Cryptography – Particular algorithmic function encoding – Public key
Patent
1993-03-18
1994-12-13
Swann, Tod R.
Cryptography
Particular algorithmic function encoding
Public key
380 25, H04K 100
Patent
active
053735595
ABSTRACT:
An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.
REFERENCES:
patent: 4736423 (1988-04-01), Matyas
patent: 4868877 (1989-09-01), Fischer
patent: 5029208 (1991-07-01), Tanaka
patent: 5201000 (1993-04-01), Matyas et al.
patent: 5204966 (1993-04-01), Wittenberg et al.
Security Dynamics, Inc., "Kerberos and SecurID," approximately Apr. 1992, not published.
Gasser Morrie
Kaufman Charles W.
Pearlman Radia J.
LandOfFree
System for increasing the difficulty of password guessing attack does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for increasing the difficulty of password guessing attack, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for increasing the difficulty of password guessing attack will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1198623