Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1997-01-22
2001-09-18
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
Reexamination Certificate
active
06292896
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to an authentication and session key generation system and, more particularly, to a method and apparatus for authenticating a first entity to a second entity and for generating a session key for communications between the entities.
2. Description of the Related Art
Often it is desirable to generate a short-lived session key for communications between two entities such as a client application and a server application in a client/server system. The session key should be generated in such a manner that it cannot be discovered by a third party, even though the key generation protocol is performed over a insecure communication channel subject to interception by that third party.
The Diffie-Hellman key agreement protocol provides a procedure, using asymmetric encryption techniques, for establishing a secret session key between two parties, even though they share no secret information at the outset and communicate entirely over public channels. (Asymmetric, or public key, procedures are those in which the communicating parties use mathematically related but different keys, for example, a public encryption key and a private decryption key that cannot be feasibly derived from the public key. Symmetric encryption techniques such as DES, on the other hand, use the same key for both encryption and decryption) The procedure is described at page 649 of W. Diffie and M. E. Hellman, “New Directions in Cryptography”,
IEEE Transactions on Information Theory
, vol. IT-22, no. 6, November 1976, pp. 644-654, and in U.S. Pat. No. 4,200,770, both of which are incorporated herein by reference. However, the base Diffie-Hellman procedure provides no inherent authentication, so that party A, believing that he has established a session key with party B, may have in fact established a key with party C, who is masquerading as party B. In addition, since the Diffie-Hellman key agreement protocol is an asymmetric procedure, it is computationally expensive relative to such symmetric procedures as DES encryption.
Various other systems, including enhancements of the Diffie-Hellman procedure, provide for both authentication and session key generation. Such systems are described, for example, in the commonly owned copending application of S. M. Matyas et al., Ser. No. 08/736,774, filed Oct. 25, 1996, entitled “Method and Apparatus for Establishing an Authenticated Shared Secret Value Between a Pair of Users”, as well as in E. Basturk et al., “Efficient Methods for Two Party Entity Authentication and Key Exchange in a High Speed Environment”,
IBM Technical Disclosure Bulletin
, vol. 38, no. 3, March. 1995, pp. 295-297, both of which are incorporated herein by reference. However, such systems often require multiple communications between entities, and systems using public key techniques retain the disadvantage of requiring computationally expensive operations. What is desired is a simpler and more efficient technique that combines authentication with session key generation.
SUMMARY OF THE INVENTION
The present invention contemplates an authentication and key agreement system that is an enhancement of the authentication system described in commonly owned U.S. Pat. No. 5,592,553 to D. Coppersmith et al., entitled “Authentication System Using One-Time Passwords”, incorporated herein by reference.
The Coppersmith et al. patent discloses a system for authenticating a first entity such as a user located at a requesting node to a second entity such as a host application located at an authenticating node using one-time passwords that change pseudorandomly with each request for authentication. At the requesting node, a non-time-dependent value is generated from nonsecret information identifying the user and the host application, using secret information comprising a encryption key (known as the signon key) shared with the authenticating node. The non-time-dependent value is combined with a time-dependent value (e.g., time-of-day or time/date) to generate a composite value that is encrypted to produce an authentication parameter. The authentication parameter is reversibly transformed into an authentication value (specifically, an alphanumeric character string) that is transmitted as a one-time password to the authenticating node.
At the authenticating node the received password is transformed back into the corresponding authentication parameter, which is decrypted to regenerate the composite value. The non-time-dependent value is replicated at the authenticating node using the same nonsecret information and encryption key shared with the requesting node. The locally generated non-time-dependent value is combined with the regenerated composite value to regenerate the time-dependent value. The user is authenticated if the regenerated time-dependent value is within a predetermined range of a time-dependent value that is locally generated at the authenticating node.
In accordance with the present invention, the password generation procedure described in the Coppersmith et al. patent is modified so that a cryptographic session key is generated at the same time that a requested password is generated. The session key is related to the user ID, application name, time, and secret signon key in a manner similar to the way the password is, but is a different quantity. The session key is generated in such a manner that it is computationally infeasible to calculate the session key without knowledge of the secret signon key, even if the related password is known.
The client function performing signon uses the password as described in the Coppersmith et al. patent in a normal non-encrypted signon request, but retains the co-generated session key. Typically, the password is generated by a secure server with the session key passed securely to the end user client machine, where the signon request to the target system originates. Upon receiving the password from the server (or upon generating the password internally, if no server is used), the client machine transmits the password together with other signon information over an open network to the target system application on the host machine.
Upon receiving the password from the client machine, the target system application hands it over to an authenticator (typically, an authentication server on the same machine as the target application) for evaluation. If evaluation is successful, the user is authenticated and the authenticator also generates, as a by-product of the evaluation process, a session key which is returned to the invoking application when requested.
Both parties now have knowledge of the session key without having to transmit it across a network or via some alternate channel. The session key can be used to encrypt messages between the client (the function that initially signed on) and the target application.
The present invention is advantageous in several respects. The end-user is authenticated, as is not the case with the standard Diffie-Hellman key agreement procedure. The authentication process and the key generation process are the same process and do not require “hand-shaking”. Further, the overall procedure is very light weight; no protocols such as those of the Distributed Computing Environment (DCE) are required, for example.
REFERENCES:
patent: 4649233 (1987-03-01), Bass et al.
patent: 4850019 (1989-07-01), Matyas, Jr. et al.
patent: 4956863 (1990-09-01), Goss
patent: 5163097 (1992-11-01), Pegg
patent: 5222140 (1993-06-01), Beller et al.
patent: 5241599 (1993-08-01), Bellovin et al.
patent: 5299263 (1994-03-01), Beller et al.
patent: 5323464 (1994-06-01), Elander et al.
patent: 5345506 (1994-09-01), Tsubakiyama et al.
patent: 5406628 (1995-04-01), Beller et al.
patent: 5440635 (1995-08-01), Bellovin et al.
patent: 5491749 (1996-02-01), Rogaway
patent: 5491750 (1996-02-01), Bellare et al.
patent: 5495533 (1996-02-01), Linehan et al.
patent: 5517567 (1996-05-01), Epstein
patent: 5539824 (1996-07-01), Bjorklund et al.
patent: 5761305 (1998-06-01), Vanstone et al.
patent: 5784463 (1998-07-01),
Dayka John Carr
Guski Richard Henry
McGee Harvey Tildon
Wells Bruce Robert
International Business Machines - Corporation
Kinnaman, Jr. William A.
Smithers Matthew
Swann Tod
LandOfFree
Method and apparatus for entity authentication and session... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for entity authentication and session..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for entity authentication and session... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2504236