quantum memory.8. A method according to claim 7 further comprising using the data item as a key to decode an encrypted file.9. A method according to claim 8 wherein the encrypted file is an encrypted key file and further comprising using the content of the encrypted key file as a key to decrypt an encrypted data file.10. A method according to any one of the preceding claims wherein generating a mask comprises deterministically compressing the user password to produce a digit-sequence haying a high entropy per digit.11. A method according to claim 10 wherein generating a mask further comprises repeating the digit-sequence.12. A method according to any one of the preceding claims wherein generating a mask comprises hashing the user password.13. A method according to any one of the preceding claims wherein the mask is a ternary 20 number and the quantum memory has three orthogonal bases for each qubit.14 A method according to any one of the preceding claims wherein the data item has greater entropy than the user password.15. A computer program comprising computer-readable code means for instructing a computer system to perform a method according to any one of the preceding claims.16. A security device comprising a processor, a quantum memory and a memory storing instructions to perform a method according to any one of claims 1 to 14.
GB2209779.4A 2022-07-04 2022-07-04 Secure storage of data Pending GB2620388A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB2209779.4A GB2620388A (en) 2022-07-04 2022-07-04 Secure storage of data
PCT/GB2023/051620 WO2024009052A1 (en) 2022-07-04 2023-06-21 Secure storage of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2209779.4A GB2620388A (en) 2022-07-04 2022-07-04 Secure storage of data

Publications (2)

Publication Number Publication Date
GB202209779D0 GB202209779D0 (en) 2022-08-17
GB2620388A true GB2620388A (en) 2024-01-10

Family

ID=82802588

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2209779.4A Pending GB2620388A (en) 2022-07-04 2022-07-04 Secure storage of data

Country Status (2)

Country Link
GB (1) GB2620388A (en)
WO (1) WO2024009052A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004056357A (en) * 2002-07-18 2004-02-19 Tamagawa Gakuen Method for authenticating registered user employing quantum key
US20180034639A1 (en) * 2011-10-04 2018-02-01 International Business Machines Corporation Multiple credentials for mitigating impact of data access under duress
CN112187448A (en) * 2019-07-01 2021-01-05 北京国盾量子信息技术有限公司 Data encryption method and system
CN113852463A (en) * 2021-09-27 2021-12-28 上海市质量监督检验技术研究院 Quantum image encryption method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7454782B2 (en) * 1997-12-23 2008-11-18 Arcot Systems, Inc. Method and system for camouflaging access-controlled data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004056357A (en) * 2002-07-18 2004-02-19 Tamagawa Gakuen Method for authenticating registered user employing quantum key
US20180034639A1 (en) * 2011-10-04 2018-02-01 International Business Machines Corporation Multiple credentials for mitigating impact of data access under duress
CN112187448A (en) * 2019-07-01 2021-01-05 北京国盾量子信息技术有限公司 Data encryption method and system
CN113852463A (en) * 2021-09-27 2021-12-28 上海市质量监督检验技术研究院 Quantum image encryption method and system

Also Published As

Publication number Publication date
GB202209779D0 (en) 2022-08-17
WO2024009052A1 (en) 2024-01-11

Similar Documents

Publication Publication Date Title
CN106534092B (en) The privacy data encryption method of key is depended on based on message
EP1043862B1 (en) Generation of repeatable cryptographic key based on varying parameters
US9740849B2 (en) Registration and authentication of computing devices using a digital skeleton key
US6986050B2 (en) Computer security method and apparatus
US8817981B2 (en) Generation of registration codes, keys and passcodes using non-determinism
US8209751B2 (en) Receiving an access key
US20030219121A1 (en) Biometric key generation for secure storage
US20080288786A1 (en) System with access keys
US20090158049A1 (en) Building a security access system
Belenko et al. “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?
US8195959B2 (en) Encrypting a credential store with a lockbox
Boonkrong Security of passwords
US11601291B2 (en) Authentication method and device for matrix pattern authentication
US20210105255A1 (en) Encrypted Data Processing System and Program
Gupta et al. A model for biometric security using visual cryptography
GB2620388A (en) Secure storage of data
Sreelaja et al. An image edge based approach for image password encryption
US20230104633A1 (en) Management system and method for user authentication on password based systems
McGiffen Hashing and salting of passwords
WO2022223136A1 (en) Method and communication system for supporting key recovery for a user
WO2018236351A1 (en) Symmetrically encrypt a master passphrase key
CN118072426B (en) Hash-based intelligent door lock user information storage method, unlocking method and intelligent door lock
Turakulovich et al. Comparative factors of key generation techniques
Chakraborty et al. A Study on Password Protection and Encryption in the era of Cyber Attacks
Maddox et al. Modern password security for users