| CPC H04L 9/3231 (2013.01) [H04L 9/0894 (2013.01); H04L 9/3073 (2013.01); H04L 9/3271 (2013.01)] | 15 Claims |
|
1. A method for performing an offline login of a user to a local device, the method comprising:
generating a pair of an auxiliary (AUX) public key and an AUX private key;
receiving, from an authentication service, a password at the local device, wherein the password is associated with the user, wherein receiving the password comprises:
receiving an encrypted password from the authentication service by the local device; and
decrypting the encrypted password with a local private key to obtain the password;
reconstructing a symmetric key;
encrypting the password with the AUX public key to obtain a locally encrypted password, and storing the locally encrypted password on the local device;
encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key, and storing the encrypted AUX private key on the local device;
deleting the symmetric key; and
performing the offline login of the user when the authentication service is unavailable by:
verifying an identity of the user by an authenticator;
reconstructing the symmetric key from a first value stored on the local device and a second value stored on the authenticator;
decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key;
decrypting the locally encrypted password with the AUX private key to obtain the password; and
using the password to perform the offline login.
|