Robust digest authentication method
First Claim
1. A method, performed by an authentication server, of authenticating a user in a communication system comprising a user terminal and the authentication server which is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the authentication server during a fixed time period, the method comprising:
- receiving from the user terminal an access request;
determining, using a given criterion, the type of a first nonce value to be sent to the user terminal as a response to the access request, wherein, in case the given criterion is fulfilled the type of the first nonce value is a dedicated nonce value, otherwise the type of the first nonce value is a common nonce value which is constant and common to all of the users managed by the authentication server during the fixed time period;
sending the first nonce value which has been determined;
receiving a response from the user terminal, the response comprising a second nonce value and a response code to the first nonce value sent by the authentication server; and
determining whether the response code is correct and whether the second nonce value corresponds to the first nonce value sent by the authentication server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method of authenticating a user in a communication system comprising a user terminal and an authentication server which is capable of storing two types of nonce values, namely dedicated nonce values unique in the system and common nonce values shared between users in the system. In the method the authentication server receives (401) from the user terminal an access request. Then the authentication server uses a predefined criterion for determining the type of a first nonce value to be sent to the user terminal as a response to the access request. In case the predefined criterion is fulfilled, then a dedicated nonce value is sent, otherwise a common nonce value is sent (402). Then the authentication server receives (403) from the user terminal a response comprising a second nonce value and a response code to the first nonce value. The authentication server then determines whether the response code is correct and whether the second nonce value corresponds to the first nonce value.
18 Citations
19 Claims
-
1. A method, performed by an authentication server, of authenticating a user in a communication system comprising a user terminal and the authentication server which is capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the authentication server during a fixed time period, the method comprising:
-
receiving from the user terminal an access request; determining, using a given criterion, the type of a first nonce value to be sent to the user terminal as a response to the access request, wherein, in case the given criterion is fulfilled the type of the first nonce value is a dedicated nonce value, otherwise the type of the first nonce value is a common nonce value which is constant and common to all of the users managed by the authentication server during the fixed time period; sending the first nonce value which has been determined; receiving a response from the user terminal, the response comprising a second nonce value and a response code to the first nonce value sent by the authentication server; and determining whether the response code is correct and whether the second nonce value corresponds to the first nonce value sent by the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A device for authenticating a user terminal in a communication system, the device being capable of storing two types of nonce values comprising dedicated nonce values unique in the system and common nonce values constant and common to all users managed by the device during a fixed time period, the device comprising:
-
a receiver for receiving from the user terminal messages; and a processor for using a given criterion for determining the type of a first nonce value to be sent to the user terminal as a response to an access request from the user terminal, wherein, in case the given criterion is fulfilled, the processor is arranged to send a dedicated nonce value, otherwise the processor is arranged to send a common nonce value which is constant and common to all of the users managed by the device during the fixed time period, the processor is further arranged to determine whether a response comprising a second nonce value and a response code received from the user terminal as a response to the first nonce value is correct. - View Dependent Claims (18, 19)
-
Specification