Username based authentication security
First Claim
1. A computer-implemented method comprising:
- receiving, by a processing device at a server, a request for an authentication challenge from a client;
generating and sending the authentication challenge to the client;
receiving a response to the authentication challenge from the client; and
authenticating the client based on the response, the response based on a salt value, the salt value based on a username and an authentication context identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and a method for an authentication protocol. In one embodiment, a client requests for an authentication challenge from a server. The server generates the authentication challenge and sends it to the client. The authentication challenge includes the authentication context identifier, a random string, a timestamp, and a signature value. The client computes a salt value based on a username and the authentication context identifier from the authentication challenge. The signature value is computed based on the authentication context identifier, the random string, and the timestamp. The client computes a hashed password value based on the computed salt value, and a message authentication code based on the hashed password value and the random string. The client sends a response to the server. The response includes the username, the message authentication code, the random string, the timestamp, and the signature value.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a processing device at a server, a request for an authentication challenge from a client; generating and sending the authentication challenge to the client; receiving a response to the authentication challenge from the client; and authenticating the client based on the response, the response based on a salt value, the salt value based on a username and an authentication context identifier. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-accessible storage medium including data that, when accessed by a computer, cause the computer to perform a method comprising:
-
receiving, by a processing device at a server, a request for an authentication challenge from a client; generating and sending the authentication challenge to the client; receiving a response to the authentication challenge from the client; and authenticating the client based on the response, the response based on a salt value, the salt value based on a username and an authentication context identifier. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A server comprising:
-
a processing device; an authentication challenge generator, executable by the processing device and configured to generate a random string and generate an authentication challenge comprising an authentication context identifier, the random string, a timestamp, a signature value based on the authentication context identifier, the random string, and the timestamp; a time stamp verifier coupled to the authentication challenge generator, the time stamp verifier configured to verify the validity of the timestamp in a response, the response based on a salt value, the salt value based on a username and the authentication context identifier; a signature value verifier coupled to the time stamp verifier, the signature value verifier configured to verify the validity of a signature value in the response; and a message authentication code verifier coupled to the time stamp verifier, the message authentication code verifier configured to verify the validity of a client message authentication code in the response. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer-implemented method comprising:
-
requesting, by a processing device of a client, an authentication challenge from a server; receiving the authentication challenge from the server, and computing a salt value based on a username and an authentication context identifier of the authentication challenge. - View Dependent Claims (17, 18, 19, 20)
-
Specification