Patent attributes
A password-encrypted key (PEK) is generated from a user-supplied password or other identifying data and then used to encrypt the user's password. The encrypted password is stored in a user record on a server. At login a would-be user's password is again used to make a key, which is then used to decrypt and compare the stored encrypted password with the would-be user's password to complete the login. The successful PEK is stored in a temporary session record and can be used to decrypt other sensitive user information previously encrypted and stored in the user record as well as to encrypt new information for storage in the user record. A public/private key system can also be used to maintain limited access for the host to certain information in the user record.