Method and apparatus for authenticating users of a communication system to each other

Assignee

• International Business Machines Corporation · US

Inventors

• Amir Herzberg · Ramat Gan, IL
• Shay Kutten · Rockaway, US
• Marcel Mordechay Yung · New York, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/08
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.