Username Based Key Exchange

US 20100058060A1
Filed: 08/29/2008
Published: 03/04/2010
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

sending first authentication data including a first random string in response to a request;

receiving a response to the first authentication data, the response including a second authentication data that includes a second random string and a username; and

generating a master secret based on the first authentication data and the second authentication data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message.

140 Citations

23 Claims

1. A computer-implemented method comprising:
- sending first authentication data including a first random string in response to a request;
  
  receiving a response to the first authentication data, the response including a second authentication data that includes a second random string and a username; and
  
  generating a master secret based on the first authentication data and the second authentication data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprising:
    - generating a secret or key from the master secret for use in a secure communication protocol.
  - 3. The computer-implemented method of claim 1, wherein generating the master secret further comprises:
    - concatenating the first random string, the second random string and the username to form a first value.
  - 4. The computer-implemented method of claim 3, wherein generating the master secret further comprises:
    - calculating a first message authentication code of the first value using the encrypted password as a key.
  - 5. The computer-implemented method of claim 4, further comprising:
    - inserting a second message authentication code into a message as a decryption key identifier.

6. A computer readable storage medium, having instructions stored therein, which when executed, cause a computer to perform a set of operations comprising:
- sending first authentication data including a first random string in response to a request;
  
  receiving a response to the first authentication data, the response including a second authentication data that includes a second random string and a username; and
  
  generating a master secret based on the first authentication data and the second authentication data.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable storage medium of claim 6, having further instructions therein, which when executed, cause the computer to perform a further set of operations, further comprising:
    - generating a secret or key from the master secret for use in a secure communication protocol.
  - 8. The computer readable storage medium of claim 6, wherein generating the master secret further comprises:
    - concatenating the first random string, the second random string and the username to form a first value.
  - 9. The computer readable storage medium of claim 8, wherein generating the master secret further comprises:
    - calculating a first message authentication code of the first value using the encrypted password as a key.
  - 10. The computer readable storage medium of claim 9, having further instructions therein, which when executed, cause the computer to perform a further set of operations, further comprising:
    - inserting a second message authentication code into a message as a decryption key identifier.

11. A computer-implemented method comprising:
- receiving first authentication data including a first random string;
  
  sending a response to the first authentication data, the response including a second authentication data that includes a second random string and a username; and
  
  generating a master secret based on the first authentication data and the second authentication data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-implemented method of claim 11, further comprising:
    - generating a secret or key from the master secret for use in a secure communication protocol.
  - 13. The computer-implemented method of claim 11, wherein generating the master secret further comprises:
    - concatenating the first random string, the second random string and the user name to form a first value.
  - 14. The computer-implemented method of claim 13, wherein generating the master secret further comprises:
    - calculating a first message authentication code of the first value using the encrypted password as a key.
  - 15. The computer-implemented method of claim 14, further comprising:
    - inserting a second message authentication code into a message as a decryption key identifier.

16. A computer readable storage medium, having instructions stored therein, which when executed, cause a computer to perform a set of operations comprising:
- receiving first authentication data including a first random string;
  
  sending a response to the first authentication data, the response including a second authentication data that includes a second random string and a username; and
  
  generating a master secret based on the first authentication data and the second authentication data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer readable storage medium of claim 16, having further instructions therein, which when executed, cause the computer to perform a further set of operations, further comprising:
    - generating a secret or key from the master secret for use in a secure communication protocol.
  - 18. The computer readable storage medium of claim 16, wherein generating the master secret further comprises:
    - concatenating the first random string, the second random string and the user name to form a first value.
  - 19. The computer readable storage medium of claim 18, wherein generating the master secret further comprises:
    - calculating a first message authentication code of the first value using the encrypted password as a key.
  - 20. The computer readable storage medium of claim 19, having further instructions therein, which when executed, cause the computer to perform a further set of operations, further comprising:
    - inserting a second message authentication code into a message as a decryption key identifier.

21. A system comprising:
- a processor;
  
  a memory coupled to the processor;
  
  an authentication module coupled to the processor to authenticate a client based on a correspondence between a username and media authentication code ; and
  
  a secure communication module to generate a master secret for a secure communication protocol based on the username and a first random string from a server.
- View Dependent Claims (22, 23)
- - 22. The system of claim 21, wherein the secure communication module generates the master secret based a second random string from the client.
  - 23. The system of claim 22, further comprising:
    - a stateless key identification module coupled to the processor, the stateless key identification module to insert an identifier based on the username, first random string and second random string into a stateless message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James Paul

Granted Patent

US 9,258,113 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 9/0844 with user authentication or...

H04L 9/3271 using challenge-response

Username Based Key Exchange

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

140 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Username Based Key Exchange

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links