System for increasing the difficulty of password guessing attack

Cryptography – Particular algorithmic function encoding – Public key

Patent

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

380 25, H04K 100

Patent

active

054917522

ABSTRACT:
An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.

REFERENCES:
patent: 3798605 (1974-03-01), Feistel
patent: 3996449 (1976-12-01), Attanasio et al.
patent: 4218738 (1980-08-01), Matyas et al.
patent: 4227253 (1980-10-01), Ehrsam et al.
patent: 4264782 (1981-04-01), Konheim
patent: 4288659 (1981-09-01), Atalla
patent: 4386266 (1983-05-01), Chesarek
patent: 4399323 (1983-08-01), Henry
patent: 4430728 (1984-02-01), Beitel et al.
patent: 4626845 (1986-12-01), Ley
patent: 4661991 (1987-04-01), Logemann
patent: 4736423 (1988-04-01), Matyas
patent: 4755940 (1988-07-01), Brachtl et al.
patent: 4799061 (1989-01-01), Abraham et al.
patent: 4815031 (1989-03-01), Furukawa
patent: 4868877 (1989-09-01), Fischer
patent: 4881264 (1989-11-01), Merkle
patent: 4910773 (1990-03-01), Hazard et al.
patent: 4919545 (1990-04-01), Yu
patent: 4924515 (1990-05-01), Matyas et al.
patent: 4932056 (1990-06-01), Shamir
patent: 4965568 (1990-10-01), Atalla et al.
patent: 4974193 (1990-11-01), Beutelspacher
patent: 4993068 (1991-02-01), Piosenka et al.
patent: 5023908 (1991-06-01), Weiss
patent: 5029208 (1991-07-01), Tanaka
patent: 5050212 (1991-09-01), Dyson
patent: 5068894 (1991-11-01), Hoppe
patent: 5081678 (1992-01-01), Kaufman et al.
patent: 5109152 (1992-04-01), Takagi et al.
patent: 5136646 (1992-08-01), Haber et al.
patent: 5136647 (1992-08-01), Haber et al.
patent: 5146499 (1992-09-01), Geffrotin
patent: 5148479 (1992-09-01), Bird et al.
patent: 5163096 (1992-11-01), Clark et al.
patent: 5201000 (1993-04-01), Matyas et al.
patent: 5204966 (1993-04-01), Wittenberg et al.
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5224163 (1993-06-01), Gasser et al.
patent: 5235644 (1993-08-01), Gupta et al.
patent: 5297206 (1994-03-01), Orton
patent: 5315658 (1994-05-01), Micali
1989, Mark, T., et al, "Reducing Risks from Poorly Chosen Keys," University of Cambridge Computer Laboratory, from 12th Symposium On Operating System Principles.
Security Dynamics, Inc., "Kerberos and SecurID," approximately Apr. 1992, not published.
Lomas et al., "Reducing Risks from Poorly Chosen Keys," 12th Symposium on Operating System Principles, 1989, pp. 14-18, place of pub. unknown.
Tardo et al., "SPX: Global Authentication Using Public Key Certificates," Proceedings of IEEE Symposium Research in Security and Privacy, IEEE CS Press, 1991, pp. 232-244, place of publication unknown.
Abadi et al., "Authentication and Delegation with Smart-Cards," Oct. 22, 1990, pp. 1-24, place of publication unknown.
Woo et al., "Authentication for Distributed Systems," from Computer of IEEE Computer Society, Jan. 1992, pp. 49-51, place of pub. unknown.
U.S. application Ser. No. 07/875,050, filed Apr. 28, 1992, Kaufman et al.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

System for increasing the difficulty of password guessing attack does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with System for increasing the difficulty of password guessing attack, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for increasing the difficulty of password guessing attack will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-245518

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.