System and method of non-centralized zero knowledge authentication for a computer network
First Claim
1. A method of non-centralized zero-knowledge authentication for a computer network, comprising steps of:
- establishing a first computer having a first authentication agent and a first prover agent on the computer network;
detecting a first authentication request over the computer network from a second computer having a second prover agent;
authenticating the second prover agent through a zero-knowledge identification protocol; and
promoting the second computer with a second authentication agent to perform authentication for the computer network.
6 Assignments
0 Petitions
Accused Products
Abstract
Zero-knowledge authentication proves identity without revealing information about a secret that is used to prove that identity. An authentication agent performs authentication of a prover agent without knowledge or transfer of the secret. A non-centralized zero-knowledge authentication system contains multiple authentication agents, for access by multiple computers seeking access on a computer network through local prover agents. Once authenticated, those multiple computers may also implement authentication agents. The secret may periodically expire by publishing a new encrypted secret by a trusted source, thwarting attempts to factor or guess information about the secret.
-
Citations
13 Claims
-
1. A method of non-centralized zero-knowledge authentication for a computer network, comprising steps of:
-
establishing a first computer having a first authentication agent and a first prover agent on the computer network;
detecting a first authentication request over the computer network from a second computer having a second prover agent;
authenticating the second prover agent through a zero-knowledge identification protocol; and
promoting the second computer with a second authentication agent to perform authentication for the computer network. - View Dependent Claims (2, 3, 4)
-
-
5. A method of protecting a host from unauthorized client access over a network, comprising the steps of:
-
creating a prover agent application on the client;
creating a verifier agent application on the host;
creating a trusted source application to generate and publish encrypted values of a secret and product of first and second large prime numbers;
reading the encrypted values for the secret and product, by the prover and verifier from the trusted source;
decrypting the secret, by the prover and verifier;
decrypting the product, by the prover and verifier; and
performing a plurality of verification dialog between the prover and verifier, wherein the prover demonstrates knowledge of the secret and product without exposing the values of the secret and product, and wherein the client is denied access when the prover fails to demonstrate knowledge of the secret and product and granted access when the client succeeds in demonstrating knowledge of the secret and product. - View Dependent Claims (6, 7)
-
-
8. A system of non-centralized zero-knowledge authentication for a computer network, comprising:
-
two or more computers establishing the computer network, each of the computers containing an authentication agent, secret and prover agent; and
a requesting computer having a prover agent, for requesting access to the computer network, wherein the prover agent of the requesting computer and one of the authentication agents of the two or more computers engaging in a zero-knowledge authentication protocol, and wherein the requesting computer operates with an authentication agent on the computer network when the requesting computer is authenticated through the zero-knowledge authentication protocol. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A software product comprising instructions, stored on computer-readable media, wherein the instructions, when executed by a computer, perform steps for non-centralized zero-knowledge authentication for a computer network, comprising:
-
instructions for establishing a first computer having a first authentication agent and a first prover agent on the computer network;
instructions for detecting a first authentication request over the computer network from a second computer having a second prover agent;
instructions for authenticating the second prover agent through a zero-knowledge identification protocol; and
instructions for promoting the second computer with a second authentication agent to perform authentication for the computer network.
-
Specification