Username based key exchange
First Claim
1. A method comprising:
- sending, by a processor over a network, a first random string in response to a request from a device;
receiving, by the processor over the network, a second random string and a username from the device in response to the first random string;
concatenating, by the processor, the first random string, the second random string and the username to form a first value;
generating, by the processor, a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and
establishing, by the processor, a communication session with the device over the network using a second secret derived from the first secret.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message.
62 Citations
19 Claims
-
1. A method comprising:
-
sending, by a processor over a network, a first random string in response to a request from a device; receiving, by the processor over the network, a second random string and a username from the device in response to the first random string; concatenating, by the processor, the first random string, the second random string and the username to form a first value; generating, by the processor, a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and establishing, by the processor, a communication session with the device over the network using a second secret derived from the first secret. - View Dependent Claims (2, 3, 4, 18, 19)
-
-
5. A non-transitory computer-readable medium comprising instructions encoded thereon which, when executed by a processor, cause the processor to:
-
send, by the processor over a network, a first random string in response to a request from a device; receive, by the processor over the network, a second random string and a username in response to the first random string; concatenate, by the processor, the first random string, the second random string and the username to form a first value; generate, by the processor, a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and establish, by the processor, a communication session with the device over the network using a second secret derived from the first secret. - View Dependent Claims (6, 7)
-
-
8. A method comprising:
-
receiving, by a processor over a network, a first random string from a device; sending, by the processor over the network, a second random string and a username in response to the first random string; and concatenating, by the processor, the first random string, the second random string and the username to form a first value; generating, by the processor, a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and establishing, by the processor, a communication session with the device over the network using a second secret derived from the first secret. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer-readable medium comprising instructions encoded thereon which, when executed by a processor, cause the processor to:
-
receive, by the processor over a network, a first random string from a device; send, by the processor over the network, a second random string and a username in response to the first random string; concatenate, by the processor, the first random string, the second random string and the username to form a first value; generate, by the processor, a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and establish, by the processor, a communication session with the device over the network using a second secret derived from the first secret. - View Dependent Claims (13, 14, 15)
-
-
16. A system comprising:
-
a memory; a network interface device; and a processor operatively coupled to the memory, the processor to; send, over a network using the network interface device, a first random string in response to a request from a device; receive, over the network using the network interface device, a second random string and a username in response to the first random string; concatenate the first random string, the second random string and the username to form a first value; generate a first secret using the first value as input to a cryptographic function and a hashed password associated with the username as a cryptographic key; and establish a communication session with the device over the network using a second secret derived from the first secret. - View Dependent Claims (17)
-
Specification