US20030115452A1 - One time password entry to access multiple network sites - Google Patents
One time password entry to access multiple network sites Download PDFInfo
- Publication number
- US20030115452A1 US20030115452A1 US09/739,114 US73911400A US2003115452A1 US 20030115452 A1 US20030115452 A1 US 20030115452A1 US 73911400 A US73911400 A US 73911400A US 2003115452 A1 US2003115452 A1 US 2003115452A1
- Authority
- US
- United States
- Prior art keywords
- key
- symmetric crypto
- crypto
- encrypted
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Definitions
- This invention relates to cryptosystems. More particularly, the present invention relates to password access to different network sites in cryptosystems.
- every user has a unique password and the computer has knowledge of the user password.
- the computer When attempting to log on Alice would enter her userid, say alice, and password, say apple23, the computer would compare the pair, i.e. alice, apple23, with the pair it had stored for Alice, and if there is a match would establish a session and give Alice access.
- MAC Message Authentication Code
- HMAC hash-based MAC
- Symmetric key systems have been in use for literally thousands of years, and have always suffered from a major problem—namely how to perform key distribution. How do Bob and Alice agree on K? Asymmetric key cryptography was invented to solve this problem. Here every user is associated with two keys, which are related by special mathematical properties. These properties result in the following functionality: a message encrypted with one of the two keys can then only be decrypted with the other.
- Asymmetric cryptography can solve the key distribution problem.
- Asymmetric cryptography can also be used to solve another important problem, that of digital signatures.
- M Encrypt(M,Dalice).
- the RSA cryptosystem is one system that implements asymmetric cryptography as described above.
- the RSA cryptosystem allows the same public-private key pair to be used for encryption and for digital signatures.
- asymmetric cryptosystems which implement encryption only e.g., ElGamal or digital signature only, e.g., DSA.
- Asymmetric key cryptosystems have been around for a long time, but have found limited use. The primary reasons are twofold: (a) the private key D in most systems is long, which means that users cannot remember them, and they have to either be stored on every computer they use, or carried around on smart cards or other tokens; and (b) the infrastructure for ensuring a certificate is valid, which is critical, is cumbersome to build, operate and use.
- the first technique proposed to validate certificates was to send every recipient a list of all certificates that had been revoked. This clearly does not scale well to an environment with millions of users.
- the second method proposed was to require that one inquire about the validity of a certificate on-line, which has its own associated problems.
- SSL Secure Sockets Layer
- server side SSL in which a server proves its identity by signing a particular message during connection set-up.
- browsers such as Netscape and Microsoft Internet Explorer come loaded with the public keys of various CAs, the browser can verify the signature of the server. This authenticates the server to the client, and also allows for the set-up of a session key K, which is used to encrypt all further communications.
- Server side SSL is widely used, as the complexity of managing certificates rests with system administrators of web sites who have the technical knowledge to perform this function.
- Dictionary attacks can be classified into three types. In all three cases the starting point is a ‘dictionary’ of likely passwords. Unless the system incorporates checks to prevent it, users tend to pick poor passwords, and compilations of lists of widely used poor passwords are widely available.
- FIG. 1 depicts the operations of Server-Side-Authentication during a communications session between network users, in this instance a client device such as a personal computer and a host device such as a server.
- a client device such as a personal computer and a host device such as a server.
- software is resident on the client device and this software directs communications on the client side of the communication session.
- software is resident on the server and that this software directs communications on the server side of the communication session.
- server is associated with a merchant, the server could be associated with any type of entity.
- server designates any networked device capable of presenting information to another network device via the network.
- the client device in this example is associated with an individual user, the client device may be associated with an entity other than an individual user.
- a client device may be any networked device capable of accessing information via a network.
- the client device transmits a message to the server.
- This message includes a first random number generated by the software and an indication of the types of cryptography the client device is capable of supporting. This message can be called a ‘hello’ message.
- the server selects one of the types of cryptography and includes a second random number and the server's certificate in a transmission to the client device, step 110 .
- This transmission can be called ‘message two’.
- a certificate contains information certifying that an entity is who that entity claims to be.
- the client device obtains the public portion of the server's asymmetric key from the certificate and verifies the certificate by verifying the certificate issuer's signature on the certificate, step 115 .
- the client device then generates and encrypts a symmetric session key with the public portion of the server's asymmetric key and transmits the encrypted symmetric session key to the server, step 120 .
- the server then decrypts the symmetric session key with the private portion of the server's asymmetric key and encrypts the first random number using the symmetric key and transmits the encrypted random number to the client device, step 125 .
- the client device then decrypts the random number using its copy of the symmetric key, step 130 . If the original first random number is recovered, the server has authenticated itself to the client device. All further communication between the server and client device are secured using the symmetric session key. It will be recognized that SSL server-side-authentication in current use does not actually follow steps 125 and 130 . Rather these steps are representative of how the shared symmetric key could be used for server to client authentication.
- Client-Side-Authentication is designed to operate similar to Server-Side-Authentication as is depicted in FIG. 2.
- the server transmits a 36 byte hash to the client device and requests the client device to sign it with the private portion of the client device's asymmetric key. Also, the server will request that the client device return the client device's certificate.
- the client device signs the 36 byte hash and sends the signed 36 byte hash and the client device certificate to the server, step 210 .
- the server verifies that the client device's certificate is valid and obtains the public portion of the browser's asymmetric key from the authority issuing the certificate, step 215 .
- the server uses the public portion of the client device's asymmetric crypto-key to verify the client device signature, step 220 . If the server recovers the original 36 byte hash, the client device has authenticated itself to the server. It will be recognized here also that SSL client-side-authentication currently in use does not actually follow these precise steps. Rather these steps are representative of how the user's asymmetric public and private keys could be used for client to server authentication.
- Server-Side-Authentication In practice, only Server-Side-Authentication is generally implemented today. Most servers which require authentication of other network users utilize passwords. As discussed above, after Server-Side-Authentication is completed, both the server and the client device are in possession of a symmetric session key. All subsequent communications between the parties during the present communication session are secured with the symmetric session key. Typically, the server requests the client device to supply a valid user ID and password. This information is provided by the user and transmitted from the client device to the server, encrypted with the symmetric session key. Each server must maintain a database of associated users. These databases contain passwords and information identifying the holders of the passwords. This requires the server to gather or dispense passwords and to manage stored passwords. If the password is valid, that is, it is included in the database, the client device has authenticated itself to the server.
- a certificate issuing authority includes information about the user in the user's certificate. This information may include associations the user maintains, personal information, or even financial information.
- a certificate issuing authority may include information that a user does not want disclosed. Or, user information included in a certificate may change. Presently, a user cannot update or change information in an issued certificate. A user can at best revoke a certificate and obtain a new one which includes the changed information. When a new certificate is obtained, new keys must be generated. Any entity who has previously obtained the user's certificate and public key must now reobtain the new certificate and key. Thus, there is no way to modify a certificate without revoking the corresponding key pair.
- a single user may have associations with multiple servers. Each of the multiple servers may require the user to maintain a password and client ID. Thus, a single user may be required to remember a plurality of passwords.
- a user may attempt to establish the same client ID and password with several unrelated servers. This cannot always be accomplished. Some servers require a password to meet certain quality standards not be a ‘bad’ password, as discussed above. Thus a password that the user may wish to use may not be acceptable to certain servers. Also, a password that a user may wish to use may already be in use by another user of a server, and the server may not allow more than one user to use the same password.
- SSL as deployed in current systems is based upon the RSA public key cryptosystem.
- RSA relies upon the use of products of large prime numbers which are not easily factorable. If the RSA technique should be broken, that is, if an algorithm for factoring large prime numbers is found, SSL and any cryptosystem based on RSA would be useless. An attacker would have access to communications in any RSA based cryptosystem. Secure and trusted communications in SSL and other public key cryptosystems would become impossible. Accordingly, a need exists for a technique whereby a public key based cryptosystem could provide secure communications if RSA were to become unusable.
- the network stations may take the form of personal computers, high power workstations, mainframe computers, portable computing devices, telephones or virtually any other type of network device capable of functioning in the described manner below.
- a first network station represents a network entity, such as a bank, merchant, university, corporation or other network entity which requires authentication of the user prior to granting the user access.
- the first station transmits a request for authentication of the user seeking access.
- the request for authentication takes the form of a hash message of 36 bytes computed from the conversation between the first and a second network station.
- the user not only has an associated password, but also a user identifier and an associated asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion. It will be understood that the private key could be split into more than two key portions if so desired.
- the second network station representing the user, has the user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the first private key portion encrypted with a first symmetric crypto-key stored thereat.
- the combination symmetric crypto-key corresponds to the first symmetric crypto-key XOR'd with the second symmetric crypto-key.
- the first symmetric crypto-key is a first random number having a length of 192 bits and the second symmetric crypto-key is a second random number, different than the first random number, having a length of 192 bits.
- the second network station transmits the stored user identifier and the transmitted authentication request encrypted with the stored combination symmetric key to a third network station.
- the second network station automatically responds to the authentication request without any need for the user to input the user password.
- the stored user identifier and the authentication request encrypted with the stored combination symmetric crypto-key may be transmitted in a single communication.
- the stored user identifier is transmitted in a first communication, and the encrypted authentication request is transmitted in a separate later communication.
- the second network station MAC's the stored user identifier with the stored combination symmetric crypto-key, and the user identifier is transmitted in the MAC'd message.
- the third network station representing a sponsor, has the user identifier, the combination symmetric crypto-key, the first symmetric crypto-key, and the second private key portion stored thereat.
- the third network station retrieves the stored combination symmetric crypto-key by matching the transmitted user identifier with the stored user identifier.
- the station verifies the MAC on the transmitted message to verify the identity of the user.
- the station decrypts the transmitted encrypted authentication request with the retrieved combination symmetric crypto-key to recover the authentication request.
- the station then encrypts the recovered authentication request with the stored second private key portion and transmits the encrypted authentication request and the first symmetric crypto-key, both encrypted with the retrieved combination symmetric key.
- the second network station decrypts the transmitted encrypted authentication request and the first symmetric crypto-key, with its stored combination symmetric crypto-key to recover the encrypted authorization request and the first symmetric crypto-key.
- the station can then decrypt the stored encrypted first private key portion with the recovered first symmetric crypto-key to recover the unencrypted first private key portion, and transmit the recovered encrypted authentication request further encrypted with the recovered first private key portion.
- This further encrypted authentication request serves as an authentication message.
- the first station decrypts the transmitted authentication message with the user public key to recover the authentication request and thereby authenticate the user.
- the second network station is further configured to receive the user password as input and obtain the first private key portion with the password, prior to transmission of the authorization request by the first station.
- the third station also has a time value, representing a time period for authenticating the user, stored thereat.
- the third station can retrieve the stored time value prior to decrypting the encrypted authentication request transmitted by the second station.
- the station only decrypts the transmitted encrypted authentication request if the present time is within the time period represented by the time value.
- the second network station generates the first symmetric crypto-key, and transmits this key, encrypted with the first private key portion, to the third network station.
- the third station decrypts the transmitted encrypted first symmetric crypto-key with the second private key portion to recover the first symmetric crypto-key, thereby authenticating the user, and stores the decrypted first symmetric crypto-key.
- the third network station also generates the second symmetric crypto-key, combines the first and the second symmetric crypto-key to form the combination symmetric crypto-key, and stores the combination crypto-key.
- the station transmits the second symmetric crypto-key encrypted with the first symmetric crypto-key to the second network station, and destroys the second symmetric crypto-key.
- the second network station decrypts the transmitted encrypted second symmetric crypto-key with the first symmetric crypto-key to recover the second symmetric crypto-key and authenticate the sponsor.
- the second network station also combines the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combination crypto-key, stores the combination symmetric crypto-key, encrypts the first private key portion with the first symmetric crypto-key, stores the encrypted first private key portion, and destroys the first symmetric crypto-key and the unencrypted first private key portion.
- a system for accessing multiple different network stations includes a first station representing a user having a password, user identifier, and an associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion.
- the first network station transmits a log-in request including the user identifier.
- a second station representing a sponsor, transmits a challenge responsive to the transmitted log-in request.
- the first station processes a user input including the password to obtain the first private key portion, and encrypts a first symmetric crypto-key and the transmitted challenge with the obtained first private key portion to form a first encrypted message.
- the station then transmits the first encrypted message.
- the second station decrypts the transmitted first encrypted message with the second private key portion and public key to recover the challenge and the first symmetric crypto-key, and thereby authenticate the user.
- the second station also combines the recovered first symmetric crypto-key with a second symmetric crypto-key to form a combined symmetric crypto-key and stores the combined symmetric crypto-key.
- the second station additionally encrypts the second symmetric crypto-key with the first symmetric crypto-key to form a second encrypted message, and transmits the second encrypted message.
- the first station decrypts the transmitted second encrypted message with the first symmetric crypto-key to recover the second symmetric crypto-key, thereby authenticating the sponsor.
- the first station combines the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combined symmetric crypto-key.
- the first station also encrypts the obtained first private key portion with the first symmetric crypto-key and destroys the first symmetric crypto-key and the unencrypted first private key portion.
- the first station can encrypt a request for user authentication from another network entity with the combined symmetric crypto-key to form a third encrypted message.
- the first station then transmits the user identifier and the third encrypted message, typically MAC'd with the combined symmetric crypto-key. As discussed above, this information may be transmitted in a single or multiple communications.
- the second station verifies the MAC on the transmitted message and matches the transmitted user identifier with the user identifier previously transmitted by the first station to retrieve the combined symmetric crypto-key.
- the second station also decrypts the third encrypted message with the retrieved combined symmetric crypto-key to recover the request for user authentication.
- the second station then encrypts the recovered request for user authentication with the second private key portion to form a fourth encrypted message.
- the station next encrypts the first symmetric crypto-key and the fourth encrypted message with the combined symmetric crypto-key to form a fifth encrypted message.
- the second station next transmits the fifth encrypted message.
- the first network station decrypts the transmitted fifth encrypted message with the combined symmetric crypto-key to recover the transmitted first symmetric crypto-key and the transmitted fourth encrypted message, thereby verifying the identity of the sponsor.
- the first station also decrypts the encrypted first private key portion with the recovered first symmetric crypto-key, and further encrypts the recovered fourth encrypted message with the decrypted first private key portion to form an authentication message.
- the station transmits the authentication message to the other network entity to authenticate the user.
Abstract
A system for accessing multiple different network stations without entry of a password includes first, second and third network stations. The first network station represents a network entity and transmits a request for authentication of a user seeking access. The user has an associated password, identifier and asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion. A second network station represents the user and has a user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the first private key portion encrypted with the first symmetric crypto-key stored thereat. In response to the authentication request, this station (i) transmits the stored user identifier MAC'd with the stored combination symmetric key, and (ii) transmits the transmitted authentication request encrypted with the stored combination symmetric crypto-key. A third network station represents a sponsor and has the user identifier, the combination symmetric crypto-key, the first symmetric crypto-key, and the second private key portion stored thereat. This station (i) retrieves the stored combination symmetric crypto-key by matching the transmitted user identifier with the stored user identifier, (ii) verifies the MAC with the retrieved combination symmetric crypto-key to verify the identity of the user, (iii) decrypts the transmitted encrypted authentication request with the retrieved combination symmetric key to recover the authentication request, (iv) encrypts the recovered authentication request with the stored second private key portion and (v) transmits the encrypted authentication request and the first symmetric crypto-key, both encrypted with the retrieved combination symmetric crypto-key. The second network station (i) decrypts the transmitted encrypted authentication request and first symmetric crypto-key with its stored combination symmetric crypto-key to recover the encrypted authentication request and the first symmetric crypto-key, (ii) decrypts the stored encrypted first private key portion with the recovered first symmetric crypto-key to recover the first private key portion, and (iii) transmits the recovered encrypted authentication request further encrypted with the recovered first private key portion. The first station decrypts the transmitted further encrypted authentication request with the user public key to thereby authenticate the user.
Description
- This invention relates to cryptosystems. More particularly, the present invention relates to password access to different network sites in cryptosystems.
- Today, computing devices are almost always interconnected via networks. As these networks can be large closed networks, as within a corporation, or truly public networks as the Internet is, the network itself might have hundreds, thousands or even millions of potential users. Consequently it is often required to restrict access to any given computer or service, or a part of a computer or service to a subset of the users on the public or closed network. For instance, a brokerage might have a public website accessible to all, but would like to only give Ms. Alice Smith access to Ms. Alice Smith's brokerage account.
- This is an old problem, tracing its roots to the earliest days of computers, and passwords were among the first techniques used, and to this day remain the most widely used technique for protecting resources on a computer or service.
- In its simplest form, every user has a unique password and the computer has knowledge of the user password. When attempting to log on Alice would enter her userid, say alice, and password, say apple23, the computer would compare the pair, i.e. alice, apple23, with the pair it had stored for Alice, and if there is a match would establish a session and give Alice access.
- This simple scheme suffers from two problems. First, the table containing the passwords is stored on the computer, and represents a single point of compromise. If Eve could somehow steal this table, she would be able to access every user's account. A second problem with this approach is that when Alice enters her password it travels from her terminal to the computer in the clear, and Eve could potentially eavesdrop. For instance the “terminal” could be Alice's PC at home, and the computer could be a server on the Internet, in which case her password travels in the clear on the Internet.
- Various solutions have been proposed and implemented to solve these two issues. For instance, to solve the first problem of storing the password on the computer, the computer could instead store a one way function of the password. E.g. F(apple23)=XD45DTY, and the pair {alice, XD45DTY}. In this example as F( ) is a one way function, computing XD45DTY from apple23 is easy, but as it is a “one way function”, the reverse is believed to be difficult or close to impossible. So when Alice logs on and sends the computer {alice, apple23}, the computer can compute F(apple23) and compare the result with XD45DTY. The UNIX operating system was among the first to implement such a system in the late 1970's.
- Before discussing more sophisticated conventional techniques for solving this problem, let us briefly describe symmetric, asymmetric and ‘split private key’ cryptography.
- In symmetric key cryptography, the two parties who want to communicate in private share a common secret key, say K. the sender encrypts messages with K, to generate a cipher, i.e. C=Encrypt(M,K). The receiver decrypts the cipher to retrieve the message, i.e. D=Decrypt(C,K). An attacker who does not know K, and sees C, cannot successfully decrypt the message, if the underlying algorithms are strong. Examples of such systems are DES and RC 4. Encryption and decryption with symmetric keys provide a confidentiality, or privacy service.
- Symmetric keys can also be used to provide integrity and authentication of messages in a network. Integrity and authentication means that the receiver knows who sent a message and that the message has not been modified so it is received as it was sent. Integrity and authentication is achieved by attaching a Message Authentication Code (MAC) to a message M. E.g., the sender computes S=MAC(M,K) and attaches S to the message M. When the message M reaches the destination, the receiver also computes S′=MAC(M,K) and compares S′ with the transmitted value S. If S′=S the verification is successful otherwise verification fails and the message should be rejected. Early MACs were based on symmetric encryption algorithms such as DES whereas more recently MACs are constructed from message digest functions, or “hash” functions, such as MD5 and SHA-1. The current Internet standard for this purpose is known as hash-based MAC (HMAC).
- By combining confidentiality with integrity and authentication, it is possible to achieve both services with symmetric key cryptography. It is generally accepted that different keys should be used for these two services and different keys should be used in different directions between the same two entities for the same service. Thus if Alice encrypts messages to Bob with a shared key K, Bob should use a different shared key K′ to encrypt messages from Bob to Alice. Likewise Alice should use yet another key K″ for MACs from Alice to Bob and Bob should use K′″ for MACs from Bob to Alice. Since this is well understood by those skilled in the art, we will follow the usual custom of talking about a single shared symmetric key between Alice and Bob, with the understanding that strong security requires the use of four different keys.
- Symmetric key systems have been in use for literally thousands of years, and have always suffered from a major problem—namely how to perform key distribution. How do Bob and Alice agree on K? Asymmetric key cryptography was invented to solve this problem. Here every user is associated with two keys, which are related by special mathematical properties. These properties result in the following functionality: a message encrypted with one of the two keys can then only be decrypted with the other.
- One of these keys for each user is made public and the other is kept private. Let us denote the former by E, and the latter by D. So Alice knows Dalice, and everyone knows Ealice. To send Alice the symmetric key K, Bob simply sends C=Encrypt(K,Ealice). Alice, and only Alice (since no one else knows Dalice), can decrypt the ciphertext C to recover the message, i.e. Decrypt(C,Dalice)=K. Now both Alice and Bob know K and can use it for encrypting subsequent messages using a symmetric key system. Why not simply encrypt the message itself with the asymmetric system? This is simply because in practice all known asymmetric systems are fairly inefficient, and while they are perfectly useful for encrypting short strings such as K, they are inefficient for large messages.
- The above illustrates how asymmetric cryptography can solve the key distribution problem. Asymmetric cryptography can also be used to solve another important problem, that of digital signatures. To sign a message M, Alice encrypts it with her own private key to create S=Encrypt(M,Dalice). She can then send (M,S) to the recipient who can then decrypt S with Alice's public key to generate M′, i.e. M′=Decyrpt(S,Ealice). If M′=M then the recipient has a valid signature as only someone who has Dalice, by definition only Alice, can generate S, which can be decrypted with Ealice to produce M. To convey the meaning of these cryptographic operations more clearly they are often written as S=Sign (M, Dalice) and. M′=Verify (M,S,Ealice). It is worth noting that asymmetric key digital signatures provide non-repudiation in addition to the integrity and authentication achieved by symmetric key MACs. With MACs the verifier can compute the MAC for any message M of his choice since the computation is based on a shared secret key. With digital signatures this is not possible since only the sender has knowledge of the sender's private key required to compute the signature. The verifier can only verify the signature but not generate it.
- The RSA cryptosystem is one system that implements asymmetric cryptography as described above. In particular the RSA cryptosystem allows the same public-private key pair to be used for encryption and for digital signatures. It should be noted there are other asymmetric cryptosystems which implement encryption only e.g., ElGamal or digital signature only, e.g., DSA.
- Finally, the above description does not answer the important question of how Bob gets Alice's public key Ealice. The process for getting and storing the binding [Alice, Ealice] which binds Ealice to Alice is tricky. The most practical method appears to be to have the binding signed by a common trusted authority. So such a “certificate authority” (CA) can create CERTalice=Sign([Alice, Ealice], Dca). Now CERTalice can be verified by anyone who knows the CA's public key Eca. So in essence, instead of everyone having to know everyone else's public key, everyone only need know a single public key, that of the CA. More elaborate schemes with multiple Certificate Authorities, sometimes having a hierarchical relationship, have also been proposed.
- Asymmetric key cryptosystems have been around for a long time, but have found limited use. The primary reasons are twofold: (a) the private key D in most systems is long, which means that users cannot remember them, and they have to either be stored on every computer they use, or carried around on smart cards or other tokens; and (b) the infrastructure for ensuring a certificate is valid, which is critical, is cumbersome to build, operate and use. The first technique proposed to validate certificates was to send every recipient a list of all certificates that had been revoked. This clearly does not scale well to an environment with millions of users. The second method proposed was to require that one inquire about the validity of a certificate on-line, which has its own associated problems.
- A system based on split private key cryptography has been developed to solve these two issues, among others. In this system the private key for Alice, i.e. Dalice, is further split into two parts, Daa which Alice knows, and a part Das which is stored at a security server. To sign a message, Alice could perform a partial encryption to generate a partial signature, i.e. PS=Sign(M,Das). Alice then sends the server PS which ‘completes’ the signature by performing S=Sign(PS,Dss). This completed signature S is indistinguishable from one generated by the original private key, so the rest of the process works as previously described. However, Daa can be made short, which allows the user to remember it as a password, so this system is consumer friendly. Further, if the server is informed that a particular ID has been revoked, then it will cease to perform its part of the operation for that user, and consequently no further signatures can ever be performed. This provides for instant revocation in a simple highly effective fashion.
- Let us return now to password based systems. Challenge-response systems solve the issue of having to send passwords in the clear across a network. If the computer and Alice share a secret password, P, then the computer can send her a new random challenge, R, at the time of login. Alice computes C=Encrypt(R,P) and sends back C. The computer decrypts Decrypt(C,P)=C′. If C=C′, then the computer can trust that it is Alice at the other end. Note however that the computer had to store P. A more elegant solution can be created using asymmetric cryptography. Now Alice has a private key Dalice, or in a split private key system she has Daa. The computer challenges her to sign a new random challenge R. She signs the challenge, or in the split private key system she interacts with the security server to create the signature, and sends it back to the computer which uses her public key, retrieved from a certificate, to verify the signature. Observe that the computer does not have to know her private key, and that an eavesdropper observing the signature on R gains no knowledge of her private key.
- The SSL system, which is widely used on the Internet in effect implements a more elaborate method of exactly this protocol. SSL has two components, ‘server side SSL’ in which a server proves its identity by signing a particular message during connection set-up. As browsers such as Netscape and Microsoft Internet Explorer come loaded with the public keys of various CAs, the browser can verify the signature of the server. This authenticates the server to the client, and also allows for the set-up of a session key K, which is used to encrypt all further communications. Server side SSL is widely used, as the complexity of managing certificates rests with system administrators of web sites who have the technical knowledge to perform this function. The converse function in SSL, client side SSL, which lets a client authenticate herself to a server is rarely used, because although the technical mechanism is exactly the same, it now requires users to manage certificates and long private keys which has proven to be difficult, unless they use the split private key system. So in practice, most Internet web sites use server side SSL to authenticate themselves to the client, and to obtain a secure channel, and from then on use Userid, Password pairs to authenticate the client.
- So far from disappearing, the use of passwords has increased dramatically. Passwords themselves are often dubbed as inherently “weak” which is inaccurate, because if they are used carefully passwords can actually achieve “strong” security. As discussed earlier passwords should not be sent over networks, and if possible should not be stored on the receiving computer. Instead, in a “strong” system, the user can be asked to prove knowledge of the password without actually revealing the password. And perhaps most critically passwords should not be vulnerable to dictionary attacks.
- Dictionary attacks can be classified into three types. In all three cases the starting point is a ‘dictionary’ of likely passwords. Unless the system incorporates checks to prevent it, users tend to pick poor passwords, and compilations of lists of widely used poor passwords are widely available.
- 1) On line dictionary attack. Here the attacker types in a guess at the password from the dictionary. If the attacker is granted access to the computer they know the guess was correct. These attacks are normally prevented by locking the user account if there are an excessive number of wrong tries. Note that this very commonly used defense prevented one problem, but just created another one. An attacker can systematically go through and lock out the accounts of hundreds or thousands users. Although the attacker did not gain access, now legitimate users cannot access their own accounts either, creating a denial of service problem.
- 2) Encrypt dictionary attacks: If somewhere in the operation of the system a ciphertext C=Encrypt(M,P) was created, and the attacker has access to both C and M, then the attacker can compute off-line C 1=Encrypt(M,G1), C2=Encrypt(M,G2), . . . where G1, G2, . . . etc. are the guesses at the password P from the dictionary. The attacker stops when he finds a Cn=C, and knows that Gn=P. Observe that the UNIX file system, which uses a one way function F( ) instead of an encryption function E( ), is vulnerable to this attack.
- 3) Decrypt dictionary attacks: Here the attacker, does not know M, and only sees the ciphertext C (where C=Encrypt(M,P). The system is only vulnerable to this attack IF it is true that M has some predictable structure. So the attacker tries M 1=Decrypt(C,G1), M2=Decrypt(C,G2) . . . , and stops when the Mi has the structure he is looking for. For instance Mi could be known to be a timestamp, English text, or a number with special properties such as a prime, or a composite number with no small factors.
- It is possible to design strong password based systems but the password should not be stored on the computer in any form, ever communicated to it, and should be protected from all three types of dictionary attacks.
- FIG. 1 depicts the operations of Server-Side-Authentication during a communications session between network users, in this instance a client device such as a personal computer and a host device such as a server. It will be understood that software is resident on the client device and this software directs communications on the client side of the communication session. It will also be understood that software is resident on the server and that this software directs communications on the server side of the communication session. Furthermore, it should be understood that while in this example the server is associated with a merchant, the server could be associated with any type of entity. As used here, server designates any networked device capable of presenting information to another network device via the network. Also, it should be understood that while the client device in this example is associated with an individual user, the client device may be associated with an entity other than an individual user. Also, a client device may be any networked device capable of accessing information via a network.
- At
step 100 the client device transmits a message to the server. This message includes a first random number generated by the software and an indication of the types of cryptography the client device is capable of supporting. This message can be called a ‘hello’ message. The server then selects one of the types of cryptography and includes a second random number and the server's certificate in a transmission to the client device,step 110. This transmission can be called ‘message two’. A certificate contains information certifying that an entity is who that entity claims to be. The client device then obtains the public portion of the server's asymmetric key from the certificate and verifies the certificate by verifying the certificate issuer's signature on the certificate,step 115. The client device then generates and encrypts a symmetric session key with the public portion of the server's asymmetric key and transmits the encrypted symmetric session key to the server,step 120. The server then decrypts the symmetric session key with the private portion of the server's asymmetric key and encrypts the first random number using the symmetric key and transmits the encrypted random number to the client device,step 125. The client device then decrypts the random number using its copy of the symmetric key,step 130. If the original first random number is recovered, the server has authenticated itself to the client device. All further communication between the server and client device are secured using the symmetric session key. It will be recognized that SSL server-side-authentication in current use does not actually followsteps - Client-Side-Authentication is designed to operate similar to Server-Side-Authentication as is depicted in FIG. 2. At
step 200, the server transmits a 36 byte hash to the client device and requests the client device to sign it with the private portion of the client device's asymmetric key. Also, the server will request that the client device return the client device's certificate. The client device signs the 36 byte hash and sends the signed 36 byte hash and the client device certificate to the server,step 210. The server then verifies that the client device's certificate is valid and obtains the public portion of the browser's asymmetric key from the authority issuing the certificate,step 215. The server then uses the public portion of the client device's asymmetric crypto-key to verify the client device signature,step 220. If the server recovers the original 36 byte hash, the client device has authenticated itself to the server. It will be recognized here also that SSL client-side-authentication currently in use does not actually follow these precise steps. Rather these steps are representative of how the user's asymmetric public and private keys could be used for client to server authentication. - In practice, only Server-Side-Authentication is generally implemented today. Most servers which require authentication of other network users utilize passwords. As discussed above, after Server-Side-Authentication is completed, both the server and the client device are in possession of a symmetric session key. All subsequent communications between the parties during the present communication session are secured with the symmetric session key. Typically, the server requests the client device to supply a valid user ID and password. This information is provided by the user and transmitted from the client device to the server, encrypted with the symmetric session key. Each server must maintain a database of associated users. These databases contain passwords and information identifying the holders of the passwords. This requires the server to gather or dispense passwords and to manage stored passwords. If the password is valid, that is, it is included in the database, the client device has authenticated itself to the server.
- Accordingly, a need exists for a technique whereby a first network user can obtain verifiable authentication from a second network user without the first network user having to maintain, process and utilize a password system.
- A certificate issuing authority includes information about the user in the user's certificate. This information may include associations the user maintains, personal information, or even financial information. A certificate issuing authority may include information that a user does not want disclosed. Or, user information included in a certificate may change. Presently, a user cannot update or change information in an issued certificate. A user can at best revoke a certificate and obtain a new one which includes the changed information. When a new certificate is obtained, new keys must be generated. Any entity who has previously obtained the user's certificate and public key must now reobtain the new certificate and key. Thus, there is no way to modify a certificate without revoking the corresponding key pair.
- Accordingly, a need exists whereby a certificate can be modified, while retaining the associated key pair.
- A single user may have associations with multiple servers. Each of the multiple servers may require the user to maintain a password and client ID. Thus, a single user may be required to remember a plurality of passwords.
- Oftentimes a user may attempt to establish the same client ID and password with several unrelated servers. This cannot always be accomplished. Some servers require a password to meet certain quality standards not be a ‘bad’ password, as discussed above. Thus a password that the user may wish to use may not be acceptable to certain servers. Also, a password that a user may wish to use may already be in use by another user of a server, and the server may not allow more than one user to use the same password.
- Even if a user is able to use the same client ID and password for access to multiple servers, other problems with using passwords for authentication arise. For instance, a user's password may become compromised. That is, the password may become known to another individual. That individual can then impersonate the user to multiple servers. The user must obtain a new password with each server with which the user uses the now compromised password. Furthermore, if a user's password is compromised and a first server recognizes this fact, there is currently no method whereby this first server can notify other servers at which the user uses this same password that the password has been compromised.
- Yet another problem with the use of passwords in providing authentication is that a user must provide a password to each and every server requiring authentication. If a user is fortunate enough to obtain the same password with several servers, the user still must provide the password to each server to which the user seeks access. Thus, every time a user wishes to perform communications with a server, that user must cause his or her password to be transmitted to the server. Furthermore, when a user ends an authenticated communication with a server and immediately attempts to reestablish an authenticated communication, the user must again provide his or her password to the server for authentication.
- Accordingly, a need exists for a technique whereby a network user can utilize a single password to access a plurality of networked devices and enter that single password only once to gain access to any of the plurality of networked devices.
- SSL as deployed in current systems is based upon the RSA public key cryptosystem. As introduced above, RSA relies upon the use of products of large prime numbers which are not easily factorable. If the RSA technique should be broken, that is, if an algorithm for factoring large prime numbers is found, SSL and any cryptosystem based on RSA would be useless. An attacker would have access to communications in any RSA based cryptosystem. Secure and trusted communications in SSL and other public key cryptosystems would become impossible. Accordingly, a need exists for a technique whereby a public key based cryptosystem could provide secure communications if RSA were to become unusable.
- It is an object of the present invention to provide a system and method whereby a user can gain access to plurality of networked devices controlled by different entities by only once providing identifying information.
- Additional objects, advantages, novel features of the present invention will become apparent to those skilled in the art from this disclosure, including the following detailed description, as well as by practice of the invention. While the invention is described below with reference to preferred embodiment(s), it should be understood that the invention is not limited thereto. Those of ordinary skill in the art having access to the teachings herein will recognize additional implementations, modifications, and embodiments, as well as other fields of use, which are within the scope of the invention as disclosed and claimed herein and with respect to which the invention could be of significant utility.
- In accordance with the invention, multiple different network stations are accessed based on a single entry of a user password. The network stations may take the form of personal computers, high power workstations, mainframe computers, portable computing devices, telephones or virtually any other type of network device capable of functioning in the described manner below.
- According to the invention, a first network station represents a network entity, such as a bank, merchant, university, corporation or other network entity which requires authentication of the user prior to granting the user access. The first station transmits a request for authentication of the user seeking access. Commonly, the request for authentication takes the form of a hash message of 36 bytes computed from the conversation between the first and a second network station. The user not only has an associated password, but also a user identifier and an associated asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion. It will be understood that the private key could be split into more than two key portions if so desired.
- The second network station, representing the user, has the user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the first private key portion encrypted with a first symmetric crypto-key stored thereat. Preferably, the combination symmetric crypto-key corresponds to the first symmetric crypto-key XOR'd with the second symmetric crypto-key. Advantageously, the first symmetric crypto-key is a first random number having a length of 192 bits and the second symmetric crypto-key is a second random number, different than the first random number, having a length of 192 bits.
- In response to the transmitted authentication request, the second network station transmits the stored user identifier and the transmitted authentication request encrypted with the stored combination symmetric key to a third network station. Advantageously, the second network station automatically responds to the authentication request without any need for the user to input the user password. The stored user identifier and the authentication request encrypted with the stored combination symmetric crypto-key may be transmitted in a single communication. However, preferably, the stored user identifier is transmitted in a first communication, and the encrypted authentication request is transmitted in a separate later communication. Beneficially, the second network station MAC's the stored user identifier with the stored combination symmetric crypto-key, and the user identifier is transmitted in the MAC'd message.
- The third network station, representing a sponsor, has the user identifier, the combination symmetric crypto-key, the first symmetric crypto-key, and the second private key portion stored thereat. The third network station retrieves the stored combination symmetric crypto-key by matching the transmitted user identifier with the stored user identifier. The station verifies the MAC on the transmitted message to verify the identity of the user. The station decrypts the transmitted encrypted authentication request with the retrieved combination symmetric crypto-key to recover the authentication request. The station then encrypts the recovered authentication request with the stored second private key portion and transmits the encrypted authentication request and the first symmetric crypto-key, both encrypted with the retrieved combination symmetric key.
- The second network station decrypts the transmitted encrypted authentication request and the first symmetric crypto-key, with its stored combination symmetric crypto-key to recover the encrypted authorization request and the first symmetric crypto-key. The station can then decrypt the stored encrypted first private key portion with the recovered first symmetric crypto-key to recover the unencrypted first private key portion, and transmit the recovered encrypted authentication request further encrypted with the recovered first private key portion. This further encrypted authentication request serves as an authentication message. The first station decrypts the transmitted authentication message with the user public key to recover the authentication request and thereby authenticate the user.
- Beneficially, the second network station is further configured to receive the user password as input and obtain the first private key portion with the password, prior to transmission of the authorization request by the first station.
- In accordance with another aspect of the invention, the third station also has a time value, representing a time period for authenticating the user, stored thereat. In such a case, the third station can retrieve the stored time value prior to decrypting the encrypted authentication request transmitted by the second station. The station only decrypts the transmitted encrypted authentication request if the present time is within the time period represented by the time value.
- According to still other aspects of the invention, the second network station generates the first symmetric crypto-key, and transmits this key, encrypted with the first private key portion, to the third network station. The third station decrypts the transmitted encrypted first symmetric crypto-key with the second private key portion to recover the first symmetric crypto-key, thereby authenticating the user, and stores the decrypted first symmetric crypto-key. The third network station also generates the second symmetric crypto-key, combines the first and the second symmetric crypto-key to form the combination symmetric crypto-key, and stores the combination crypto-key. The station then transmits the second symmetric crypto-key encrypted with the first symmetric crypto-key to the second network station, and destroys the second symmetric crypto-key.
- The second network station decrypts the transmitted encrypted second symmetric crypto-key with the first symmetric crypto-key to recover the second symmetric crypto-key and authenticate the sponsor. The second network station also combines the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combination crypto-key, stores the combination symmetric crypto-key, encrypts the first private key portion with the first symmetric crypto-key, stores the encrypted first private key portion, and destroys the first symmetric crypto-key and the unencrypted first private key portion.
- In a preferred practical implementation of the invention, a system for accessing multiple different network stations includes a first station representing a user having a password, user identifier, and an associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion. The first network station transmits a log-in request including the user identifier.
- A second station, representing a sponsor, transmits a challenge responsive to the transmitted log-in request. The first station processes a user input including the password to obtain the first private key portion, and encrypts a first symmetric crypto-key and the transmitted challenge with the obtained first private key portion to form a first encrypted message. The station then transmits the first encrypted message.
- The second station decrypts the transmitted first encrypted message with the second private key portion and public key to recover the challenge and the first symmetric crypto-key, and thereby authenticate the user. The second station also combines the recovered first symmetric crypto-key with a second symmetric crypto-key to form a combined symmetric crypto-key and stores the combined symmetric crypto-key. The second station additionally encrypts the second symmetric crypto-key with the first symmetric crypto-key to form a second encrypted message, and transmits the second encrypted message.
- The first station decrypts the transmitted second encrypted message with the first symmetric crypto-key to recover the second symmetric crypto-key, thereby authenticating the sponsor. The first station combines the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combined symmetric crypto-key. The first station also encrypts the obtained first private key portion with the first symmetric crypto-key and destroys the first symmetric crypto-key and the unencrypted first private key portion.
- Subsequently, the first station can encrypt a request for user authentication from another network entity with the combined symmetric crypto-key to form a third encrypted message. The first station then transmits the user identifier and the third encrypted message, typically MAC'd with the combined symmetric crypto-key. As discussed above, this information may be transmitted in a single or multiple communications.
- The second station verifies the MAC on the transmitted message and matches the transmitted user identifier with the user identifier previously transmitted by the first station to retrieve the combined symmetric crypto-key. The second station also decrypts the third encrypted message with the retrieved combined symmetric crypto-key to recover the request for user authentication. The second station then encrypts the recovered request for user authentication with the second private key portion to form a fourth encrypted message. The station next encrypts the first symmetric crypto-key and the fourth encrypted message with the combined symmetric crypto-key to form a fifth encrypted message. The second station next transmits the fifth encrypted message.
- The first network station decrypts the transmitted fifth encrypted message with the combined symmetric crypto-key to recover the transmitted first symmetric crypto-key and the transmitted fourth encrypted message, thereby verifying the identity of the sponsor. The first station also decrypts the encrypted first private key portion with the recovered first symmetric crypto-key, and further encrypts the recovered fourth encrypted message with the decrypted first private key portion to form an authentication message. The station transmits the authentication message to the other network entity to authenticate the user.
Claims (17)
1. A system for accessing multiple different network stations without entry of a password, comprising:
a first network station representing a network entity and configured to transmit a request for authentication of a user seeking access, the user having an associated password, an associated user identifier, and an associated asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion;
a second network station representing the user, and having the user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the obtained first private key portion encrypted with the first symmetric crypto-key stored thereat, and configured to (i) transmit the stored user identifier MAC'd with the stored combination symmetric crypto-key responsive to the transmitted authentication request, and (ii) transmit the transmitted authentication request encrypted with the stored combination symmetric crypto-key; and
a third network station, representing a sponsor, having the user identifier, the combination symmetric crypto-key, the first symmetric crypto-key, and the second private key portion stored thereat, and configured to (i) retrieve the stored combination symmetric crypto-key by matching the transmitted user identifier with the stored user identifier, (ii) verify the MAC with the retrieved combination symmetric crypto-key to verify identity of the user, (iii) decrypt the transmitted encrypted authentication request with the retrieved combination symmetric crypto-key to recover the authentication request, (iv) encrypt the recovered authentication request with the stored second private key portion and (v) transmit the encrypted authentication request and the first symmetric crypto-key, both encrypted with the retrieved combination symmetric crypto-key;
wherein the second network station is further configured to (i) decrypt the transmitted encrypted authentication request and first symmetric crypto-key, with the stored combination symmetric crypto-key to recover the encrypted authentication request and the first symmetric crypto-key, (ii) decrypt the stored encrypted first private key portion with the recovered first symmetric crypto-key to recover the first private key portion, (iii) to transmit the recovered encrypted authentication request further encrypted with the recovered first private key portion;
wherein the first station is further configured to decrypt the transmitted further encrypted authentication request with the public key to thereby authenticate the user.
2. A system according to claim 1 , wherein the authentication request is a hash message.
3. A system according to claim 1 , wherein the second network station is further configured to receive the password as a user input and obtain the first private key portion with the input password, prior to transmission of the authorization request by the first station.
4. A system according to claim 1 , wherein the combination symmetric crypto-key corresponds to the first symmetric crypto-key XOR'd with the second symmetric crypto-key.
5. A system according to claim 1 , wherein the second network station is further configured to automatically respond to the authentication request without the user inputting the password.
6. A system according to claim 1 , wherein the first symmetric crypto-key is a first random number having a length of 192 bits and the second symmetric crypto-key is a second random number, different than the first random number, having a length of 192 bits.
7. A system according to claim 1 , wherein the third station has a time value, representing a time period for authenticating the user, stored thereat, and is further configured to retrieve the stored time value prior to encrypting the recovered authentication request and to only encrypt the recovered authentication request if the present time is within the time period represented by the time value.
8. A system according to claim 1 , wherein the second network station is further configured to generate the first symmetric crypto-key, and transmit the first symmetric crypto-key encrypted with the obtained first private key portion to the third network station;
the third station is further configured to decrypt the transmitted encrypted first symmetric crypto-key with the second private key portion to recover the first symmetric crypto-key and thereby authenticate the user, to store the decrypted first symmetric crypto-key, to generate the second symmetric crypto-key, to combine the first and the second symmetric crypto-key to form the combination symmetric crypto-key, to store the combination symmetric crypto-key, to transmit the second symmetric crypto-key encrypted with the first symmetric crypto-key to the second network station, and to destroy the second symmetric crypto-key; and
the second network station is further configured to decrypt the transmitted encrypted second symmetric crypto-key with the first symmetric crypto-key to recover the second symmetric crypto-key and thereby authenticate the sponsor, to combine the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combination symmetric crypto-key, to store the combination symmetric crypto-key, to encrypt the first private key portion with the first symmetric crypto-key, to store the encrypted first private key portion, and to destroy the first symmetric crypto-key and the unencrypted first private key portion.
9. A system for accessing multiple different network stations, comprising:
a first station representing a user having a password, an identifier, and an asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion, and configured to transmit a log-in request including the user identifier; and
a second station representing a sponsor and configured to transmit a challenge responsive to the transmitted log-in request;
wherein the first station is further configured (i) to process the user password to obtain the first private key portion, (ii) to encrypt a first symmetric crypto-key and the transmitted challenge with the obtained first private key portion to form a first encrypted message, and (iii) to transmit the first encrypted message;
wherein the second station is further configured (i) to decrypt the transmitted first encrypted message with the second private key portion to recover the challenge and the first symmetric crypto-key, thereby authenticating the user, (ii) to combine the recovered first symmetric crypto-key with a second symmetric crypto-key to form a combined symmetric crypto-key, (iii) to store the combined symmetric crypto-key, (iv) to encrypt the second symmetric crypto-key and a time value with the first symmetric crypto-key to form a second encrypted message, and (v) to transmit the second encrypted message;
wherein the first station is further configured (i) to decrypt the transmitted second encrypted message with the first symmetric crypto-key to recover the second symmetric crypto-key and the time value, thereby authenticating the sponsor, (ii) to combine the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combined symmetric crypto-key, (iii) to encrypt the first private key portion with the first symmetric crypto-key, (iv) to destroy the first symmetric crypto-key and the obtained first private key portion, (v) to encrypt a request for user authentication from another network entity with the combined symmetric crypto-key to form a third encrypted message and (vi) to transmit the user identifier, MAC'd with the combined symmetric crypto-key, and the third encrypted message;
wherein the second station is further configured (i) to match the transmitted user identifier with the previously transmitted user identifier to retrieve the combined symmetric crypto-key, (ii) verify the MAC with the retrieved combined symmetric crypto-key to verify identity of the user, (iii) to decrypt the third encrypted message with the combined symmetric crypto-key to recover the request for user authentication, (iv) to encrypt the request for user authentication with the second private key portion to form a fourth encrypted message, (v) to encrypt the first symmetric crypto-key and the fourth encrypted message with the combined symmetric crypto-key to form a fifth encrypted message and (vi) to transmit the fifth encrypted message;
wherein the first network station is further configured (i) to decrypt the transmitted fifth encrypted message with the combined symmetric crypto-key to recover the transmitted first symmetric crypto-key and the transmitted fourth encrypted message, and thereby verify an identity of the sponsor, (ii) to decrypt the encrypted first private key portion with the recovered first symmetric crypto-key, (iii) to further encrypt the recovered fourth encrypted message with the decrypted first private key portion to form an authentication message, (iv) to transmit the authentication message to the other network entity to authenticate the user.
10. A method for accessing multiple different network stations without entry of a password associated with a user also having an associated identifier and an associated asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion, comprising:
receiving a request for authentication of the user;
retrieving from a first memory, without entry of the user password, the user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the first private key portion encrypted with the first symmetric crypto-key;
encrypting the transmitted authentication request with the retrieved combination symmetric crypto-key;
transmitting the retrieved user identifier MAC'd with the retrieved combination symmetric crypto-key, and the received authentication request encrypted with the retrieved combination symmetric crypto-key;
matching the transmitted user identifier with a user identifier stored in a second memory, different than the first memory, to retrieve the combination symmetric crypto-key from the second memory;
verifying the MAC with the retrieved combination symmetric crypto-key to verify identity of the user;
decrypting the transmitted encrypted authentication request with the combination symmetric crypto-key to recover the authorization request;
retrieving the second private key portion and the first symmetric crypto-key from the second memory;
encrypting the recovered authorization request with the retrieved second private key portion to form an authentication message;
transmitting the authentication message and the retrieved first symmetric crypto-key, both encrypted with the combination symmetric crypto-key;
decrypting the transmitted encrypted authentication message and first symmetric crypto-key, with the combination symmetric crypto-key retrieved from the first memory to recover the authentication message and the first symmetric crypto-key;
decrypting the retrieved encrypted first private key portion with the recovered first symmetric crypto-key;
encrypting the recovered authentication message with the decrypted first private key portion to complete the authentication message;
transmitting the completed authentication message; and
decrypting the transmitted completed authentication message with the user public key to thereby authenticate the user.
11. A method according to claim 10 , wherein the authentication request is a hash message.
12. A method according to claim 10 , further comprising:
processing the user password to obtain the first private key portion, prior to receipt of the authentication request.
13. A method according to claim 10 , further comprising:
XOR'ing the first symmetric crypto-key with the second symmetric crypto-key to generate the combination symmetric crypto-key. A method according to claim 10 , wherein the first symmetric crypto-key is a first random number having a length of 192 bits and the second symmetric crypto-key is a second random number, different than the first random number, having a length of 192 bits.
14. A method according to claim 10 , further comprising:
retrieving a time value, representing a time period for authenticating the user, from the second memory; and
only encrypting the recovered authentication request if the present time is within the time period represented by the retrieved time value.
16. A method according to claim 10 , further comprising:
generating the first symmetric crypto-key;
transmitting the first symmetric crypto-key encrypted with the obtained first private key portion;
decrypting the transmitted encrypted first symmetric crypto-key with the second private key portion to recover the first symmetric crypto-key and thereby authenticate the user;
storing the decrypted first symmetric crypto-key in the second memory;
generating the second symmetric crypto-key;
combining the first and the second symmetric crypto-keys to form the combination symmetric crypto-key;
storing the combination symmetric crypto-key in the second memory;
transmitting the second symmetric crypto-key encrypted with the first symmetric crypto-key;
destroying the second symmetric crypto-key;
decrypting the transmitted encrypted second symmetric crypto-key with the first symmetric crypto-key to recover the second symmetric crypto-key and thereby authenticate the sponsor;
combining the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combination symmetric crypto-key;
storing the combination symmetric crypto-key in the first memory;
encrypting the first private key portion with the first symmetric crypto-key;
storing the encrypted first private key portion in the first memory; and
destroying the first symmetric crypto-key used to encrypt the first private key portion and the unencrypted first private key portion.
17. A method for accessing multiple different network stations by a user having a user identifier, a user password and an asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion;
transmitting a log-in request including the user identifier;
transmitting a challenge of a sponsor responsive to the transmitted log-in request;
processing the user password to obtain the first private key portion;
encrypting a first symmetric crypto-key and the transmitted challenge with the obtained first private key portion to form a first encrypted message;
transmitting the first encrypted message;
decrypting the transmitted first encrypted message with the second private key portion to recover the challenge and the first symmetric crypto-key, and thereby authenticate the user to the sponsor;
combining the recovered first symmetric crypto-key with a second symmetric crypto-key to form a combined symmetric crypto-key;
storing the combined symmetric crypto-key in a first memory;
encrypting the second symmetric crypto-key with the first symmetric crypto-key to form a second encrypted message;
transmitting the second encrypted message;
decrypting the transmitted second encrypted message with the first symmetric crypto-key to recover the second symmetric crypto-key, and thereby authenticate the sponsor to the user;
combining the recovered second symmetric crypto-key with the first symmetric crypto-key to form the combined symmetric crypto-key;
storing the combined symmetric crypto-key in a second memory, different than the first memory;
encrypting the first private key portion with the first symmetric crypto-key;
destroying the first symmetric crypto-key used to encrypt the first private key portion and the obtained first private key portion;
encrypting a request for authentication of the user with the combined symmetric crypto-key to form a third encrypted message;
transmitting the user identifier, MAC'd with the combined symmetric crypto-key, and the third encrypted message;
matching the transmitted user identifier with the previously transmitted user identifier to retrieve the combined symmetric crypto-key from the second memory;
verifying the transmitted MAC with the retrieved combined symmetric crypto-key to verify an identity of the user;
decrypting the third encrypted message with the combined symmetric crypto-key to recover the request for user authentication;
encrypting the request for user authentication with the second private key portion to form a fourth encrypted message;
encrypting the first symmetric crypto-key and the fourth encrypted message with the combined symmetric crypto-key stored in the first memory to form a fifth encrypted message;
transmitting the fifth encrypted message;
decrypting the transmitted fifth encrypted message with the combined symmetric crypto-key stored in the second memory to recover the transmitted first symmetric crypto-key and the transmitted fourth encrypted message, and thereby verify an identity of the sponsor;
decrypting the encrypted first private key portion with the recovered first symmetric crypto-key;
further encrypting the recovered fourth encrypted message with the decrypted first private key portion to form an authentication message;
transmitting the authentication message to the other network entity to authenticate the user.
18. A method for accessing multiple different network stations without entry of a password associated with a user having an associated first symmetric crypto-key, an associated second symmetric crypto-key and an associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion, comprising:
encrypting the first private key portion with the first symmetric crypto-key;
transmitting a request, of a network station, for authentication of the user, encrypted with the second symmetric crypto-key to a sponsor;
decrypting the transmitted encrypted authentication request with the second symmetric crypto-key to recover the authentication request;
encrypting the recovered authentication request with the second private key portion to form an authentication message;
transmitting the authentication message and the first symmetric crypto-key, both encrypted with the second symmetric crypto-key to the user;
decrypting both the transmitted encrypted authentication message and the transmitted encrypted first symmetric crypto-key with the second symmetric crypto-key to recover the authentication message and the first symmetric crypto-key;
decrypting the first private key portion with the recovered first symmetric crypto-key;
transmitting the authentication message encrypted the recovered first symmetric crypto-key to the network station; and
decrypting the transmitted encrypted authentication message with the public key portion to recover the authentication request and thereby authenticate the user to the network station.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/739,114 US20030115452A1 (en) | 2000-12-19 | 2000-12-19 | One time password entry to access multiple network sites |
| PCT/US2001/048095 WO2002051049A1 (en) | 2000-12-19 | 2001-12-18 | One time password entry to access multiple network sites |
| US10/849,818 US7055032B2 (en) | 2000-12-19 | 2004-05-21 | One time password entry to access multiple network sites |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/739,114 US20030115452A1 (en) | 2000-12-19 | 2000-12-19 | One time password entry to access multiple network sites |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US09/739,260 Continuation US6970562B2 (en) | 2000-12-19 | 2000-12-19 | System and method for crypto-key generation and use in cryptosystem |
| US10/849,818 Continuation US7055032B2 (en) | 2000-12-19 | 2004-05-21 | One time password entry to access multiple network sites |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20030115452A1 true US20030115452A1 (en) | 2003-06-19 |
Family
ID=24970879
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US09/739,114 Abandoned US20030115452A1 (en) | 2000-12-19 | 2000-12-19 | One time password entry to access multiple network sites |
| US10/849,818 Expired - Lifetime US7055032B2 (en) | 2000-12-19 | 2004-05-21 | One time password entry to access multiple network sites |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US10/849,818 Expired - Lifetime US7055032B2 (en) | 2000-12-19 | 2004-05-21 | One time password entry to access multiple network sites |
Country Status (2)
| Country | Link |
|---|---|
| US (2) | US20030115452A1 (en) |
| WO (1) | WO2002051049A1 (en) |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030084296A1 (en) * | 2001-01-11 | 2003-05-01 | Masaki Kyojima | Access privilege authentication of client computer for services provided by sever computer |
| US20050081041A1 (en) * | 2003-10-10 | 2005-04-14 | Jing-Jang Hwang | Partition and recovery of a verifiable digital secret |
| US20050160264A1 (en) * | 2004-01-21 | 2005-07-21 | Reid Kuhn | Trusted authentication credential exchange methods and apparatuses |
| US20050246769A1 (en) * | 2002-08-14 | 2005-11-03 | Laboratories For Information Technology | Method of generating an authentication |
| US20060242415A1 (en) * | 2005-04-22 | 2006-10-26 | Citrix Systems, Inc. | System and method for key recovery |
| WO2006130615A2 (en) * | 2005-05-31 | 2006-12-07 | Tricipher, Inc. | Secure login using single factor split key asymmetric cryptography and an augmenting factor |
| US20070016484A1 (en) * | 2005-07-12 | 2007-01-18 | Waters Timothy M | Method for facilitating authorized online communication |
| US20070033642A1 (en) * | 2003-07-31 | 2007-02-08 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
| US20070067618A1 (en) * | 2005-01-18 | 2007-03-22 | Tricipher, Inc. | Asymmetric crypto-graphy with rolling key security |
| US20080235511A1 (en) * | 2006-12-21 | 2008-09-25 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
| US20080320575A1 (en) * | 2002-07-02 | 2008-12-25 | Gelb Elizabeth A | System and method for data capture and reporting |
| US20090222658A1 (en) * | 2005-02-14 | 2009-09-03 | Ravinderpal Singh Sandhu | Roaming utilizing an asymmetric key pair |
| US20090222669A1 (en) * | 2005-08-23 | 2009-09-03 | Tea Vui Huang | Method for controlling the location information for authentication of a mobile station |
| US20090271853A1 (en) * | 2002-03-25 | 2009-10-29 | Bank One, Delaware, National Association | Systems and methods for time variable financial authentication |
| US7660419B1 (en) * | 2004-08-13 | 2010-02-09 | Texas Instruments Incorporated | System and method for security association between communication devices within a wireless personal and local area network |
| US20100202609A1 (en) * | 2005-02-14 | 2010-08-12 | Ravinderpal Singh Sandhu | Securing multifactor split key asymmetric crypto keys |
| US20120198228A1 (en) * | 2010-12-20 | 2012-08-02 | Jon Oberheide | System and method for digital user authentication |
| US8892873B1 (en) * | 2012-06-07 | 2014-11-18 | Amazon Technologies, Inc. | Verification of user communication addresses |
| US9053310B2 (en) | 2013-08-08 | 2015-06-09 | Duo Security, Inc. | System and method for verifying status of an authentication device through a biometric profile |
| US9092302B2 (en) | 2013-09-10 | 2015-07-28 | Duo Security, Inc. | System and method for determining component version compatibility across a device ecosystem |
| US9121401B2 (en) | 2012-03-20 | 2015-09-01 | Aperia Technologies, Inc. | Passive pressure regulation mechanism |
| US9338156B2 (en) | 2013-02-22 | 2016-05-10 | Duo Security, Inc. | System and method for integrating two-factor authentication in a device |
| US9361451B2 (en) | 2011-10-07 | 2016-06-07 | Duo Security, Inc. | System and method for enforcing a policy for an authenticator device |
| US9443073B2 (en) | 2013-08-08 | 2016-09-13 | Duo Security, Inc. | System and method for verifying status of an authentication device |
| US9467463B2 (en) | 2011-09-02 | 2016-10-11 | Duo Security, Inc. | System and method for assessing vulnerability of a mobile device |
| US9491175B2 (en) | 2013-02-22 | 2016-11-08 | Duo Security, Inc. | System and method for proxying federated authentication protocols |
| US9524388B2 (en) | 2011-10-07 | 2016-12-20 | Duo Security, Inc. | System and method for enforcing a policy for an authenticator device |
| US9532222B2 (en) | 2010-03-03 | 2016-12-27 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions after additional agent verification |
| US9544143B2 (en) | 2010-03-03 | 2017-01-10 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions |
| US9607156B2 (en) | 2013-02-22 | 2017-03-28 | Duo Security, Inc. | System and method for patching a device through exploitation |
| US9608814B2 (en) | 2013-09-10 | 2017-03-28 | Duo Security, Inc. | System and method for centralized key distribution |
| US9762590B2 (en) | 2014-04-17 | 2017-09-12 | Duo Security, Inc. | System and method for an integrity focused authentication service |
| US9774579B2 (en) | 2015-07-27 | 2017-09-26 | Duo Security, Inc. | Method for key rotation |
| US9825765B2 (en) | 2015-03-31 | 2017-11-21 | Duo Security, Inc. | Method for distributed trust authentication |
| US9979719B2 (en) | 2015-01-06 | 2018-05-22 | Duo Security, Inc. | System and method for converting one-time passcodes to app-based authentication |
| CN109150510A (en) * | 2018-08-15 | 2019-01-04 | 飞天诚信科技股份有限公司 | A kind of method and apparatus obtaining symmetric key |
| US20190130068A1 (en) * | 2017-10-27 | 2019-05-02 | Welch Allyn, Inc. | Secure Patient Data in Medical Environments |
| US10333903B1 (en) * | 2015-06-16 | 2019-06-25 | Amazon Technologies, Inc. | Provisioning network keys to devices to allow them to provide their identity |
| US10412113B2 (en) | 2017-12-08 | 2019-09-10 | Duo Security, Inc. | Systems and methods for intelligently configuring computer security |
| US10547444B2 (en) * | 2015-02-17 | 2020-01-28 | Visa International Service Association | Cloud encryption key broker apparatuses, methods and systems |
| CN112069092A (en) * | 2013-08-19 | 2020-12-11 | Visa欧洲有限公司 | Method for realizing data access and equipment for realizing data access by requester |
| US11251970B2 (en) * | 2016-10-18 | 2022-02-15 | Cybernetica As | Composite digital signatures |
| CN114900300A (en) * | 2022-06-20 | 2022-08-12 | 中国联合网络通信集团有限公司 | Cloud service temporary login key authentication method, device, equipment and storage medium |
| US11658962B2 (en) | 2018-12-07 | 2023-05-23 | Cisco Technology, Inc. | Systems and methods of push-based verification of a transaction |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2821225B1 (en) * | 2001-02-20 | 2005-02-04 | Mobileway | REMOTE ELECTRONIC PAYMENT SYSTEM |
| US7412720B1 (en) * | 2001-11-02 | 2008-08-12 | Bea Systems, Inc. | Delegated authentication using a generic application-layer network protocol |
| US7543333B2 (en) * | 2002-04-08 | 2009-06-02 | Microsoft Corporation | Enhanced computer intrusion detection methods and systems |
| US9602275B2 (en) * | 2003-10-28 | 2017-03-21 | Intel Corporation | Server pool kerberos authentication scheme |
| US20060082056A1 (en) * | 2004-05-07 | 2006-04-20 | Kane Steven N | Method and apparatus for conducting a game tournament |
| US8025567B2 (en) * | 2004-05-07 | 2011-09-27 | Gamelogic Inc. | Method and apparatus for conducting a game of chance |
| US20060095785A1 (en) * | 2004-10-29 | 2006-05-04 | Electronic Data Systems Corporation | System, method, and computer program product for user password reset |
| US20060159269A1 (en) * | 2005-01-20 | 2006-07-20 | Matsushita Electric Industrial Co., Ltd. | Cryptographic system for resource starved CE device secure upgrade and re-configuration |
| KR100843072B1 (en) * | 2005-02-03 | 2008-07-03 | 삼성전자주식회사 | Wireless network system and communication method using wireless network system |
| JP4589963B2 (en) * | 2005-07-29 | 2010-12-01 | パナソニック株式会社 | Recording device |
| US7690026B2 (en) * | 2005-08-22 | 2010-03-30 | Microsoft Corporation | Distributed single sign-on service |
| US8959596B2 (en) * | 2006-06-15 | 2015-02-17 | Microsoft Technology Licensing, Llc | One-time password validation in a multi-entity environment |
| US8832822B2 (en) * | 2007-01-19 | 2014-09-09 | Kryptiq Corporation | Smart identifiers |
| US7926095B1 (en) | 2007-05-04 | 2011-04-12 | Avaya Inc. | Efficient authentication system for primary and secondary servers |
| US8094812B1 (en) | 2007-09-28 | 2012-01-10 | Juniper Networks, Inc. | Updating stored passwords |
| US8397077B2 (en) | 2007-12-07 | 2013-03-12 | Pistolstar, Inc. | Client side authentication redirection |
| JP5351181B2 (en) * | 2008-02-21 | 2013-11-27 | アルカテル−ルーセント | One-pass authentication mechanism and system for heterogeneous networks |
| US20100077450A1 (en) * | 2008-09-24 | 2010-03-25 | Microsoft Corporation | Providing simplified internet access |
| US8151333B2 (en) | 2008-11-24 | 2012-04-03 | Microsoft Corporation | Distributed single sign on technologies including privacy protection and proactive updating |
| WO2011044351A2 (en) * | 2009-10-07 | 2011-04-14 | The Ohio State University | Wireless security protocol |
| US8549314B2 (en) | 2010-04-29 | 2013-10-01 | King Saud University | Password generation methods and systems |
| US20130108045A1 (en) | 2011-10-27 | 2013-05-02 | Architecture Technology, Inc. | Methods, networks and nodes for dynamically establishing encrypted communications |
| CN104798081B (en) * | 2012-09-18 | 2018-10-26 | 皇家飞利浦有限公司 | Control the access to the clinical data analyzed by remote computing resource |
| US9838375B2 (en) * | 2013-02-28 | 2017-12-05 | Microsoft Technology Licensing, Llc | RESTlike API that supports a resilient and scalable distributed application |
| US9536067B1 (en) | 2014-01-01 | 2017-01-03 | Bryant Christopher Lee | Password submission without additional user input |
| WO2018236351A1 (en) | 2017-06-20 | 2018-12-27 | Hewlett-Packard Development Company, L.P. | Symmetrically encrypt a master passphrase key |
| US11826961B2 (en) | 2017-07-10 | 2023-11-28 | Hewlett-Packard Development Company, L.P. | Nested segments in object models for additive manufacturing |
| EP3644572B1 (en) * | 2018-10-27 | 2022-03-23 | Zertificon Solutions GmbH | Secure communication of payload data |
| US11722464B2 (en) * | 2019-02-28 | 2023-08-08 | Vmware, Inc. | Symmetric account authentication |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5398285A (en) * | 1993-12-30 | 1995-03-14 | Motorola, Inc. | Method for generating a password using public key cryptography |
| US5557678A (en) * | 1994-07-18 | 1996-09-17 | Bell Atlantic Network Services, Inc. | System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
| US5737419A (en) * | 1994-11-09 | 1998-04-07 | Bell Atlantic Network Services, Inc. | Computer system for securing communications using split private key asymmetric cryptography |
| US6948070B1 (en) * | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US6226383B1 (en) * | 1996-04-17 | 2001-05-01 | Integrity Sciences, Inc. | Cryptographic methods for remote authentication |
| US6178409B1 (en) * | 1996-06-17 | 2001-01-23 | Verifone, Inc. | System, method and article of manufacture for multiple-entry point virtual point of sale architecture |
| US6072876A (en) * | 1996-07-26 | 2000-06-06 | Nippon Telegraph And Telephone Corporation | Method and system for depositing private key used in RSA cryptosystem |
| US6005939A (en) * | 1996-12-06 | 1999-12-21 | International Business Machines Corporation | Method and apparatus for storing an internet user's identity and access rights to world wide web resources |
| US6094721A (en) * | 1997-10-31 | 2000-07-25 | International Business Machines Corporation | Method and apparatus for password based authentication in a distributed system |
| CA2255285C (en) * | 1998-12-04 | 2009-10-13 | Certicom Corp. | Enhanced subscriber authentication protocol |
| US6542993B1 (en) * | 1999-03-12 | 2003-04-01 | Lucent Technologies Inc. | Security management system and method |
| US6704873B1 (en) * | 1999-07-30 | 2004-03-09 | Accenture Llp | Secure gateway interconnection in an e-commerce based environment |
| CN1249972C (en) * | 2000-06-05 | 2006-04-05 | 凤凰技术有限公司 | System, methods, and software for remote password authentication using multiple servers |
-
2000
- 2000-12-19 US US09/739,114 patent/US20030115452A1/en not_active Abandoned
-
2001
- 2001-12-18 WO PCT/US2001/048095 patent/WO2002051049A1/en not_active Application Discontinuation
-
2004
- 2004-05-21 US US10/849,818 patent/US7055032B2/en not_active Expired - Lifetime
Cited By (89)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030084296A1 (en) * | 2001-01-11 | 2003-05-01 | Masaki Kyojima | Access privilege authentication of client computer for services provided by sever computer |
| US7165176B2 (en) * | 2001-01-11 | 2007-01-16 | Fuji Xerox Co., Ltd. | Access privilege authentication of client computer for services provided by server computer |
| US20090271853A1 (en) * | 2002-03-25 | 2009-10-29 | Bank One, Delaware, National Association | Systems and methods for time variable financial authentication |
| US9911117B1 (en) | 2002-03-25 | 2018-03-06 | Jpmorgan Chase Bank, N.A. | Systems and methods for time variable financial authentication |
| US9240089B2 (en) * | 2002-03-25 | 2016-01-19 | Jpmorgan Chase Bank, N.A. | Systems and methods for time variable financial authentication |
| US8561159B2 (en) * | 2002-07-02 | 2013-10-15 | American Express Travel Related Services Company, Inc. | System and method for data capture and reporting |
| US20080320575A1 (en) * | 2002-07-02 | 2008-12-25 | Gelb Elizabeth A | System and method for data capture and reporting |
| US20050246769A1 (en) * | 2002-08-14 | 2005-11-03 | Laboratories For Information Technology | Method of generating an authentication |
| US7233782B2 (en) * | 2002-08-14 | 2007-06-19 | Agency For Science, Technology And Research | Method of generating an authentication |
| US20070033642A1 (en) * | 2003-07-31 | 2007-02-08 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
| US7596704B2 (en) | 2003-10-10 | 2009-09-29 | Jing-Jang Hwang | Partition and recovery of a verifiable digital secret |
| US20050081041A1 (en) * | 2003-10-10 | 2005-04-14 | Jing-Jang Hwang | Partition and recovery of a verifiable digital secret |
| US20050160264A1 (en) * | 2004-01-21 | 2005-07-21 | Reid Kuhn | Trusted authentication credential exchange methods and apparatuses |
| US7660419B1 (en) * | 2004-08-13 | 2010-02-09 | Texas Instruments Incorporated | System and method for security association between communication devices within a wireless personal and local area network |
| US8099607B2 (en) | 2005-01-18 | 2012-01-17 | Vmware, Inc. | Asymmetric crypto-graphy with rolling key security |
| US20070067618A1 (en) * | 2005-01-18 | 2007-03-22 | Tricipher, Inc. | Asymmetric crypto-graphy with rolling key security |
| US8340287B2 (en) | 2005-02-14 | 2012-12-25 | Vmware, Inc. | Securing multifactor split key asymmetric crypto keys |
| US8213608B2 (en) * | 2005-02-14 | 2012-07-03 | Vmware, Inc. | Roaming utilizing an asymmetric key pair |
| US20100202609A1 (en) * | 2005-02-14 | 2010-08-12 | Ravinderpal Singh Sandhu | Securing multifactor split key asymmetric crypto keys |
| US20090222658A1 (en) * | 2005-02-14 | 2009-09-03 | Ravinderpal Singh Sandhu | Roaming utilizing an asymmetric key pair |
| US20060242415A1 (en) * | 2005-04-22 | 2006-10-26 | Citrix Systems, Inc. | System and method for key recovery |
| US7831833B2 (en) * | 2005-04-22 | 2010-11-09 | Citrix Systems, Inc. | System and method for key recovery |
| US7840993B2 (en) * | 2005-05-04 | 2010-11-23 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
| WO2006130615A3 (en) * | 2005-05-31 | 2007-12-21 | Tricipher Inc | Secure login using single factor split key asymmetric cryptography and an augmenting factor |
| US20070033393A1 (en) * | 2005-05-31 | 2007-02-08 | Tricipher, Inc. | Secure login using single factor split key asymmetric cryptography and an augmenting factor |
| US7734912B2 (en) | 2005-05-31 | 2010-06-08 | Tricipher, Inc. | Secure login using single factor split key asymmetric cryptography and an augmenting factor |
| WO2006130616A2 (en) * | 2005-05-31 | 2006-12-07 | Tricipher, Inc. | Augmented single factor split key asymmetric cryptography-key generation and distributor |
| WO2006130616A3 (en) * | 2005-05-31 | 2007-12-27 | Tricipher Inc | Augmented single factor split key asymmetric cryptography-key generation and distributor |
| WO2006130615A2 (en) * | 2005-05-31 | 2006-12-07 | Tricipher, Inc. | Secure login using single factor split key asymmetric cryptography and an augmenting factor |
| US20070016484A1 (en) * | 2005-07-12 | 2007-01-18 | Waters Timothy M | Method for facilitating authorized online communication |
| US20090222669A1 (en) * | 2005-08-23 | 2009-09-03 | Tea Vui Huang | Method for controlling the location information for authentication of a mobile station |
| US8423768B2 (en) * | 2005-08-23 | 2013-04-16 | Smarttrust Ab | Method for controlling the location information for authentication of a mobile station |
| US20080235511A1 (en) * | 2006-12-21 | 2008-09-25 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
| US9755825B2 (en) * | 2006-12-21 | 2017-09-05 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
| US11832099B2 (en) | 2010-03-03 | 2023-11-28 | Cisco Technology, Inc. | System and method of notifying mobile devices to complete transactions |
| US9544143B2 (en) | 2010-03-03 | 2017-01-10 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions |
| US11341475B2 (en) | 2010-03-03 | 2022-05-24 | Cisco Technology, Inc | System and method of notifying mobile devices to complete transactions after additional agent verification |
| US9532222B2 (en) | 2010-03-03 | 2016-12-27 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions after additional agent verification |
| US9992194B2 (en) | 2010-03-03 | 2018-06-05 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions |
| US11172361B2 (en) | 2010-03-03 | 2021-11-09 | Cisco Technology, Inc. | System and method of notifying mobile devices to complete transactions |
| US10129250B2 (en) | 2010-03-03 | 2018-11-13 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions |
| US10706421B2 (en) | 2010-03-03 | 2020-07-07 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions after additional agent verification |
| US10445732B2 (en) | 2010-03-03 | 2019-10-15 | Duo Security, Inc. | System and method of notifying mobile devices to complete transactions after additional agent verification |
| US9282085B2 (en) * | 2010-12-20 | 2016-03-08 | Duo Security, Inc. | System and method for digital user authentication |
| US20120198228A1 (en) * | 2010-12-20 | 2012-08-02 | Jon Oberheide | System and method for digital user authentication |
| US10348756B2 (en) | 2011-09-02 | 2019-07-09 | Duo Security, Inc. | System and method for assessing vulnerability of a mobile device |
| US9467463B2 (en) | 2011-09-02 | 2016-10-11 | Duo Security, Inc. | System and method for assessing vulnerability of a mobile device |
| US9361451B2 (en) | 2011-10-07 | 2016-06-07 | Duo Security, Inc. | System and method for enforcing a policy for an authenticator device |
| US9524388B2 (en) | 2011-10-07 | 2016-12-20 | Duo Security, Inc. | System and method for enforcing a policy for an authenticator device |
| US9121401B2 (en) | 2012-03-20 | 2015-09-01 | Aperia Technologies, Inc. | Passive pressure regulation mechanism |
| US9270666B2 (en) | 2012-06-07 | 2016-02-23 | Amazon Technologies, Inc. | Verification of user communication addresses |
| US8892873B1 (en) * | 2012-06-07 | 2014-11-18 | Amazon Technologies, Inc. | Verification of user communication addresses |
| US9455988B2 (en) | 2013-02-22 | 2016-09-27 | Duo Security, Inc. | System and method for verifying status of an authentication device |
| US10013548B2 (en) | 2013-02-22 | 2018-07-03 | Duo Security, Inc. | System and method for integrating two-factor authentication in a device |
| US10223520B2 (en) | 2013-02-22 | 2019-03-05 | Duo Security, Inc. | System and method for integrating two-factor authentication in a device |
| US10200368B2 (en) | 2013-02-22 | 2019-02-05 | Duo Security, Inc. | System and method for proxying federated authentication protocols |
| US9491175B2 (en) | 2013-02-22 | 2016-11-08 | Duo Security, Inc. | System and method for proxying federated authentication protocols |
| US11323441B2 (en) | 2013-02-22 | 2022-05-03 | Cisco Technology, Inc. | System and method for proxying federated authentication protocols |
| US9338156B2 (en) | 2013-02-22 | 2016-05-10 | Duo Security, Inc. | System and method for integrating two-factor authentication in a device |
| US9607156B2 (en) | 2013-02-22 | 2017-03-28 | Duo Security, Inc. | System and method for patching a device through exploitation |
| US10764286B2 (en) | 2013-02-22 | 2020-09-01 | Duo Security, Inc. | System and method for proxying federated authentication protocols |
| US9454656B2 (en) | 2013-08-08 | 2016-09-27 | Duo Security, Inc. | System and method for verifying status of an authentication device through a biometric profile |
| US9443073B2 (en) | 2013-08-08 | 2016-09-13 | Duo Security, Inc. | System and method for verifying status of an authentication device |
| US9053310B2 (en) | 2013-08-08 | 2015-06-09 | Duo Security, Inc. | System and method for verifying status of an authentication device through a biometric profile |
| CN112069092A (en) * | 2013-08-19 | 2020-12-11 | Visa欧洲有限公司 | Method for realizing data access and equipment for realizing data access by requester |
| US9996343B2 (en) | 2013-09-10 | 2018-06-12 | Duo Security, Inc. | System and method for determining component version compatibility across a device ecosystem |
| US9608814B2 (en) | 2013-09-10 | 2017-03-28 | Duo Security, Inc. | System and method for centralized key distribution |
| US9454365B2 (en) | 2013-09-10 | 2016-09-27 | Duo Security, Inc. | System and method for determining component version compatibility across a device ecosystem |
| US9092302B2 (en) | 2013-09-10 | 2015-07-28 | Duo Security, Inc. | System and method for determining component version compatibility across a device ecosystem |
| US10248414B2 (en) | 2013-09-10 | 2019-04-02 | Duo Security, Inc. | System and method for determining component version compatibility across a device ecosystem |
| US10021113B2 (en) | 2014-04-17 | 2018-07-10 | Duo Security, Inc. | System and method for an integrity focused authentication service |
| US9762590B2 (en) | 2014-04-17 | 2017-09-12 | Duo Security, Inc. | System and method for an integrity focused authentication service |
| US9979719B2 (en) | 2015-01-06 | 2018-05-22 | Duo Security, Inc. | System and method for converting one-time passcodes to app-based authentication |
| US10547444B2 (en) * | 2015-02-17 | 2020-01-28 | Visa International Service Association | Cloud encryption key broker apparatuses, methods and systems |
| US10116453B2 (en) | 2015-03-31 | 2018-10-30 | Duo Security, Inc. | Method for distributed trust authentication |
| US9825765B2 (en) | 2015-03-31 | 2017-11-21 | Duo Security, Inc. | Method for distributed trust authentication |
| US9942048B2 (en) | 2015-03-31 | 2018-04-10 | Duo Security, Inc. | Method for distributed trust authentication |
| US11258769B2 (en) | 2015-06-16 | 2022-02-22 | Amazon Technologies, Inc. | Provisioning network keys to devices to allow them to provide their identity |
| US10333903B1 (en) * | 2015-06-16 | 2019-06-25 | Amazon Technologies, Inc. | Provisioning network keys to devices to allow them to provide their identity |
| US10742626B2 (en) | 2015-07-27 | 2020-08-11 | Duo Security, Inc. | Method for key rotation |
| US10063531B2 (en) | 2015-07-27 | 2018-08-28 | Duo Security, Inc. | Method for key rotation |
| US9774579B2 (en) | 2015-07-27 | 2017-09-26 | Duo Security, Inc. | Method for key rotation |
| US11251970B2 (en) * | 2016-10-18 | 2022-02-15 | Cybernetica As | Composite digital signatures |
| US10614914B2 (en) * | 2017-10-27 | 2020-04-07 | Welch Allyn, Inc. | Secure patient data in medical environments |
| US20190130068A1 (en) * | 2017-10-27 | 2019-05-02 | Welch Allyn, Inc. | Secure Patient Data in Medical Environments |
| US10412113B2 (en) | 2017-12-08 | 2019-09-10 | Duo Security, Inc. | Systems and methods for intelligently configuring computer security |
| CN109150510A (en) * | 2018-08-15 | 2019-01-04 | 飞天诚信科技股份有限公司 | A kind of method and apparatus obtaining symmetric key |
| US11658962B2 (en) | 2018-12-07 | 2023-05-23 | Cisco Technology, Inc. | Systems and methods of push-based verification of a transaction |
| CN114900300A (en) * | 2022-06-20 | 2022-08-12 | 中国联合网络通信集团有限公司 | Cloud service temporary login key authentication method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| US20050027989A1 (en) | 2005-02-03 |
| US7055032B2 (en) | 2006-05-30 |
| WO2002051049A1 (en) | 2002-06-27 |
| WO2002051049A9 (en) | 2003-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7069435B2 (en) | System and method for authentication in a crypto-system utilizing symmetric and asymmetric crypto-keys | |
| US7055032B2 (en) | One time password entry to access multiple network sites | |
| US7017041B2 (en) | Secure communications network with user control of authenticated personal information provided to network entities | |
| US8099607B2 (en) | Asymmetric crypto-graphy with rolling key security | |
| US6970562B2 (en) | System and method for crypto-key generation and use in cryptosystem | |
| US6940980B2 (en) | High security cryptosystem | |
| US7630493B2 (en) | Multiple factor private portion of an asymmetric key | |
| US8340287B2 (en) | Securing multifactor split key asymmetric crypto keys | |
| US7599493B2 (en) | Asymmetric key pair having a kiosk mode | |
| US7571471B2 (en) | Secure login using a multifactor split asymmetric crypto-key with persistent key security | |
| US7895437B2 (en) | Augmented single factor split key asymmetric cryptography-key generation and distributor | |
| US7386720B2 (en) | Authentication protocol using a multi-factor asymmetric key pair | |
| US7149310B2 (en) | Method and system for authorizing generation of asymmetric crypto-keys | |
| US7596697B2 (en) | Technique for providing multiple levels of security | |
| US7065642B2 (en) | System and method for generation and use of asymmetric crypto-keys each having a public portion and multiple private portions | |
| US8213608B2 (en) | Roaming utilizing an asymmetric key pair | |
| US7565527B2 (en) | Technique for asymmetric crypto-key generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment |
Owner name: SINGLESIGNON.NET INC., VIRGINIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SANDHU, RAVI;DESA, COLIN;GANESAN, KARUNA;REEL/FRAME:011841/0740 Effective date: 20010511 |
|
| STCB | Information on status: application discontinuation |
Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION |