This disclosure relates generally to access control, and in particular to a method
and a device for securing access to an application.
Background
[002] Access to various applications may be secured using key pairs. For example, the
application may include a Blockchain application or a web-based application. As it will be
appreciated by those skilled in the art, a key pair may include a public key which may be
disseminated widely, and a private key, which may be known only to the owner (user). Such key
pairs may, therefore, be used by a user for securing their access to the application. As such, the user
may generate one or more key pairs, and may keep these one or more key pairs confidential, and
secure them using passwords.
[003] However, with users these days having accounts on multiple applications,
managing multiple keys for the numerous accounts becomes challenging for the user. Some known
key management solutions aim to solve this problem for users, however, these key management
solutions fail to provide a complete private key management solution. For example, most of these
solutions include maintaining the private keys with a centralised platform, i.e. centralised access
control. However, such centralised access control suffers from the problem of scale and complexity
of unifying security internationally. Moreover, the centralized access control solutions may not be
secure and may have degree of risk attached to them. Decentralized access control solutions, on the
hand, may prove difficult to manage, ineffective, and expensive. Further, the decentralized access
control solutions may hamper the aspects of governance, control and compliance. For example, in
most blockchain systems, the user needs to maintain the private key himself. This provides difficult
to manage, and as such, there is no ease of use. Moreover, there is an increased risk of private key
Loss, and hence loss of data.
[004] Therefore, an effective access control solution is desired this is easy secure, easy
to use, and cost-effective.
SUMMARY
[005] In one embodiment, a method securing access to an application is disclosed. The
method may include receiving a username and a login password from a user on the access securing
platform, and generating a primary key pair comprising a primary public key and a primary private

-3-
key, wherein the primary key pair is configured to be encrypted using the login password. The
method may further include randomly generating a plurality of secondary key pairs, wherein each of
the plurality of secondary key pairs is configured to be encrypted using an associated secondary
password, and storing the encrypted primary key pair and the plurality of encrypted secondary key
pairs in a database. The method may further include obtaining an application passphrase, and
encrypting the application passphrase. The method may further include using the encrypted primary
key pair and the login password to generate a primary encrypted passphrase, and using the plurality
of encrypted secondary key pairs and the corresponding passwords to generate a plurality of
secondary encrypted passphrases. The method may further include storing the primary encrypted
passphrase and the plurality of secondary encrypted passphrases in the database.
[006] In another embodiment, an access securing platform device for securing access to
an application is disclosed. The access securing platform device includes a processor and a memory
communicatively coupled to the processor. The memory stores processor-executable instructions,
which, on execution by the processor, cause the processor to perform one or more operations. The
one or more operations may include receiving a username and a login password from a user on the
access securing platform, and generating a primary key pair comprising a primary public key and a
primary private key, wherein the primary key pair is configured to be encrypted using the login
password. The one or more operations may further include randomly generating a plurality of
secondary key pairs, wherein each of the plurality of secondary key pairs is configured to be
encrypted using an associated secondary password, and store the encrypted primary key pair and the
plurality of encrypted secondary key pairs in a database. The one or more operations may further
include obtaining an application passphrase, and encrypting the application passphrase. The one or
more operations may further include using the encrypted primary key pair and the login password to
generate a primary encrypted passphrase, and using the plurality of encrypted secondary key pairs
and the corresponding passwords to generate a plurality of secondary encrypted passphrases. The
one or more operations may further include storing the primary encrypted passphrase and the
plurality of secondary encrypted passphrases in the database.
[007] It is to be understood that both the foregoing general description and the
following detailed description are exemplary and explanatory only and are not restrictive of the
invention, as claimed.

-4-
BRIEF DESCRIPTION OF THE DRAWINGS
[008] The accompanying drawings, which are incorporated in and constitute a part of
this disclosure, illustrate exemplary embodiments and, together with the description, serve to
explain the disclosed principles.
[009] FIG. 1 is a block diagram of a computing system that may be employed to
implement processing functionality for various embodiments.
[010] FIG. 2 is a functional block diagram of a system for securing access to an
application, in accordance with an embodiment of the present disclosure.
[011] FIG. 3 is a flowchart of a method of securing access to an application, in
accordance with an embodiment.
[012] FIG. 4A is a flowchart of a method of securing access to an application via the
login password, in accordance with an embodiment.
[013] FIG. 4B is a flowchart of a method of securing access to an application via a
secondary password, in accordance with an embodiment.
[014] FIG. 5 is a flowchart of a method of resetting a login password, in accordance
with an embodiment.
DETAILED DESCRIPTION
[015] Exemplary embodiments are described with reference to the accompanying
drawings. Wherever convenient, the same reference numbers are used throughout the drawings to
refer to the same or like parts. While examples and features of disclosed principles are described
herein, modifications, adaptations, and other implementations are possible without departing from
the spirit and scope of the disclosed embodiments. It is intended that the following detailed
description be considered as exemplary only, with the true scope and spirit being indicated by the
following claims. Additional illustrative embodiments are listed below.
[016] Referring now to FIG. 1, an exemplary computing system 100 that may be
employed to implement processing functionality for various embodiments (e.g., as a SIMD device,
client device, server device, one or more processors, or the like) is illustrated. Those skilled in the
relevant art will also recognize how to implement the invention using other computer systems or
architectures. Computing system 100 may represent, for example, a user device such as a desktop,
an activity monitoring device, a wearable portable electronic device, a mobile phone, personal
entertainment device, DVR, and so on, or any other type of special or general purpose computing

-5-
device as may be desirable or appropriate for a given application or environment. Computing
system 100 can include one or more processors, such as a processor 102 that can be implemented
using a general or special purpose processing engine such as, for example, a microprocessor,
microcontroller or other control logic. In this example, processor 102 is connected to a bus 104 or
other communication medium.
[017] Computing system 100 can also include a memory 106 (main memory), for
example, Random Access Memory (RAM) or other dynamic memory, for storing information and
instructions to be executed by processor 102. Memory 106 also may be used for storing temporary
variables or other intermediate information during execution of instructions to be executed by
processor 102. Computing system 100 may likewise include a read only memory (“ROM”) or other
static storage device coupled to bus 104 for storing static information and instructions for processor
102.
[018] Computing system 100 may also include storage devices 108, which may include,
for example, a media drive 110 and a removable storage interface. The media drive 110 may include
a drive or other mechanism to support fixed or removable storage media, such as a hard disk drive, a
floppy disk drive, a magnetic tape drive, an SD card port, a USB port, a micro USB, an optical disk
drive, a CD or DVD drive (R or RW), or other removable or fixed media drive. A storage media
112 may include, for example, a hard disk, magnetic tape, flash drive, or other fixed or removable
medium that is read by and written to by media drive 110. As these examples illustrate, storage
media 112 may include a computer-readable storage medium having stored therein particular
computer software or data.
[019] In alternative embodiments, storage devices 108 may include other similar
instrumentalities for allowing computer programs or other instructions or data to be loaded into
computing system 100. Such instrumentalities may include, for example, a removable storage unit
114 and a storage unit interface 116, such as a program cartridge and cartridge interface, a
removable memory (for example, a flash memory or other removable memory module) and memory
slot, and other removable storage units and interfaces that allow software and data to be transferred
from removable storage unit 114 to computing system 100.
[020] Computing system 100 can also include a communications interface 118.
Communications interface 118 can be used to allow software and data to be transferred between
computing system 100 and external devices. Examples of communications interface 118 can include
a network interface (such as an Ethernet or other NIC card), a communications port (such as for
example, a USB port, a micro USB port), Near field Communication (NFC), etc. Software and data

-6-
transferred via communications interface 118 are in the form of signals which can be electronic,
electromagnetic, optical, or other signals capable of being received by communications interface
118. These signals are provided to communications interface 118 via a channel 120. Channel 120
may carry signals and may be implemented using a wireless medium, wire or cable, fiber optics, or
other communications medium. Some examples of channel 120 include a phone line, a cellular
phone link, an RF link, a Bluetooth link, a network interface, a local or wide area network, and
other communications channels.
[021] Computing system 100 further includes Input/Output (I/O) devices 122. Examples
may include, but are not limited to a display, keypad, microphone, audio speakers, vibrating motor,
LED lights etc. I/O devices 122 may receive input from a user and also display an output of the
computation performed by processor 102. In this document, the terms “computer program product”
and “computer-readable medium” may be used generally to refer to media such as, for example,
memory 106, storage devices 108, removable storage unit 114, or signal(s) on channel 120. These
and other forms of computer-readable media may be involved in providing one or more sequences
of one or more instructions to processor 102 for execution. Such instructions, generally referred to
as “computer program code” (which may be grouped in the form of computer programs or other
groupings), when executed, enable computing system 100 to perform features or functions of
embodiments of the present invention.
[022] In an embodiment where the elements are implemented using software, the
software may be stored in a computer-readable medium and loaded into computing system 100
using, for example, removable storage unit 114, media drive 110 or communications interface 118.
The control logic (in this example, software instructions or computer program code), when executed
by processor 102, causes processor 102 to perform the functions of the invention as described
herein.
[023] It will be appreciated that, for clarity purposes, the above description has
described embodiments of the invention with reference to different functional units and processors.
However, it will be apparent that any suitable distribution of functionality between different
functional units, processors or domains may be used without detracting from the invention. For
example, functionality illustrated to be performed by separate processors or controllers may be
performed by the same processor or controller. Hence, references to specific functional units are
only to be seen as references to suitable means for providing the described functionality, rather than
indicative of a strict logical or physical structure or organization.

-7-
[024] A method of securing access to an application using an access securing platform
is disclosed. The access securing platform may receive a username and a login password from a
user. Further, the access securing platform may generate a primary key pair including a primary
public key and a primary private key. This primary key pair is configured to be encrypted using the
login password. The access securing platform may further randomly generate a plurality of
secondary key pairs, such that each of the plurality of secondary key pairs can be encrypted using an
associated secondary password. The encrypted primary key pair and the plurality of encrypted
secondary key pairs are stored in a database of the access securing platform. The access securing
platform may obtain an application passphrase. The application passphrase is the key required to log
into a user’s account on the application. The access securing platform may further encrypt the
application passphrase using encrypted primary key pair and the login password to generate a
primary encrypted passphrase. Similarly, the access securing platform may encrypt the application
passphrase using the plurality of encrypted secondary key pairs and the corresponding passwords to
generate a plurality of secondary encrypted passphrases. The primary encrypted passphrase and the
plurality of secondary encrypted passphrases are stored in the database.
[025] Therefore, by way of a two-tier encryption (i.e. encrypting the application
passphrase with an encrypted key pair), an effective access securing solution is achieved. It is
noteworthy that the access securing platform does not store the primary key pair or the plurality of
secondary key pairs in their original form, but only in an encrypted form. Therefore, a security
breach through the access securing platform becomes unlikely.
[026] Once the primary encrypted passphrase and the plurality of secondary encrypted
passphrases are stored in the database, the user can get access to the application merely using the
login password or a secondary password selected form the plurality of secondary passwords.
Accordingly, the access securing platform may receive from the user, one of the login password or
the selected secondary password. Further, the access securing platform may (when the login
password is received from the user) decrypt the primary encrypted passphrase, using the encrypted
primary key pair and the login password, to obtain the decrypted passphrase. Alternately, the access
securing platform may (when the selected secondary password is received from the user) decrypt a
secondary encrypted passphrase, using an associated encrypted secondary key pair and an
associated secondary password, to obtain the decrypted passphrase. Using the decrypted passphrase,
the access securing platform may allow access to the user to the application.
[027] Referring now to FIG. 2, a functional block diagram of a system 200 for securing
access to an application is illustrated, in accordance with an embodiment of the present disclosure.

-8-
The system 200 may include an access securing platform device 202 which may provide an access
securing platform for securing access to an application 220. In some embodiments, the access
securing platform device 202 may include an input receiving module 204, a primary key pair
generating module 206, a secondary key pair generating module 208, a key pair encryption module
210, an application passphrase encryption module 212, and a database 214.
[028] The input receiving module 204 may receive a username and a login password
from a user on the access securing platform. By way of an example, the input receiving module 204
may receive the username and the login password from the user at the time of registering of the user
on the access securing platform - in other words, when the user registers on the access securing
platform for the first time. For example, the access securing platform may ask the user to provide
the username and the login password via a user-interface. The user may input the username and the
login password via an input device, for example a keyboard, a mouse (e.g. using a virtual
keyboard), etc. In some embodiments, the user may provide his/her biometric information, for
example, via face recognition, fingerprint, etc. It may be understood that the user’s biometric
information may be further linked with a username and password. It may be understood that the
user may choose their username and login password according to their choice. For example, the
username and the login password each may be combination of alphabets, numbers, special
characters, etc.
[029] By way of another example, the input receiving module 204 may receive the
username and the login password from the user, at the time of resetting the login password. It may
be understood that the user may want to reset the username and the login password for various
reasons. For example, one reason may be when the user has forgotten the username or the login
password that the user had provided at the time of registering on the access securing platform.
Another reason could be for security purposes, such that the user may want to change the username
and the login password after a certain period of time form last setting the username and the login
password. A yet another reason could be when the username and login password is shared with one
or more confidential persons, and the user is dissociating with one of these one or more confidential
persons, for example, an employee of a company leaving the company.
[030] The primary key pair generating module 206 may generate a primary key pair.
The key pair may include a primary public key and a primary private key. It may be noted that the
primary key pair may be configured to be encrypted using the login password. Upon encryption, the
encrypted primary key pair may be stored on the database 214 of the access securing platform
device 202.

-9-
[031] In some embodiments, the secondary key pair generating module 208 may
randomly generate a plurality of secondary key pairs. It may be further noted that each of the
plurality of secondary key pairs may be configured to be encrypted using an associated secondary
password. In some embodiments, the secondary key pair generating module 208 may generate a
plurality of associated secondary passwords as well. In other words, an associated secondary
password may be generated for each of the plurality of primary key pairs. For example, the
secondary key pair generating module 208 may generate eleven secondary key pairs, and
accordingly, eleven passwords.
[032] As it will be appreciated, the plurality of secondary key pairs may be provided to
the user, as alternate to the primary key pair. As such, in order to log into the application, the user
may use either the login password or one of the secondary passwords.
[033] The key pair encryption module 210 may encrypt the primary key pair using the
login password. Further, the key pair encryption module 210 may encrypt each of the plurality of
secondary key pairs using an associated secondary password. Upon encrypting the primary key pair
and each of the plurality of secondary key pairs, the key pair encryption module 210 may store the
encrypted primary key pair and the plurality of encrypted secondary key pairs in the database 214.
As it will be understood, the primary key pair or the plurality of secondary key pairs are stored in
the database in an encrypted form, and not in their original form. In other words, the access securing
platform does not store the primary key pair or the plurality of secondary key pairs in their original
form, and therefore, operating personnel managing the access securing platform does not get to be
cognizant of the primary key pair or the plurality of secondary key pairs in their original form.
[034] The application passphrase encryption module 212 may obtain an application
passphrase associated with the application. In some embodiments, the application may be a
Blockchain application. By way of an example, the application passphrase may be created by the
user. Alternatively, the user may prompt the access securing platform to generate the application
passphrase. As such, in such cases, the application passphrase may be randomly generated by the
access securing platform.
[035] Upon obtaining the application passphrase, the application passphrase encryption
module 212 may encrypt the application passphrase. By way of an example, the application
passphrase encryption module 212 may encrypt the application passphrase using the encrypted
primary key pair and the login password to generate a primary encrypted passphrase. Alternately or
additionally, the application passphrase encryption module 212 may encrypt the application
passphrase using the plurality of encrypted secondary key pairs and the corresponding passwords to

-10-
generate a plurality of secondary encrypted passphrases. The application passphrase encryption
module 212 may further store the primary encrypted passphrase and the plurality of secondary
encrypted passphrases in the database 214.
[036] Therefore, by encrypting the application passphrase using an encrypted primary
key pair or encrypted secondary key pairs, the access securing platform provides for a two-tier
encryption to doubly ensure the passphrase protection.
[037] In some embodiments, the access securing platform device 202 may further
include a password resetting module 216. As mentioned earlier, the user may want to reset the
username and the login password for one or more reasons. In order to reset the login password, the
user may provide an input to reset the login password. For example, the user may provide the input
to reset by clicking an associated button provided on a user-interface of the access securing
platform. Thereafter, the input receiving module 204 may receive the username, and the login
password or one of the plurality of secondary passwords from the user. The password resetting
module 216 may then receive a new login password from the user, and reset the new login password
as the login password. In other words, the previous login password is replaced with the new login
password.
[038] It may be noted that once the login password is reset, the password resetting
module 216 may further cause to generate a new encrypted primary key pair for the new login
password. For example, in one scenario, when the user has the login password, the user may provide
either the login password or one of the plurality of secondary passwords. As such, the password
resetting module 216 may receive one of the login password and a secondary password.
Accordingly, the password resetting module 216 may then fetch one of the primary key pair
(associated with the login password) and an encrypted secondary key pair (associated with the
secondary password). The password resetting module 216 may then cause to decrypt one of the
primary encrypted passphrase (using the encrypted primary key pair and the login password), and a
secondary encrypted application passphrase associated with the secondary password (using the
secondary password and the encrypted secondary key pair associated with the secondary password).
The password resetting module 216 may further cause the application passphrase to be re-encrypted
using the new encrypted primary key pair to generate a new primary encrypted passphrase, and
replace the (previous) primary encrypted passphrase with the new primary encrypted passphrase. As
such, the new primary encrypted passphrase may replace the (previous) primary encrypted
passphrase in the database 214. In another scenario, when the user doesn’t have (e.g., forgot) the
login password, the user may provide one of the plurality of secondary passwords. The password

-11-
resetting module 216 may therefore, receive a secondary password and fetch an encrypted
secondary key pair (associated with the secondary password). Accordingly, the password resetting
module 216 may then cause to decrypt a secondary encrypted application passphrase associated
with the secondary password (using the secondary password and the encrypted secondary key pair
associated with the secondary password). The password resetting module 216 may then cause the
application passphrase to be re-encrypted using the new encrypted primary key pair to generate a
new primary encrypted passphrase, and replace the (previous) primary encrypted passphrase with
the new primary encrypted passphrase.
[039] Additionally, the access securing platform device 202 may include a password
regenerating module 218. The password regenerating module 218 may be configured to regenerate
the plurality of secondary passwords. For example, the password regenerating module 218 may
regenerate the plurality of secondary passwords upon receiving an input from a user. For example,
the input to regenerate may be received from the user via clicking an associated button provided on
a user-interface of the access securing platform. It may be noted understood that the user may wish
to regenerate the plurality of secondary passwords for various reasons. For example, the user may
wish to regenerate the secondary passwords as a part of a periodic exercise to maintain the
confidentiality of the secondary passwords. Another reason may be when the user had shared the
secondary passwords with one or more confidential persons, and the user is dissociating with one of
these one or more confidential persons, for example, when an employee of a company is leaving the
company. Accordingly, upon receiving an input from the user, the password regenerating module
218 may regenerate a plurality of new secondary passwords, and the user may download the
plurality of new secondary passwords on their user device. It may be noted that the input may
include logging in using either the login password or one of the plurality of existing secondary
passwords. It may be further noted that upon regenerating the secondary passwords, the password
regenerating module 218 may replace the plurality of previous secondary passwords with the
plurality of new secondary passwords. In other words, the plurality of previous secondary
passwords may become dysfunctional. Therefore, the user may be able to login using either login
password or one of the plurality of new (regenerated) secondary passwords. It may be understood
that once the plurality of secondary passwords is regenerated, the password regenerating module
218 may cause to generate a new secondary encrypted key pair (for example, generate a secondary
key pair and encrypt the secondary key pair) associated with each of the plurality of regenerated
secondary passwords. The password regenerating module 218 may then cause to decrypt each
secondary encrypted application passphrase associated with each secondary password (using the

-12-
secondary password and an encrypted secondary key pair associated with the secondary password).
The password regenerating module 218 may then cause the plurality of application passphrases to
be re-encrypted using the plurality of new encrypted secondary key pairs to generate a plurality of
new secondary encrypted passphrases, and replace the plurality of (previous) secondary encrypted
passphrases with the plurality of new secondary encrypted passphrases.
[040] Referring now to FIG. 3, a flowchart of a method 300 of securing access to an
application is illustrated, in accordance with an embodiment. In some embodiments, the method 300
may be performed by the access securing platform device 202. By way of an example, the
application may be a Blockchain application.
[041] At step 302 a username and a login password may be received from a user on the
access securing platform. At step 304, a primary key pair may be generated. The primary key pair
may include a primary public key and a primary private key. For example, the primary key pair may
be generated using a “keygen” application. The primary key pair may be configured to be encrypted
using the login password. At step 306, a plurality of secondary key pairs may be randomly
generated. It may be noted that each of the plurality of secondary key pairs may be configured to be
encrypted using an associated secondary password.
[042] In some embodiments, additionally, at step 308, a plurality of secondary
passwords may be randomly generated for the plurality of secondary key pairs. Again, for example,
the plurality of secondary passwords may be generated using a “keygen” application. As mentioned
above, each of the plurality of secondary key pairs may be configured to be encrypted using an
associated secondary password of the plurality of secondary passwords. By way of an example, the
plurality of secondary passwords may be generated upon receiving an input from the user. For
example, the input may be received via clicking a button provided on a user-interface of the access
securing platform.
[043] Additionally, at step 310, an input may be received from the user, via the userinterface, to download the plurality of secondary passwords on a user device. In other words, the
user may provide any input to save the plurality of secondary passwords on their personal device,
for example, a desktop, a laptop, a smartphone, etc.
[044] In some embodiments, at least one of the plurality of secondary passwords may
be configured to be a one-time password (OTP). In other words, such a secondary password may be
generated in real-time as an OTP, whenever the user tries to log in the access securing platform.
[045] At step 312, the encrypted primary key pair and the plurality of encrypted
secondary key pairs may be stored in a database, for example, database 214 of the access securing

-13-
platform device 202. In some embodiments, along with the encrypted primary key pair and the
plurality of encrypted secondary key pairs, hash of the login password and hash of each of the
plurality of secondary passwords may also be stored in the database.
[046] At step 314, an application passphrase may be obtained. In some embodiments,
the application passphrase may be randomly generated by the access securing platform. At steps
316A-316B, the application passphrase may be encrypted. At step 316A, the application passphrase
may be encrypted using the encrypted primary key pair and the login password to generate a
primary encrypted passphrase. Alternately or additionally, at step 316B, the application passphrase
may be encrypted using the plurality of encrypted secondary key pairs and the corresponding
passwords to generate a plurality of secondary encrypted passphrases. At step 318, the primary
encrypted passphrase and the plurality of secondary encrypted passphrases may be stored in the
database 214. It may be understood that by encrypting the application passphrase using an
encrypted primary key pair or encrypted secondary key pairs, the access securing platform provides
for a two-step encryption to doubly ensure the passphrase protection.
[047] Therefore, through the method 300, the application passphrase may be encrypted
and stored in the database of the access securing platform. When the user wishes to log into the
application, the user may log in by entering the primary password or one of the plurality of
secondary passwords in the access securing platform. Once the user enters the primary password or
one of the plurality of secondary passwords, the access securing platform may then decrypt the
encrypted passphrase to allow the user to access the application. This process is explained in detail
in conjunction with FIGS. 4A-4B.
[048] Referring now to FIG. 4A, a flowchart of a method 400A of securing access to an
application via the login password is illustrated, in accordance with an embodiment.
[049] At step 402A, the login password may be received from the user. It may be noted
that once the login password is received from the user, the encrypted primary key pair (stored on the
database 214 of the access securing platform device 202) may be fetched by the access securing
platform device 202. Further, the encrypted passphrase (also stored on the database 214 of the
access securing platform device 202) may be fetched by the access securing platform device 202.
[050] At step 404A, the primary encrypted passphrase may be decrypted using the
encrypted primary key pair and the login password, to obtain the decrypted passphrase. At step
406A, the user may be allowed access to the application, based on the decrypted passphrase. In
other words, at step 406A, the decrypted passphrase may be used by the access securing platform
device 202 to log the user into the application.

-14-
[051] Referring now to FIG. 4B, a flowchart of a method 400B of securing access to an
application via a secondary password is illustrated, in accordance with an embodiment.
[052] At step 402B, a secondary password associated with a secondary key pair of the
plurality of secondary key pairs may be received from the user. For example, the user may select
one of the plurality of secondary passwords associated with the plurality of secondary key pairs.
Once the selected secondary password is received from the user, an encrypted secondary key pair
(stored on the database 214 of the access securing platform device 202) associated with the selected
secondary password may be fetched by the access securing platform device 202. Further, the
encrypted secondary passphrase (also stored on the database 214 of the access securing platform
device 202) encrypted using the encrypted secondary key pair (associated with the selected
secondary password) may be fetched by the access securing platform device 202.
[053] At step 404B, the secondary encrypted passphrase may be decrypted using the
associated encrypted secondary key pair and the selected secondary password and the associated
encrypted secondary key pair, to obtain the decrypted passphrase. At step 406B, the user may be
allowed access to the application, based on the decrypted passphrase.
[054] Referring now to FIG. 5, a flowchart of a method 500 of resetting a login
password is illustrated, in accordance with an embodiment. As mentioned earlier, the user may want
to reset the username and the login password for various reasons.
[055] At step 502, a username and the login password or one of the plurality of
secondary passwords may be received from the user. In other words, the login password can be reset
using either the login password or one of the secondary passwords. At step 504, a new login
password may be received from the user. At step 506, the new login password may be reset as the
login password, i.e., the previous login password may be replaced with the new login password.
[056] Once the login password is reset, additionally, steps 508-514 may be performed.
For example, at step 508, a new encrypted primary key pair may be generated for the new login
password. At step 510, either the primary encrypted passphrase or a secondary encrypted
application passphrase associated with the secondary password may be decrypted using the
encrypted primary key pair and the login password, or a secondary the secondary password and the
encrypted key pair associated with the secondary password, respectively, to obtain the application
passphrase. At step 512, the application passphrase may be re-encrypted using the new encrypted
primary key pair to generate a new primary encrypted passphrase. At step 514, the previous primary
encrypted passphrase may be replaced with the new primary encrypted passphrase in the database
214.

-15-
[057] As will be also appreciated, the above described techniques may take the form of
computer or controller implemented processes and apparatuses for practicing those processes. The
disclosure can also be embodied in the form of computer program code containing instructions
embodied in tangible media, such as floppy diskettes, solid state drives, CD-ROMs, hard drives, or
any other computer-readable storage medium, wherein, when the computer program code is loaded
into and executed by a computer or controller, the computer becomes an apparatus for practicing the
invention. The disclosure may also be embodied in the form of computer program code or signal,
for example, whether stored in a storage medium, loaded into and/or executed by a computer or
controller, or transmitted over some transmission medium, such as over electrical wiring or cabling,
through fiber optics, or via electromagnetic radiation, wherein, when the computer program code is
loaded into and executed by a computer, the computer becomes an apparatus for practicing the
invention. When implemented on a general-purpose microprocessor, the computer program code
segments configure the microprocessor to create specific logic circuits.
[058] One or more techniques of securing access to an application using private key
abstraction are disclosed above. For example, the application is a Blockchain application. The
techniques provide for a hybrid solution for maintaining an end user’s private key using the concept
of mnemonics. The user is provided with an easy to use signup/sign-in interface without the need to
get into technicalities of the public-private keys.
[059] Further, confidentiality of users privacy is maintained as the user’s private key is
stored on the access securing platform in an encrypted form, such that only the user is able to
decrypt and use it. A user creates a sign-in password for his account on the access securing
platform, and that password is used to generate a password protected private key, which in turn is
used to encrypt the user’s application (Blockchain) passphrase. Further, this application passphrase
is generated randomly at the backend by the access securing platform and is stored in an encrypted
form, such that at no point in time an operator handling the access securing platform will be able to
directly access this application passphrase. This ensures complete decentralization along with ease
of user access.
[060] Furthermore, the techniques provide a secure and easy way of password recovery,
and hence the data loss protection. In order to achieve this, mnemonic like keywords are created,
and the user is provided with multiple (for example, eleven) additional keywords that can be used as
alternative passwords for logging into the user's account. Again, the access securing platform does
not have direct access to the user's private key and password at any point in time. Further, the
techniques provide for a device independent solution.

-16-
[061] It is intended that the disclosure and examples be considered as exemplary only,
with a true scope and spirit of disclosed embodiments being indicated by the following claims.

-17-

CLAIMS
We claim:
1. A method of securing access to an application, the method comprising:
receiving, by an access securing platform, a username and a login password from a user
on the access securing platform;
generating, by the access securing platform, a primary key pair comprising a primary
public key and a primary private key, wherein the primary key pair is configured to be encrypted
using the login password;
randomly generating, by the access securing platform, a plurality of secondary key pairs,
wherein each of the plurality of secondary key pairs is configured to be encrypted using an
associated secondary password;
storing, by the access securing platform, the encrypted primary key pair and the plurality
of encrypted secondary key pairs in a database;
obtaining, by the access securing platform, an application passphrase;
encrypting, by the access securing platform, the application passphrase,
using the encrypted primary key pair and the login password to generate a
primary encrypted passphrase, and
using the plurality of encrypted secondary key pairs and the corresponding
passwords to generate a plurality of secondary encrypted passphrases; and
storing, by the access securing platform, the primary encrypted passphrase and the
plurality of secondary encrypted passphrases in the database.
2. The method as claimed in claim 1, further comprising:
receiving from the user, one of:
the login password, or
a selected secondary password associated with a secondary key pair of the
plurality of secondary key pairs;
decrypting one of:
the primary encrypted passphrase, using the encrypted primary key pair and the
login password, to obtain the decrypted passphrase, or
a secondary encrypted passphrase of the plurality of secondary encrypted
passphrases, using the associated encrypted secondary key pair and the associated
secondary password, to obtain the decrypted passphrase, and

-18-
allowing access to the user to the application, based on the decrypted passphrase.
3. The method as claimed in claim 1, further comprising randomly generating a plurality of
secondary passwords, wherein each of the plurality of secondary key pairs is configured to be
encrypted using an associated secondary password of the plurality of secondary passwords, wherein
the plurality of secondary passwords is generated upon receiving an input from the user, and
wherein the input is received via a button provided on a user-interface of the access securing
platform.
4. The method as claimed in claim 3, further comprising receiving an input from the user, via the
user-interface, to download the plurality of secondary passwords on a user device.
5. The method as claimed in claim 1, wherein at least one of the plurality of secondary passwords is
configured to be a one-time password (OTP).
6. The method as claimed in claim 1, wherein the application passphrase is randomly generated by
the access securing platform.
7. The method as claimed in claim 2, further comprising resetting the login password, wherein the
resetting comprises:
receiving a username and one of:
the login password from the user; and
one of the plurality of secondary passwords from the user;
receiving a new login password from the user; and
replacing the new login password as the login password.
8. The method as claimed in claim 7, further comprises:
generating a new encrypted primary key pair for the new login password;
decrypting one of:
the primary encrypted passphrase, using the encrypted primary key pair and the
login password; and

-19-
encrypted application passphrase associated with the secondary password, using
a secondary the secondary password and the encrypted key pair associated with the
secondary password;
re-encrypting the application passphrase using the new encrypted primary key pair to
generate a new primary encrypted passphrase; and
replacing the previous primary encrypted passphrase with the new primary encrypted
passphrase, in the database.
9. The method as claimed in claim 1, wherein the application is a Blockchain application.
10. The method as claimed in claim 1, wherein the username and the login password are received
from the user, at one of:
the time of registering of the user on the access securing platform; or
the time of resetting password.
11. The method as claimed in claim 1, further comprising storing hash of the login password and
hash of each of the plurality of secondary passwords, in the database.
12. The method as claimed in claim 1, further comprising regenerating the plurality of secondary
passwords, wherein the plurality of regenerated secondary passwords replaces the plurality of
previous secondary passwords.
13. An access securing platform device for securing access to an application, the access securing
platform device comprising:
a processor; and
a memory communicatively coupled to the processor, wherein the memory stores
processor-executable instructions, which, on execution by the processor, cause the processor to:
receive a username and a login password from a user on the access securing
platform;
generate a primary key pair comprising a primary public key and a primary
private key, wherein the primary key pair is configured to be encrypted using the login
password;

-20-
randomly generate a plurality of secondary key pairs, wherein each of the
plurality of secondary key pairs is configured to be encrypted using an associated
secondary password;
store the encrypted primary key pair and the plurality of encrypted secondary
key pairs in a database;
obtain an application passphrase;
encrypt the application passphrase,
using the encrypted primary key pair and the login password to
generate a primary encrypted passphrase, and
using the plurality of encrypted secondary key pairs and the
corresponding passwords to generate a plurality of secondary encrypted
passphrases; and
store the primary encrypted passphrase and the plurality of secondary encrypted
passphrases in the database.
14. The access securing platform device as claimed in claim 13, wherein the operations further
comprise:
receiving from the user, one of:
the login password, or
a selected secondary password associated with a secondary key pair of the
plurality of secondary key pairs;
decrypting one of:
the primary encrypted passphrase, using the encrypted primary key pair and the
login password, to obtain the decrypted passphrase, or
a secondary encrypted passphrase of the plurality of secondary encrypted
passphrases, using the associated encrypted secondary key pair and the associated
secondary password, to obtain the decrypted passphrase, and
allowing access to the user to the application, based on the decrypted passphrase.
15. The access securing platform device as claimed in claim 13, wherein the operations further
comprise randomly generating, by the access securing platform, a plurality of secondary passwords,
wherein each of the plurality of secondary key pairs is configured to be encrypted using an
associated secondary password of the plurality of secondary passwords, wherein the plurality of

-21-
passwords is generated upon receiving an input from the user, and wherein the input is received via
a button provided on a user-interface of the access securing platform.
16. The access securing platform device as claimed in claim 15, wherein the operations further
comprise receiving an input from the user, via the user-interface, to download the plurality of
passwords on a user device.
17. The access securing platform device as claimed in claim 14, wherein the operations further
comprise resetting the login password, wherein the resetting comprises:
receiving a username and one of:
the login password from the user; and
one of the plurality of secondary passwords from the user;
receiving a new login password from the user; and
replacing the new login password as the login password.
18. The access securing platform device as claimed in claim 17, wherein the operations further
comprise:
generating a new encrypted primary key pair for the new login password;
decrypting one of:
the primary encrypted passphrase, using the encrypted primary key pair and the
login password; and
a secondary encrypted application passphrase associated with the secondary
password, using the secondary password and the encrypted key pair associated with the
secondary password;
re-encrypting the application passphrase using the new encrypted primary key pair to
generate a new encrypted passphrase; and
replacing the previous primary encrypted passphrase with the new primary encrypted
application passphrase, in the database.
19. The access securing platform device as claimed in claim 13, wherein the operations further
comprise regenerating the plurality of secondary passwords, wherein the plurality of regenerated
secondary passwords replaces the plurality of previous secondary passwords.