Password-based authentication system and method in group network
First Claim
1. A method for password-based authentication in a communication system including a group of at least two units associated with a common password, wherein each of said two units comprises at least one processor and at least one memory, said at least one memory containing instructions that, when executed by said at least one processor, are operative to perform the steps of:
- assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password;
determining, in a first unit, a check token for a second unit based on the password inputted by a user of said first unit and the authentication token of the first unit, wherein the step of determining the check token comprises the steps of;
determining, in the first unit, a token secret using the authentication token of the first unit and the password; and
,creating, in the first unit, the check token for the second unit based on the token secret and the password;
sending the check token to the second unit; and
,comparing, in the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit, wherein said user of said first unit is authenticated if said check token is the same as said authentication token of said second unit.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to password-based authentication in group networks. Each device has an authentication token irreversibly based on the password. The authentication involves a first device at which the password P is entered and a second device towards which the authentication occurs. The first device determines a check token Mj for the second based on the password and its own authentication token Rl and this check token is sent to the second device, where it is compared with the authentication token of that device. The procedure may include update of a device to exclude a non-trusted device from the group or change the password. Advantageous features are that the information in one device does not allow retrieval of the password and that the password is only exposed at one device, and only temporarily, during the authentication.
-
Citations
42 Claims
-
1. A method for password-based authentication in a communication system including a group of at least two units associated with a common password, wherein each of said two units comprises at least one processor and at least one memory, said at least one memory containing instructions that, when executed by said at least one processor, are operative to perform the steps of:
-
assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password; determining, in a first unit, a check token for a second unit based on the password inputted by a user of said first unit and the authentication token of the first unit, wherein the step of determining the check token comprises the steps of; determining, in the first unit, a token secret using the authentication token of the first unit and the password; and
,creating, in the first unit, the check token for the second unit based on the token secret and the password; sending the check token to the second unit; and
,comparing, in the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit, wherein said user of said first unit is authenticated if said check token is the same as said authentication token of said second unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A communication system including a group of at least two units associated with a common password, and means for password-based authentication, comprising:
-
means for assigning individual authentication tokens to the respective units in the group based on the password such that each authentication token is irreversibly determined by the password; means for determining, at a first unit, a check token for a second unit based on the password and the authentication token of the first unit; and means for comparing, at the second unit, the check token with the authentication token of the second unit for authentication of the first unit towards the second unit;
wherein the means for determining the check token comprises;means for retrieving, at the first unit, a token secret using the authentication token of the first unit and the password; and
,means for creating, at the first unit, the check token for the second unit based on the token secret and the password. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A first device belonging to a group of at least two devices associated with a common password, and including means for password-based authentication, the first device comprises:
-
means for receiving a password;
means for assigning individual authentication tokens to other devices in the group based on the password such that each authentication token is irreversibly determined by the password;means for determining a check token for a second device in the group based on the password and the authentication token of the first device; and means for transmitting the check token to the second device for authentication towards the second device; wherein the means for determining the check token comprises; means for retrieving a token secret using the authentication token of the first device and the password; and
,means for creating the check token for the second device based on the token secret and the password. - View Dependent Claims (39, 40, 41, 42)
-
Specification