Browse Prior Art Database

Simple User Authentication without Server Registration

IP.com Disclosure Number: IPCOM000015869D
Original Publication Date: 2002-Jul-20
Included in the Prior Art Database: 2003-Jun-21

Publishing Venue

IBM

Abstract

This invention disclosure describes a simple and secure way to distribute authentication information from one client machine which is used to register to other multiple client machines. When a user registers the user id and password to access secure site from one of his client machines, he needs to copy that authentication information to other client machines in order to access that site from other machines. The problem is that the user id and password cannot be decided by the user freely because of uniqueness and security requirement from the server side, as a result, they are difficult to memorize and the user needs to write down them on a piece of paper. This disclosure solves the problem by the method as follows: (1) Authentication information is encrypted by the server's public key. (2) The encrypted authentication is encoded as a parameter of URL to the server. (3) User can add a set of challenge/response keywords freely chosen by him in the authentication field. The typical protocol to distribute the authentication information is as follows (see the attached figure)