USERNAME BASED AUTHENTICATION AND KEY GENERATION

US 20100131756A1
Filed: 11/26/2008
Published: 05/27/2010
Est. Priority Date: 11/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

generating a server unique identifier of a server prior to communicating with the server;

calculating an encrypted password based on the server unique identifier, a username, and an unencrypted password; and

generating and sending a communication request to the server, the communication request comprising a username, a client random string, a client timestamp, and a client MAC value, the client MAC value computed over the username, the client random string, and the client timestamp, using the encrypted password as an encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and a method for an authentication protocol. A client generates a server unique identifier of a server prior to communicating with the server. An encrypted password generator module of the client calculates an encrypted password based on the server unique identifier, a username, and an unencrypted password. A communication request generator module of the client generates and sends a communication request to the server. The communication request includes a username, a client random string, a client timestamp, and a client MAC value. The client MAC value is computed over the username, the client random string, and the client timestamp, using the encrypted password as an encryption key.

99 Citations

View as Search Results

21 Claims

1. A computer-implemented method comprising:
- generating a server unique identifier of a server prior to communicating with the server;
  
  calculating an encrypted password based on the server unique identifier, a username, and an unencrypted password; and
  
  generating and sending a communication request to the server, the communication request comprising a username, a client random string, a client timestamp, and a client MAC value, the client MAC value computed over the username, the client random string, and the client timestamp, using the encrypted password as an encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1 wherein generating the server unique identifier includes hashing the server'"'"'s DNS, NIS, or WINS name.
  - 3. The computer-implemented method of claim 1 wherein calculating the encrypted password further comprises:
    - performing an iterative hash of the username and the server unique identifier for a predetermined number of times.
  - 4. The computer-implemented method of claim 3 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using the unencrypted password as the key.
  - 5. The computer-implemented method of claim 3 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using the result of the iterative hash as the key and the password as a message.
  - 6. The computer-implemented method of claim 3 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using an empty string as an initial message and alternating between password as a message and a hashed username.
  - 7. The computer-implemented method of claim 1 further comprising:
    - receiving a response to the communication request from the server, the response comprising the client random string, a server random string, a server timestamp, and a server MAC value over the client random string, the server random string, and the server timestamp using the encrypted password as the encryption key;
      
      validating a server timestamp;
      
      calculating a computed MAC value over the client random string and the server random string;
      
      comparing the computer MAC value with the server MAC value; and
      
      generating a shared secret by calculating a shared secret MAC value of the client random string and the server random string using the encrypted password as the encryption key.

8. A computer-readable storage medium, having instructions stored therein, which when executed, cause a computer system to perform a method comprising:
- generating a server unique identifier of a server prior to communicating with the server;
  
  calculating an encrypted password based on the server unique identifier, a username, and an unencrypted password; and
  
  generating and sending a communication request to the server, the communication request comprising a username, a client random string, a client timestamp, and a client MAC value, the client MAC value computed over the username, the client random string, and the client timestamp, using the encrypted password as an encryption key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable storage medium of claim 8 wherein generating the server unique identifier includes hashing the server'"'"'s DNS, NIS, or WINS name.
  - 10. The computer readable storage medium of claim 8 wherein calculating the encrypted password further comprises:
    - performing an iterative hash of the username and the server unique identifier for a predetermined number of times.
  - 11. The computer readable storage medium of claim 10 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using the unencrypted password as the key.
  - 12. The computer readable storage medium of claim 10 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using the result of the iterative hash as the key and the password as a message.
  - 13. The computer readable storage medium of claim 10 further comprising:
    - calculating an iterative MAC value of the result of the iterative hash using an empty string as an initial message and alternating between password as a message and a hashed username.
  - 14. The computer readable storage medium of claim 8 further comprising:
    - receiving a response to the communication request from the server, the response comprising the client random string, a server random string, a server timestamp, and a server MAC value over the client random string, the server random string, and the server timestamp using the encrypted password as the encryption key.validating a server timestamp;
      
      calculating a computed MAC value over the client random string and the server random string;
      
      comparing the computer MAC value with the server MAC value; and
      
      generating a shared secret by calculating a shared secret MAC value of the client random string and the server random string using the encrypted password as the encryption key.

15. A client comprising:
- a server unique identifier generator module to generate a server unique identifier of a server prior to communicating with the server;
  
  an encrypted password generator module coupled to the server unique identifier generator module, the encrypted password generator module configured to calculate an encrypted password based on the server unique identifier, a username, and an unencrypted password; and
  
  a communication request generator module coupled to the encrypted password generator module, the encrypted password generator module configured to generate and send a communication request to the server, the communication request comprising a username, a client random string, a client timestamp, and a client MAC value, the client MAC value computed over the username, the client random string, and the client timestamp, using the encrypted password as an encryption key.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The client of claim 15 wherein the server unique identifier generator module is configured to generate the server unique identifier by hashing the server'"'"'s DNS, NIS, or WINS name.
  - 17. The client of claim 15 wherein the encrypted password generator module is configured to perform an iterative hash of the username and the server unique identifier for a predetermined number of times.
  - 18. The client of claim 17 wherein the encrypted password generator module is configured to calculate an iterative MAC value of the result of the iterative hash using the unencrypted password as the key.
  - 19. The client of claim 17 wherein the encrypted password generator module is configured to calculate an iterative MAC value of the result of the iterative hash using the result of the iterative hash as the key and the password as a message.
  - 20. The client of claim 17 wherein the encrypted password generator module is configured to calculate an iterative MAC value of the result of the iterative hash using an empty string as an initial message and alternating between password as a message and a hashed username.
  - 21. The client of claim 17 wherein the client further comprises:
    - a server timestamp validator configured to receive a response to the communication request from the server, the response comprising the client random string, a server random string, a server timestamp, and a server MAC value over the client random string, the server random string, and the server timestamp using the encrypted password as the encryption key, and configured to validate the server timestamp;
      
      a MAC module coupled to the server timestamp generator configured to calculate a computed MAC value over the client random string and the server random string, and to configured to compare the computer MAC value with the server MAC value; and
      
      a shared secret generator module configured to generate a shared secret by calculating a shared secret MAC value of the client random string and the server random string using the encrypted password as the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James Paul

Granted Patent

US 9,106,426 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2151   Time stamp

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04L 9/3226   using a predetermined code,...

H04L 9/3242   involving keyed hash functi...

H04L 9/3297   involving time stamps, e.g....

USERNAME BASED AUTHENTICATION AND KEY GENERATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

99 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

USERNAME BASED AUTHENTICATION AND KEY GENERATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others