Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1998-03-30
2001-01-30
Swann, Tod R. (Department: 2767)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Reexamination Certificate
active
06182220
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
This invention relates access authorization in a network. More particularly, it relates to building and exchanging encrypted passwords between a client and a server.
2. Background Art
TCP/IP Telnet is an application that presents a terminal to a user. Normally, a user is required to sign-on to the Telnet application with a user name and a password. The sign-on will only proceed if a valid password has been received. Thus, the password is critical to gaining access to system functions and objects.
Many Telnet clients connect to a Telnet server and send both user name and password information in clear-text form. This means system security can be compromised by any tool that can read TCP/IP traffic which allows someone to detect the user name and password. Clear text passwords can be used by unscrupulous hackers to sign-on to a system to which they would not normally have access.
On the other hand, if the password were encrypted, then the Telnet server could use system functions to validate an encrypted password. An encrypted password is no good to a hacker, because an encrypted password is built dynamically using seeds and the real password. The real password is never sent over the TCP/IP network by the client. The real password is never seen by a hacker, and by the time a hacker sees the encrypted password it is no longer valid inasmuch as the real client will have already signed-on and subsequently invalidated the encrypted password.
Current Telnet design for TCP/IP networks is based upon the Internet standard RFC 854 Telnet Protocol Specification, among many others. Few of these RFCs provide a method to allow secure exchange of password information between client and server. With the explosion in Internet usage and associated privacy issues, a secure method to protect the user password from being sent across the Internet in unencrypted form is a critical issue for many businesses.
It is an object of the invention to provide an improved system and method for building and exchanging encrypted passwords.
It is a further object of the invention to provide a system and method usable within a TCP/IP Telnet application for building and exchanging encrypted passwords.
It is a further object of the invention to enable encryption by way of RFC 1572 negotiations.
SUMMARY OF THE INVENTION
A method and system is provided for communicating encrypted user passwords from a client to a server. During new environment negotiations, the server communicates to the client a server random seed value. The client then generates a client random seed value and, using both the client random seed value and the server random seed value, an encrypted user password. The client then communicates to the server the client random seed and the encrypted user password. Then the server validates the encrypted user password using both the server random seed and the client random seed.
REFERENCES:
patent: 5060263 (1991-10-01), Bosen et al.
patent: 5200999 (1993-04-01), Matyas et al.
patent: 5434918 (1995-07-01), Kung et al.
patent: 5604803 (1997-02-01), Aziz
patent: 5867688 (1999-02-01), Simmon et al.
S. Alexander, ed. Network Working Group,Telnet EnvironmentOption, Request for Comments RFC 1572, Jan. 1994, 7 pages.
Network Working Group,Telnet Protocol Specification, RFC 854.
Chen Qilun
Murphy, Jr. Thomas Edwin
Rieth Paul Francis
Stevens Jeffrey Scott
Beckstrand Shelley M
International Business Machines - Corporation
Smithers Matthew
Swann Tod R.
LandOfFree
System and method for building and exchanging encrypted... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for building and exchanging encrypted..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for building and exchanging encrypted... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2489727