System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens

Assignee

• Digital Equipment Corporation, Patent Law Group · US

Inventors

• Charles W. Kaufman · Northborough, US
• Radia J. Pearlman · Acton, US
• Morrie Gasser · Hopkinton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2151
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected chall…