INTERNET AUTHENTICATION TECHNOLOGY
First Claim
1. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the step within said first set of machine executable code of:
- responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates generally to cryptography, and more specifically, to secure authentication of a First Computer Program to a Second Computer Program. The approaches known in the art require that secure data positively identifying Client accounts be stored at a central location, either the Server or a Certifying Authority, requiring large overheads of memory and computational power, and presenting obvious and high-value targets for attacks. The invention provides a means of authenticating Clients to Servers without requiring confidential data to either be stored at the Server, or transmitted to the Server. The Client generates a series of one-time passwords by successive iterations of a non-reversible function on a seed value. The last value in the series is then sent to the Server to establish an account. When the Client wishes to log on to his account, he sends the previous value in the non-reversible series as his password. The Server can easily authenticate the Client by executing the same non-reversible function on the password and verifying that is equal to the previous password. However, given such a one-time password, there is no practical means for generating a prior value in the non-reversible series. Therefore, even if the password is intercepted or the Server data accessed, there is no useful information available in either the transmission or the central storage.
131 Citations
41 Claims
-
1. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the step within said first set of machine executable code of:
responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations. - View Dependent Claims (2, 3, 4, 5)
-
6. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said first set of machine executable code of:
-
responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code via said communication network, a password calculated by one fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said one fewer iterations; and
transmitting to said second set of machine executable code via said communication network, a new initial value calculated by at least one iteration of said non-reversible function on a new seed value. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said method comprising the steps within said second set of machine executable code of:
-
receiving a password from said first set of machine executable code in response to an authentication challenge;
responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
storing said password as said reference value. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of authenticating communication between a first set of machine executable code and a second set of machine executable code, wherein both said first set of machine executable code and said second set of machine executable code are operable to execute a like non-reversible function, said first set of machine executable code has established an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value, said first set of machine executable code resides in a first computer and said second set of machine executable code resides in a second computer, and said first and second computers are linked by a communication network, said method comprising the step within said second set of machine executable code of:
-
receiving a password from said first set of machine executable code via said communication network in response to an authentication challenge;
responding to said non-reversible function operating upon said password by one iteration being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code;
storing said password as said reference value; and
responding to receipt of a new initial value by storing said new initial value calculated by at least one iteration of said non-reversible function on a new seed value, as said reference value. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A computer readable storage medium storing a first set of machine executable code, said first set of machine executable code being executable by a computer to perform the step of:
responding to an authentication challenge from a second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of a non-reversible function on a stored seed value than used to calculate a reference value, and storing the quantity of said fewer iterations. - View Dependent Claims (23, 24, 25, 26)
-
27. A computer readable storage medium storing a second set of machine executable code, said machine executable code being executable by a computer to perform the steps of:
-
receiving a password from a first set of machine executable code in response to an authentication challenge;
responding to a non-reversible function operating upon said password being equal to a reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
storing said password as said reference value. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A system for authenticating communication comprising:
-
a first set of machine executable code;
a second set of machine executable code;
said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and
said first set of machine executable code having;
means for establishing an account with said second set of machine executable code by transmitting an initial value to said second set of machine executable code calculated by at least one iteration of a non-reversible function on a stored seed value; and
means for responding to an authentication challenge from said second set of machine executable code by transmitting to said second set of machine executable code a password calculated by fewer iterations of said non-reversible function on said stored seed value than used to calculate said reference value, and storing the quantity of said fewer iterations. - View Dependent Claims (33, 34, 35, 36)
-
-
37. A system for authenticating communication comprising:
-
a first set of machine executable code;
a second set of machine executable code;
said first set of machine executable code and said second set of machine executable code having means for executing a like non-reversible function; and
said second set of machine executable code being having;
means for receiving a password from said first set of machine executable code in response to an authentication challenge;
means for responding to said non-reversible function operating upon said password being equal to said reference value by authenticating said first set of machine executable code to said second set of machine executable code; and
means for storing said password as said reference value. - View Dependent Claims (38, 39, 40, 41)
-
Specification