Browse Prior Art Database

Method of One-Way Authentication Via Passphrase

IP.com Disclosure Number: IPCOM000106469D
Original Publication Date: 1993-Nov-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 6 page(s) / 249K

Publishing Venue

IBM

Related People

Boswell, MW: AUTHOR [+5]

Abstract

Disclosed is a method for authenticating a user in a distributed environment via a user-supplied passphrase. Features of this design include the ability to dynamically initialize a cryptographic device with cryptographic keys derived from a passphrase.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 21% of the total text.

Method of One-Way Authentication Via Passphrase

      Disclosed is a method for authenticating a user in a
distributed environment via a user-supplied passphrase.  Features of
this design include the ability to dynamically initialize a
cryptographic device with cryptographic keys derived from a
passphrase.

      In many distributed computer networks there arise situations
where one computing node must request a service from a remote
computing node or execute a privileged operation on a remote node.
It is often desirable or mandatory that the service or operation to
be executed by the node that receives the request be afforded only to
a select set of requesting users or nodes.

      Many techniques for solving the problem of authenticating
requests to a serving node rely on the use of a secret such as a key
or password, knowledge of which is shared by the requesting and
serving nodes.  If a computer node has to request services from many
remote nodes and the technique for authenticating requests involves
only the requesting and serving nodes then the requesting node would
need to possess and maintain many of these secret passwords or keys.

In a large network the maintenance of large amounts of secret
information is an administrative burden.

      Some known solutions address this problem by including a third
node which possesses knowledge of all the keys or passwords on all
nodes in the network or for some portion of the network.  These nodes
act as authentication servers for the requesting and serving nodes
and thereby reduce the number of keys necessary at each requester and
server to one each.  But for certain administrative operations a very
large number of nodes may have to provide a service to an
administrating node.  An authentication system that requires a secret
piece of information for each of these potential servers will still
impose an undesirable administrative burden.

      Also, the existing third party authentication techniques use a
general purpose encryption technique to authenticate both requesters
and servers.  The use of a general purpose encryption technique
causes products using the technique to fall under export restrictions
imposed by the State Department of the United States.

      The access authentication system described here provides a
solution for restricting access to services provided by remote
computer nodes or to restrict the ability to execute privileged
operations on a remote node where access must be limited to a
specific service requesting user and/or service requesting node.  It
is a solution that is particularly well suited for environments where
a service requesting user must request services from many potential
servers and where an enabling function such as communication access
to a local area network (LAN) is involved.

The authentication system involves 4 functional roles, as follows:

1.  A service requesting node.

2.  A service providing node.

3.  An enabling ...