Browse Prior Art Database

Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) (RFC3310)

IP.com Disclosure Number: IPCOM000009813D
Original Publication Date: 2002-Sep-01
Included in the Prior Art Database: 2002-Sep-20
Document File: 19 page(s) / 37K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Niemi: AUTHOR [+3]

Abstract

This memo specifies an Authentication and Key Agreement (AKA) based one-time password generation mechanism for Hypertext Transfer Protocol (HTTP) Digest access authentication. The HTTP Authentication Framework includes two authentication schemes: Basic and Digest. Both schemes employ a shared secret based mechanism for access authentication. The AKA mechanism performs user authentication and session key distribution in Universal Mobile Telecommunications System (UMTS) networks. AKA is a challenge- response based mechanism that uses symmetric cryptography.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group                                           A. Niemi

Request for Comments: 3310                                         Nokia

Category: Informational                                         J. Arkko

                                                             V. Torvinen

                                                                Ericsson

                                                          September 2002

       Hypertext Transfer Protocol (HTTP) Digest Authentication

              Using Authentication and Key Agreement (AKA)

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo specifies an Authentication and Key Agreement (AKA) based

   one-time password generation mechanism for Hypertext Transfer

   Protocol (HTTP) Digest access authentication.  The HTTP

   Authentication Framework includes two authentication schemes: Basic

   and Digest.  Both schemes employ a shared secret based mechanism for

   access authentication.  The AKA mechanism performs user

   authentication and session key distribution in Universal Mobile

   Telecommunications System (UMTS) networks.  AKA is a challenge-

   response based mechanism that uses symmetric cryptography.

Niemi, et. al.               Informational                      [Page 1]

RFC 3310          HTTP Digest Authentication Using AKA    September 2002

Table of Contents

   1.  Introduction and Motivation  . . . . . . . . . . . . . . . . .  2

   1.1 Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3

   1.2 Conventions  . . . . . . . . . . . . . . . . . . . . . . . . .  4

   2.  AKA Mechanism Overview . . . . . . . . . . . . . . . . . . . .  4

   3.  Specification of Digest AKA  . . . . . . . . . . . . . . . . .  5

   3.1 Algorithm Directive  . . . . . . . . . . . . . . . . . . . . .  5

   3.2 Creating a Challenge . . . . . . . . . . . . . . . . . . . . .  6

   3.3 Client Authentication  . . . . . . . . . . . . . . . . . . . .  7

   3.4 Synchronization Failure  . . . . . . . . . . . . . . . . . . .  7

   3.5 Server Authentication  . . . . . . . . . . . . . . . . . . . .  8

   4.  Example Digest AKA Operation . . . . . . . . . . . . . . . . .  8

   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12

   5.1 Authentication of Clients using Digest AKA . . . . . . . . . . 13

   5.2 Limited Use of Nonce Values  . . . . . . . . . . . . . . . ....