Method and system for changing an authorization password or key in a distributed communication network
First Claim
1. A method for providing exchange of a new key (Kwew) in a communication network with at least one user and at least one server for authentication between a user (P) and a server (AS), comprising the following steps:
- a. the user requests a key change (REQ-- CPW) by transmitting at least the following information to the server (AS);
two nonces (N1, N2), at least one of which contains freshness information, the user'"'"'s identifier (P), an encryption (E{Knew}Kold) of a selected new key (Knew) under a present key (Kold), and an encryption (E{Kold}Knew) of the present key (Kold) under the new key (Knew),b. the server identifies the user, determines a potential new key (Knew") from the received encryption (E{Knew}Kold) of the new key under the present key by employing the stored present key (Kold) of said user, determines a potential present key (Kold") from the received encryption (E{Kold}Knew) of the present key under the new key, compares the determined potential present key (Kold") with the stored present key (Kold), andc1. rejects the potential new key (Knew"), when any one of the following conditions occurs;
said comparison shows inequality,said potential new key does not comply with all predetermined key selection rules, andone of the nonces (N1, N2) has a value that is outside of a respective predetermined range thereof, orc2. accepts the new key when said comparison shows equality and the potential new key (Knew") is correctly chosen and the nonces (N1, N2) each have a value that is inside of the respective predetermined ranges thereof, andd. acknowledges by replying (REP-- CPW) to said user with at least the following information;
an accept/reject indication whether the potential new key (Knew") is accepted by the server (AS) or not, and an encryption of the received change key request (REQ-- CPW), ande. the user determines from the received reply message (REP-- CPW) whether the selected new key (Knew) is accepted, and authenticates this determination by decrypting the returned change key request (REQ-- CPW).
1 Assignment
0 Petitions
Accused Products
Abstract
A robust and secure password (or key) change method between a user and an authentication server in a distributed communication network is disclosed. The protocol requires the exchange of only two messages between the user desiring the key change and the server, the user'"'"'s request including, at least partly encrypted, an identification of the sending user, old and new keys, and two nonces, at least one including a time indication. The authentication server'"'"'s response includes a possibly encrypted accept/reject indication and the regularly encrypted request from the user.
-
Citations
8 Claims
-
1. A method for providing exchange of a new key (Kwew) in a communication network with at least one user and at least one server for authentication between a user (P) and a server (AS), comprising the following steps:
-
a. the user requests a key change (REQ-- CPW) by transmitting at least the following information to the server (AS); two nonces (N1, N2), at least one of which contains freshness information, the user'"'"'s identifier (P), an encryption (E{Knew}Kold) of a selected new key (Knew) under a present key (Kold), and an encryption (E{Kold}Knew) of the present key (Kold) under the new key (Knew), b. the server identifies the user, determines a potential new key (Knew") from the received encryption (E{Knew}Kold) of the new key under the present key by employing the stored present key (Kold) of said user, determines a potential present key (Kold") from the received encryption (E{Kold}Knew) of the present key under the new key, compares the determined potential present key (Kold") with the stored present key (Kold), and c1. rejects the potential new key (Knew"), when any one of the following conditions occurs; said comparison shows inequality, said potential new key does not comply with all predetermined key selection rules, and one of the nonces (N1, N2) has a value that is outside of a respective predetermined range thereof, or c2. accepts the new key when said comparison shows equality and the potential new key (Knew") is correctly chosen and the nonces (N1, N2) each have a value that is inside of the respective predetermined ranges thereof, and d. acknowledges by replying (REP-- CPW) to said user with at least the following information; an accept/reject indication whether the potential new key (Knew") is accepted by the server (AS) or not, and an encryption of the received change key request (REQ-- CPW), and e. the user determines from the received reply message (REP-- CPW) whether the selected new key (Knew) is accepted, and authenticates this determination by decrypting the returned change key request (REQ-- CPW). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification