Authentication using random challenges
First Claim
1. A method of authentication, said method comprising the steps of:
- (i) generating a password, said password known to a first party and a second party;
(ii) generating at least one challenge, said at least one challenge being generated by said first party, said second party, or a third party;
(iii) generating a first value, said first value within a range of values determined prior to generating said first value and said first value being generated by said second party;
(iv) generating a first response using said password, at least one of said challenges, and said first value, said first response being generated by said second party;
(v) transmitting said first response from said second party to said first party;
(vi) generating a second value, said second value within said range of values determined prior to generating said first value and said second value being generated by said first party;
(vii) generating a second response using said password, at least one of said challenges, and said second value, said second response being generated by said first party; and
(viii) comparing said first response and said second response, said comparison performed by said first party.
6 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for authenticating one or both of two parties, for example, a user and a host computer. The first party and second party each know the same password. The first party sends a challenge to the second party. The second party generates and sends to the first party a response based on a first function of the password, the first party'"'"'s challenge, and an extra value unknown to the first party. The first party, which knows only the length of the extra value, then attempts to match the response by using the same function, password, and challenge by cycling through the possible values for the extra value of known format. A method of bi-directional authentication may be achieved by having the first party return to the second party a response using a different function of the password, a preferably different challenge, and the extra value. The second party already knows the input values, including the extra value, and therefore, does not incur the costs associated with learning the extra value. The identity of the first party is confirmed by matching the transmitted response with a value generated locally.
125 Citations
19 Claims
-
1. A method of authentication, said method comprising the steps of:
-
(i) generating a password, said password known to a first party and a second party; (ii) generating at least one challenge, said at least one challenge being generated by said first party, said second party, or a third party; (iii) generating a first value, said first value within a range of values determined prior to generating said first value and said first value being generated by said second party; (iv) generating a first response using said password, at least one of said challenges, and said first value, said first response being generated by said second party; (v) transmitting said first response from said second party to said first party; (vi) generating a second value, said second value within said range of values determined prior to generating said first value and said second value being generated by said first party; (vii) generating a second response using said password, at least one of said challenges, and said second value, said second response being generated by said first party; and (viii) comparing said first response and said second response, said comparison performed by said first party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for authenticating comprising:
-
a first party; a second party; means for generating a password, said password known by said first party and by said second party; means for generating at least one challenge, said at least one challenge being generated by said first party, said second party, or a third party; means for said second party to generate a first value within a predetermined range of values; means for said second party to generate a first response using said password, at least one of said challenges, and said first value; means for transmitting said first response to said first party; and means for said first party to generate a plurality of second values within said predetermined range of values and a plurality of second responses using said password, at least one of said challenges, and one of said plurality of second values until said first response matches one of said plurality of second responses or until all of said second values within said predetermined range of values have been generated. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of authentication, said method comprising the steps of:
-
providing a first party with a password; providing a second party with said password; establishing by communication between said first party and said second party, that said second party knows said password, said communication involving a value, said value known to said first party, said value within a determinate range of values known to said second party, and said value tested by said second party; and maintaining said communication free of revealing said password.
-
-
17. A system for authentication comprising:
-
a first party a second party; a first response, said first response being generated by said second party from a first random value within a specified range of values known to said first party and said first response being transmitted to said first party; a second response, said second response being generated by said first party at a cost substantially higher than the cost of generating said first response. - View Dependent Claims (18, 19)
-
Specification