Browse Prior Art Database

Quick Reconnect

IP.com Disclosure Number: IPCOM000028662D
Original Publication Date: 2004-May-26
Included in the Prior Art Database: 2004-May-26
Document File: 1 page(s) / 59K

Publishing Venue

IBM

Abstract

A solution for the following problem : When a client disconnects from the server , it should be re-authenticated in the directory, which can take a long time. The invention is the algorithm to re-authenticate the client securely and quickly, based on the agreed key that was used in the previous session.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 100% of the total text.

Page 1 of 1

Quick Reconnect

The first time the client logs in, we use the Diffie-Hellman algorithm to create an agreed key. This agreed key is used to encrypt the client's password. The invention is the algorithm to re-authenticate the client securely and quickly, based on the agreed key above.

    Current solutions we are aware of require more than two way handshake in order to authenticate the user.

    The agreed key is preserved on the client side and on the server side. After the client is authenticated, the server creates a random challenge, encrypts it using the agreed key, and sends it to the client. If the client disconnects and then reconnects within a configurable time limit (3 minutes by default), the encrypted challenge is used to authenticate the user.

    Since we cannot use the encrypted challenge as is, and since we don't want to send it on the clear, what we do is decrypt the challenge, add some data to it (some of it random), encrypt the output, and send it to the server. The server decrypts this output and, if it's based on the original challenge, the user is authenticated.

Regular login (First login):

Client

Handshake + public key

HandshakeAck + public key Login + encrypted password LoginAck + encrypted challenge

Handshake + manipulated & encrypted challeng

LoginAck + new encrypted challenge

Server

Quick Reconnect:

Client

Server

[This page contains 5 pictures or other non-text objects]