ROBUST DIGEST AUTHENTICATION METHOD
First Claim
1. A method of authenticating a user in a communication system:
- comprising a user terminal (201) and an authentication server (202) which is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the authentication server (202) during a fixed time period, the method comprising the following steps performed by the authentication server (202);
receiving (301, 401) from the user terminal (201) an access request;
using a given criterion for determining (605) the type of a first nonce value to be sent to the user terminal (201) as a response to the access request, wherein, in case the given criterion is fulfilled, then sending a dedicated nonce value, otherwise sending a common nonce value;
receiving (303, 403) a response from the user terminal (201), the response comprises a second nonce value and a response code to the nonce value sent by the authentication server (202); and
determining whether the response code is correct and whether the second nonce value corresponds to the first nonce value sent by the authentication server (202).
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method of authenticating a user in a communication system comprising a user terminal and an authentication server which is capable of storing two types of nonce values, namely dedicated nonce values unique in the system and common nonce values shared between users in the system. In the method the authentication server receives (401) from the user terminal an access request. Then the authentication server uses a predefined criterion for determining the type of a first nonce value to be sent to the user terminal as a response to the access request. In case the predefined criterion is fulfilled, then a dedicated nonce value is sent, otherwise a common nonce value is sent (402). Then the authentication server receives (403) from the user terminal a response comprising a second nonce value and a response code to the first nonce value. The authentication server then determines whether the response code is correct and whether the second nonce value corresponds to the first nonce value.
-
Citations
19 Claims
-
1. A method of authenticating a user in a communication system:
- comprising a user terminal (201) and an authentication server (202) which is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the authentication server (202) during a fixed time period, the method comprising the following steps performed by the authentication server (202);
receiving (301, 401) from the user terminal (201) an access request; using a given criterion for determining (605) the type of a first nonce value to be sent to the user terminal (201) as a response to the access request, wherein, in case the given criterion is fulfilled, then sending a dedicated nonce value, otherwise sending a common nonce value; receiving (303, 403) a response from the user terminal (201), the response comprises a second nonce value and a response code to the nonce value sent by the authentication server (202); and determining whether the response code is correct and whether the second nonce value corresponds to the first nonce value sent by the authentication server (202). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- comprising a user terminal (201) and an authentication server (202) which is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the authentication server (202) during a fixed time period, the method comprising the following steps performed by the authentication server (202);
-
17. A device for authenticating a user terminal (201) in a communication system, the device is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the device during a fixed time period, the device comprising:
-
a receiver for receiving from the user terminal messages; and a processor for using a given criterion for determining the type of a first nonce value to be sent to the user terminal (201) as a response to an access request from the user terminal (201), wherein, in case the given criterion is fulfilled, the processor is arranged to send a dedicated nonce value, otherwise the processor is arranged to send a common nonce value, the processor is further arranged to determine whether a response comprising a second nonce value and a response code received from the user terminal (201) as a response to the first nonce value, is correct. - View Dependent Claims (18, 19)
-
Specification