US 12,289,404 B2
Password similarity checking using homomorphic encryption operations
Roy Hodgman, Cambridge, MA (US); and Vasudha Shivamoggi, Cambridge, MA (US)
Assigned to Rapid7, Inc., Boston, MA (US)
Filed by Rapid7, Inc., Boston, MA (US)
Filed on Feb. 27, 2024, as Appl. No. 18/588,077.
Application 18/588,077 is a continuation of application No. 17/666,824, filed on Feb. 8, 2022, granted, now 11,930,108.
Prior Publication US 2025/0062897 A1, Feb. 20, 2025
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/08 (2006.01); G06F 21/45 (2013.01); H04L 9/00 (2022.01)
CPC H04L 9/0863 (2013.01) [G06F 21/45 (2013.01); H04L 9/008 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a password management system implemented by a one or more computer systems, configured to:
perform a password conformity check on a first password, including to:
perform a homomorphic encryption operation on the first password to obtain a first character string, wherein the homomorphic encryption operation when performed on two given strings produces two encrypted strings that preserve a distance between the two given strings;
compare the first character string to a previous character string stored in a password data store and generated by the homomorphic encryption operation on a previous password to determine a first password similarity value between the first password and the previous password; and
based on the first password similarity value, reject the first password and request an alternative password;
perform the password conformity check on the alterative password, including to:
perform the homomorphic encryption operation on the alternative password to generate a second character string;
compare the second character string to the previous character string to determine a second password similarity value;
accept the alternative password based on the second password similarity value; and
store the second character string generated from the alternative password in the password data store.