Method and apparatus for authentication of client server communication

US 5,349,642 A
Filed: 11/03/1992
Issued: 09/20/1994
Est. Priority Date: 11/03/1992
Status: Expired

First Claim

Patent Images

1. A method of authenticating a message transmitted between a sender and a receiver comprising the steps of:

generating a message at said sender;

combining a session key with said message to create a first appended message;

calculating a first digest of said first appended message;

combining a first portion of said first digest with said message to create a transmit message;

transmitting said transmit message to said receiver;

removing said first portion of said first digest from said transmit message to result in said message;

combining said session key with said message to generate a second appended message;

calculating a second digest of said second appended message;

comparing said said portion of said first digest and a second portion of said second digest;

authenticating said message when said first portion of said first digest matches said second portion of said second digest.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.

253 Citations

20 Claims

1. A method of authenticating a message transmitted between a sender and a receiver comprising the steps of:
- generating a message at said sender;
  
  combining a session key with said message to create a first appended message;
  
  calculating a first digest of said first appended message;
  
  combining a first portion of said first digest with said message to create a transmit message;
  
  transmitting said transmit message to said receiver;
  
  removing said first portion of said first digest from said transmit message to result in said message;
  
  combining said session key with said message to generate a second appended message;
  
  calculating a second digest of said second appended message;
  
  comparing said said portion of said first digest and a second portion of said second digest;
  
  authenticating said message when said first portion of said first digest matches said second portion of said second digest.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
- - 3. The method of claim 1 wherein said receiver is a server in a client/server network.
  - 4. The method of claim 1 wherein said step of calculating a first digest of said first appended message is accomplished by executing a digest algorithm on said first appended message.
  - 5. The method of claim 4 wherein said digest algorithm is an MD4 digest algorithm.
  - 6. The method of claim 4 wherein a current state of said sender is used as an initial state when executing said digest algorithm to create said first digest.
  - 7. The method of claim 6 wherein said current state is used as an initial state when executing said digest algorithm to create said second digest.
  - 8. The method of claim 7 wherein said current state is advanced when an authenticated message is received.
  - 9. The method of claim 8 wherein said current state is not advanced when an authenticated message is not received.
  - 10. The method of claim 1 wherein said session key is generated by the steps of:
    - providing a random number sequence challenge to said sender;
      
      requesting a password from a user of said sender;
      
      generating a first pass digest from said password;
      
      combining said first pass digest and said challenge in a buffer;
      
      generating a buffer digest of said buffer;
      
      defining said session key as a first number of bytes of said buffer digest.

2. The method of claim I wherein said sender is a client in a client/server network.

11. Apparatus for authenticating a message transmitted between a sender and a receiver comprising:
- means for generating a message at said sender;
  
  means for combining a session key with said message to create a first appended message;
  
  means for calculating a first digest of said first appended message;
  
  means for combining said a first portion of said first digest with said message to create a transmit message;
  
  means for transmitting said transmit message to said receiver;
  
  means for removing said first portion of said first digest from said transmit message to result in said message;
  
  means for combining said session key with said message to generate a second appended message;
  
  means for calculating a second digest of said second appended message;
  
  means for comparing said said first portion of said first digest and a second portion of said second digest;
  
  means for authenticating said message when said first portion of said first digest matches said second portion of said second digest.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11 wherein said sender is a client in a client/server network.
  - 13. The apparatus of claim 11 wherein said receiver is a server in a client/server network.
  - 14. The apparatus of claim 11 wherein said first digest of said first appended message is calculated by executing a digest algorithm on said first appended message.
  - 15. The apparatus of claim 14 wherein said digest algorithm is an MD4 digest algorithm.
  - 16. The apparatus of claim 14 wherein a current state of said sender is used as an initial state when executing said digest algorithm to create said first digest.
  - 17. The apparatus of claim 16 wherein said current state is used as an initial state when executing said digest algorithm to create said second digest.
  - 18. The apparatus of claim 17 wherein said current state is advanced when an authenticated message is received.
  - 19. The apparatus of claim 18 wherein said current state is not advanced when an authenticated message is not received.
  - 20. The apparatus of claim 11 further including means for generating a session key comprising:
    - means for providing a random number sequence challenge to said sender;
      
      means for requesting a password from a user of said sender;
      
      means for generating a first pass digest from said password;
      
      means for combining said first pass digest and said challenge in a buffer;
      
      means for generating a buffer digest of said buffer;
      
      means for defining said session key as a first number of bytes of said buffer digest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Kingdon, Kevin
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US07/970,611
Time in Patent Office

686 Days
Field of Search

380/23, 380/25, 380/28, 380/30
US Class Current

713/161
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/067   using one-time keys cryptog...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 69/16   Implementation or adaptatio...

H04L 9/0827   involving distinctive inter...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Method and apparatus for authentication of client server communication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

253 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authentication of client server communication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

253 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links