Distributed user authentication protocol

Assignee

• Hughes Aircraft Company · US

Inventor

• Kenneth Kung · Hong Kong, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2103
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A distributed authentication system that prevents unauthorized access to any computer system in a distributed environment. Authentication using the present invention involves three distinct phases. In the first phase, user passwords are generated by the computer system and encrypted on a coded card together with a message authentication code to prevent alterations prior to any access attempts. These are complex and impersonal enough not to be easily guessed. This coded card must be used whenever requesting access to the system. Second, in addition to supplying a password, the user is required to correctly respond to a set of randomly selected authentication challenges when requesting access. The correct responses may vary between the right response, a wrong response or no response depending on some predetermined variable, e.g., the day of the week or hour of the day. The dual randomness thus introduced significantly reduces the usefulness of observed logon information. Third, at random times during the session, the user is required again to respond to selected authentication challenges. This detects piggybacking attempts. Since authentication depends on the correctness of the entir…