 |
|
|
|
|
|
 Title: |
US6377691:
Challenge-response authentication and key exchange for a connectionless security protocol
[ Derwent Title ]
|
| Country: |
US United States of America
|
| |
| Inventor: |
Swift, Michael M.; Seattle, WA
Shah, Bharat; Newcastle, WA
|
| Assignee: |
Microsoft Corporation, Redmond, WA
other patents from MICROSOFT CORPORATION (373780) (approx. 3,197)
News, Profiles, Stocks and More about this company
|
| Published / Filed: |
2002-04-23
/ 1996-12-09
|
| Application Number: |
US1996000762166
|
| IPC Code: |
Advanced:
H04L 29/06;
Core:
more...
IPC-7:
H04L 9/00;
|
| ECLA Code: |
H04L29/06S8G; H04L29/06S4; H04L29/06S8A; H04L29/06S12;
|
| U.S. Class: |
380/277;
|
| Field of Search: |
380/021,23,25,49,280,277,247,270
395/200.59,187,186,188.01,684,187.01
713/171,155,168,170
|
| Priority Number: |
| 1996-12-09 |
US1996000762166 |
|
| Abstract: |
The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component. The challenge contains a unique identifier generated by the server C-R component. The client C-R component responds to the challenge by sending a challenge response and the session key. The challenge response is the unique identifier contained within the challenge encrypted with the password of the user of the client computer. The session key is also encrypted using this password. Upon receiving the challenge response, the server C-R component uses its copy of the client's password to create its own version of the challenge response and compares it to the version received from the client C-R component. If the two versions of the challenge response are identical, the identity of the user of the client computer has been verified. If the two versions are not identical, an attempted unauthorized access has been detected. After verification, the server C-R component extracts the session key, decrypts the message, and invokes the requested procedure of the server program. Subsequently, the server C-R component will send and receive encrypted messages from the client C-R component, thereby facilitating a remote procedure call.
|
| Attorney, Agent or Firm: |
Klarquist Sparkman, LLP ;
|
| Primary / Asst. Examiners: |
Hayes, Gail; Seal, James
|
| INPADOC Legal Status: |
Show legal status actions
|
| Family: |
None
|
First Claim:
Show all 28 claims |
What is claimed is:
1. A method in a data processing system for a client protocol component and a server protocol component to facilitate secure communication according to a protocol that allows the server protocol component to release security state information that the client protocol component retains, the client protocol component and the server protocol component being interconnected by a network and communicating over the network, the method comprising:
- the client protocol component receiving a request for invoking a function of a server computer program from a client computer program, encrypting the request using a key and sending the encrypted request to a server computer via the network;
- the server protocol component receiving the encrypted request;
- when the server protocol component possesses the key, the server protocol component decrypting the encrypted request using the key; and
- when the server protocol component lacks the key after selectively releasing security state information including the key,
- the server protocol component sending a challenge to the client protocol component;
- the client protocol component receiving the challenge, encoding the challenge and the key, and sending the encoded challenge and the encoded key to the server protocol component; and
- the server protocol component receiving the encoded challenge and the encoded key, decoding the encoded challenge and the encoded key, and decrypting the encrypted request using the decoded key.
|
| Background / Summary: |
Show background / summary
|
| Drawing Descriptions: |
Show drawing descriptions
|
| Description: |
Show description
|
| Forward References: |
Show 27 U.S. patent(s) that reference this one
|
|
|
|
|
|
|
| Foreign References: |
None
|
| Other References: |
Lloyd, B. and W. Simpson Network Working Group. [PPP Authentication Protocols] 1992 Oct.; <RFC: ftp://ftp.isi.edu/in-notes/rfc1334.txt>. [Accessed Aug. 16, 1999].
Simpson, W. Network Working Group. [PPP Challenge Handshake Authentication Protocol (CHAP)] 1996 Aug.; <RFC: ftp://ftp.isi.edu/in-notes/rfc1994.txt>. [Accessed Aug. 16, 1999].
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, Inc., New York, pp. 219-243, 1994.
Neuman, B. Clifford and Theodore Ts'o, "Kerberos: An Authentication Service for Computer Networks," USC/ISI Technical Report No. ISI/RS-94-399, reprinted from IEEE Communications Magazine, vol. 32, No. 9, pp. 33-38, 1994.
(6 pages)
Cited by 44 patents
[ISI abstract]
|
|
 Nominate this for the Gallery...
|
|
