Method and apparatus for secure password transmission and password changes
First Claim
Patent Images
1. A method for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said method comprising the steps of;
sending, by the local computer, the userid and a first nonce to the host computer;
replying, by the host computer to the local computer, with a second nonce;
generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
verifying, by the host computer, the validity of the authentication token; and
, accepting the new password to replace the existing password if the authentication token is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.), it only requires the use of a collision-resistant hash function.
-
Citations
4 Claims
-
1. A method for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said method comprising the steps of;
sending, by the local computer, the userid and a first nonce to the host computer;
replying, by the host computer to the local computer, with a second nonce;
generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
verifying, by the host computer, the validity of the authentication token; and
,accepting the new password to replace the existing password if the authentication token is valid.
- said method comprising the steps of;
-
2. A computer program product for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said computer program product comprising;
computer readable programming for sending, by the local computer, the userid and a first nonce to the host computer;
computer readable programming for replying, by the host computer to the local computer, with a second nonce;
computer readable programming for generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
computer readable programming for creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
computer readable programming for generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
computer readable programming for sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
computer readable programming for verifying, by the host computer, the validity of the authentication token; and
,computer readable programming for accepting the new password to replace the existing password if the authentication token is valid. - View Dependent Claims (3, 4)
- said computer program product comprising;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsPeyravian, Mohammad, Zunic, Nevenko
-
Primary Examiner(s)Barrón, Gilberto
-
Assistant Examiner(s)Zand, Kambiz
-
Application NumberUS09/549,944Time in Patent Office1,691 DaysField of Search713/168, 713/169, 713/181, 713/202US Class Current713/168CPC Class CodesG06F 21/31 User authenticationG06F 21/606 by securing the transmissio...H04L 63/0846 using time-dependent-passwo...H04L 9/3226 using a predetermined code,...H04L 9/3234 involving additional secure...H04L 9/3236 using cryptographic hash fu...H04L 9/3271 using challenge-response
