Patent Issued for Authentication Data Migration (USPTO 10,986,084)
2021 APR 29 (NewsRx) -- By a
The patent’s inventors are Dobbs, II,
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Out of consideration for cost saving or when the hardware is no longer suitable, desirable, and/or available, there may be a need for a computer system migration where data is transferred from one computer system to another. For example, a computer system migration may refer to transferring data from a mainframe computer to a more open system, such as a cloud computing platform. However, migrating from an old computer system to a new computer system could be inconvenient for the users. In some instances, the users may be required to reregister a new account with the new system. For example, users may need to change their authentication credentials and create a new set of authentication credentials with the new computer system because the old computer system may not be able to transfer the users’ authentication credentials (e.g., password) to the new system due to technical challenges or security considerations. In typical security systems, passwords stored in the old system may be opaque to the new system. In other words, it is not always secure to directly transfer the passwords from the old system to the new system in plaintext. As a result, it may be difficult for the new system to authenticate the users.
“As discussed above, in the existing and conventional methods, the new system may require the users to reregister to be authenticated. The new system may also create a new database to store the new passwords. Otherwise, whenever a user tries to log into the new system after the system migration, it may be required that the old system authenticates the user in the transition phase. In the meantime, the new system may capture the inputted account passwords, and save into a new database. Overtime, after all the users login, the new system may obtain their passwords, and retire the old system. In other words, there may be two different systems operating at the same time during the transition phase. These conventional methods and solutions have created several shortcomings and a new set of technical challenges. Requiring all the users to reregister would be inconvenient and waste the users’ time, which may have negative impacts on the user experience. Requiring the old system to do authentication may create a need for a parallel run of both systems during the transition phase, which may be difficult for system maintenance. It may also be hard for customer service to deal with two different back-end systems.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “For the aforementioned reasons, there is a need for a secure system to completely retire the old system and rely entirely on the new system, while allowing the users to retain their old passwords. Discussed herein are systems and methods for processing the user passwords to compute a string representation for each password, exporting the strings to the new system, authenticating users using the strings at the new system to retire the old system, and retaining use of the old passwords in security system migration.
“In one embodiment, a method comprises receiving, by a first server, from a second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receiving, by the first server, an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; querying, by the first server from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generating, by the first server, a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; comparing, by the first server, the first string and the second string to determine whether the first string matches the second string; and upon the first string matching the second string: authenticating, by the first server, the user by granting the user access to a user account associated with the user identifier; and replacing, by the first server, the first string with the user’s authentication data in the database.
“In another embodiment, a system comprises a second server; and a first server in communication with the second server and configured to: receive, from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receive an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; query, from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generate a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; compare the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticate the user by granting the user access to a user account associated with the user identifier; and replace the first string with the user’s authentication data in the database.
“It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the disclosed embodiments and subject matter as claimed.”
The claims supplied by the inventors are:
“What is claimed is:
“1. A method for transferring authentication data from a first server to a second server, comprising: receiving, by the first server and from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receiving, by the first server, an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; querying, by the first server from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generating, by the first server, a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; comparing, by the first server, the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticating, by the first server, the user by granting the user access to a user account associated with the user identifier; and replacing, by the first server, the first string with the user’s authentication data in the database; and wherein the second server is retired once at least a portion of the plurality of users’ authentication data has been transferred to the first server.
“2. The method of claim 1, further comprising: upon the first string does not match the second string, determining, by the first server, if the authentication data is reset by the user; and upon determining the authentication data is not reset, notifying, by the first server, the user that authentication fails.
“3. The method of claim 1, wherein the first server is a new server, the second server is an old server, and a system migrates from the old server to the new server.
“4. The method of claim 1, wherein the hashing algorithm is one of SHA-0, SHA-1, SHA-2, and SHA-3.
“5. The method of claim 1, wherein the salt value is a randomly generated value.
“6. The method of claim 1, wherein the set of strings are character strings.
“7. The method of claim 1, wherein the authentication data is a password in plaintext format.
“8. The method of claim 1, further comprising, completing, by the first server, authentication data migration after each of the set of strings is replaced by the corresponding authentication data.
“9. The method of claim 1, wherein the second string is computed by using the authentication data and the salt value as inputs of the hashing algorithm, and appending the salt value to the hash value.
“10. The method of claim 1, further comprising: updating, by the first server, a field in the database to indicate the first string is replaced with the authentication data.
“11. A system for transferring authentication data from a first server to a second server, comprising: a second server; and a first server in communication with the second server and configured to: receive, from the second server, a set of strings corresponding to a plurality of users’ authentication data, wherein each string corresponds to each user’s authentication data and is a hash value generated by the second server based at least on each user’s authentication data; receive an authentication request from a user of the plurality of users, wherein the authentication request comprises at least a user identifier and authentication data; query, from a database storing the set of strings received from the second server, a first string corresponding to the user’s authentication data based on the user identifier; generate a second string corresponding to the user’s authentication data by applying a hashing algorithm to the user’s authentication data and a salt value associated with the user; compare the first string and the second string to determine whether the first string matches the second string; upon the first string matching the second string: authenticate the user by granting the user access to a user account associated with the user identifier; and replace the first string with the user’s authentication data in the database; and wherein the second server is retired once at least a portion of the plurality of users’ authentication data is transferred to the first server.
“12. The system of claim 11, wherein the first server is further configured to: upon the first string does not match the second string, determine if the authentication data is reset by the user; and upon determining the authentication data is not reset, notify the user that authentication fails.
“13. The system of claim 11, wherein the first server is a new server, the second server is an old server, and a system migrates from the old server to the new server.
“14. The system of claim 11, wherein the hashing algorithm is one of SHA-0, SHA-1, SHA-2, and SHA-3.
“15. The system of claim 11, wherein the salt value is a randomly generated value.
“16. The system of claim 11, wherein the set of strings are character strings.
“17. The system of claim 11, wherein the authentication data is a password in plaintext format.
“18. The system of claim 11, wherein the first server is further configured to complete authentication data migration after each of the set of strings is replaced by the corresponding authentication data.
“19. The system of claim 11, wherein the second string is computed by using the authentication data and the salt value as inputs of the hashing algorithm, and appending the salt value to the hash value.
“20. The system of claim 11, wherein the first server is further configured to update a field in the database to indicate the first string is replaced with the authentication data.”
For the URL and additional information on this patent, see: Dobbs, II,
(Our reports deliver fact-based news of research and discoveries from around the world.)
20 years after Baltimore’s Howard Street Tunnel fire, long-sought expansion project poised to begin
Common Crop Insurance Regulations; Forage Seeding Crop Insurance Provisions
Advisor News
- IRS CEO FRANK J. BISIGNANO VISITS OHIO TO TOUT WORKING FAMILIES TAX CUTS PROVISIONS ON NO TAX ON CAR LOAN INTEREST, NO TAX ON OVERTIME, ENHANCED DEDUCTION FOR SENIOR CITIZENS
- The hidden flaw in insurance AI adoption for advisors and carriers
- Rising healthcare costs impact 401(k) accounts
- What advisors think about pooled employer plans, alternative investments
- AI, stablecoins and private market expansion may reshape financial services by 2030
More Advisor NewsAnnuity News
- MetLife Inc. (NYSE: MET) Climbs to New 52-Week High
- The Standard and Pacific Guardian Life Announce Entry into Agreement to Transition Individual Annuities Business
- AuguStar Retirement launches StarStream Variable Annuity
- Prismic Life Announces Completion of Oversubscribed Capital Raise
- Guaranteed income streams help preserve assets later in retirement
More Annuity NewsHealth/Employee Benefits News
- Reed: Can these assets be saved?
- PacificSource to end Montana operations
- PacificSource to end Montana insurance operations
- Reduced health insurance payments for hospital births had a bigger impact on sterilization rates than correcting an injustice
- Ashley Mann:
More Health/Employee Benefits NewsLife Insurance News
- Kansas official running for governor received $300K in donations before key decision
- Investigators say C.R. man's life insurance claims for 3 children were fraudulent
- Shocking death of Kyle Busch renews debate over IUL plan
- WoodmenLife launches final expense life insurance offering
- The Standard and Pacific Guardian Life Announce Entry into Agreement to Transition Individual Annuities Business
More Life Insurance News