Password-based authentication
First Claim
1. A method, comprising:
- sending by an access control server an authentication value to at least a subset of a set of authentication servers,wherein the access control server is one of λ
≥
2 servers in a system and the set of authentication servers are others of the λ
≥
2 servers,wherein the access control server stores, for each of a plurality of user IDs, a first ciphertext which has been produced by encrypting a user password associated with a respective user ID under a public key pk using a homomorphic encryption algorithm, andwherein the sending is performed in response to receipt from a user computer of a user ID and the authentication value which was previously determined using a predetermined function of a first ciphertext for that user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID;
receiving, by the access control server and from each one of the authentication servers in the subset, a decryption share dependent on the authentication value and produced by a corresponding one of the authentication servers using a key-share ski thereof,wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the λ
servers, of a cryptographic key-pair (pk, sk) where pk is the public key of the key-pair;
using by the access control server at least the decryption shares of the subset of the authentication servers to determine if the authentication value decrypts to the predetermined value, if so permitting access to the resource by the user computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A system has λ≥2 servers. At least each of a set of authentication servers stores a key-share ski of secret key sk, shared between q of the λ servers, of a key-pair (pk, sk). An access control server sends an authentication value to a subset of the authentication servers. The authentication value was formed using a predetermined function of a first ciphertext for a user ID and a second ciphertext produced by encrypting a password attempt under public key pk using a homomorphic encryption algorithm. The authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID. Each authentication server in the subset produces a decryption share dependent on the authentication value using the key-share ski. The access control server uses decryption shares to determine if the authentication value decrypts to the predetermined value, if so permitting access to a resource.
-
Citations
22 Claims
-
1. A method, comprising:
-
sending by an access control server an authentication value to at least a subset of a set of authentication servers, wherein the access control server is one of λ
≥
2 servers in a system and the set of authentication servers are others of the λ
≥
2 servers,wherein the access control server stores, for each of a plurality of user IDs, a first ciphertext which has been produced by encrypting a user password associated with a respective user ID under a public key pk using a homomorphic encryption algorithm, and wherein the sending is performed in response to receipt from a user computer of a user ID and the authentication value which was previously determined using a predetermined function of a first ciphertext for that user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID; receiving, by the access control server and from each one of the authentication servers in the subset, a decryption share dependent on the authentication value and produced by a corresponding one of the authentication servers using a key-share ski thereof, wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the λ
servers, of a cryptographic key-pair (pk, sk) where pk is the public key of the key-pair;using by the access control server at least the decryption shares of the subset of the authentication servers to determine if the authentication value decrypts to the predetermined value, if so permitting access to the resource by the user computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
receiving at an authentication server an authentication value from an access control server, wherein the authentication server is one of a set of authentication servers, the access control server is one of λ
≥
2 servers in a system and the set of authentication servers are others of the λ
≥
2 servers,wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the λ
servers, of a cryptographic key-pair (pk, sk) where pk is a public key of the key-pair, andwherein the authentication value was previously determined by a user computer using a predetermined function of a first ciphertext for a user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID; producing, by the authentication server and in response to receipt of the authentication value, a decryption share dependent on the authentication value using the key-share ski for the authentication server; and sending by the authentication server the produced decryption share to the access control server for use by the access control server to determine whether to permit access to a resource by the user computer. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
in a user computer having previously produced a first ciphertext by encrypting a user password associated with a user ID under a public key pk using a homomorphic encryption algorithm and previously sent the first ciphertext to an access control server, producing a second ciphertext by encrypting a password input by a user having the user ID under the public key pk using the homomorphic encryption algorithm, wherein the access control server is part of a system shaving λ
≥
2 servers and comprising the access control server and a set of authentication servers,wherein at least each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the λ
servers, of a cryptographic key-pair (pk, sk) where pk is a public key of the key-pair;producing by the user computer an authentication value comprising a predetermined function of the first ciphertext for that user ID and the second ciphertext such that the authentication value decrypts to a predetermined value if the password equals the user password for the user ID; sending by the user computer the authentication value and the user ID to the access control server via a network; and accessing or not accessing by the user computer a resource on the network based on response from the access control server. - View Dependent Claims (20, 21, 22)
-
Specification