Method to authenticate a network access server to an authentication server
First Claim
1. A method of authentication between servers in a three party network authentication protocol, the method comprising the steps of:
- providing at least one network access server (NAS) in communication with at least one user of the network and in communication with at least one remote authentication server (RAS) coupled to the network;
sending an access request message including a user password from the at least one user to the NAS;
creating an encrypted password at the NAS with a shared secret between the NAS and the RAS;
attaching a message authentication code at the NAS to the encrypted password;
sending the encrypted password and message authentication code to the RAS; and
authenticating the NAS by verifying the message authentication code at the RAS before decrypting the encrypted user password.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of authentication between servers in a three party network protocol network includes first providing at least one network access server (NAS) in communication with at least one user of the network and also in communication with at least one remote authentication server (RAS) coupled to the network. An access request message including a user password is sent from the user to the NAS. The NAS encrypts the password with a shared secret between the NAS and the RAS. The NAS subsequently tags a message authentication code (MAC) using the shared secret to the encrypted password. The encrypted password and MAC are then sent to the RAS. The RAS first authenticates the NAS by verifying the MAC before decrypting the encrypted user password.
-
Citations
14 Claims
-
1. A method of authentication between servers in a three party network authentication protocol, the method comprising the steps of:
-
providing at least one network access server (NAS) in communication with at least one user of the network and in communication with at least one remote authentication server (RAS) coupled to the network;
sending an access request message including a user password from the at least one user to the NAS;
creating an encrypted password at the NAS with a shared secret between the NAS and the RAS;
attaching a message authentication code at the NAS to the encrypted password;
sending the encrypted password and message authentication code to the RAS; and
authenticating the NAS by verifying the message authentication code at the RAS before decrypting the encrypted user password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
creating the message authentication code from the encrypted password and the shared secret.
-
-
3. A method according to claim 1, further comprising the step of:
using a unique sequence number as part of an input to compute the message authentication code.
-
4. A method according to claim 1, wherein the step of sending further comprises:
attaching the message authentication code to a network access-request message sent from the NAS to the RAS.
-
5. A method according to claim 1, wherein the password P includes characters P=(p1, p2, . . . pi), and wherein the step of attaching the message authentication code further comprises generating a message authentication code c(i+1) of the encrypted password E(P) where E(P)=(c(1) c(2) . . . c(i)), and i is the number of characters in the password.
-
6. A method according to claim 1, wherein the three party network authentication protocol is a remote authentication dial-in user service (RADIUS) network protocol.
-
7. A method according to claim 6, wherein the network access server is a client server and authentication server is a RADIUS server.
-
8. A method according to claim 1, wherein the three party network authentication protocol is a remote authentication dial-in user service (RADIUS) network protocol.
-
9. A method according to claim 8, wherein the network access server is a client server and authentication server is a RADIUS server.
-
10. A method of authentication in a three party communication network protocol, the method comprising the steps of:
-
assigning a user password to identify a particular user of the network;
delivering an access-request message from the user to a network access server (NAS) of the network including the user password;
creating an encrypted user password at the NAS utilizing a shared secret that is shared between the NAS and a remote authentication server (RAS) of the network;
generating a separate message authentication code at the NAS utilizing the shared secret;
attaching the message authentication code to the encrypted password;
sending the access-request message including the encrypted password and the message authentication code to the RAS; and
authenticating the NAS by verifying the message authentication code at the RAS before decrypting the encrypted password. - View Dependent Claims (11, 12, 13, 14)
using a unique sequence number as part of an input to compute the message authentication code.
-
-
13. A method according to claim 10, wherein the step of sending further comprises:
attaching the message authentication code and encrypted password to the network access-request message sent from the NAS to the RAS.
-
14. A method according to claim 10, wherein the password P includes characters P=(p1, p2, . . . pi), and wherein the step of attaching the message authentication code further comprises generating a message authentication code c(i+1) of the encrypted password E(P) where E(P)=(c(1) c(2) . . . c(i)), and i is the number of characters in the password.
Specification