Browse Prior Art Database

Simple User Authentication without Server Registration

IP.com Disclosure Number: IPCOM000015869D
Original Publication Date: 2002-Jul-20
Included in the Prior Art Database: 2003-Jun-21
Document File: 2 page(s) / 126K

Publishing Venue

IBM

Abstract

This invention disclosure describes a simple and secure way to distribute authentication information from one client machine which is used to register to other multiple client machines. When a user registers the user id and password to access secure site from one of his client machines, he needs to copy that authentication information to other client machines in order to access that site from other machines. The problem is that the user id and password cannot be decided by the user freely because of uniqueness and security requirement from the server side, as a result, they are difficult to memorize and the user needs to write down them on a piece of paper. This disclosure solves the problem by the method as follows:

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Simple User Authentication without Server Registration

This invention disclosure describes a simple and secure way to distribute authentication information from one client machine which is used to register to other multiple client machines. When a user registers the user id and password to access secure site from one of his client machines, he needs to copy that authentication information to other client machines in order to access that site from other machines. The problem is that the user id and password cannot be decided by the user freely because of uniqueness and security requirement from the server side, as a result, they are difficult to memorize and the user needs to write down them on a piece of paper. This disclosure solves the problem by the method as follows:
(1) Authentication information is encrypted by the server's public key.
(2) The encrypted authentication is encoded as a parameter of URL to the server.
(3) User can add a set of challenge/response keywords freely chosen by him in the authentication field. The typical protocol to distribute the authentication information is as follows (see the attached figure)

1. First the user registers the user-id and password at the registration page of the server and the client machine generates the encrypted authentication information (AuthData)
1.1 SSL is used to send the registration page.
1.2 Server's certificate which includes the server's public key is also sent to the client machine.
1.3 The client first registers the user id (uid) and password (pw) to the server.
1.4 Then it requests the user to put additional challenge(cha)/response(res) pairs.
1.5 It encrypts all these data (uid, pw, {cha, res}) by the servers public key.

The result is $AuthData = E_{PKS}\{uid, p...