Method and apparatus for authentication of client server communication
First Claim
1. A method of authenticating a message transmitted between a sender and a receiver comprising the steps of:
- generating a message at said sender;
combining a session key with said message to create a first appended message;
calculating a first digest of said first appended message;
combining a first portion of said first digest with said message to create a transmit message;
transmitting said transmit message to said receiver;
removing said first portion of said first digest from said transmit message to result in said message;
combining said session key with said message to generate a second appended message;
calculating a second digest of said second appended message;
comparing said said portion of said first digest and a second portion of said second digest;
authenticating said message when said first portion of said first digest matches said second portion of said second digest.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.
-
Citations
20 Claims
-
1. A method of authenticating a message transmitted between a sender and a receiver comprising the steps of:
-
generating a message at said sender; combining a session key with said message to create a first appended message; calculating a first digest of said first appended message; combining a first portion of said first digest with said message to create a transmit message; transmitting said transmit message to said receiver; removing said first portion of said first digest from said transmit message to result in said message; combining said session key with said message to generate a second appended message; calculating a second digest of said second appended message; comparing said said portion of said first digest and a second portion of said second digest; authenticating said message when said first portion of said first digest matches said second portion of said second digest. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
-
2. The method of claim I wherein said sender is a client in a client/server network.
-
11. Apparatus for authenticating a message transmitted between a sender and a receiver comprising:
-
means for generating a message at said sender; means for combining a session key with said message to create a first appended message; means for calculating a first digest of said first appended message; means for combining said a first portion of said first digest with said message to create a transmit message; means for transmitting said transmit message to said receiver; means for removing said first portion of said first digest from said transmit message to result in said message; means for combining said session key with said message to generate a second appended message; means for calculating a second digest of said second appended message; means for comparing said said first portion of said first digest and a second portion of said second digest; means for authenticating said message when said first portion of said first digest matches said second portion of said second digest. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification