Secure internal user authentication leveraging public key cryptography and key splitting
First Claim
1. A computer-implemented authentication method to authenticate a user to permit OS level login to a server in a computing system, comprising the steps of:
- registering an internal user including acquiring an asymmetric encryption key pair associated with the user, the key pair consisting of a public key and a private key;
splitting the user'"'"'s private key into plural private key fragments;
storing one of the user'"'"'s private key fragments securely in a mobile device associated with the user;
storing the user'"'"'s public key and a different one of the plural private key fragments in a datastore accessible to the server;
at the server, receiving an OS level login request;
responsive to the login request, generating a random challenge, and transmitting the random challenge in encrypted form from the server to a security system component provisioned on a second, secure server;
at the server, receiving from the security system component, the random challenge re-encrypted using the user'"'"'s public key, and a partial decryption result generated using the user'"'"'s private key fragment stored in the datastore;
transmitting the re-encrypted challenge and the partial decryption result to the mobile device associated with the user;
receiving a token authenticator entered at the server;
testing validity of the token authenticator so as to demonstrate that the user who made the login request had access to the said mobile device, and that the mobile device correctly completed decryption of the challenge and generated the token authenticator based on the decrypted challenge; and
permitting the OS level login request, conditioned on an affirmative result of the validity testing.
2 Assignments
0 Petitions
Accused Products
Abstract
In a computing system, methods for secure OS level login authentication for internal users to access servers. Some or all servers in a group each utilize a local ID Service for generating and validating a challenge responsive to an OS login request. The challenge is processed in a centralized secure server HSM. Rather than copying individual user public keys to each host in the data center, we need only copy the public key of the HSM to each host in the group. When a user attempts OS level login to a host, it encrypts the challenge using the public key of the HSM and forwards the request for processing in the HSM. There, it decrypts the challenge using the private key in the HSM and re-encrypts the challenge with the public key of the individual user. The user'"'"'s mobile device, previously registered, is required to complete the authentication process.
-
Citations
19 Claims
-
1. A computer-implemented authentication method to authenticate a user to permit OS level login to a server in a computing system, comprising the steps of:
-
registering an internal user including acquiring an asymmetric encryption key pair associated with the user, the key pair consisting of a public key and a private key; splitting the user'"'"'s private key into plural private key fragments; storing one of the user'"'"'s private key fragments securely in a mobile device associated with the user; storing the user'"'"'s public key and a different one of the plural private key fragments in a datastore accessible to the server; at the server, receiving an OS level login request; responsive to the login request, generating a random challenge, and transmitting the random challenge in encrypted form from the server to a security system component provisioned on a second, secure server; at the server, receiving from the security system component, the random challenge re-encrypted using the user'"'"'s public key, and a partial decryption result generated using the user'"'"'s private key fragment stored in the datastore; transmitting the re-encrypted challenge and the partial decryption result to the mobile device associated with the user; receiving a token authenticator entered at the server; testing validity of the token authenticator so as to demonstrate that the user who made the login request had access to the said mobile device, and that the mobile device correctly completed decryption of the challenge and generated the token authenticator based on the decrypted challenge; and permitting the OS level login request, conditioned on an affirmative result of the validity testing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory, computer readable medium storing instructions executable by a processor to cause the processor to realize a security system component including carrying out the steps of:
-
receiving from an application server a random challenge generated in response to an OS level login request at the application server, the random challenge encrypted using an OS level login public key; decrypting the encrypted challenge using an OS level login private key that is associated with the OS level login public key so as to recover the challenge; re-encrypting the challenge using a public key of a user identified in connection with the login request; partially decrypting the re-encrypted challenge using a stored private key fragment of the user to form a partial decryption result; transmitting the re-encrypted challenge and the partial decryption result to a mobile device associated with the user; receiving a token authenticator associated with the login request; and testing validity of the token authenticator so as to determine that the user who made the login request had access to the said mobile device, and that the mobile device correctly completed decryption of the challenge and generated the token authenticator based on the decrypted challenge. - View Dependent Claims (15)
-
-
16. A system comprising:
-
an application server computer having an operating system; the application server computer including a first network interface configured for communications over an internal network and a second network interface configured for communications over an external network; a secure server communicatively coupled to the internal network to enable communications with the application server computer; an ID Service provisioned on the application server computer; a security system provisioned on the secure server and configured for interaction with the ID Service; a datastore accessible via the internal network, the datastore persisting selected user data, including, for at least one user who is authorized for OS level login to the application server computer, a public key of an asymmetric encryption key pair associated with the user, a private key fragment based on a private key of the encryption key pair associated with the user, and an identifier of a mobile device associated with the user; an asymmetric encryption key pair associated with OS level login to the application server computer; wherein a public key of the OS level login key pair is stored on the application server computer in a manner accessible to the OS, and a private key of the OS level login key pair is stored on the secure server in a secure manner so that it is not accessible over the internal network; and wherein the OS is configured to receive a login request and to utilize the ID Service and the security system to authenticate a user identified in the login request, wherein the OS is configured to, responsive to the login request— generate a random challenge; encrypt the random challenge using the OS level login public key; transmit the encrypted challenge to the security system; responsive to the encrypted challenge, receive from the security system a re-encrypted challenge and a partial decryption result associated with the re-encrypted challenge; transmit the re-encrypted challenge and the partial decryption result to the mobile device associated with the user identified in the login request; receive a token authenticator at the application server; test validity of the received token authenticator based at least in part on the random challenge; and enable the OS level login request conditioned on an affirmative result of the validity test. - View Dependent Claims (17, 18, 19)
-
Specification