Password-based authentication
First Claim
1. A method for controlling access by user computers to a resource in dependence on authentication of user passwords, associated with respective user IDs, at an access control server configured to communicate via a network with the user computers and a plurality n of authentication servers, the method comprising:
- storing respective secret values at the plurality n of authentication servers;
for each said user ID, storing at the access control server a first ciphertext produced by encrypting a user password associated with a user ID using a predetermined algorithm dependent on said secret values;
at the access control server, in response to receipt from a user computer of a received user ID and an input password, communicating with a plurality k≦
n of authentication servers to implement a password authentication protocol, including use by the plurality k of authentication servers of the respective secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm and the access control server uses the first and second ciphertexts to determine whether the input password equals the user password for the received user ID; and
at the access control server, permitting access to the resource by the user computer if the input password equals the user password.
1 Assignment
0 Petitions
Accused Products
Abstract
A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.
-
Citations
10 Claims
-
1. A method for controlling access by user computers to a resource in dependence on authentication of user passwords, associated with respective user IDs, at an access control server configured to communicate via a network with the user computers and a plurality n of authentication servers, the method comprising:
-
storing respective secret values at the plurality n of authentication servers; for each said user ID, storing at the access control server a first ciphertext produced by encrypting a user password associated with a user ID using a predetermined algorithm dependent on said secret values; at the access control server, in response to receipt from a user computer of a received user ID and an input password, communicating with a plurality k≦
n of authentication servers to implement a password authentication protocol, including use by the plurality k of authentication servers of the respective secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm and the access control server uses the first and second ciphertexts to determine whether the input password equals the user password for the received user ID; andat the access control server, permitting access to the resource by the user computer if the input password equals the user password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification