Protecting one-time-passwords against man-in-the-middle attacks

US 20070033642A1
Filed: 05/02/2006
Published: 02/08/2007
Est. Priority Date: 05/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user of a communications network based on a one-time-password, the user having an associated asymmetric crypto-key pair including a private key D and a public key E, and the private key D being split into a first private key portion D1 and a second private key portion D2, comprising:

partially signing, by the user, a symmetric session key with the first private key portion D1;

receiving, by the authenticating entity from the user via the network, the partially signed symmetric session key;

completing the signature, by the authenticating entity, on the received partially signed symmetric session key with the second private key portion D2 to recover the symmetric session key;

encrypting, by the user, a one-time-password with the symmetric session key;

receiving, by the authenticating entity from the user via the network, the encrypted one-time-password;

decrypting, by the authenticating entity, the received encrypted one-time-password with the recovered symmetric session key; and

authenticating the user based on the decrypted one-time-password.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

Citations

27 Claims

1. A method for authenticating a user of a communications network based on a one-time-password, the user having an associated asymmetric crypto-key pair including a private key D and a public key E, and the private key D being split into a first private key portion D1 and a second private key portion D2, comprising:
- partially signing, by the user, a symmetric session key with the first private key portion D1;
  
  receiving, by the authenticating entity from the user via the network, the partially signed symmetric session key;
  
  completing the signature, by the authenticating entity, on the received partially signed symmetric session key with the second private key portion D2 to recover the symmetric session key;
  
  encrypting, by the user, a one-time-password with the symmetric session key;
  
  receiving, by the authenticating entity from the user via the network, the encrypted one-time-password;
  
  decrypting, by the authenticating entity, the received encrypted one-time-password with the recovered symmetric session key; and
  
  authenticating the user based on the decrypted one-time-password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising:
    - authenticating the user based on the recovery of the symmetric session key by the authenticating entity;
      
      partially signing, by the authenticating entity, the recovered symmetric session key with the second private key portion D2;
      
      receiving, by the user from the authenticating entity via the network, the partially signed symmetric session key;
      
      completing the signature, by the user, on the received partially signed symmetric session key with the first private key portion D1 to recover the symmetric session key; and
      
      authenticating the authenticating entity based on the recovery of the symmetric session key by the user.
  - 3. The method according to claim 1, further comprising:
    - only after authenticating the user based on the decrypted one-time-password, partially signing, by the authenticating entity, a relying party authenticating message with the second private key portion D2;
      
      receiving, by the user from the authenticating entity via the network, the partially signed relying party authenticating message;
      
      further signing, by the user, the received partially signed relying party authenticating message with the first private key portion D1; and
      
      transmitting, by the user to a relying party via the network, the further signed relying party authenticating message, wherein the relying party authenticating message is recoverable by applying the public key E to the further signed relying party authenticating message; and
      
      authenticating the user based on recovery of the relying party authenticating message by the relying party.
  - 4. The method according to claim 3, wherein:
    - the network is the Internet; and
      
      the relying party authenticating message is a secure socket layer hash.
  - 5. The method according to claim 1, wherein the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password, and further comprising:
    - determining, by the user, the third private key portion D3;
      
      wherein the symmetric session key is partially signed by the user also with the determined third private key portion D3.
  - 6. The method according to claim 1, wherein the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password, and further comprising:
    - determining, by the authenticating entity, the third private key portion D3;
      
      wherein the signature on the received partially signed symmetric session key is completed by the authenticating entity also with the determined third private key portion D3 to recover the symmetric session key.
  - 7. The method according to claim 1, further comprising:
    - receiving, by the user from an authenticating entity via the network, a challenge;
      
      partially signing, by the user, the received challenge with the first private key portion D1;
      
      receiving, by the authenticating entity from the user via the network, the partially signed challenge;
      
      completing the signature, by the authenticating entity, on the received partially signed challenge with the second private key portion D2 to recover the challenge;
      
      authenticating the user based on the recovery of the challenge by the authenticating entity; and
      
      determining, by the user, the one-time-password based on the received challenge.
  - 8. The method according to claim 7, wherein the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 that corresponds to the one-time-password and D3 is further split into a fourth private key portion D4 and a fifth private key portion D5, and further comprising:
    - identifying, by the authenticating entity, a number as the fourth private key portion D4;
      
      partially signing, by the authenticating entity, the recovered symmetric session key with the second private key portion D2 and the fourth private key portion D4;
      
      receiving, by the user from the authenticating entity via the network, the partially signed symmetric session key and the fourth private key portion D4;
      
      determining, by the user, the fifth private key portion D5 based on the third private key portion D3, and the received fourth private key portion D4;
      
      completing the signature, by the user, on the received partially signed symmetric session key with the first private key portion D1 and the determined fifth private key portion D5 to recover the symmetric session key; and
      
      authenticating the authenticating entity based on the recovery of the symmetric session key by the user.

9. A system for authenticating a user of a communications network based on a one-time-password, the user having an associated asymmetric crypto-key pair including a private key D and a public key E, and the private key D being split into a first private key portion D1 and a second private key portion D2, comprising:
- a user network device configured to (i) partially sign a symmetric session key with the first private key portion D1, (ii) transmit the partially signed symmetric session key via the network, (iii) encrypt a one-time-password with the symmetric session key, and (iv) transmit the encrypted one-time-password via the network; and
  
  an authenticating entity network device configured to (i) receive the transmitted partially signed symmetric session key, (ii) complete the signature on the received partially signed symmetric session key with the second private key portion D2 to recover the symmetric session key, (iii) receive the transmitted encrypted one-time-password, (iv) decrypt the received encrypted one-time-password with the recovered symmetric session key, and (v) authenticate the user based on the decrypted one-time-password.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system according to claim 9, wherein:
    - the authenticating entity network device is further configured to (i) authenticate the user based on the recovery of the symmetric session key, (ii) partially sign the recovered symmetric session key with the second private key portion D2, and (iii) transmit the partially signed symmetric session key via the network; and
      
      the user network device is further configured to (i) receive the transmitted partially signed symmetric session key, (ii) complete the signature on the received partially signed symmetric session key with the first private key portion D1 to recover the symmetric session key, and (iii) authenticate the authenticating entity based on the recovery of the symmetric session key.
  - 11. The system according to claim 9, wherein:
    - the authenticating entity network device is further configured to, only after authenticating the user based on the decrypted one-time-password, (i) partially sign a relying party authenticating message with the second private key portion D2, and (ii) transmit the partially signed relying party authenticating message via the network;
      
      the user network device is further configured to (i) receive the transmitted partially signed relying party authenticating message, (ii) further sign the received partially signed relying party authenticating message with the first private key portion D1, and (iii) transmit the further signed relying party authenticating message to a relying party via the network;
      
      the relying party authenticating message is recoverable by completing the signature on the further signed relying party authenticating message with the public key E; and
      
      authenticating the user based on recovery of the relying party authenticating message by the relying party.
  - 12. The system according to claim 9, wherein:
    - the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password; and
      
      the user network device is further configured to (i) determine the third private key portion D3 and (ii) partially sign the symmetric session key also with the determined third private key portion D3.
  - 13. The system according to claim 9, wherein:
    - the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password; and
      
      the authenticating entity network device is further configured to (i) determine the third private key portion D3, and (ii) complete the signature on the received partially signed symmetric session key also with the determined third private key portion D3 to recover the symmetric session key.
  - 14. The system according to claim 9, wherein:
    - the authenticating entity network device is further configured to transmit a challenge via the network;
      
      the user network device is further configured to (i) receive the transmitted challenge, (ii) partially sign the received challenge with the first private key portion D1, (iii) transmit the partially signed challenge via the network, and (iv) determine the one-time-password based on the received challenge; and
      
      the authenticating entity network device is further configured to (i) receive the partially signed challenge, (ii) complete the signature on the received partially signed challenge with the second private key portion D2 to recover the challenge, and (iii) authenticate the user based on the recovery of the challenge.
  - 15. The system according to claim 14, wherein:
    - the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 that corresponds to the one-time-password and D3 is further split into a fourth private key portion D4 and a fifth private key portion D5;
      
      the user network device is further configured to partially sign the symmetric session key also with the third private key portion D3;
      
      the authenticating entity network device is further configured to (i) identify a number as the fourth private key portion D4, (ii) partially sign the recovered symmetric session key with the second private key portion D2 and the fourth private key portion D4, (iii) transmit the partially signed symmetric session key via the network, and (iv) transmit the fourth private key portion D4 via the network; and
      
      the user network device is further configured to (i) receive the transmitted partially signed symmetric session key and the transmitted fourth private key portion D4, (ii) determine the fifth private key portion D5 based on the third private key portion D3 and the received fourth private key portion D4, (iii) complete the signature on the received partially signed symmetric session key with the first private key portion D1 and the determined fifth private key portion D5 to recover the symmetric session key, and (iv) authenticate the authenticating entity based on the recovery of the symmetric session key.

16. A method for authenticating a user of a communications network based on a one-time-password, the user having an associated asymmetric crypto-key pair including a private key D and a public key E, and the private key D being split into a first private key portion D1 and a second private key portion D2, comprising:
- receiving a first network communication from the user including a symmetric session key partially signed with the first private key portion D1;
  
  completing the signature on the received partially signed symmetric session key with the second private key portion D2 to recover the symmetric session key;
  
  receiving a second network communication from the user including a one-time-password encrypted with the symmetric session key;
  
  decrypting the received encrypted one-time-password with the recovered symmetric session key; and
  
  authenticating the user based on the decrypted one-time-password.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method according to claim 16, further comprising:
    - also authenticating the user based on the recovery of the symmetric session key;
      
      partially signing the recovered symmetric session key with the second private key portion D2;
      
      transmitting a third network communication to the user including the partially signed symmetric session key, wherein the signature on the transmitted partially signed symmetric session key can be completed with the first private key portion D1 to recover the symmetric session key and thereby authenticate the authenticating entity to the user.
  - 18. The method according to claim 16, further comprising:
    - only after authenticating the user based on the decrypted one-time-password, partially signing a relying party authenticating message with the second private key portion D2;
      
      transmitting a third network communication to the user including the partially signed relying party authenticating message, wherein the transmitted partially signed relying party authenticating message can be further signed by the user with the first private key portion D1, so that the relying party authenticating message is recoverable by completion of the signature on the further signed relying party authenticating message with the public key E by a relying party.
  - 19. The method according to claim 16, wherein the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password, and further comprising:
    - determining the third private key portion D3;
      
      wherein the signature on the received partially signed symmetric session key is completed also with the determined third private key portion D3 to recover the symmetric session key.
  - 20. The method according to claim 16, further comprising:
    - transmitting a third network communication to the user including a challenge;
      
      receiving a fourth network communication from the user including the transmitted challenge partially signed by the user with the first private key portion D1;
      
      completing the signature on the received partially signed challenge with the second private key portion D2 to recover the challenge; and
      
      also authenticating the user based on the recovery of the challenge.
  - 21. The method according to claim 20, wherein the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 that corresponds to the one-time-password and D3 is further split into a fourth private key portion D4 and a fifth private key portion D5, and the received partially signed symmetric session key is partially signed also with the third private key portion D3, and further comprising:
    - identifying a number as the fourth private key portion D4;
      
      partially signing the recovered symmetric session key with the second private key portion D2 and the fourth private key portion D4;
      
      transmitting a fifth network communication to the user including the partially signed symmetric session key and the fourth private key portion D4, wherein the signature on the transmitted partially signed symmetric session key can be completed by the user with the first private key portion D1 and the fifth private key portion D5 to recover the symmetric session key and thereby authenticate the authenticating entity to the user.

22. A system for authenticating a user of a communications network based on a one-time-password, the user having an associated asymmetric crypto-key pair including a private key D and a public key E, and the private key D being split into a first private key portion D1 and a second private key portion D2, comprising:
- a network interface configured to receive (i) a first network communication including a symmetric session key partially signed with the first private key portion D1 and (ii) a second network communication including a one-time-password encrypted with the symmetric session key; and
  
  a processor configured to (i) complete the signature on the received partially signed symmetric session key with the second private key portion D2 to recover the symmetric session key, (ii) decrypt the received encrypted one-time-password with the recovered symmetric session key, and authenticate the user based on the decrypted one-time-password.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system according to claim 22, wherein:
    - the processor is further configured to (i) also authenticate the user based on the recovery of the symmetric session key, (ii) partially sign the recovered symmetric session key with the second private key portion D2, (iii) direct transmission of a third network communication including the partially signed symmetric session key;
      
      the network interface is further configured to transmit the third network communication in accordance with the processor directive; and
      
      the signature on the transmitted partially signed symmetric session key can be completed with the first private key portion D1 to recover the symmetric session key and thereby authenticate the authenticating entity to the user.
  - 24. The system according to claim 22, wherein:
    - the processor is further configured to, only after authenticating the user based on the decrypted one-time-password, (i) partially sign a relying party authenticating message with the second private key portion D2, and (ii) direct transmission of a third network communication to the user including the partially signed relying party authenticating message;
      
      the network interface is further configured to transmit the third network communication in accordance with the processor directive; and
      
      the transmitted partially signed relying party authenticating message can be further signed by the user with the first private key portion D1, so that the relying party authenticating message is recoverable by completion of the signature on the further signed relying party authenticating message with the public key E by a relying party.
  - 25. The system according to claim 22, wherein:
    - the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 corresponding to the one-time-password;
      
      the processor is further configured to determine the third private key portion D3;
      
      wherein the signature on the received partially signed symmetric session key is completed also with the determined third private key portion D3 to recover the symmetric session key.
  - 26. The system according to claim 22, wherein:
    - the interface is further configured to (i) transmit a third network communication to the user including a challenge, (ii) receive a fourth network communication from the user including the transmitted challenge partially signed by the user with the first private key portion D1;
      
      the processor is further configured to (i) complete the signature on the received partially signed challenge with the second private key portion D2 to recover the challenge, and (ii) also authenticate the user based on the recovery of the challenge.
  - 27. The system according to claim 26, wherein:
    - the private key D of the associated asymmetric crypto-key pair is also split into a third private key portion D3 that corresponds to the one-time-password and D3 is further split into a fourth private key portion D4 and a fifth private key portion D5;
      
      the received partially signed symmetric session key is also partially signed with the third private key portion D3;
      
      the processor is further configured to (i) identify a number as the fourth private key portion D4, (ii) partially sign the recovered symmetric session key with the second private key portion D2 and the fourth private key portion D4, and (iii) direct transmission of a fifth network communication to the user including the partially signed symmetric session key and the fourth private key portion D4; and
      
      the signature on the transmitted partially signed symmetric session key can be completed by the user with the first private key portion D1 and the fifth private key portion D5 to recover the symmetric session key and thereby authenticate the authenticating entity to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
TriCipher, Inc. (Broadcom, Inc.)
Inventors
Ganesan, Ravi, Bellare, Mihir, Sandhu, Ravinderpal, Cottrell, Andrew, Schoppert, Brett

Granted Patent

US 7,840,993 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/0838   using one-time-passwords

H04L 63/14   for detecting or protecting...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 9/3228   One-time or temporary data,...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Protecting one-time-passwords against man-in-the-middle attacks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting one-time-passwords against man-in-the-middle attacks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links