Original Publication Date: 2004-May-26
Included in the Prior Art Database: 2004-May-26
A solution for the following problem : When a client disconnects from the server , it should be re-authenticated in the directory, which can take a long time. The invention is the algorithm to re-authenticate the client securely and quickly, based on the agreed key that was used in the previous session.
The first time the client logs in, we use the Diffie-Hellman algorithm to create an agreed key. This agreed key is used to encrypt the client's password. The invention is the algorithm to re-authenticate the client securely and quickly, based on the agreed key above.
Current solutions we are aware of require more than two way handshake in order to authenticate the user.
The agreed key is preserved on the client side and on the server side. After the client is authenticated, the server creates a random challenge, encrypts it using the agreed key, and sends it to the client. If the client disconnects and then reconnects within a configurable time limit (3 minutes by default), the encrypted challenge is used to authenticate the user.
Since we cannot use the encrypted challenge as is, and since we don't want to send it on the clear, what we do is decrypt the challenge, add some data to it (some of it random), encrypt the output, and send it to the server. The server decrypts this output and, if it's based on the original challenge, the user is authenticated.
Regular login (First login):
Handshake + public key
HandshakeAck + public key Login + encrypted password LoginAck + encrypted challenge
Handshake + manipulated & encrypted challeng
LoginAck + new encrypted challenge