System and method for providing masquerade protection in a computer network using hardware and timestamp-specific single use keys
First Claim
1. A method for providing masquerade protection in a computer network, comprising:
- executing a one way hash function having an output space with guaranteed output space duplicates, comprising;
seeding a pseudo random number generator function with a number corresponding to said one or more hardware characteristics; and
wherein said session key is generated from a number generated from said seeded pseudo random number generator function;
generating a session key with a first machine as a function of a timestamp and one or more hardware characteristics unique to said first machine;
transmitting said session key over said network from said first machine through intermediate machines without said masquerade protection to said second machine;
generating a plurality of locks with said second machine as a function of said timestamp and said hardware characteristics;
testing with said second machine whether said session key matches one of said plurality of locks; and
granting access from said first machine to said second machine when said session key matches said one of said plurality of locks.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication session key is generated on a trusted machine based upon an identifier of its CPU, hardware configuration, and a timestamp. The trusting machine retrieves this same information about the trusted machine, and then generates session locks for the machine which are valid for a predetermined time interval. If the incoming session key matches one of the session locks, and the incoming session key is not on the list of used keys, the session key is appended to a list of keys which will no longer thereafter be valid, and access is then granted, thereby employing single-use keys. Because the locks and keys are also generated during a timestamp, a user may request service from the same machine multiple times by waiting no more than a predetermined time between requests, or front ends to the masquerade protection tools could be written that re-try until successful. Because the keys generated are specific to the hardware characteristics of the trusted machine upon which they are generated, attempts to gain access from an imposter machine will generate unusable session keys.
-
Citations
18 Claims
-
1. A method for providing masquerade protection in a computer network, comprising:
-
executing a one way hash function having an output space with guaranteed output space duplicates, comprising; seeding a pseudo random number generator function with a number corresponding to said one or more hardware characteristics; and
wherein said session key is generated from a number generated from said seeded pseudo random number generator function;generating a session key with a first machine as a function of a timestamp and one or more hardware characteristics unique to said first machine; transmitting said session key over said network from said first machine through intermediate machines without said masquerade protection to said second machine; generating a plurality of locks with said second machine as a function of said timestamp and said hardware characteristics; testing with said second machine whether said session key matches one of said plurality of locks; and granting access from said first machine to said second machine when said session key matches said one of said plurality of locks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for providing masquerade protection in a computer network, comprising:
-
means for executing a one way hash function having an output space with guaranteed output space duplicates, comprising; means for seeding a pseudo random number generator function with a number corresponding to said one or more hardware characteristics; and
wherein said session key is generated from a number generated from said seeded pseudo random number generator function;means for generating a session key with a first machine as a function of a timestamp and one or more hardware characteristics unique to said first machine; means for transmitting said session key over said network from said first machine through intermediate machines without said masquerade protection to said second machine; means for generating a plurality of locks with said second machine as a function of said timestamp and said hardware characteristics; means for testing with said second machine whether said session key matches one of said plurality of locks; and means for granting access from said first machine to said second machine when said session key matches said one of said plurality of locks. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification