INTERNET AUTHENTICATION TECHNOLOGY

US 20020002678A1
Filed: 08/14/1998
Published: 01/03/2002
Est. Priority Date: 08/14/1998
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the step within said first set of machine executable code of:

responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates generally to cryptography, and more specifically, to secure authentication of a First Computer Program to a Second Computer Program. The approaches known in the art require that secure data positively identifying Client accounts be stored at a central location, either the Server or a Certifying Authority, requiring large overheads of memory and computational power, and presenting obvious and high-value targets for attacks. The invention provides a means of authenticating Clients to Servers without requiring confidential data to either be stored at the Server, or transmitted to the Server. The Client generates a series of one-time passwords by successive iterations of a non-reversible function on a seed value. The last value in the series is then sent to the Server to establish an account. When the Client wishes to log on to his account, he sends the previous value in the non-reversible series as his password. The Server can easily authenticate the Client by executing the same non-reversible function on the password and verifying that is equal to the previous password. However, given such a one-time password, there is no practical means for generating a prior value in the non-reversible series. Therefore, even if the password is intercepted or the Server data accessed, there is no useful information available in either the transmission or the central storage.

131 Citations

41 Claims

1. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the step within said first set of machine executable code of:
- responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method of authentication as claimed in claim 1 wherein said step of responding to an authentication challenge comprises the step of:
    - responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
  - 3. A method of authentication as claimed in claim 2 wherein said step of responding to an authentication challenge comprises the step of:
    - responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said one fewer iterations.
  - 4. A method of authentication as claimed in claim 3 comprising the step of:
    - transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
  - 5. A method of authentication as claimed in claim 4 wherein said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, said first and second computers being linked by a communication network, and each step of transmitting comprises a step of transmitting via said communication network.

6. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said first set of machine executable code of:
- responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code via said communication network, a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said one fewer iterations; and
  
  transmitting to said second set of machine executable code via said communication network, a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. A method of authentication as claimed in claim 6 wherein said first computer has established an account with said second computer by transmitting a plurality of initial values to said second computer calculated by at least one iterations of a non-reversible function on a plurality of stored seed values, and said step of responding to an authentication challenge comprises the step of:
    - responding to an authentication challenge from said second set of machine executable code by successively transmitting to said second set of machine executable code via said communication network, a password calculated by one fewer iterations of said non-reversible function on one of said plurality of stored seed values than used to calculate said plurality of initial values, and storing the quantity of said one fewer iterations for the respective one of said plurality of stored seed values.
  - 8. A method of authentication as claimed in claim 7 further comprising the prior step of:
    - calculating a plurality of new seed values by multiple iterations of a non-reversible function on an initial seed value; and
      
      said step of transmitting to said second set of machine executable code via said communication network, a new reference value comprises transmitting to said second set of machine executable code via said communication network, a new reference value calculated by multiple iterations of said non-reversible function on one of said plurality of new seed values.
  - 9. A method of authentication as claimed in claim 8 wherein said second computer delegates access to a third computer, said third computer linked to said first and second computers via said communications network, by performing the step of:
    - responding to a request for delegation of access to said second computer by said third computer by transmitting to said third computer via said communications network a password corresponding to one fewer iterations of said non-reversible function than used to calculate said reference value.
  - 10. A method of authentication as claimed in claim 9 wherein said communication network comprises an internet communications protocol network and each said step of transmitting comprises a step of transmitting via said internet communications protocol network.
  - 11. A method of authentication as claimed in claim 10 comprising the step of:
    - responding to an authentication challenge by transmitting to said second computer via said internet communications protocol network the quantity of iterations of said non-reversible function used to calculate said password.

12. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the steps within said second set of machine executable code of:
- receiving a password from said first set of machine executable code in response to an authentication challenge;
  
  responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
  
  storing said password as said reference value.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method of authentication as claimed in claim 12 wherein said step of responding comprises responding to said non-reversible function operating upon said password a predetermined number of iterations being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 14. A method of authentication as claimed in claim 13 wherein said step of responding comprises responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 15. A method of authentication as claimed in claim 14 comprising the step of responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
  - 16. A method of authentication as claimed in claim 15 wherein said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, said first and second computers being linked by a communication network, and each said step of receiving comprising receiving via said communication network.

17. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said second set of machine executable code of:
- receiving a password from said first set of machine executable code via said communication network in response to an authentication challenge;
  
  responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code;
  
  storing said password as said reference value; and
  
  responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
- View Dependent Claims (18, 19, 20, 21)
- - 18. A method of authentication as claimed in claim 17 wherein said first computer has established an account with said second computer by transmitting a plurality of initial values to said second computer calculated by at least one iteration of a non-reversible function on a plurality of stored seed values, and said step of responding to said non-reversible function comprises the step of:
    - responding to said non-reversible function operating upon one of said plurality of passwords by one iteration being equal to a corresponding one of said reference values by authenticating said first set of machine executable code to said second set of machine executable code.
  - 19. A method of authentication as claimed in claim 18 wherein access may be delegated to a third computer, said third computer linked to said first and second computers via said communication network, by responding to said non-reversible function operating upon said delegation password by one iteration being equal to said reference value by authenticating said third computer as a delegate of said first computer.
  - 20. A method of authentication as claimed in claim 19 wherein said communication network comprises an internet communications protocol network and each said step of receiving comprises a step of receiving via said internet communications protocol network.
  - 21. A method of authentication as claimed in claim 20 wherein said first computer is operable to transmit the quantity of iterations used to calculate said initial value and said password, and said second computer is operable to receive and store said quantity of iterations, said step of responding to said non-reversible function comprising responding to said non-reversible function operating upon one of said plurality of passwords the number of times equal to the difference between said quantity of iterations to calculate said reference value and said quantity of iterations to calculate said password, being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.

22. A computer readable storage medium storing a first set of machine executable code, said first set of machine executable code being executable by a computer to perform the step of:
- responding to an authentication challenge from a second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of a non-reversible function on a stored seed value than used to calculate a reference value, and storing the quantity of said fewer iterations.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A computer readable storage medium as claimed in claim 22 wherein said step of responding to an authentication challenge comprises the step of:
    - responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
  - 24. A computer readable storage medium as claimed in claim 23 wherein said step of responding to an authentication challenge comprises the step of:
    - responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said one fewer iterations.
  - 25. A computer readable storage medium as claimed in claim 24 wherein said first set of machine executable code is further operable to perform the step of:
    - transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
  - 26. A computer readable storage medium as claimed in claim 25 wherein each step of transmitting comprises a step of transmitting via a communication network.

27. A computer readable storage medium storing a second set of machine executable code, said machine executable code being executable by a computer to perform the steps of:
- receiving a password from a first set of machine executable code in response to an authentication challenge;
  
  responding to a non-reversible function operating upon said password being equal to a reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
  
  storing said password as said reference value.
- View Dependent Claims (28, 29, 30, 31)
- - 28. A computer readable storage medium as claimed in claim 27 wherein said step of responding comprises responding to said non-reversible function operating upon said password a predetermined number of iterations being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 29. A computer readable storage medium as claimed in claim 28 wherein said step of responding comprises responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 30. A computer readable storage medium as claimed in claim 29 wherein said second set of machine executable code is further operable to perform the step of:
    - responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
  - 31. A computer readable storage medium as claimed in claim 30 wherein each said step of receiving comprises a step of receiving via a communication network.

32. A system for authenticating communication comprising:
- a first set of machine executable code;
  
  a second set of machine executable code;
  
  said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and
  
  said first set of machine executable code having;
  
  means for establishing an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value; and
  
  means for responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
- View Dependent Claims (33, 34, 35, 36)
- - 33. A system of authentication as claimed in claim 32 wherein said means for responding to an authentication challenge comprises:
    - means for responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by a predetermined number of fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
  - 34. A system of authentication as claimed in claim 33 wherein said means for responding to an authentication challenge comprises:
    - means for responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said one fewer iterations.
  - 35. A system of authentication as claimed in claim 34 wherein said first set of machine executable code comprises:
    - means for transmitting to said second set of machine executable code a new initial value calculated by at least one iteration of said non-reversible function on a new seed value.
  - 36. A system of authentication as claimed in claim 35 comprising:
    - a first computer having means for executing said first set of machine executable code;
      
      a second computer having means for executing and said second set of machine executable code; and
      
      a communication network linking said first and second computers, wherein each means for transmitting comprises means for transmitting via said communication network.

37. A system for authenticating communication comprising:
- a first set of machine executable code;
  
  a second set of machine executable code;
  
  said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and
  
  said second set of machine executable code being having;
  
  means for receiving a password from said first set of machine executable code in response to an authentication challenge;
  
  means for responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
  
  means for storing said password as said reference value.
- View Dependent Claims (38, 39, 40, 41)
- - 38. A system of authentication as claimed in claim 37 wherein said means for responding comprises means for responding to said non-reversible function operating upon said password a predetermined number of iterations being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 39. A system of authentication as claimed in claim 38 wherein said means for responding comprises means for responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code.
  - 40. A system of authentication as claimed in claim 39 wherein said second set of machine executable code further comprises means for responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value.
  - 41. A system of authentication as claimed in claim 40 comprising:
    - a first computer having means for executing said first set of machine executable code;
      
      a second computer having means for executing and said second set of machine executable code; and
      
      a communication network linking said first and second computers, wherein each means for transmitting comprises means for transmitting via said communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloakware Incorporated (MultiChoice Group Ltd.)
Original Assignee
Cloakware Incorporated (MultiChoice Group Ltd.)
Inventors
JOHNSON, HAROLD J., GU, YUAN, CHOW, STANLEY T.

Application Number

US09/134,731
Publication Number

US 20020002678A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/083   using passwords cryptograph...

H04L 63/168   above the transport layer

INTERNET AUTHENTICATION TECHNOLOGY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

INTERNET AUTHENTICATION TECHNOLOGY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links