Methods and apparatus for authenticating an originator of a message
First Claim
1. A method of enabling a first party to authenticate a second party by confirming that a communication from the second party must have been derived using a password of the first party, wherein the second party does not know the password, comprising the steps:
- the first party;
applying a commutative one-way function to the password to form a first result, generating a first random value and providing the first result and the first random value to the second party;
the second party;
generating a second random value and a session key, applying the commutative one-way function to the first result received from the first party and the second random value to calculate a second result, combining the first random value received from the first party with the second result to obtain a first hashed result, calculating a protected hashed result from the first hashed result and the session key, and applying the commutative one-way function to the second random value to form a protected second random value and providing the first party with the protected second random value and the protected hashed result;
whereby the first party can calculate;
(a) the second result from the password and the protected second random value, (b) the first hashed result from the second result the first party calculates and the first random value, and (c) the session key by combining the hashed result calculated by the first party with the protected hashed result received from the second party.
4 Assignments
0 Petitions
Accused Products
Abstract
Authentication by an intermediary F (e.g. a bank) of an originator C of a message (e.g. a client sending an instruction to pay a merchant M) is accomplished using a protocol which does not require the intermediary to possess passwords used by the originator C and the merchant M to protect the contents of the message. Furthermore, the protocol does not require any party to the transaction to decrypt any value previously encrypted by any other party, so a reversible encryption algorithm is not required.
53 Citations
14 Claims
-
1. A method of enabling a first party to authenticate a second party by confirming that a communication from the second party must have been derived using a password of the first party, wherein the second party does not know the password, comprising the steps:
-
the first party;
applying a commutative one-way function to the password to form a first result, generating a first random value and providing the first result and the first random value to the second party;the second party;
generating a second random value and a session key, applying the commutative one-way function to the first result received from the first party and the second random value to calculate a second result, combining the first random value received from the first party with the second result to obtain a first hashed result, calculating a protected hashed result from the first hashed result and the session key, and applying the commutative one-way function to the second random value to form a protected second random value and providing the first party with the protected second random value and the protected hashed result;whereby the first party can calculate;
(a) the second result from the password and the protected second random value, (b) the first hashed result from the second result the first party calculates and the first random value, and (c) the session key by combining the hashed result calculated by the first party with the protected hashed result received from the second party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A first device for authenticating an originator of a message from a second device by confirming that a message from the second device must have been derived using a password of the first device, the first device being arranged for sending (a) a protected version of the password and (b) a first random value to the second device, the second device being arranged for generating a second random value, the second device being arranged for using (a) and (b) received from the first device and the second random value to protect a session key, the second device being arranged for generating a protected version of the second random value, the devices being arranged so the second device can send to the first device the protected session key and the protected second random value, the first device being arranged so it can recover the session key from the protected session key received from the second device using the password of the first device and a protected second random value received from the second device, the first device comprising:
-
a protecting mechanism for protecting the password of the first device; a first random value source for generating a first random value for the first device; a transmitter for supplying the protected password and the first random value of the first device to the second device; a receiver for receiving the protected session key and a protected second random value from the second device; and a computer arrangement for calculating the session key from the protected session key received from the second device using the password of the first device and the protected second random value received from the second device.
-
-
12. A second device for generating an authenticating message adapted to be supplied to a first device to enable the first device to confirm that a message from the second device must have been derived using a password of the first device, the first device being arranged for sending to the second device:
- (a) a protected version of the password and (b) a first random value, the second device being arranged for receiving (a) and (b) from the first device, the second device being arranged for protecting a session key using (a) and (b) as received from the first device, the second device being arranged for sending the protected session key to the first device, the first device being arranged for recovering the session key from the protected session key received from the second device by using the password of the first device, the second device comprising;
a receiver for receiving from the first device (a) the protected version of the password and (b) the first random value; a second random value source for generating a second random value; a protecting mechanism for generating a protected version of the second random value; a session key source for deriving the session key; a calculating mechanism for calculating the protected session key using (a) the protected version of the password and (b) the first random value from the first device, the second random value, and the session key; and a transmitter for supplying the protected session key and protected second random value to the first device for authentication.
- (a) a protected version of the password and (b) a first random value, the second device being arranged for receiving (a) and (b) from the first device, the second device being arranged for protecting a session key using (a) and (b) as received from the first device, the second device being arranged for sending the protected session key to the first device, the first device being arranged for recovering the session key from the protected session key received from the second device by using the password of the first device, the second device comprising;
-
13. A computer system for authenticating a message by confirming that the message must have been derived using a password of the computer system, comprising:
-
a first processor for receiving and transmitting data; a communication interface for exchanging signals between the first processor and a first device, the first device including a first memory and a second processor for executing instructions; and a second memory coupled to said first processor;
the second memory having stored therein sequences of instructions which, when executed by said first processor, cause said first processor to authenticate a message from the first device by causing said first processor to execute instructions for;protecting a password of the first device; generating a first random value for the first device; transmitting the protected password and the first random value to the first device using the communication interface; receiving a protected session key and a protected second random value from the first device using the communication interface; and calculating a session key from the protected session key received from the first device using the password of the computer system and the protected second random value received from the first device.
-
-
14. A computer system for generating an authenticating message to confirm that the message must have been derived using a password that is not known to the computer system, comprising:
-
a first processor for receiving and transmitting data; a communication interface for exchanging signals between the first processor and a first device, the first device including a first memory and a second processor for executing instructions; and a second memory coupled to said first processor;
the second memory having stored therein sequences of instructions which, when executed by said first processor, cause said first processor to authenticate a message from the first device by causing said first processor to execute instructions for;receiving (a) a protected version of the password and (b) a first random value from the first device using the communication interface; generating a second random value; protecting the second random value; creating a session key; calculating a protected version of the session key using (a) the protected version of the password, (b) the first random value, the second random value, and the session key; and transmitting the protected session key and protected second random value to the first device for authentication.
-
Specification