Method and apparatus for simultaneously establishing user identity and group membership

US 20030145204A1
Filed: 01/29/2002
Published: 07/31/2003
Est. Priority Date: 01/29/2002
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for authenticating a user to one or more groups, said method comprising the steps of:

computationally verifying an identity of said user; and

computationally verifying a membership of said user with said one or more groups, wherein said verifying computations are performed substantially simultaneously using user information stored in a computer file associated with said user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are disclosed for simultaneously establishing a user'"'"'s identity and membership in multiple groups, using only a single identification card (or computer file). In a registration or enrollment phase, secret information is created between the user and any groups for which the user has registered. Once the user has been registered with one or more groups, the user may be authenticated to a verification agent to obtain access to one or more selected groups by providing an encrypted authentication request based on public identifiers relating to one or more groups, and an exponential function based on private identifiers and several randomly generated numbers. The verification agent is able to verify the user'"'"'s registration with the selected groups without knowing the secret information. Optionally, for additional reliability, the verification agent may request the user to repeat the authentication process multiple times, each time altering one of the random numbers. Once verification is complete, the verification agent arranges for the user to access the selected groups. Significantly, the user is able to authenticate itself with multiple groups by carrying out a single authentication sequence.

17 Citations

View as Search Results

25 Claims

1. A computer-implemented method for authenticating a user to one or more groups, said method comprising the steps of:
- computationally verifying an identity of said user; and
  
  computationally verifying a membership of said user with said one or more groups, wherein said verifying computations are performed substantially simultaneously using user information stored in a computer file associated with said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising the step of registering said user with at least one of said one or more groups.
  - 3. The method of claim 2, wherein said registering step further comprises the step of said user and said at least one of said one or more groups exchanging a respective identifier.
  - 4. The method of claim 3, wherein said user identifier is expressed as follows:
    - ID_i=g^x^_i^hmod p, where g and x_iare randomly generated numbers, and h is a hash function on a random number concatenated with information of said user, U.
  - 5. The method of claim 3, wherein said identifier of said at least one of said one or more groups is expressed as follows:
    - G_i=g^k^_i^hmod p, where g and k_iare randomly generated numbers, and h is a hash function on a random number concatenated with information of said user, U.
  - 6. The method of claim 2, wherein said registering step further comprises the step of creating a registration identifier.
  - 7. The method of claim 6, wherein said registering step between said user, U, and said at least one of said one or more groups, G_i, further comprises the step of creating a registration identifier, (G_i, S_i), where (S_i=g^s^_i), g is a randomly generated number and s_iis obtained as follows:
    - s_i=x_ih−
      
      k_ihG mod(p−
      
      1).
  - 8. The method of claim 1, wherein said user identity and membership are verified if:
  - 9. The method of claim 1, wherein said verifying computations are performed in a single operation based on the El Gomal public key algorithm.
  - 10. The method of claim 1, wherein said user information is stored on a smart card that provides tamper-resistant features.
  - 11. The method of claim 1, wherein said user information is stored in a memory of a computer.
  - 12. The method of claim 1, wherein a user that satisfies said verifying computations is allowed to access a plurality of groups.

13. A method for authenticating a user to one or more groups, said method comprising the steps of:
- verifying an identity of said user; and
  
  verifying a membership of said user with said one or more groups, wherein said verifying steps are performed using a single operation.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, further comprising the step of registering said user with at least one of said one or more groups.
  - 15. The method of claim 14, wherein said registering step further comprises the step of said user and said at least one of said one or more groups exchanging a respective identifier.
  - 16. The method of claim 15, wherein said user identifier is expressed as follows:
    - ID_i=g^x^_i^hmod p, where g and x_iare randomly generated numbers, and h is a hash function on a random number concatenated with information of said user, U.
  - 17. The method of claim 15, wherein said identifier of said at least one of said one or more groups is expressed as follows:
    - G_i=g^k^_i^hmod p, where g and k_iare randomly generated numbers, and h is a hash function on a random number concatenated with information of said user, U.
  - 18. The method of claim 13, wherein said single operation is expressed as:
  - 19. The method of claim 13, wherein said single operation is based on the El Gomal public key algorithm.
  - 20. The method of claim 13, wherein said single operation processes user information stored on a smart card that provides tamper-resistant features.
  - 21. The method of claim 13, wherein said single operation processes user information stored in a memory of a computer.

22. A system for authenticating a user to one or more groups, said system comprising:
- a memory that stores computer-readable code; and
  
  a processor operatively coupled to said memory, said processor configured to implement said computer-readable code, said computer-readable code configured to;
  
  verify an identity of said user; and
  
  verify a membership of said user with said one or more groups, wherein said verifying computations are performed substantially simultaneously using user information stored in a computer file associated with said user.

23. An article of manufacture for authenticating a user to one or more groups, comprising:
- a computer readable medium having computer readable code means embodied thereon, said computer readable program code means comprising;
  
  a step to verify an identity of said user; and
  
  a step to verify a membership of said user with said one or more groups, wherein said verifying computations are performed substantially simultaneously using user information stored in a computer file associated with said user.

24. A system for authenticating a user to one or more groups, said method comprising the steps of:
- a memory that stores computer-readable code; and
  
  a processor operatively coupled to said memory, said processor configured to implement said computer-readable code, said computer-readable code configured to;
  
  verify an identity of said user; and
  
  verify a membership of said user with said one or more groups, wherein said verifying steps are performed using a single operation.

25. An article of manufacture for authenticating a user to one or more groups, comprising:
- a computer readable medium having computer readable code means embodied thereon, said computer readable program code means comprising;
  
  a step to verify an identity of said user; and
  
  a step to verify a membership of said user with said one or more groups, wherein said verifying steps are performed using a single operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Technology Corporation Miami Lakes FLA US
Original Assignee
Avaya Technology Corporation Miami Lakes FLA US
Inventors
Nadooshan, Mehrdad, Ren, Jian

Application Number

US10/059,946
Publication Number

US 20030145204A1
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

H04L 2209/56 Financial cryptography, e.g...

H04L 9/3234 involving additional secure...

Method and apparatus for simultaneously establishing user identity and group membership

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for simultaneously establishing user identity and group membership

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links