Patent Issued for Authentication Data Migration (USPTO 10,986,084)
2021 APR 29 (NewsRx) -- By a
The patent’s inventors are Dobbs, II,
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Out of consideration for cost saving or when the hardware is no longer suitable, desirable, and/or available, there may be a need for a computer system migration where data is transferred from one computer system to another. For example, a computer system migration may refer to transferring data from a mainframe computer to a more open system, such as a cloud computing platform. However, migrating from an old computer system to a new computer system could be inconvenient for the users. In some instances, the users may be required to reregister a new account with the new system. For example, users may need to change their authentication credentials and create a new set of authentication credentials with the new computer system because the old computer system may not be able to transfer the users’ authentication credentials (e.g., password) to the new system due to technical challenges or security considerations. In typical security systems, passwords stored in the old system may be opaque to the new system. In other words, it is not always secure to directly transfer the passwords from the old system to the new system in plaintext. As a result, it may be difficult for the new system to authenticate the users.
“As discussed above, in the existing and conventional methods, the new system may require the users to reregister to be authenticated. The new system may also create a new database to store the new passwords. Otherwise, whenever a user tries to log into the new system after the system migration, it may be required that the old system authenticates the user in the transition phase. In the meantime, the new system may capture the inputted account passwords, and save into a new database. Overtime, after all the users login, the new system may obtain their passwords, and retire the old system. In other words, there may be two different systems operating at the same time during the transition phase. These conventional methods and solutions have created several shortcomings and a new set of technical challenges. Requiring all the users to reregister would be inconvenient and waste the users’ time, which may have negative impacts on the user experience. Requiring the old system to do authentication may create a need for a parallel run of both systems during the transition phase, which may be difficult for system maintenance. It may also be hard for customer service to deal with two different back-end systems.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “For the aforementioned reasons, there is a need for a secure system to completely retire the old system and rely entirely on the new system, while allowing the users to retain their old passwords. Discussed herein are systems and methods for processing the user passwords to compute a string representation for each password, exporting the strings to the new system, authenticating users using the strings at the new system to retire the old system, and retaining use of the old passwords in security system migration.
“In one embodiment, a method comprises receiving, by a first server, from a second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receiving, by the first server, an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; querying, by the first server from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generating, by the first server, a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; comparing, by the first server, the first string and the second string to determine whether the first string matches the second string; and upon the first string matching the second string: authenticating, by the first server, the user by granting the user access to a user account associated with the user identifier; and replacing, by the first server, the first string with the user’s authentication data in the database.
“In another embodiment, a system comprises a second server; and a first server in communication with the second server and configured to: receive, from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receive an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; query, from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generate a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; compare the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticate the user by granting the user access to a user account associated with the user identifier; and replace the first string with the user’s authentication data in the database.
“It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the disclosed embodiments and subject matter as claimed.”
The claims supplied by the inventors are:
“What is claimed is:
“1. A method for transferring authentication data from a first server to a second server, comprising: receiving, by the first server and from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receiving, by the first server, an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; querying, by the first server from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generating, by the first server, a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; comparing, by the first server, the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticating, by the first server, the user by granting the user access to a user account associated with the user identifier; and replacing, by the first server, the first string with the user’s authentication data in the database; and wherein the second server is retired once at least a portion of the plurality of users’ authentication data has been transferred to the first server.
“2. The method of claim 1, further comprising: upon the first string does not match the second string, determining, by the first server, if the authentication data is reset by the user; and upon determining the authentication data is not reset, notifying, by the first server, the user that authentication fails.
“3. The method of claim 1, wherein the first server is a new server, the second server is an old server, and a system migrates from the old server to the new server.
“4. The method of claim 1, wherein the hashing algorithm is one of SHA-0, SHA-1, SHA-2, and SHA-3.
“5. The method of claim 1, wherein the salt value is a randomly generated value.
“6. The method of claim 1, wherein the set of strings are character strings.
“7. The method of claim 1, wherein the authentication data is a password in plaintext format.
“8. The method of claim 1, further comprising, completing, by the first server, authentication data migration after each of the set of strings is replaced by the corresponding authentication data.
“9. The method of claim 1, wherein the second string is computed by using the authentication data and the salt value as inputs of the hashing algorithm, and appending the salt value to the hash value.
“10. The method of claim 1, further comprising: updating, by the first server, a field in the database to indicate the first string is replaced with the authentication data.
“11. A system for transferring authentication data from a first server to a second server, comprising: a second server; and a first server in communication with the second server and configured to: receive, from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receive an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; query, from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generate a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; compare the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticate the user by granting the user access to a user account associated with the user identifier; and replace the first string with the user’s authentication data in the database; and wherein the second server is retired once at least a portion of the plurality of users’ authentication data is transferred to the first server.
“12. The system of claim 11, wherein the first server is further configured to: upon the first string does not match the second string, determine if the authentication data is reset by the user; and upon determining the authentication data is not reset, notify the user that authentication fails.
“13. The system of claim 11, wherein the first server is a new server, the second server is an old server, and a system migrates from the old server to the new server.
“14. The system of claim 11, wherein the hashing algorithm is one of SHA-0, SHA-1, SHA-2, and SHA-3.
“15. The system of claim 11, wherein the salt value is a randomly generated value.
“16. The system of claim 11, wherein the set of strings are character strings.
“17. The system of claim 11, wherein the authentication data is a password in plaintext format.
“18. The system of claim 11, wherein the first server is further configured to complete authentication data migration after each of the set of strings is replaced by the corresponding authentication data.
“19. The system of claim 11, wherein the second string is computed by using the authentication data and the salt value as inputs of the hashing algorithm, and appending the salt value to the hash value.
“20. The system of claim 11, wherein the first server is further configured to update a field in the database to indicate the first string is replaced with the authentication data.”
For the URL and additional information on this patent, see: Dobbs, II,
(Our reports deliver fact-based news of research and discoveries from around the world.)
20 years after Baltimore’s Howard Street Tunnel fire, long-sought expansion project poised to begin
Common Crop Insurance Regulations; Forage Seeding Crop Insurance Provisions
Advisor News
- Sketching out the golden years: new book tries to make retirement planning fun
- Most women say they are their household’s CFO, Allianz Life survey finds
- MassMutual reports strong 2025 results
- The silent retirement savings killer: Bridging the Medicare gap
- LTC: A critical component of retirement planning
More Advisor NewsAnnuity News
- Advising clients wanting to retire early: how annuities can bridge the gap
- F&G joins Voya’s annuity platform
- Regulators ponder how to tamp down annuity illustrations as high as 27%
- Annual annuity reviews: leverage them to keep clients engaged
- Symetra Enhances Fixed Indexed Annuities, Introduces New Franklin Large Cap Value 15% ER Index
More Annuity NewsHealth/Employee Benefits News
- IF FINALIZED, PROPOSED CHANGES TO MEDICARE ADVANTAGE AND MEDICARE PART D WOULD IMPACT SENIORS' COVERAGE AND CARE IN 2027
- ASSEMBLYMEMBER WILSON INTRODUCES LEGISLATION TO PROTECT CALIFORNIANS FROM GENETIC AND BIOMARKER DISCRIMINATION IN INSURANCE
- SENATORS HASSAN, COLLINS INTRODUCE BIPARTISAN BILL TO HELP PEOPLE DIAGNOSED WITH TERMINAL ILLNESS OR SERIOUS DISABILITY ACCESS THEIR EARNED BENEFITS FASTER
- Study Results from Johns Hopkins University Broaden Understanding of Managed Care (Medicare Advantage Networks for Surgical Specialists): Managed Care
- How Personal Injury Claims Affect Future Health Insurance Coverage in Charlotte, NC
More Health/Employee Benefits NewsLife Insurance News
- Majority of Women Now Are the Chief Financial Officer of Their Household, Allianz Life Study Finds
- Most women say they are their household’s CFO, Allianz Life survey finds
- MassMutual Delivers Excellent 2025 Financial Results
- ACORE CAPITAL Named Alternative Lender of the Year ($15 Billion + AUM) by PERE Credit
- Baby on Board
More Life Insurance News