GB2281991A - Authentication - Google Patents

Authentication Download PDF

Info

Publication number
GB2281991A
GB2281991A GB9318823A GB9318823A GB2281991A GB 2281991 A GB2281991 A GB 2281991A GB 9318823 A GB9318823 A GB 9318823A GB 9318823 A GB9318823 A GB 9318823A GB 2281991 A GB2281991 A GB 2281991A
Authority
GB
United Kingdom
Prior art keywords
response
challenge
party
authentication
parties
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9318823A
Other versions
GB9318823D0 (en
Inventor
Ulf Erik Andersson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ICL System AB
Original Assignee
ICL System AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ICL System AB filed Critical ICL System AB
Priority to GB9318823A priority Critical patent/GB2281991A/en
Publication of GB9318823D0 publication Critical patent/GB9318823D0/en
Publication of GB2281991A publication Critical patent/GB2281991A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method of and system for authentication between two parties. A challenge is transmitted between the two parties and to achieve authentication the response to the challenge must be both correct and received within a predetermined time interval.

Description

AUTHENTICATION This invention relates to authentication methods and systems.
In many information systems, for example, the basis for ensuring security is an authentication process, involving computers and software as well as use of a user ID (identification). In dependence on the actual area of application, there are many ways to achieve this authentication. It is necessary to have efficient methods for authentication both between different computers and at the interface between computers and people using them. Often this means some kind of mutual authentication ie from both or all participants. In many cases methods of encryption/coding are used for authentication or for protecting the authentication procedure itself. An example of an authentication procedure is given in WO 92127958A in which computer network terminals are interfaced to a communications medium via respective user-side terminators. The processors of a computer node are interfaced to the medium via a computer-side terminator. Sensitive data can be sent over the medium using end-to-end encryption. The identity of a user is verified by authentication apparatus which accepts a personal user token holding a countersign, and by a password.
When a user logs off, countersign generating apparatus at the computer node writes a new countersign at the token. This provides a secure interface and allows a user and the computer to authenticate each other.
According to one aspect of the present invention there is provided a method of authentication between two parties including the steps of transmitting a challenge between the two parties, and verifying that a response to the challenge is correct and received within a predetermined time interval.
According to another aspect of the present invention there is provided a method of authentication between first and second parties, including the steps of transmitting a challenge from the first party to the second party for the second party to transmit a response to the first party, transmitting the response from the second party to the first party, verifying that the response received by the first party is correct, and verifying that the correct response is received within a predetermined time interval following the transmission of the challenge.
According to a further aspect of the present invention there is provided a system for authentication between two parties including means for transmitting a challenge between the two parties, and means for verifying that a response to the challenge is correct and received within a predetermined time interval.
Embodiments of the invention will now be described with reference to the accompanying drawings, in which: Figure 1 is a block circuit diagram of an example configuration of hardware; Figure 2 illustrates the messaging between the processors of Figure 1 for one embodiment and Figure 3 illustrates the messaging between the processors for another embodiment.
The authentication procedure between the parties according to invention basically comprises the issuance of a "challenge" by one of two parties and the issuance of a predetermined response by the other party within a certain time limit. The challenge and the response can take various forms. For example, the challenge may simply be a request for the other party to send a pre-agreed password to the one party. The challenge could alternatively be the sending of a numerical value which the other party has to operate on in a pre-agreed manner before returning an appropriate response. For example, the operation may comprise returning a value which is a cryptographic function of the received numerical value.
There are many possibilities. The basic feature of authentication process is, however, that upon issuance of a challenge the correct response must be received within a predetermined time interval.
In the embodiment illustrated in Figure 1, the two parties to the authentication are processors 1 and 2. There is a reset communication channel between the processors 1 and 2, together with transmit and receive communication channels as illustrated.
Figure 2 illustrates an example of authentication of processor 2 by processor 1, and Figure 3 illustrates an example of authentication of processor 1 by processor 2. For mutual authentication, the messaging of Figure 2 may be directly followed by the messaging of Figure 3.
Alternatively, the specific examples of challenges/responses as illustrated can be varied, without diverging from the basic premise of receiving a predetermined response to a challenge within a predetermined time interval.
Referring firstly to Figure 2, the reset on processor 1 is released and the time is measured. This releases the reset on (challenges) processor 2, which responds by transmitting a password to processor 1. Processor 1 checks the time of arrival of the response (password) and if the password is correct. For an "OK" message to be sent from processor 1 to processor 2 the password must be both correct and received within a predetermined time or time interval. If the password is not correct or it is received outside of the predetermined time, processor 1 is reset.
Referring to Figure 3, processor 2 measures the time and issues a challenge to processor 1. This may be in response to the "OK" message referred to above for mutual authentication, or part of a separate authentication procedure. Processor 1 sends an appropriate response to processor 2, which checks the time of arrival of the response and that the response is in a previously agreed form. If the response and the timing are correct, an "OK" message is transmitted from processor 2 to processor 1. If the response or the timing is incorrect, processor 2 terminates communications between it and processor 1.
The following expresses the basic premise in more general terms and indicates some of the many possible variants.
For authentication between two parties referred to as A and B, the following expressions are employed: CV Challenge Value RV Response Value SV Secret Value (known to both A and B) D Date tR Response time f() A function of some kind eg mathematic, cryptographic etc (known to both A and B).
A sends a challenge to B in the form of (a) Hardware signal(s) (b) Question (c) CV or a combination of them.
B responds with (a) Hardware signal(s) (b) RV within the time tR.
B regards A as authentic if RV is correct and FP(x) < = tR < = FQ(y) where FP = FQB or FP < > FQ and F = (a) a constant eg SV, or (b) function f x, y may be: (a) CV (b) RV (c) D (d) SV or a combination of them.
RV is (a) f(z), where z is CV, SV, D or a combination them (b) a hardware signal(s) or a combination of (a) and (b) From the above it will be appreciated that for example, the response value may be a function of a translated challenge ie the challenge as translated by the receiving party, and that the response time may be a function of the response value in conjunction with date information.

Claims (11)

1. A method of authentication between two parties including the steps of transmitting a challenge between the two parties, and verifying that a response to the challenge is correct and received within a predetermined time interval.
2. A method as claimed in Claim 1 wherein the response is a password and the predetermined time interval commences from the transmission of the challenge.
3. A method as claimed in Claim 1 wherein the two parties are two processors and the challenge is comprised by a release reset message transmitted between them in one direction, and the response is a password transmitted in the opposite direction.
4. A method as claimed in Claim 1 wherein the response is a function of the challenge as translated by the party receiving it.
5. A method as claimed in Claim 1 wherein the predetermined time interval is a response time which is a function of a response value in conjunction with date information.
6. A method of authentication between first and second parties, including the steps of transmitting a challenge from the first party to the second party for the second party to transmit a response to the first party, transmitting the response from the second party to the first party, verifying that the response received by the first party is correct, and verifying that the correct response is received within a predetermined time interval following the transmission of the challenge.
7. A system for authentication between two parties including means for transmitting a challenge between the two parties, and means for verifying that a response to the challenge is correct and received within a predetermined time interval.
8. A system as claimed in Claim 7 wherein the response is a password, and wherein the predetermined time interval commences from the transmission of the challenge.
9. A system as claimed in Claim 7 wherein the two parties are two processors and the challenge is comprised by a release reset message transmitted between them in one direction, and the response is a password transmitted in the opposite direction.
10. An authentication method substantially as herein described with reference to and as illustrated in Figures 1 and 2, Figures 1 and 3, or Figures 1-3 of the accompanying drawings.
11. An authentication system substantially as herein described with reference to and as illustrated in Figures 1 and 2, Figures 1 and 3, or Figures 1-3 of the accompanying drawings.
GB9318823A 1993-09-10 1993-09-10 Authentication Withdrawn GB2281991A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9318823A GB2281991A (en) 1993-09-10 1993-09-10 Authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9318823A GB2281991A (en) 1993-09-10 1993-09-10 Authentication

Publications (2)

Publication Number Publication Date
GB9318823D0 GB9318823D0 (en) 1993-10-27
GB2281991A true GB2281991A (en) 1995-03-22

Family

ID=10741832

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9318823A Withdrawn GB2281991A (en) 1993-09-10 1993-09-10 Authentication

Country Status (1)

Country Link
GB (1) GB2281991A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002025865A1 (en) * 2000-09-19 2002-03-28 Soft Tracks Enterprises Ltd. Verification protocol for a point of sale merchandising system
GB2375846A (en) * 2001-05-10 2002-11-27 Christopher Howard Cook Computer processing of electronic documents
EP1389750A1 (en) * 2002-08-13 2004-02-18 Canal + Technologies Hard disk security
US6871286B1 (en) * 1999-07-29 2005-03-22 Hewlett-Packard Development Company, L.P. Method and apparatus for resetting passwords in a computer system
FR2862397A1 (en) * 2003-11-13 2005-05-20 St Microelectronics Sa Electronic apparatus booting method, involves extending secure domain to application processor, when application and boot-strap processors are authenticated, and booting operating system of processors to store data in protected part of RAM
DE102005016381A1 (en) * 2005-03-01 2006-09-14 Wincor Nixdorf International Gmbh Method for secure function release of modules
US8930695B2 (en) 2002-12-26 2015-01-06 Sony Corporation Telecommunications apparatus and method, storage medium, and program
US9298901B1 (en) 2014-10-08 2016-03-29 International Business Machines Corporation Credential validation using multiple computing devices
US9529986B2 (en) 2014-10-08 2016-12-27 International Business Machines Corporation Utilizing multiple computing devices to verify identity

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1604568A (en) * 1977-09-01 1981-12-09 Ato Inc Security system having circuit for controlling automatic off-line operation of an on-line card reader
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
GB2168831A (en) * 1984-11-13 1986-06-25 Steebek Systems Ltd Password-protected data link
GB2242769A (en) * 1990-04-02 1991-10-09 Brandsystem Ltd Credit and bank cards
WO1992004671A1 (en) * 1990-08-29 1992-03-19 Hughes Aircraft Company Distributed user authentication protocol
GB2253291A (en) * 1991-02-26 1992-09-02 Kevin Bell Signalling apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1604568A (en) * 1977-09-01 1981-12-09 Ato Inc Security system having circuit for controlling automatic off-line operation of an on-line card reader
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
GB2168831A (en) * 1984-11-13 1986-06-25 Steebek Systems Ltd Password-protected data link
GB2242769A (en) * 1990-04-02 1991-10-09 Brandsystem Ltd Credit and bank cards
WO1992004671A1 (en) * 1990-08-29 1992-03-19 Hughes Aircraft Company Distributed user authentication protocol
GB2253291A (en) * 1991-02-26 1992-09-02 Kevin Bell Signalling apparatus

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6871286B1 (en) * 1999-07-29 2005-03-22 Hewlett-Packard Development Company, L.P. Method and apparatus for resetting passwords in a computer system
WO2002025865A1 (en) * 2000-09-19 2002-03-28 Soft Tracks Enterprises Ltd. Verification protocol for a point of sale merchandising system
GB2375846A (en) * 2001-05-10 2002-11-27 Christopher Howard Cook Computer processing of electronic documents
GB2375846B (en) * 2001-05-10 2004-11-24 Christopher Howard Cook Computer processing of electronic documents
EP1389750A1 (en) * 2002-08-13 2004-02-18 Canal + Technologies Hard disk security
US8930695B2 (en) 2002-12-26 2015-01-06 Sony Corporation Telecommunications apparatus and method, storage medium, and program
EP2575293B1 (en) * 2002-12-26 2016-08-10 Sony Corporation Telecommunications Apparatus and Method, Storage Medium, and Program
US9594882B2 (en) 2002-12-26 2017-03-14 Sony Corporation Telecommunications apparatus and method, storage medium, and program
WO2005050442A1 (en) * 2003-11-13 2005-06-02 Stmicroelectronics Sa Secured start-up of an electronic device having an smp architecture
US7624261B2 (en) 2003-11-13 2009-11-24 Stmicroelectronics S.A. Secure booting of an electronic apparatus with SMP architecture
FR2862397A1 (en) * 2003-11-13 2005-05-20 St Microelectronics Sa Electronic apparatus booting method, involves extending secure domain to application processor, when application and boot-strap processors are authenticated, and booting operating system of processors to store data in protected part of RAM
DE102005016381A1 (en) * 2005-03-01 2006-09-14 Wincor Nixdorf International Gmbh Method for secure function release of modules
US9298901B1 (en) 2014-10-08 2016-03-29 International Business Machines Corporation Credential validation using multiple computing devices
US9529986B2 (en) 2014-10-08 2016-12-27 International Business Machines Corporation Utilizing multiple computing devices to verify identity
US9608977B2 (en) 2014-10-08 2017-03-28 International Business Machines Corporation Credential validation using multiple computing devices

Also Published As

Publication number Publication date
GB9318823D0 (en) 1993-10-27

Similar Documents

Publication Publication Date Title
JP4689815B2 (en) Data authentication method, message transmission method, and distributed system
CN103354543B (en) Determine that destination node is for the method for the propinquity of source node and corresponding node
AU2002246210B2 (en) Cryptographic authentication with ephemeral modules
EP0402083B1 (en) Teleconferencing method for a secure key management system
CA2280869A1 (en) System for providing secure remote command execution network
US6141758A (en) Method and system for maintaining client server security associations in a distributed computing system
CN100499641C (en) System and method for implementing an enhanced transport layer security protocol
EP0656708A1 (en) System and method for the transmission and validation of an updated encryption key between two users
JP4564167B2 (en) One-way authentication communication system
WO2000021242A3 (en) Adaptive communication system enabling dissimilar devices to exchange information over a network
WO2002013444A3 (en) Trusted authentication digital signature (tads) system
KR19990076694A (en) Secure channel construction system and method
JP2002026899A (en) Verification system for ad hoc wireless communication
GB2281991A (en) Authentication
EP0225010A1 (en) A terminal for a system requiring secure access
FI964926A0 (en) Verification of the correctness of the parties to the data transmission in the telecommunications network
Michalakis Location-aware access control for pervasive computing environments
DE60224391D1 (en) Secure access to a subscriber module
JPS6248424B2 (en)
US20010048747A1 (en) Method and device for implementing secured data transmission in a networked environment
JP2001222219A (en) Network communication recording system and device
CN100514904C (en) Safety communication mode method for automatically entering wireless communication terminal
JPH01194627A (en) Line data secret holding device
CN111935183B (en) Method and system for credible transfer of user information between non-cooperative bodies of distributed network
KR100276696B1 (en) Authentication and Secret Exchange Method for Secret Communication in Permanent Virtual Circuit Environment

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)