Method and apparatus for secure password transmission and password changes
First Claim
1. A method for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said method comprising the steps of;
sending, by the local computer, the userid and a first nonce to the host computer;
replying, by the host computer to the local computer, with a second nonce;
generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
verifying, by the host computer, the validity of the authentication token; and
, accepting the new password to replace the existing password if the authentication token is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.), it only requires the use of a collision-resistant hash function.
-
Citations
4 Claims
-
1. A method for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said method comprising the steps of;
sending, by the local computer, the userid and a first nonce to the host computer;
replying, by the host computer to the local computer, with a second nonce;
generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
verifying, by the host computer, the validity of the authentication token; and
,accepting the new password to replace the existing password if the authentication token is valid.
- said method comprising the steps of;
-
2. A computer program product for securely changing an existing password associated with a user identifier (userid) on a host computer to a new password, wherein said passwords enable a user associated with said userid at a local computer to access information on said host computer across a network;
- said computer program product comprising;
computer readable programming for sending, by the local computer, the userid and a first nonce to the host computer;
computer readable programming for replying, by the host computer to the local computer, with a second nonce;
computer readable programming for generating, by the local computer, a first digest of the userid and the existing password and a second digest of the userid and the new password;
computer readable programming for creating, by the local computer, an authentication token and an authentication token mask wherein said authentication token is a hash function of the first digest, first nonce and second nonce, and said token mask is a hash function of the second digest, first nonce plus a predetermined value and the second nonce;
computer readable programming for generating, by the local computer, a protected digest by exclusive-oring the second digest with the token mask;
computer readable programming for sending, by the local computer to the host computer, the userid, authentication token and the protected digest;
computer readable programming for verifying, by the host computer, the validity of the authentication token; and
,computer readable programming for accepting the new password to replace the existing password if the authentication token is valid. - View Dependent Claims (3, 4)
- said computer program product comprising;
Specification