GB2281991A - Authentication - Google Patents
Authentication Download PDFInfo
- Publication number
- GB2281991A GB2281991A GB9318823A GB9318823A GB2281991A GB 2281991 A GB2281991 A GB 2281991A GB 9318823 A GB9318823 A GB 9318823A GB 9318823 A GB9318823 A GB 9318823A GB 2281991 A GB2281991 A GB 2281991A
- Authority
- GB
- United Kingdom
- Prior art keywords
- response
- challenge
- party
- authentication
- parties
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
A method of and system for authentication between two parties. A challenge is transmitted between the two parties and to achieve authentication the response to the challenge must be both correct and received within a predetermined time interval.
Description
AUTHENTICATION
This invention relates to authentication methods and systems.
In many information systems, for example, the basis for ensuring security is an authentication process, involving computers and software as well as use of a user ID (identification). In dependence on the actual area of application, there are many ways to achieve this authentication. It is necessary to have efficient methods for authentication both between different computers and at the interface between computers and people using them. Often this means some kind of mutual authentication ie from both or all participants. In many cases methods of encryption/coding are used for authentication or for protecting the authentication procedure itself. An example of an authentication procedure is given in WO 92127958A in which computer network terminals are interfaced to a communications medium via respective user-side terminators. The processors of a computer node are interfaced to the medium via a computer-side terminator. Sensitive data can be sent over the medium using end-to-end encryption. The identity of a user is verified by authentication apparatus which accepts a personal user token holding a countersign, and by a password.
When a user logs off, countersign generating apparatus at the computer node writes a new countersign at the token. This provides a secure interface and allows a user and the computer to authenticate each other.
According to one aspect of the present invention there is provided a method of authentication between two parties including the steps of transmitting a challenge between the two parties, and verifying that a response to the challenge is correct and received within a predetermined time interval.
According to another aspect of the present invention there is provided a method of authentication between first and second parties, including the steps of transmitting a challenge from the first party to the second party for the second party to transmit a response to the first party, transmitting the response from the second party to the first party, verifying that the response received by the first party is correct, and verifying that the correct response is received within a predetermined time interval following the transmission of the challenge.
According to a further aspect of the present invention there is provided a system for authentication between two parties including means for transmitting a challenge between the two parties, and means for verifying that a response to the challenge is correct and received within a predetermined time interval.
Embodiments of the invention will now be described with reference to the accompanying drawings, in which:
Figure 1 is a block circuit diagram of an example configuration of hardware;
Figure 2 illustrates the messaging between the processors of
Figure 1 for one embodiment and
Figure 3 illustrates the messaging between the processors for another embodiment.
The authentication procedure between the parties according to invention basically comprises the issuance of a "challenge" by one of two parties and the issuance of a predetermined response by the other party within a certain time limit. The challenge and the response can take various forms. For example, the challenge may simply be a request for the other party to send a pre-agreed password to the one party. The challenge could alternatively be the sending of a numerical value which the other party has to operate on in a pre-agreed manner before returning an appropriate response. For example, the operation may comprise returning a value which is a cryptographic function of the received numerical value.
There are many possibilities. The basic feature of authentication process is, however, that upon issuance of a challenge the correct response must be received within a predetermined time interval.
In the embodiment illustrated in Figure 1, the two parties to the authentication are processors 1 and 2. There is a reset communication channel between the processors 1 and 2, together with transmit and receive communication channels as illustrated.
Figure 2 illustrates an example of authentication of processor 2 by processor 1, and Figure 3 illustrates an example of authentication of processor 1 by processor 2. For mutual authentication, the messaging of Figure 2 may be directly followed by the messaging of Figure 3.
Alternatively, the specific examples of challenges/responses as illustrated can be varied, without diverging from the basic premise of receiving a predetermined response to a challenge within a predetermined time interval.
Referring firstly to Figure 2, the reset on processor 1 is released and the time is measured. This releases the reset on (challenges) processor 2, which responds by transmitting a password to processor 1. Processor 1 checks the time of arrival of the response (password) and if the password is correct. For an "OK" message to be sent from processor 1 to processor 2 the password must be both correct and received within a predetermined time or time interval. If the password is not correct or it is received outside of the predetermined time, processor 1 is reset.
Referring to Figure 3, processor 2 measures the time and issues a challenge to processor 1. This may be in response to the "OK" message referred to above for mutual authentication, or part of a separate authentication procedure. Processor 1 sends an appropriate response to processor 2, which checks the time of arrival of the response and that the response is in a previously agreed form. If the response and the timing are correct, an "OK" message is transmitted from processor 2 to processor 1. If the response or the timing is incorrect, processor 2 terminates communications between it and processor 1.
The following expresses the basic premise in more general terms and indicates some of the many possible variants.
For authentication between two parties referred to as A and
B, the following expressions are employed:
CV Challenge Value
RV Response Value
SV Secret Value (known to both A and B)
D Date
tR Response time
f() A function of some kind eg mathematic,
cryptographic etc (known to both A and B).
A sends a challenge to B in the form of
(a) Hardware signal(s)
(b) Question
(c) CV
or a combination of them.
B responds with
(a) Hardware signal(s)
(b) RV
within the time tR.
B regards A as authentic if RV is correct and
FP(x) < = tR < = FQ(y) where FP = FQB or FP < > FQ and F = (a) a constant eg SV, or
(b) function f x, y may be: (a) CV
(b) RV
(c) D
(d) SV
or a combination of them.
RV is (a) f(z), where z is CV, SV, D or a combination them
(b) a hardware signal(s)
or a combination of (a) and (b)
From the above it will be appreciated that for example, the response value may be a function of a translated challenge ie the challenge as translated by the receiving party, and that the response time may be a function of the response value in conjunction with date information.
Claims (11)
1. A method of authentication between two parties including
the steps of transmitting a challenge between the two
parties, and verifying that a response to the challenge
is correct and received within a predetermined time
interval.
2. A method as claimed in Claim 1 wherein the response is a
password and the predetermined time interval commences
from the transmission of the challenge.
3. A method as claimed in Claim 1 wherein the two parties
are two processors and the challenge is comprised by a
release reset message transmitted between them in one
direction, and the response is a password transmitted in
the opposite direction.
4. A method as claimed in Claim 1 wherein the response is a
function of the challenge as translated by the party
receiving it.
5. A method as claimed in Claim 1 wherein the predetermined
time interval is a response time which is a function of
a response value in conjunction with date information.
6. A method of authentication between first and second
parties, including the steps of transmitting a challenge
from the first party to the second party for the second
party to transmit a response to the first party,
transmitting the response from the second party to the
first party, verifying that the response received by the
first party is correct, and verifying that the correct
response is received within a predetermined time
interval following the transmission of the challenge.
7. A system for authentication between two parties
including means for transmitting a challenge between the
two parties, and means for verifying that a response to
the challenge is correct and received within a
predetermined time interval.
8. A system as claimed in Claim 7 wherein the response is a
password, and wherein the predetermined time interval
commences from the transmission of the challenge.
9. A system as claimed in Claim 7 wherein the two parties
are two processors and the challenge is comprised by a
release reset message transmitted between them in one
direction, and the response is a password transmitted in
the opposite direction.
10. An authentication method substantially as herein
described with reference to and as illustrated in
Figures 1 and 2, Figures 1 and 3, or Figures 1-3 of the
accompanying drawings.
11. An authentication system substantially as herein
described with reference to and as illustrated in
Figures 1 and 2, Figures 1 and 3, or Figures 1-3 of the
accompanying drawings.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9318823A GB2281991A (en) | 1993-09-10 | 1993-09-10 | Authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9318823A GB2281991A (en) | 1993-09-10 | 1993-09-10 | Authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
GB9318823D0 GB9318823D0 (en) | 1993-10-27 |
GB2281991A true GB2281991A (en) | 1995-03-22 |
Family
ID=10741832
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9318823A Withdrawn GB2281991A (en) | 1993-09-10 | 1993-09-10 | Authentication |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2281991A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002025865A1 (en) * | 2000-09-19 | 2002-03-28 | Soft Tracks Enterprises Ltd. | Verification protocol for a point of sale merchandising system |
GB2375846A (en) * | 2001-05-10 | 2002-11-27 | Christopher Howard Cook | Computer processing of electronic documents |
EP1389750A1 (en) * | 2002-08-13 | 2004-02-18 | Canal + Technologies | Hard disk security |
US6871286B1 (en) * | 1999-07-29 | 2005-03-22 | Hewlett-Packard Development Company, L.P. | Method and apparatus for resetting passwords in a computer system |
FR2862397A1 (en) * | 2003-11-13 | 2005-05-20 | St Microelectronics Sa | Electronic apparatus booting method, involves extending secure domain to application processor, when application and boot-strap processors are authenticated, and booting operating system of processors to store data in protected part of RAM |
DE102005016381A1 (en) * | 2005-03-01 | 2006-09-14 | Wincor Nixdorf International Gmbh | Method for secure function release of modules |
US8930695B2 (en) | 2002-12-26 | 2015-01-06 | Sony Corporation | Telecommunications apparatus and method, storage medium, and program |
US9298901B1 (en) | 2014-10-08 | 2016-03-29 | International Business Machines Corporation | Credential validation using multiple computing devices |
US9529986B2 (en) | 2014-10-08 | 2016-12-27 | International Business Machines Corporation | Utilizing multiple computing devices to verify identity |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB1604568A (en) * | 1977-09-01 | 1981-12-09 | Ato Inc | Security system having circuit for controlling automatic off-line operation of an on-line card reader |
EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
GB2242769A (en) * | 1990-04-02 | 1991-10-09 | Brandsystem Ltd | Credit and bank cards |
WO1992004671A1 (en) * | 1990-08-29 | 1992-03-19 | Hughes Aircraft Company | Distributed user authentication protocol |
GB2253291A (en) * | 1991-02-26 | 1992-09-02 | Kevin Bell | Signalling apparatus |
-
1993
- 1993-09-10 GB GB9318823A patent/GB2281991A/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB1604568A (en) * | 1977-09-01 | 1981-12-09 | Ato Inc | Security system having circuit for controlling automatic off-line operation of an on-line card reader |
EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
GB2242769A (en) * | 1990-04-02 | 1991-10-09 | Brandsystem Ltd | Credit and bank cards |
WO1992004671A1 (en) * | 1990-08-29 | 1992-03-19 | Hughes Aircraft Company | Distributed user authentication protocol |
GB2253291A (en) * | 1991-02-26 | 1992-09-02 | Kevin Bell | Signalling apparatus |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6871286B1 (en) * | 1999-07-29 | 2005-03-22 | Hewlett-Packard Development Company, L.P. | Method and apparatus for resetting passwords in a computer system |
WO2002025865A1 (en) * | 2000-09-19 | 2002-03-28 | Soft Tracks Enterprises Ltd. | Verification protocol for a point of sale merchandising system |
GB2375846A (en) * | 2001-05-10 | 2002-11-27 | Christopher Howard Cook | Computer processing of electronic documents |
GB2375846B (en) * | 2001-05-10 | 2004-11-24 | Christopher Howard Cook | Computer processing of electronic documents |
EP1389750A1 (en) * | 2002-08-13 | 2004-02-18 | Canal + Technologies | Hard disk security |
US8930695B2 (en) | 2002-12-26 | 2015-01-06 | Sony Corporation | Telecommunications apparatus and method, storage medium, and program |
EP2575293B1 (en) * | 2002-12-26 | 2016-08-10 | Sony Corporation | Telecommunications Apparatus and Method, Storage Medium, and Program |
US9594882B2 (en) | 2002-12-26 | 2017-03-14 | Sony Corporation | Telecommunications apparatus and method, storage medium, and program |
WO2005050442A1 (en) * | 2003-11-13 | 2005-06-02 | Stmicroelectronics Sa | Secured start-up of an electronic device having an smp architecture |
US7624261B2 (en) | 2003-11-13 | 2009-11-24 | Stmicroelectronics S.A. | Secure booting of an electronic apparatus with SMP architecture |
FR2862397A1 (en) * | 2003-11-13 | 2005-05-20 | St Microelectronics Sa | Electronic apparatus booting method, involves extending secure domain to application processor, when application and boot-strap processors are authenticated, and booting operating system of processors to store data in protected part of RAM |
DE102005016381A1 (en) * | 2005-03-01 | 2006-09-14 | Wincor Nixdorf International Gmbh | Method for secure function release of modules |
US9298901B1 (en) | 2014-10-08 | 2016-03-29 | International Business Machines Corporation | Credential validation using multiple computing devices |
US9529986B2 (en) | 2014-10-08 | 2016-12-27 | International Business Machines Corporation | Utilizing multiple computing devices to verify identity |
US9608977B2 (en) | 2014-10-08 | 2017-03-28 | International Business Machines Corporation | Credential validation using multiple computing devices |
Also Published As
Publication number | Publication date |
---|---|
GB9318823D0 (en) | 1993-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4689815B2 (en) | Data authentication method, message transmission method, and distributed system | |
CN103354543B (en) | Determine that destination node is for the method for the propinquity of source node and corresponding node | |
AU2002246210B2 (en) | Cryptographic authentication with ephemeral modules | |
EP0402083B1 (en) | Teleconferencing method for a secure key management system | |
CA2280869A1 (en) | System for providing secure remote command execution network | |
US6141758A (en) | Method and system for maintaining client server security associations in a distributed computing system | |
CN100499641C (en) | System and method for implementing an enhanced transport layer security protocol | |
EP0656708A1 (en) | System and method for the transmission and validation of an updated encryption key between two users | |
JP4564167B2 (en) | One-way authentication communication system | |
WO2000021242A3 (en) | Adaptive communication system enabling dissimilar devices to exchange information over a network | |
WO2002013444A3 (en) | Trusted authentication digital signature (tads) system | |
KR19990076694A (en) | Secure channel construction system and method | |
JP2002026899A (en) | Verification system for ad hoc wireless communication | |
GB2281991A (en) | Authentication | |
EP0225010A1 (en) | A terminal for a system requiring secure access | |
FI964926A0 (en) | Verification of the correctness of the parties to the data transmission in the telecommunications network | |
Michalakis | Location-aware access control for pervasive computing environments | |
DE60224391D1 (en) | Secure access to a subscriber module | |
JPS6248424B2 (en) | ||
US20010048747A1 (en) | Method and device for implementing secured data transmission in a networked environment | |
JP2001222219A (en) | Network communication recording system and device | |
CN100514904C (en) | Safety communication mode method for automatically entering wireless communication terminal | |
JPH01194627A (en) | Line data secret holding device | |
CN111935183B (en) | Method and system for credible transfer of user information between non-cooperative bodies of distributed network | |
KR100276696B1 (en) | Authentication and Secret Exchange Method for Secret Communication in Permanent Virtual Circuit Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |