×

Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system

  • US 5,418,854 A
  • Filed: 04/28/1992
  • Issued: 05/23/1995
  • Est. Priority Date: 04/28/1992
  • Status: Expired due to Term
First Claim
Patent Images

1. In a public key, distributed data processing network system including a plurality of nodes interconnected by a communications medium, said nodes including a login agent (LA) node, a user node and a central certificate storage (CSS) node, a method for authenticating a user to said network using a password and username entered during a login procedure, said method also protecting the confidentiality of said password used to acquire a private key of said user to enable access to said nodes, said method comprising the steps of:

  • computing a first and a second hash total from said password at said user node using a first and a second hash algorithm, respectively, and generating a nonce key at said user node;

    encrypting, at said user node, said second hash total and said nonce key using a public key of said LA node to create an encrypted message, and forwarding said encrypted message from said user node to said LA node;

    decrypting said encrypted message at said LA node using a private key of said LA node to obtain said second hash total and said nonce key;

    acquiring, at said LA node, a doubly-encrypted credential from said CSS node, said doubly-encrypted credential comprising a credential of said user private key encrypted with a first stored hash total computed from said password to form an encrypted credential, said encrypted credential being appended to a second stored hash total computed from said password and thereafter encrypted under said public key of said LA node;

    decrypting said doubly-encrypted credential at said LA node to obtain said encrypted credential and said second stored hash total, and further comparing said second stored hash total with said second hash total at said LA node;

    encrypting said encrypted user private key with said nonce key at said LA node when said hash totals match to create a return message, and forwarding said return message from said LA node to said user node;

    decrypting said return message at said user node using said nonce key to obtain said private key encrypted with said stored first hash number, and further decrypting, at said user node, said private key encrypted with said stored first hash number with said first hash number to obtain said private key, thereby protecting the confidentiality of said password during said login procedure.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×