Browse Prior Art Database

Practical automatic security enhancement for password-less inter computer communication

IP.com Disclosure Number: IPCOM000124050D
Original Publication Date: 2005-Apr-07
Included in the Prior Art Database: 2005-Apr-07
Document File: 1 page(s) / 38K

Publishing Venue

IBM

Abstract

Presented is a method for securely enabling communication among two or more computers in a password-less environment by automatic generation of new KEYS.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 1 of 1

Practical automatic security enhancement for password -less inter computer communication

Under normal circumstances, enabling two or more computers to communicate with one another through a password-less ssh mechanism requires manual/human involvement. That is, a set of private/public keys are created on one of the computers, and then they are copied (in the open) over to the other computers. Once the copy phase is completed, all participants can exchange commands and copy files back and forth without using passwords.

    In an embedded environment or in an environment where human intervention is not desirable/possible, however, such a mechanism is not satisfactory. In order to enable an automatic password-less infrastructure, all the participating computers need to "share" a common "secret", which should be used as a seed, and then each one can build its own pair of keys, knowing that its peers, in doing the same, will create identical pairs of keys. Such a mechanism works well, but having a permanent "secret-seed" can become a problem in an hostile environment. If, somehow, the "secret-seed" (or the KEY pair) is stolen, it can be used to break into all of the computers that recognize the KEYS based on that "secret-seed".

    The solution presented herein will allow for usage of new KEYS every so often, so that it will be more difficult to break in by having the original seed or original pair of private/public keys.

    Once a trusted pair of KEYS is created (either by usin...