• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method is disclosed for an authentication client authenticated by an authentication server to further enhance the effectiveness of the authentication to realize a new communication password. The authentication client gets a new password from that user. From the new password and from the information provided by the authentication server, the authentication client derives the "password verifier". At this time, the password verifier is shared with the authentication server. The new password itself is never sent to the authentication server, and it is basically impossible to derive a new password from the password verifier. The authentication client and the authentication server derive a new set of authentication and encryption security keys from the new password and password verifier, respectively, side by side. This process may be repeated to limit the validity of a given statistical attacker by limiting the amount of data sent using any one particular set of security keys.
    公开号:KR20030085512A
    申请号:KR10-2003-0027200
    申请日:2003-04-29
    公开日:2003-11-05
    发明作者:아야가리아룬;가누가파티크리슈나;사이몬다니엘알.;무어티모씨엠.;발프라딥
    申请人:마이크로소프트 코포레이션;
    IPC主号:
    专利说明:

    How to remotely change the communication password {METHODS FOR REMOTELY CHANGING A COMMUNICATIONS PASSWORD}
    [14] TECHNICAL FIELD The present invention generally relates to computer communication, and more particularly to providing a password based security to a computer communication session.
    [15] Computer networks are growing significantly and are delivering even more sensitive information. For security, computing devices that use the network prove their identity to other devices (“authenticate themselves”) and communicate only sensitive information with other authenticated devices. However, the vast majority of authenticated communications are still susceptible to security attacks. In one form of security attack, an attacker is misauthenticated by mimicking a plausible legitimate device. Once authenticated, the attacker only has access to the information specified for the legitimately authenticated device. In the second form of attack, an attacker is not authenticated but eavesdrops communication between authenticated devices to obtain a security code. With these security codes available, the eavesdropper can access sensitive information sent by the authenticated device. Such security attacks are particularly difficult for devices that communicate via wireless technology, because it is difficult or impossible to restrict physical access to their communication.
    [16] These two types of security attacks are addressed by two important aspects of communication security. First, authentication techniques are becoming more sophisticated to prevent illegal attackers from using them. A typical communication environment includes an authentication server that communicates with all computing devices when all computing devices (called "authentication clients") want to be authenticated. To be authenticated, the authenticating client usually has to prove his or her knowledge of some certificate. In some cases, the certificate includes a secret communication password shared between the authentication client and the authentication server. In other cases, the certificate may be based on public / private key pairs and a security certificate. In some cases, the only thing that proves knowledge about the certificate is an authenticating client authenticated to the authenticating server. The authentication process is usually mutual, and the authentication server also proves its identity to the authentication client.
    [17] In the communication security of the second aspect, information transmitted between authorized computing devices is encrypted. In a typical encryption method, the information sender and receiver first agree on an information-encoding scheme. Encoding schemes are often based on secret security keys, but are not always shared between sender and receiver. The secret security key may be based on the same communication password used for authentication. The sender encrypts the information using the agreed encoding scheme, and then sends the encrypted information to the receiver. Upon receipt, the receiver decrypts the information using the agreed encoding scheme. Encrypted information can still be eavesdropped, but the eavesdropper cannot get the original information without knowing the security key.
    [18] However, authentication and encryption do not always provide sufficient protection. For example, encrypted information is still subject to a number of attacks, including statistical attacks. In a statistical attack, the eavesdropper analyzes a set of encrypted messages to extract patterns related to security schemes agreed by the sender and receiver. From the patterns, the eavesdropper can find out the security keys underlying the agreed security scheme and use them to decrypt the encrypted information.
    [19] Because of the statistical nature of this attack method, its accuracy improves as the number of analyzed messages increases. Therefore, one way to thwart statistical attacks is to limit the amount of information sent using any given security scheme. To do this, the security key underlying the agreed security scheme may be changed frequently. The mutual authentication process changes the security key used by the authentication client and the authentication server. However, authentication does not change the fact that the new security key is still based on an unchanged communication password. Over time, the password may be compromised, so it must also be changed frequently. This is not as simple as it first appeared. To be useful, a new password (or information derived from it) needs to be made available to both the authentication client and the authentication server. It is not very secure to simply set a new password on the authentication client and then send it to the authentication server via the communication link. The "out-of-band" methods of sending a new password (methods that do not use a computer communication link) are fairly secure, but especially if the authentication server is remote from the authentication client. Cumbersome, they can interfere with frequent password changes.
    [20] What is needed is an unobtrusive way for the authentication client and the authentication server to realize the new communication password without explicitly sending the new password over the communication link.
    [21] In view of the above description, the present invention discloses a method for an authentication client authenticated by an authentication server to further enhance the effect of the authentication to realize a new communication password. The authentication server requests the authentication client to realize the new password. The authentication client gets a new password from that user. From the new password and from the information provided by the authentication server, the authentication client derives the "password verifier". At this time, the password verifier is shared with the authentication server. During the process of realizing a new password, the communication between the authentication client and the authentication server is secured using a security key derived from the previous password. The new password itself is never sent to the authentication server, and it is basically impossible to derive a new password from the password verifier. For future reauthentication, the knowledge of the authentication server about the password verifier and the authentication client's knowledge of the new password itself are substituted for the certificate.
    [22] The authentication client and the authentication server side by side derive a new set of security keys from the knowledge of their respective certificates. The new security key is used for authentication and encryption until this process is repeated until a newer set of security keys are derived from the newer password. This process may be repeated as often as desired to limit any given statistical attacker by limiting the amount of data sent using any one particular set of security keys.
    [23] In another aspect of the invention, the authentication server determines when the current communication password should be changed, which determination will probably be based on the passage of time or the amount of data sent using the current password. .
    [1] 1 is a block diagram illustrating an exemplary communication environment having an authentication client, an authentication server, and an eavesdropper.
    [2] 2 is a schematic diagram generally illustrating an exemplary computing system that supports the present invention.
    [3] 3A-3C are data flow diagrams generally illustrating information passed and operations performed when an authentication client and an authentication server mutually authenticate each other and then realize a new communication password in accordance with one embodiment of the present invention.
    [4] 4 is a data structure diagram illustrating possible messages used during the process of realizing a new communication password.
    [5] <Explanation of symbols for the main parts of the drawings>
    [6] 100: network
    [7] 102: authentication client
    [8] 104: access server
    [9] 106: authentication server
    [10] 108: eavesdropper
    [11] 200: processing unit
    [12] 202: memory
    [13] 210: communication channel
    [24] While the appended claims illustrate features of the invention with specificity, the invention and its features and advantages will be best understood from the following detailed description set forth with reference to the accompanying drawings.
    [25] Referring to the drawings, like reference numerals refer to like parts, and the present invention is shown to be realized in a suitable computing environment. The following description is based on the embodiments of the present invention and is not intended to limit the present invention in the context of alternative embodiments which are not expressly described herein.
    [26] In the following description, the invention is described with reference to symbolic representations and acts of operations performed by one or more computing devices, unless indicated otherwise. As such, it will be understood that such acts and operations, which are sometimes referred to as computer running, include the manipulation by a processing unit of a computing device of electrical signals representing data in a structured format. Such manipulation transforms data or maintains them in a location within the memory system of the computing device that reconfigures or otherwise alters the operation of the device in a manner well understood by those skilled in the art. The data structure in which data is maintained is the physical location of memory with certain properties determined by the format of the data. However, while the present invention has been described in the above-described context, it is not limited to those skilled in the art that various operations and operations described below may also be realized in hardware.
    [27] In the network environment 100 of FIG. 1, the authentication client 102 has proved its identity to the authentication server 106 (“authenticating itself”). To do this, the authentication client 102 has proved its identity to the authentication server 106 that it holds security information that is probably only known to the entity that the authentication client 102 claims. This security information is called the "certificate" of the authentication client 102.
    [28] In some circumstances, particularly in a wireless network, authentication client 102 may communicate directly with local access server 104. The access server 104 passes communication between the authentication server 106 and the authentication client 102, which can be remote and may be convenient for several, perhaps hundreds, of the networks 100. Possible presence of access server 104 does not affect the description of the present invention and will not be mentioned again.
    [29] Upon completion of successful authentication, authentication client 102 and authentication server 106 derive a set of security keys that they can use in encrypting and authenticating the messages passed between them. The security key is derived in part from the certificate of the authentication client 102. Encryption and authentication are necessary because all messages passed within the network 100 are intercepted by the invalid eavesdropper 108. The eavesdropper 108 intercepts the messages and applies statistical methods to them to find out the security keys used to protect them. Because of the statistical nature of this attack, its accuracy improves as the number of messages analyzed increases. To thwart this statistical attack, the authentication client 102 and the authentication server 106 must change the security key quickly before interceptor 108 can intercept enough messages to obtain this security key.
    [30] There are known ways to change the security key. For example, during each authentication, "liveness" information such as random values or timestamps are generated. By including liveness information with the certificate in deriving the security key, different sets of security keys are derived for each successful authentication. However, each set of security keys is still derived from the same certificate. If these certificates are compromised, the security key is vulnerable. To prevent this, the certificate should be changed periodically, just as the security key derived from this certificate changes frequently.
    [31] Changing the certificate of the authentication client 102 is not as simple as it first appeared. The certificate may be easily changed on the authentication client 102, but to be useful, the change must be coordinated with the authentication server 106. Otherwise, authentication server 106 will still require proof of knowledge of authentication client 102 regarding the existing certificate. (As described below, the authentication server 106 does not actually need to know the certificates. The authentication server 106 can verify the knowledge of the authentication client 102 about the certificates without knowing these certificates themselves.) Change One simple way to coordinate this is to send the certificate to the authentication server 106 via the communication link. However, this method is not very secure given that there is a possible eavesdropper 108. Other known methods of coordinating changes usually involve "out-of-band" communication (method not using a computer communication link). Although fairly secure, the out-of-band method is too cumbersome, especially if the authentication server 106 is remote from the authentication client 102, which can interfere with frequent changes to the certificate. The present invention provides a secure, yet cumbersome way for the authentication client 102 and the authentication server 106 to coordinate the realization of a new certificate.
    [32] The authentication client 102 of FIG. 1 may be of any architecture. 2 is a block diagram schematically illustrating an exemplary computer system that supports the present invention. The computer system of FIG. 2 is only one example of a suitable environment and is not intended to impose any limitation on the scope or functionality of the invention. The authentication client 102 should not be construed as having any dependencies or requirements with respect to any one or combination of components shown in FIG. 2. The present invention is operable in many other general purpose or dedicated computing environments or configurations. Examples of well known computing systems, environments and configurations suitable for use with the present invention include personal computers, servers, hand-held or laptop devices, microprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics. It includes, but is not limited to, a product, networked PCs, minicomputers, mainframe computers, and distributed computing environments including any of the above systems or devices. In its most basic configuration, authentication client 102 typically includes at least one processing unit 200 and memory 202. Memory 202 may be volatile (such as RAM), nonvolatile (such as ROM or flash memory), or some combination of the two. This most basic configuration is shown by dashed line 204 in FIG. Authentication client 102 may have additional features and functionality. For example, authentication client 102 may include, but is not limited to, additional storage (removable and non-removable) including magnetic and optical disks and tapes. Such additional storage is shown in FIG. 2 as removable storage 206 and non-removable storage 208. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storing information such as computer readable instructions, data structures, program modules, or other data. Include. Memory 202, removable storage 206 and non-removable storage 208 are all examples of computer storage media. Computer storage media store RAM, ROM, EEPROM, flash memory, other memory technologies, CD-ROMs, DVDs, other optical storage devices, magnetic cassettes, magnetic tapes, magnetic disk storage devices, other magnetic storage devices, and other desired information And any other medium that may be used by and accessible by the authentication client 102. Any such computer storage media may be part of the authentication client 102. Authentication client 102 may also include a communication channel 210 that allows the device to communicate with other devices. Communication channel 210 is an example of a communication medium. Communication media typically embody computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier or other transmission mechanism, and include certain information transfer media. The term "modulated data signal" means a signal that has one or more of its own set of characteristics or that is changed in such a manner as to encode information in the signal. For example, but not limited to, communication media includes optical media, wired media such as wired networks and direct wired connections, and wireless media such as acoustic, RF, infrared, and other wireless media. The term "computer readable medium" as used herein includes both storage media and communication media. The authentication client 102 may also have an input device 212 such as a keyboard, mouse, pen, voice-input device, touch-input device, or the like. Output devices 214 such as displays, speakers, and printers may be included. All such devices are well known in the art and need not be elaborated herein.
    [33] The data flow diagrams of FIGS. 3A-3C illustrate exemplary methods of practicing the present invention. Steps 300 to 308 set up the stage. In steps 300 and 302, authentication client 102 and authentication server 106 authenticate each other using known authentication techniques. One example of a suitable authentication technique is to consider the "The SRP Authentication and Key Exchange System" of the IETF Internet Engineering Task Force Request for Comments (RFC) 2945 as used throughout. Although steps 300 and 302 refer to mutual authentication, the description will focus on renewing the certificate used for one-way authentication. In the examples that follow, the focus will be on authenticating the authentication client 102 to the authentication server 106. The method of the present invention is equally applicable to authenticating the authentication server 106 with respect to the authentication client 102, and therefore, the direction of authentication need not be explained any further.
    [34] The certificate used by authentication client 102 in step 300 includes a secret password. The value of that password is probably not stored on the authentication client 102, but is entered by the user of the authentication client 102 along with the username when the user wishes to be authenticated by the authentication server 106. For security, authentication server 106 does not know the value of the secret password. However, the value of the "password verifier" derived from the secret password is known. Authentication server 106 stores the password verifier in association with the username. (Since the password verifier is stored in relation to the username rather than the identifier of the authenticating client 102, it would be more appropriate to say that the username was authenticated than the authenticating client 102 was authenticated. If you go to and use the same username and password, the authentication method will work as before, but for ease of presentation, this description relates to authenticating the authentication client 102 to the authentication server 106. An example of how a password verifier can be derived from a password is described below with respect to step 316 of FIG. 3B. At the point of this description, it is fully understood that derivation is "deterministic" and "cannot be cancelled." Deterministic means that there is no disorder in the derivation itself, i.e., once the input for derivation (which may include a password and other values) is known, the output (password verifier) is fully determined. Derivation cannot be reversed means knowing the output of the derivation cannot determine the input. Even more powerfully, if a party knows the password verifier and all the input for derivation other than the password, that party still cannot determine the password. This characteristic implies that, using the method of the authentication process, only a party that knows the password itself can require that the authentication client 102 be successful. During the authentication process, the authentication server 106 uses its knowledge of the password verifier to test the knowledge of the authentication client 102 about the password.
    [35] Another input for deriving the password verifier from the password is shared between the authentication client 102 and the authentication server 106. Since the knowledge of these other values is insufficient to recreate the password verifier without knowledge of the password itself, these other values may be published before the authentication process begins, or even set as parameters in a public-standard authentication protocol.
    [36] As a result of the authentication process, authentication client 102 in step 304 and authentication server 106 in step 306 derive a set of security keys side by side. The authentication client 102 derives the secret key from the secret password, and the authentication server 106 derives the secret password from the password verifier. The successful authentication process ensures that the security keys derived from the two devices are the same. As an example of how the authentication process can guarantee this and how the security key can be derived, see "The TLS Protocol" of IETF RFC 2246, which is used herein in its entirety.
    [37] Derivation of the security key also involves liveness information shared between the authentication client 102 and the authentication server 106. The use of shared liveness information in derivation causes the security key to be different each time the authentication client 102 authenticates itself to the authentication server 106. Otherwise, authentication client 102 will use the same security key after all authentication. Knowing this, the eavesdropper 108 will resume a statistical attack each time the authentication client 102 is authenticated, adding the newly intercepted message to the analysis of the intercepted message during the previous session of the authentication client 102.
    [38] The set of security keys usually includes an encryption key (which can be shared or a pair of one-way keys) and an authentication key. Once the key is derived by the authentication client 102 and the authentication server 106, these two devices can use the key at step 308 to protect their communication. An example of the use of a security key is described below with reference to steps 312 and 318 of FIG. 3B. Of course, as the authentication client 102 and the authentication server 106 begin to communicate using the security key in step 308, the eavesdropper 108 also begins to intercept that communication to find the security key to perform a statistical attack. You can also get it.
    [39] In step 310, the authentication server 106 determines to realize a new secret password. The reasons behind such a determination may typically include the amount of time the current password is being used, the amount of information sent under the current password, and the inherent security of the network 100. Wireless networks are usually exposed to eavesdropping, so passwords used on these networks must be changed periodically. In some cases, upon determining that the password of authentication client 102 should be changed, authentication server 106 sends a request to that effect in step 312. Want to know that "request" is usually a related euphemism; If the authentication client 102 does not respond to its password change, the authentication server 106 will probably disable the current password, preventing the authentication client 102 from authenticating itself.
    [40] As described above in connection with the authentication process of steps 300 and 302, the process of deriving a new password verifier may have input other than the new password itself. Authentication server 106 may be selected to send new values for these other inputs along with the change password request. This is not strictly necessary as the new password verifier can be derived from the new password and from the same value of the other inputs used at the last time the password was changed. However, security is augmented by also changing at least some of these inputs. Specific example inputs (prime modulus, generator, and salt) listed in step 312 are described below in connection with step 316. For additional security, these values may be encrypted using the security key derived in step 306. If the change password request includes any of these other inputs, a Message Authentication Code (MAC) may also be sent covering the new inputs. The MAC is a hash of inputs that cannot be reversed and is available by the authentication client 102 to verify that the contents of the change password request have been received from the authentication server 106 in a modified manner. One example of a method of generating a MAC can be found in "Keyed-Hashing for Message Authentication" of IETF RFC 2104, which is used throughout this specification.
    [41] Authentication client 102 receives the change password request with new input values, if any. If there is any new input value, the MAC is verified. If verification fails, the change password request is ignored. Otherwise, the new values are decrypted using the same security key used to encrypt them, and the values are stored for later use. In step 314, the authentication client 102 prompts its user for a new password. For example, step 314 may take the form of a well-known process, where a user must enter an existing password for authentication and then enter a new password twice to confirm. In some embodiments, the new password may be verified against various criteria before it is accepted. These criteria should not be substitutes for the well-known "must be at least 8 characters long", "must contain letters and numbers", "cannot be found in standard dictionaries", "recently used passwords" It may include, "You must not be your spouse's or junior's name."
    [42] If the user creates a new password that has passed all the tests that the authentication client 102 can force, then the authentication client 102 derives a new password verifier from the new password in step 316. As mentioned above, derivation should be deterministic and irreversible. IETF RFC 2945 proposes the following derivation method that fulfills both requirements.
    [43] Password Verifier = G ^ SHA (salt | SHA (username | ":" | password))% P
    [44] From here:
    [45] Secure Hash Algorithm (SHA) is a hash function that is well known in the industry;
    [46] salt is a random value shared with authentication servo 106;
    [47] Is a string concatenation operator;
    [48] username and password are entered by the authentication client 102 user;
    [49] ":" Is a string consisting of colon characters;
    [50] 지수 is an exponential operator;
    [51] % Is the modulo (integer remainder) operator;
    [52] P is the "prime modulus", large shared with the authentication server 106 (512 for security
    [53] Bit) prime number; And
    [54] G is the creator of P shared with authentication server 106, i.e. any natural number A below P
    [55] For, there is another number B, where G ^ B% P = A.
    [56] If the authentication server 106 sends new values for the prime modulus, generator or salt in step 312, these new values are used to derive the password verifier.
    [57] The authentication client 102 obtains a new password verifier, encrypts it with the security key derived in step 306, covers it with a MAC, and sends it to the authentication server 106 in step 318. After the password verifier is successfully sent, its presence on the authentication client 102 may be discarded as it is no longer useful. Authentication server 106 verifies the MAC, decrypts the new password verifier with the same security key used to encrypt it, stores the new password verifier in association with the user name, and any other input for the modified derivation process. Save it in association. In some embodiments, the prime modulus and generator change extremely rarely, but a new salt is created each time a password is changed.
    [58] After a period of time, if authentication server 106 does not receive a response to its change password request, it may resend the request. As described above, after repeated attempts to change the password, authentication server 106 may determine to disable the current password.
    [59] The process of reconciling changes to certificates is complete. For security, authentication client 102 recommends authentication server 106 to immediately use the new certificate by re-authenticating itself in step 320. If the reauthentication is successful, then at steps 324 and 326 along with steps 304 and 306, authentication client 102 and authentication server 106 derive a new set of security keys based on the new certificate, respectively. At step 328, the new security key is used to protect the communication. The new password and the new password verifier are still used as certificates until the authentication server 106 decides to change the password again and returns to step 310.
    [60] The communication protocol used between authentication client 102 and authentication server 106 may determine the actual format used to send information at steps 312 and 318. 4 provides two example data structures of an item 400 for a change password request message and an item 402 for a change password response message. 4 shows only data fields of an example message, the communication protocol used may add headers and trailers to these data fields. These two messages may be implemented, for example, with two new Extensible Authentication Protocol-Secure Remote Password (EAP-SRP) messages. EAP-SRP also defines vendor-specific messages that may be used to convey these data fields. Other communication protocols provide similar conveniences.
    [61] The method of the present invention allows the certificate to be changed without interfering with communication between authentication client 102 and authentication server 106 at all. In addition, the present invention can provide a secure, but not cumbersome way for the authentication client 102 and the authentication server 106 to coordinate the realization of a new certificate.
    [62] In light of the many possible embodiments to which the principles of the invention may be applied, the embodiments described herein in connection with the drawings are merely illustrative and should not be considered as limiting the scope of the invention. Those skilled in the art will appreciate that some implementation details, such as data field size and message format, will be found in a standard that is determined by the protocol chosen for a particular situation. Although the invention has been described in terms of software modules or components, several processes, in particular encryption methods, the invention may be equivalently implemented by hardware components. Therefore, the invention described herein is intended to cover the following claims and their equivalents All examples that can be considered are considered.
    权利要求:
    Claims (53)
    [1" claim-type="Currently amended] It has an authentication client and an authentication server, and the authentication client is authenticated to the authentication server, and the authentication of the authentication client is based on an existing password known to the authentication client, and an existing password verifier known to the authentication server. And, in a computing environment based on a user name, an existing prime modulus, an existing generator of this existing prime modulus, and an existing salt known to both authentication clients and authentication servers, In a method for realizing a new password,
    Requesting, by the authentication server, the authentication client to change its password,
    Making a new salt accessible to the authentication client by the authentication server,
    Requesting and receiving a new password from a user of the authentication client, on the authentication client,
    Computing, on the authenticating client, a new salt and username as input for computing to compute a new password verifier,
    Making a new password verifier accessible to the authentication server by the authentication client, and
    On the authentication server, storing the username, new password verifier and new salt
    Method comprising a.
    [2" claim-type="Currently amended] 2. The method of claim 1, wherein the step of requesting the authentication client to change its password includes sending an Extensible Authentication Protocol-Secure Remote Password (EAP-SRP) Server Change Password (EAP-SRP) message; The step of making the verifier accessible comprises sending an EAP-SRP Client Change Password message.
    [3" claim-type="Currently amended] 2. The method of claim 1 wherein the step of requesting the authentication client to change its password includes sending an EAP-SRP Vendor-Specific Change Password Request message, accessing a new password verifier. Enabling the step comprises sending an EAP-SRP Vendor-Specific Change Password Respond message.
    [4" claim-type="Currently amended] The method of claim 1, wherein the new salt is identical to the existing salt, and wherein the step of making the new salt accessible is performed by the authentication server before the authentication client requests that the authentication client change its password. The method comprising the step of sharing.
    [5" claim-type="Currently amended] 2. The method of claim 1, wherein the new salt is not identical to the existing salt, and the step of making the new salt accessible comprises: sending, by the authentication server: a message to the authentication client containing the new salt; Posting a new salt instead of making it accessible to the authentication server and the authentication client; And using a technique selected from the group consisting of sharing a new salt with the authentication client before requesting the authentication client to change its password.
    [6" claim-type="Currently amended] The method of claim 5, wherein making the new salt accessible
    Computing, by an authentication server, a first MAC covering a new salt, the first MAC based on an authentication-client to authentication-server authentication key derived during authentication of the authentication client;
    Making the first MAC accessible to the authentication client by the authentication server, and
    Computing, on the authentication client, a second MAC covering the new salt, wherein the second MAC is based on authentication-client vs. authentication-server authentication key.
    More,
    Requesting and receiving a new password, and computing, accessing, and storing the new password verifier are executed only if the first MAC matches the second MAC.
    [7" claim-type="Currently amended] 2. The method of claim 1, further comprising passing an existing prime modulus and an existing generator of the existing prime modulus as another input for computing.
    [8" claim-type="Currently amended] 8. The method of claim 7, wherein computing the new password verifier is performed on an authenticating client:
    Assigning the result of executing the hash function to the first intermediate value, wherein the input to the hash function includes a username and a new password;
    Assigning the result of executing the hash function to the second intermediate value, wherein the input to the hash function includes the new salt and the first intermediate value.
    Assigning to the third intermediate value an existing constructor multiplied by the second intermediate value, and
    Assigning, to the new password verifier, a modulo value of the third intermediate value with the existing prime modulus.
    Method comprising a.
    [9" claim-type="Currently amended] The method of claim 1, wherein making the new password verifier accessible:
    Encrypting, on the authenticating client, a new password verifier using an authenticating-server to authenticating-client encryption key derived during authentication of the authenticating client,
    Making the new password verifier encrypted by the authentication client to the authentication server, and
    Decrypting, on the authentication server, the new password verifier encrypted using the authentication-server to authentication client encryption key.
    Method comprising a.
    [10" claim-type="Currently amended] 10. The method of claim 9, wherein making the new password verifier accessible
    Computing, on the authentication client, a first MAC that covers the encrypted new password verifier, wherein the first MAC is based on an authentication-server-to-authentication-client authentication key derived during authentication of the authentication client;
    Making the first MAC accessible to the authentication server by the authentication client, and
    Computing, on an authentication server, a second MAC that covers the encrypted new password verifier, wherein the second MAC is based on authentication-server vs. authentication-client authentication key.
    More,
    Storing the user name, the new password verifier, and the new salt are performed only if the first MAC matches the second MAC.
    [11" claim-type="Currently amended] The method of claim 1,
    On the authentication server, associating a timer with the requesting authentication client to change his password, and
    Upon completion of the timer, if there is no new password verifier made accessible by the authentication client, repeating the request on the authentication server to request that the authentication client change its password.
    Method further comprising a.
    [12" claim-type="Currently amended] 2. The method of claim 1, further comprising the step of authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. And existing prime modulus, an existing creator of this existing prime modulus, and a new salt known to both the authentication client and the authentication server.
    [13" claim-type="Currently amended] 2. The method of claim 1, further comprising accessing, by the authentication server, a new prime modulus and a new creator of the new prime modulus to the authenticating client.
    [14" claim-type="Currently amended] The method of claim 13, wherein accessing the new salt, the new prime modulus, and the new constructor of the new prime modulus is as follows:
    Computing, on an authentication server, a first MAC covering a new salt, a new prime modulus, and a new creator, the first MAC based on an authentication-client to authentication-server authentication key derived during authentication of the authentication client.
    Making the first MAC accessible to the authentication client by the authentication server, and
    Computing, on the authentication client, a second MAC covering a new salt, a new prime modulus, and a new generator, wherein the second MAC is based on authentication-client to authentication-server authentication key.
    Including,
    Requesting and receiving a new password, and computing, accessing, and storing the new password verifier are performed only if the first MAC matches the second MAC.
    [15" claim-type="Currently amended] 14. The method of claim 13, further comprising passing a new prime modulus and a new generator as another input for computing.
    [16" claim-type="Currently amended] 16. The method of claim 15, wherein computing the new password verifier is performed on an authenticating client:
    Assigning the result of executing the hash function to the first intermediate value, wherein the input to the hash function includes a username and a new password;
    Assigning the result of executing the hash function to the second intermediate value, wherein the input to the hash function includes the new salt and the first intermediate value.
    Assigning to the third intermediate value a new constructor multiplied by the second intermediate value, and
    Assigning, to the new password verifier, a modulated value of the third intermediate value with the new prime modulus.
    Method comprising a.
    [17" claim-type="Currently amended] 14. The method of claim 13, further comprising the step of authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. A new prime modulus, a new creator of this new prime modulus, and a new salt known to both the authentication client and the authentication server.
    [18" claim-type="Currently amended] Instructions for executing a method of realizing a new password, wherein the authentication client is authenticated to the authentication server, and the authentication client's authentication is to an existing password known to the authentication client, to the authentication server. A computer-readable medium based on an existing password verifier and based on an existing salt known to a user name, an existing prime modulus, an existing creator of this existing prime modulus, and both an authentication client and an authentication server. silver,
    Requesting, by the authentication server, the authentication client to change its password,
    Making a new salt accessible to the authentication client by the authentication server,
    Requesting and receiving a new password from a user of the authentication client, on the authentication client,
    On the authenticating client. Passing the new salt and username as input for computing, computing the new password verifier,
    Making a new password verifier accessible to the authentication server by the authentication client, and
    Storing the username, new password verifier, and new salt on the authentication server
    Computer-readable medium comprising a.
    [19" claim-type="Currently amended] It has an authentication client and an authentication server, and the authentication client is authenticated to the authentication server, and the authentication of the authentication client is based on the existing password known to the authentication client, the existing password verifier known to the authentication server, and the user name, In a computing environment based on an existing prime modulus, an existing creator of this existing prime modulus, and an existing salt known to both the authentication client and the authentication server, the method for the authentication server to cause the authentication client to realize a new password. ,
    Requesting the authentication client to change his password,
    Making the new salt accessible to the authenticating client,
    Receiving a new password verifier from the authenticating client, and
    Saving the username, new password verifier, and new salt
    Method comprising a.
    [20" claim-type="Currently amended] 20. The method of claim 19, wherein requesting the authentication client to change its password includes sending an EAP-SRP Server Change Password message, and receiving the new password verifier from the authentication client comprises: EAP-SRP Client Receiving a change password message.
    [21" claim-type="Currently amended] 20. The method of claim 19, wherein requesting the authentication client to change its password includes sending an EAP-SRP Vendor-Specific Change Password Request message, and wherein receiving the new password verifier from the authentication client comprises: EAP. Receiving an SRP vendor-specific change password response message.
    [22" claim-type="Currently amended] 20. The method of claim 19, wherein the new salt is identical to the existing salt, and the step of making the new client accessible to the authenticating client comprises sharing the new salt with the authenticating client before requesting the authenticating client to change its password. Method comprising a.
    [23" claim-type="Currently amended] 20. The method of claim 19, wherein the new salt is not identical to the existing salt, and the step of making the new salt accessible to the authentication client comprises: sending a message to the authentication client that includes the new salt; Posting a new salt instead of making it accessible to the authentication server and the authentication client; And using a technique selected from the group consisting of sharing a new salt with the authentication client before requesting the authentication client to change its password.
    [24" claim-type="Currently amended] 24. The method of claim 23, wherein making the new client accessible to the authentication salt,
    Computing a MAC covering a new salt, wherein the MAC is based on an authentication-client to authentication-server authentication key derived during authentication of the authentication client; and
    Making the MAC accessible to the authenticating client
    Method further comprising a.
    [25" claim-type="Currently amended] 20. The method of claim 19, wherein receiving a new password verifier from an authentication client comprises:
    Receiving a new encrypted password verifier from the authenticating client, and
    Decrypting the new password verifier encrypted using the authentication-server to authentication-client encryption key derived during authentication of the authentication client.
    Method comprising a.
    [26" claim-type="Currently amended] The method of claim 25, wherein receiving a new password verifier from an authentication client comprises:
    Receiving a MAC from the authenticating client, and
    Computing a MAC covering an encrypted new password verifier, wherein the MAC is based on an authentication-server-to-authentication-client authentication key derived during authentication of the authentication client
    More,
    Storing the user name, the new password verifier, and the new salt are performed only if the received MAC matches the computed MAC.
    [27" claim-type="Currently amended] The method of claim 19,
    Associating a timer with the requesting authentication client to change his password, and
    Upon completion of the timer, repeating the request of the authenticating client to change its password if there is no new password verifier received from the authenticating client.
    Method further comprising a.
    [28" claim-type="Currently amended] 20. The method of claim 19, further comprising the step of authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. And existing prime modulus, an existing creator of this existing prime modulus, and a new salt known to both the authentication client and the authentication server.
    [29" claim-type="Currently amended] 20. The method of claim 19, further comprising making the authentication client accessible to a new prime modulus and a new creator of the new prime modulus.
    [30" claim-type="Currently amended] 30. The method of claim 29, wherein making the new salt, the new prime modulus, and the new constructor of the new prime modulus accessible
    Computing a MAC covering a new salt, a new prime modulus, and a new producer, the MAC being based on an authentication-client to authentication-server authentication key derived during authentication of the authentication client; and
    Making the MAC accessible to the authenticating client
    Method comprising a.
    [31" claim-type="Currently amended] 30. The method of claim 29, further comprising: authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. A new prime modulus, a new creator of this new prime modulus, and a new salt known to both the authentication client and the authentication server.
    [32" claim-type="Currently amended] The authentication server includes instructions for executing a method for causing the authentication client to realize a new password, the authentication client is authenticated to the authentication server, and the authentication client's authentication is based on an existing password known to the authentication client. In a computer-readable medium based on an existing password verifier known to the server, and on a username, an existing prime modulus, an existing creator of this existing prime modulus, and an existing salt known to both the authentication client and the authentication server. , The method,
    Requesting the authentication client to change his password,
    Making the new salt accessible to the authenticating client,
    Receiving a new password verifier from the authenticating client, and
    Saving the username, new password verifier, and new salt
    Computer-readable medium comprising a.
    [33" claim-type="Currently amended] It has an authentication client and an authentication server, and the authentication client is authenticated to the authentication server, and the authentication of the authentication client is based on the existing password known to the authentication client, the existing password verifier known to the authentication server, and the user name, In a computing environment based on an existing prime modulus, an existing creator of this existing prime modulus, and an existing salt known to both authentication clients and authentication servers, a method for an authentication client to realize a new password,
    The authentication client receives a request from the authentication server to change its password,
    Receiving a new salt from the authentication server,
    Requesting and receiving a new password from a user of the authentication client,
    Passing a new salt and username as input for computing, computing a new password verifier, and
    Making the new password verifier accessible to the authentication server
    Method comprising a.
    [34" claim-type="Currently amended] 34. The method of claim 33, wherein the step of receiving a request to change its password by the authentication client comprises receiving an EAP-SRP server change password message, wherein the step of making the authentication server accessible to a new password verifier. And sending an EAP-SRP client change password message.
    [35" claim-type="Currently amended] 34. The method of claim 33, wherein the step of receiving the request to change its password comprises the step of receiving an EAP-SRP vendor-specific change password request message, wherein the authentication client makes the new authentication verifier accessible to the authentication server. And sending an EAP-SRP vendor-specific change password response message.
    [36" claim-type="Currently amended] 34. The method of claim 33, wherein the new salt is the same as the existing salt, and the step of receiving a new salt from the authentication server comprises: sharing the new salt with the authentication server before receiving the request to change its password. And comprising a step.
    [37" claim-type="Currently amended] 34. The method of claim 33, wherein the new salt is not the same as the existing salt, and wherein receiving the new salt from the authentication server comprises: receiving a message from the authentication server containing the new salt; Accessing a new salt instead of making it accessible to the authentication server and the authentication client; And using the technology selected from the group consisting of sharing the new salt with the authentication server prior to receiving a request to change its password.
    [38" claim-type="Currently amended] 38. The method of claim 37, wherein receiving the new salt from the authentication server comprises:
    Receiving a MAC from an authentication server, and
    Computing a MAC covering the new salt, wherein the MAC is based on an authentication-client vs. authentication-server authentication key derived during authentication of the authentication client
    More,
    Computing the new password verifier, and making the new password verifier accessible to the authentication server only if the received MAC matches the computed MAC.
    [39" claim-type="Currently amended] 34. The method of claim 33, further comprising passing an existing prime modulus and an existing generator of the existing prime modulus as another input for computing.
    [40" claim-type="Currently amended] 40. The method of claim 39, wherein computing the new password verifier comprises:
    Assigning the result of executing the hash function to the first intermediate value, wherein the input to the hash function includes a username and a new password;
    Assigning the result of executing the hash function to the second intermediate value, wherein the input to the hash function includes the new salt and the first intermediate value.
    Assigning to the third intermediate value an existing constructor multiplied by the second intermediate value, and
    Assigning, to the new password verifier, a modulated value of the third intermediate value with the existing prime modulus.
    Method comprising a.
    [41" claim-type="Currently amended] 34. The method of claim 33, wherein making the new authentication verifier accessible to the authentication server comprises:
    Encrypting the new password verifier using the authentication-server to authentication-client encryption key derived during authentication of the authentication client, and
    Making the authentication server accessible a new encrypted password verifier
    Method comprising a.
    [42" claim-type="Currently amended] 42. The method of claim 41, wherein making the authentication server accessible to a new password verifier,
    Computing a MAC covering an encrypted new password verifier, wherein the MAC is based on an authentication-server-to-authentication-client authentication key derived during authentication of the authentication client; and
    Making the MAC accessible to the authentication server
    Method further comprising a.
    [43" claim-type="Currently amended] 34. The method of claim 33, further comprising the step of authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. And existing prime modulus, an existing creator of this existing prime modulus, and a new salt known to both the authentication client and the authentication server.
    [44" claim-type="Currently amended] 34. The method of claim 33, further comprising receiving a new prime modulus and a new producer of the new prime modulus from an authentication server.
    [45" claim-type="Currently amended] 45. The method of claim 44, wherein the step of receiving a new salt, a new prime modulus and a new constructor of the new prime modulus from the authentication server,
    Receiving a MAC from an authentication server, and
    Computing a MAC covering a new salt, a new prime modulus, and a new generator, wherein the MAC is based on the authentication-client to authentication-server authentication key derived during authentication of the authentication client.
    Including,
    Computing the new password verifier, and making the new password verifier accessible to the authentication server only if the received MAC matches the computed MAC.
    [46" claim-type="Currently amended] 45. The method of claim 44, further comprising passing a new prime modulus and a new generator as another input for computing.
    [47" claim-type="Currently amended] 47. The method of claim 46, wherein computing the new password verifier comprises:
    Assigning the result of executing the hash function to the first intermediate value, wherein the input to the hash function includes a username and a new password;
    Assigning the result of executing the hash function to the second intermediate value, wherein the input to the hash function includes the new salt and the first intermediate value.
    Assigning to the third intermediate value a new constructor multiplied by the second intermediate value, and
    Assigning, to the new password verifier, a modulated value of the third intermediate value with the new prime modulus.
    Method comprising a.
    [48" claim-type="Currently amended] 45. The method of claim 44, further comprising the step of authenticating the authentication client to the authentication server for a second authentication, wherein the second authentication is to a new password known to the authentication client, to a new password verifier known to the authentication server, and to a username. A new prime modulus, a new creator of this new prime modulus, and a new salt known to both the authentication client and the authentication server.
    [49" claim-type="Currently amended] Contains instructions for executing a method by which an authentication client realizes a new password, wherein the authentication client is authenticated to the authentication server, and the authentication client's authentication is to an existing password known to the authentication client and to an existing server known to the authentication server. A computer-readable medium based on a password verifier of and based on a user name, an existing prime modulus, an existing creator of this existing prime modulus, and an existing salt known to both the authentication client and the authentication server. ,
    Receiving, from the authentication server, the authentication client a request to change its password,
    Receiving a new salt from the authentication server,
    Requesting and receiving a new password from a user of the authentication client,
    Passing a new salt and username as input for computing, computing a new password verifier, and
    Making the new password verifier accessible to the authentication server
    Computer-readable medium comprising a.
    [50" claim-type="Currently amended] A computer readable medium having a change password request data structure stored thereon, wherein the change password request data structure includes:
    A first data field containing data representing a salt,
    A second data field containing data representing one prime modulus,
    A third data field containing data representing a constructor of prime modulus, and
    Fourth data field containing data representing MAC covering salt, prime modulus and generator
    And a computer readable medium.
    [51" claim-type="Currently amended] 51. The computer of claim 50, wherein the salt, prime modulus, generator, and MAC are formatted as parts of a message selected from the group consisting of an EAP-SRP Server Change Password message and an EAP-SRP Vendor-Specific Change Password Request message. Readable Media.
    [52" claim-type="Currently amended] A computer readable medium having a change password response data structure stored thereon, wherein the change password response data structure includes:
    A first data field containing data representing a password verifier, and
    A second data field containing data representing a MAC covering the password verifier
    And a computer readable medium.
    [53" claim-type="Currently amended] 53. The computer readable medium of claim 52, wherein the password verifier and MAC are formatted as portions of a message selected from the group consisting of an EAP-SRP Client Change Password Message and an EAP-SRP Vendor-Specific Change Password Response Message.
    类似技术:
    公开号 | 公开日 | 专利标题
    US9935954B2|2018-04-03|System and method for securing machine-to-machine communications
    US20190089527A1|2019-03-21|System and method of enforcing a computer policy
    US10652015B2|2020-05-12|Confidential communication management
    EP3349393A1|2018-07-18|Mutual authentication of confidential communication
    US9330245B2|2016-05-03|Cloud-based data backup and sync with secure local storage of access keys
    US8904180B2|2014-12-02|Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
    US8800018B2|2014-08-05|Method and system for verifying user instructions
    US8340287B2|2012-12-25|Securing multifactor split key asymmetric crypto keys
    US7673142B2|2010-03-02|Efficient method for providing secure remote access
    US8078874B2|2011-12-13|Method and apparatus for transmitting data using authentication
    US5666415A|1997-09-09|Method and apparatus for cryptographic authentication
    US20160119291A1|2016-04-28|Secure communication channel with token renewal mechanism
    US6314521B1|2001-11-06|Secure configuration of a digital certificate for a printer or other network device
    US7769997B2|2010-08-03|System, method and computer program product for guaranteeing electronic transactions
    US8302170B2|2012-10-30|Method for enhancing network application security
    US7975139B2|2011-07-05|Use and generation of a session key in a secure socket layer connection
    US7895436B2|2011-02-22|Authentication system and remotely-distributed storage system
    US6874089B2|2005-03-29|System, method and computer program product for guaranteeing electronic transactions
    AU2003202511B2|2010-01-28|Methods for authenticating potential members invited to join a group
    US7055032B2|2006-05-30|One time password entry to access multiple network sites
    US8719952B1|2014-05-06|Systems and methods using passwords for secure storage of private keys on mobile devices
    US6535980B1|2003-03-18|Keyless encryption of messages using challenge response
    US6959394B1|2005-10-25|Splitting knowledge of a password
    US8407475B2|2013-03-26|Augmented single factor split key asymmetric cryptography-key generation and distributor
    US7424615B1|2008-09-09|Mutually authenticated secure key exchange |
    同族专利:
    公开号 | 公开日
    AU2003203712A1|2003-11-20|
    MY130400A|2007-06-29|
    US20030204724A1|2003-10-30|
    JP2004030611A|2004-01-29|
    TW200402981A|2004-02-16|
    NO20031913D0|2003-04-29|
    TWI288552B|2007-10-11|
    EP1359491A8|2004-07-21|
    ES2250771T3|2006-04-16|
    CA2424833A1|2003-10-30|
    BR0301154A|2004-08-17|
    EP1359491A1|2003-11-05|
    MXPA03003710A|2005-04-11|
    EP1359491B1|2005-11-16|
    PL359840A1|2003-11-03|
    DE60302276D1|2005-12-22|
    AU2003203712B2|2008-06-05|
    CN100388244C|2008-05-14|
    AT310272T|2005-12-15|
    DE60302276T2|2006-06-08|
    HK1062052A1|2006-05-19|
    CN1455341A|2003-11-12|
    NO20031913L|2003-10-31|
    RU2307391C2|2007-09-27|
    KR100979576B1|2010-09-01|
    ZA200302773B|2003-10-14|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2002-04-30|Priority to US10/135,043
    2002-04-30|Priority to US10/135,043
    2003-04-29|Application filed by 마이크로소프트 코포레이션
    2003-11-05|Publication of KR20030085512A
    2010-09-01|Application granted
    2010-09-01|Publication of KR100979576B1
    优先权:
    申请号 | 申请日 | 专利标题
    US10/135,043|US20030204724A1|2002-04-30|2002-04-30|Methods for remotely changing a communications password|
    US10/135,043|2002-04-30|
    [返回顶部]