Browse Prior Art Database

The EAP Protected One-Time Password Protocol (EAP-POTP) (RFC4793)

IP.com Disclosure Number: IPCOM000146279D
Original Publication Date: 2007-Feb-01
Included in the Prior Art Database: 2007-Feb-09

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Nystroem: AUTHOR

Abstract

This document describes a general Extensible Authentication Protocol (EAP) method suitable for use with One-Time Password (OTP) tokens, and offers particular advantages for tokens with direct electronic interfaces to their associated clients. The method can be used to provide unilateral or mutual authentication, and key material, in protocols utilizing EAP, such as PPP, IEEE 802.1X, and Internet Key Exchange Protocol Version 2 (IKEv2).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group                                        M. Nystroem Request for Comments: 4793                                  RSA Security Category: Informational                                    February 2007

         The EAP Protected One-Time Password Protocol (EAP-POTP)

Status of This Memo

   This memo provides information for the Internet community.  It does    not specify an Internet standard of any kind.  Distribution of this    memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document describes a general Extensible Authentication Protocol    (EAP) method suitable for use with One-Time Password (OTP) tokens,    and offers particular advantages for tokens with direct electronic    interfaces to their associated clients.  The method can be used to    provide unilateral or mutual authentication, and key material, in    protocols utilizing EAP, such as PPP, IEEE 802.1X, and Internet Key    Exchange Protocol Version 2 (IKEv2).

Nystroem                     Informational                      [Page 1]
 RFC 4793                        EAP-POTP                   February 2007

 Table of Contents

   1. Introduction ....................................................4

      1.1. Scope ......................................................4

      1.2. Background .................................................4

      1.3. Rationale behind the Design ................................4

      1.4. Relationship with EAP Methods in RFC 3748 ..................5

   2. Conventions Used in This Document ...............................5

   3. Authentication Model ............................................5

   4. Description of the EAP-POTP Method ..............................6

      4.1. Overview ...................................................6

      4.2. Version Negotiation ........................................9

      4.3. Cryptographic Algorithm Negotiation .......................10

      4.4. Session Resumption ........................................11

      4.5. Key Derivation and Session Identifiers ....................13

      4.6. Error Handling and Result Indications .....................13

      4.7. Use of the EAP Notification Method ........................14

      4.8. Protection against Brute-Force Attacks ....................14

      4.9. MAC Calculations in EAP-POTP ..............................16

           4.9.1. Introduction .......................................16

           4.9.2. MAC Calculation ....................................16

           4.9.3. Message Hash Algorithm .........................