Authentication method
First Claim
1. A method for password-based authentication in a communication system including a group of at least two units associated with a common password, comprising the steps of assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password;
- determining, at a first unit, a check token for a second unit based on the password and the authentication token of the first unit; and
comparing, at the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to password-based authentication in group networks. Each device (42) has an authentication token irreversibly based on the password. The authentication involves a first device (42-1) at which the password P is entered and a second device (42-2) towards which the authentication occurs. The first device determines a check token Mj for the second based on the password and its own authentication token R1 and this check token is sent to the second device, where it is compared with the athentication token of that device. The procedure may include update of a device to exclude a non-trusted device from the group or change the password. Advantageous features are that the information in one device does not allow retrieval of the password and that the password is only exposed at one device, and only temporarily, during the authentication.
-
Citations
47 Claims
-
1. A method for password-based authentication in a communication system including a group of at least two units associated with a common password, comprising the steps of
assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password; -
determining, at a first unit, a check token for a second unit based on the password and the authentication token of the first unit; and
comparing, at the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A communication system including a group of at least two units associated with a common password, and means for password-based authentication, comprising:
-
means for assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password;
means for determining, at a first unit, a check token for a second unit based on the password and the authentication token of the first unit; and
means for comparing, at the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A first device belonging to a group of at least two devices associated with a common password, and including means for password-based authentication, the first device comprises:
-
means for receiving a password;
means for assigning individual authentication tokens to other devices in the group based on the password such that each authentication token is irreversibly determined by the password;
means for determining a check token for a second device in the group based on the password and the authentication token of the first device; and
means for transmitting the check token to the second device for authentication towards the second device. - View Dependent Claims (42, 43, 44, 45, 46)
-
-
47. A computer program product for, when executed by a computer, password-based authentication in a communication system comprising:
-
a group of at least two units associated with a common password;
program means for assigning individual authentication tokens to the respective units of the group based on the password such that each authentication token is irreversibly determined by the password;
program means for determining, at a first unit, a check token for a second unit based on the password and the authentication token of the first unit; and
program means for comparing, at the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit.
-
Specification