Method and apparatus for authenticating users of a communication system to each other
First Claim
1. In a communication system having a plurality of parties, a method for each party to authenticate another party comprising:
- generating a system function in at least two variables, said function two variables representing the identity of first and second parties;
transferring to each of the parties a projection of said function solved for a respective party'"'"'s identity;
evaluating at said first party'"'"'s location said projection with the identity of said second party to obtain a validation number, when said first party needs to authenticate said second party;
evaluating at said second party'"'"'s location said second projection with the identity of said first party;
comparing at each party'"'"'s location the evaluated projections, and determining based on said comparison the authenticity of each party.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for authenticating users (entities) of a computer network based on the entity'"'"'s identification is described. Keys for each party of a potential session are derived by projections stored at each party'"'"'s location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user'"'"'s identification. Each user evaluates his projection with the other user/party'"'"'s identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users'"'"' information stored in one user'"'"'s memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
Citations
20 Claims
-
1. In a communication system having a plurality of parties, a method for each party to authenticate another party comprising:
-
generating a system function in at least two variables, said function two variables representing the identity of first and second parties; transferring to each of the parties a projection of said function solved for a respective party'"'"'s identity; evaluating at said first party'"'"'s location said projection with the identity of said second party to obtain a validation number, when said first party needs to authenticate said second party; evaluating at said second party'"'"'s location said second projection with the identity of said first party; comparing at each party'"'"'s location the evaluated projections, and determining based on said comparison the authenticity of each party. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for giving each subsystem of an interconnected network the authority to issue information to parties of interconnected subsystems which permit said parties to authenticate each other, comprising:
-
providing a polynomial having a plurality of variables at a central authority; providing to each subsystem a projection of said polynomial evaluated for one of said variables, said one variable representing an identifier for said subsystem; providing from each subsystem to each party connected to a subsystem a projection of said subsystem further evaluated for another of said variables representing said connected party'"'"'s identification; evaluating remaining variables of said further evaluated projection with another party'"'"'s identification when said another party attempts to initiate a session with said party, whereby a completely evaluated projection results defining a key; and
,validating said key with a second key at said another party'"'"'s location. - View Dependent Claims (7, 8)
-
-
9. In a communication system interconnecting groups of parties providing intercommunication between parties of different groups, a method for authorizing parties of one group to communicate with parties of another group comprising:
-
generating for each group independent multivariable functions, two of said variables representing the identity of parties which are to be interconnected; forwarding to each party of said groups projections of said functions which are partially evaluated for a party'"'"'s identity, whereby each party has a projection representing each group; evaluating at a party'"'"'s location of a first group desiring to communicate with a party of a second group, said second group'"'"'s projection using the identity of said second group'"'"'s party; evaluating at a second party'"'"'s location of the second group said second group projection using the identity of said first group first party; and
,validating the results of said first and second parties'"'"' evaluations.
-
-
10. A method for authenticating parties of one class connected by a communication network to parties of a second class comprising:
-
computing a set of keys which may be used to encrypt data, and projections of said keys based on each party'"'"'s name; distributing to said first class of said parties a subset of said keys; distributing said projections of said keys to said second class of parties evaluated for said parties'"'"' names; encrypting by a party of said first class a value of the name of a party of said second class from each key of said subset associated with said party of said first class, and combining the encryptions; combining said projections of said keys for a party of said second class, using said first class party'"'"'s identity to generate a key; validating the combined encryption of said keys of said party of said first class with the key resulting from the combined values of the projections of said party of said second class. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for authenticating parties of a common communication network comprising:
-
a central administrator for selecting a multivariable function, at least two of said variables representing the identity of parties to a communication session; a first memory at a network node connected to a first party for storing a projection of said function partially evaluated for said party'"'"'s identification; a second memory at a network node connected to a second party of a communication session, storing a projection of said function evaluated for said second party'"'"'s identification; means at said first node for evaluating a respective stored projection using the identity of said second party, whereby a first validation quantity is produced; means at said second node for evaluating said projection of said second party using the identity of said first party, whereby a second validation quantity is produced; and
,means for validating said first and second validation quantities, whereby the authority of said parties is verified. - View Dependent Claims (16, 17, 18)
-
-
19. A system for authenticating parties connected to a server comprising:
-
a plurality of servers, each connected to receive a set of keys from a central administrator; a plurality of sets of user terminals, each set of user terminals being connected to communicate with a respective plurality of servers; a central administrator for supplying to each server a different set of keys for authenticating said connected user terminals, and for sending projections of said keys based on an identity associated with said user terminal to each user terminal, whereby each user terminal has a set of projections of a connected server'"'"'s keys, permitting said user terminal to calculate a set of keys common to said connected server, identifying said user terminal as authorized to communicate with said server. - View Dependent Claims (20)
-
Specification