Token-Based Multiparty Password Authenticated Key Retrieval Process
Original Publication Date: 2014-Sep-05
Included in the Prior Art Database: 2014-Sep-05
A process to allow a user with a password P, to retrieve a secret key (or any other strong secret) K with the help of multiple independent servers. The secrecy of P and K is preserved if at least one server is not compromised by an attacker. It’s based on single use pre-calculated tokens and additional measures to prevent denial of service attacks. Unlike the alternatives, it’s not covered by patents and it can be used freely, which makes it an interesting solution in many use cases.