JP2003529126A - Peer-to-peer network user authentication protocol - Google Patents

Abstract

(57) Abstract: A method for authenticating a user in a peer-to-peer network serving as a user authentication site for other terminal devices of a network, having an open side and a secure side of a firewall, and having a plurality of user terminals It is. The user authentication database is stored in a memory on the secure side of the first and second terminal devices of the network. The first terminal device receives the password from the user and converts the password into an authentication encryption key for the user. The first terminal device generates a first random number, encrypts the first random number with an authentication encryption key to provide a first encrypted message, and converts the first encrypted message into a first encrypted message. The information is transmitted to the second terminal device functioning as a user authentication site for the terminal device. The user authentication site decrypts the encrypted first message, provides a first random number, and generates a second random number transmitted to the first terminal device.

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD OF THE INVENTION

The present invention relates to computer networks, and more particularly to an authentication system and method for a user seeking access to a network.

[0002]

BACKGROUND OF THE INVENTION

Computer networks are widely used. These are local area networks (“LAN”), wide area networks (“W
AN) and the Internet. A network consists of various nodes interconnected by a transmission medium. Some nodes may be terminals and / or personal computers (“PCs”) that users access to the network. Other network nodes are functional units such as routers, servers, etc. Various communication media are used to interconnect nodes in a network, such as fiber optic cables, integrated services digital networks (“ISDN”), wireless links, etc. As will be appreciated, networked computer systems. The various nodes of may be connected via various communication media.

A given campus network is generally maintained and operated by a particular company,
Access to the network there is limited to authorized users. To limit access to authorized users, networks are often configured to "authenticate" users attempting to access the network to ensure that the user is an authorized user. Therefore, the authentication procedure is
It is designed to ensure that only authorized (authenticated) users can access the network. The simplest form of authentication requires a username or user ID and password to access a particular account. The authentication protocol can also be based on private key cryptography or public key schemes using digital signatures. In some networks, in order to maintain network access control, users are required to periodically re-authenticate and retain network access. The authentication process authenticates authorized users. If the user is successfully authenticated, ie given permission to access the network, the result of the authentication can be said to be successful. Authentication fails if the user is not authorized to access the network.

However, conventional authentication procedures rely on intrusion or other “intrusion” by unauthorized users.
It may take the form of “attack”. Attacks allow replaced or incorrect information to enter or leave the network, or allow users who are not authorized to access the network to access Further permits performing a range of actions. If the authentication information, whether mobile, wireless or fixed, resides in the memory of the network terminal, it may be possible for an unauthorized user to attack the memory and obtain the authentication information to gain access to the system. Absent.

For example, in a network of mobile users, ie wireless, mobile terminals, there may be an opportunity for a user terminal to be penetrated by an unauthorized person, when the terminal device memory is attacked. If a hacker gets the authentication information stored in the terminal's memory, it may be used for unauthorized access to the network. Also, some networks and authentication procedures are vulnerable to so-called "arbitrator" attacks. In this kind of attack, it is allowed by new matches, for example by intercepting the first message from the terminal device to the certification server of a part of the network and by replacing the fake public key with the real public key. No users interfere with the initial public key exchange.

“Self-forming” or peer-to-peer type networks are commonly used. In such networks, all users are equal and there is no central network controller. Rather, any computer (node) can share files and peripherals with all other computers on the network, and authorized access is granted to everyone. In such networks, since there is no dedicated central network controller, the authentication information may be distributed to many terminals in the network and any terminal may be required to authenticate the user. Because the authentication database is distributed, it may be subject to a wider range of attacks than networks with well-protected central authentication sites. Therefore, there is a need for improved authentication systems and techniques that do not suffer from the above disadvantages and problems.

[0007]

[Means for Solving the Problems]

In a peer-to-peer network having a plurality of user terminals, each user terminal acting as a user authentication site in other terminals of the network, having an open side and a secure side of a firewall, the present invention provides a method for authenticating a user. is there. The user authentication database is stored in the memory on the secure side of the first and second terminal devices of the network. The first terminal device receives the password from the user and converts the password into an authentication encryption key for the user. The first terminal device provides the first encrypted message,
A first random number is generated, the first random number is encrypted with the authentication encryption key, and the first encrypted message is transmitted to the second terminal device. Functions as a user authentication site. The user authentication site decrypts the encrypted first message and provides a first random number to generate a second random number, which is transmitted to the first terminal device. The first terminal device combines and encrypts the first and second random numbers with the authentication encryption key, and provides the second encrypted message.
The first terminal device transmits the second encrypted message to the user authentication site, decrypts the encrypted second message, and provides the combined first and second random numbers. . The user authentication site verifies that the first and second random numbers are correct and authenticates the user according to this verification.

These and other features, aspects and advantages of the invention will be more fully apparent from the following description, the appended claims and the accompanying drawings.

[0009]

DETAILED DESCRIPTION OF THE INVENTION The present invention provides an authentication protocol that prevents unauthorized entities from accessing a peer-to-peer network by obtaining authentication information through communication attacks or by accessing network terminals. In the present invention, only information privately held by authorized users may be used for authentication. Since the network is a peer-to-peer network, a plurality of end devices must store a user authentication database distributed throughout the network. Therefore, some terminal devices of the network can be duplicated as user terminals and user authentication sites for other terminal devices. The authentication protocol of the present invention, although the authentication information is stored in the terminal device,
Protect against unauthorized users accessing through terminal equipment. In addition, the authentication protocol of the present invention is immune to "arbitrator" attacks.

Referring now to FIG. 1, there is shown a block diagram of a computer network system 100 according to an embodiment of the present invention. Network 10
0 includes a first user terminal 110 and a user authentication site 120, which are L
Interconnected by communication or transmission channels 125, which may be AN, fiber optic, wireless or other digital communication means. The user terminal 110 may be a PC in a fixed location, a remote PC connecting to the authentication site 120 by a telephone or other link or a mobile unit connected by a wireless link. The terminal device 110 includes a memory 112 storing a local copy of the distributed user authentication database and a processor 117. The user authentication site 120 may be another user terminal, a dedicated part of hardware, a PC or a manned site by a human operator. In an embodiment, network 100 includes multiple user terminals that can perform user authentication for other user terminals. Network 100
May also include dedicated user terminals that cannot provide user authentication and dedicated user authentication sites that are not user terminals.

Each authorized user of network 100 is assigned a unique password and authentication encryption and decryption key pair. The authentication encryption key for a given user is the result of applying the specified cipher-key generation algorithm to the user's password. The user authentication decryption key is a key that can decrypt a message encrypted using the user authentication encryption key. These keys are used only for authentication and not for any other purpose such as data encryption / decryption. User authentication information for all authorized users of the network is maintained in a distributed user authentication database and distributed and stored among several user terminals of the network 100, for example terminal devices 110, 120. The database contains the authentication information of each user, such as the authentication code and decryption key of the user, the password and other information about the user, such as the certification examination of the user, the authority to access the network (access right).

[0012] In some embodiments, each user may also have a smart card with personal information pre-encrypted with the user's individual authentication encryption key. Also, each user may have a health sensor attached to his or her own body for additional security.

Thus, as shown, any user terminal that can perform authentication for another terminal device stores a local copy of the user authentication database. This database is the secure side 11 of the firewalls 111, 121.
4, 124 are stored in the memories 112 and 122. All terminal devices of the network 100, such as the terminal devices 110 and 120, are firewalls (for example, 111
), Where the user enters and receives data from the open side 113 and all authentication information is on the secure side 114. Each terminal device 110
It may also act as a relay for network traffic in other terminals, with transmitters, receivers and all network traffic on the secure side. The secure side of the terminal device is protected from physical and software attacks. There is a local copy of the distributed user authentication database stored in the memory 112 of each terminal, and each potential user's individual authentication encryption and decryption keys are used only for authentication and other It is not used for any purpose. The distributed user authentication database is independently maintained by the secure side of network 100. Any terminal with a user authentication database can serve as a user authentication site for one or more other terminals. Therefore, the second user terminal is the first user terminal 11
0 can serve as a user authentication site 120, and the second user terminal itself can serve as a user authentication site for the terminal device 120 of the network 100 or another terminal device.

Each user terminal, eg user terminal 110, has means for converting the user's password into the user's individual encryption key. For example, the user terminal 110 includes a processor 117 and the crypto-key generation algorithm described above. The user terminal 110 also has the ability to generate a random number and encrypt a given message with the user's individual authentication encryption key. Therefore, if the user provides the password to the terminal device 110, the terminal device 110 can execute the encryption-key generation algorithm using the password as an input, thereby generating the user authentication encryption key. You can A random number can then be generated and the authentication encryption key can be used to encrypt the random number to provide an encrypted random number (also a random number). The password, the random number, the authentication encryption key, the encrypted message, and the received message can be temporarily stored in the memory 112 by the terminal device 110. In some embodiments, the terminal device 110 may include a sensor for reading and transmitting the user's smart card information, health sensor and / or iris recognition device for additional security.

In an embodiment, the terminal device allows access only to the user who has inserted the smart card and then entered the appropriate user ID and password. The user's password and smart card data are the only authentication data that may pass through the firewall. If the user is denied authentication by the user authentication site, then terminal access is denied.

The terminals of network 100 are configured so that only certain pre-specified users have read / write access to the authentication database stored in memory 112 of the terminals. For example, in a military situation, each soldier in the team may have a wireless mobile user terminal 110, and the team's designated communications expert may read and / or read a database in memory 112 at the soldier's user terminal.
Alternatively, it may be designated as having the authority to have read / write access. Other soldiers are not designated. In the embodiment, the user authentication database stored in the memory of the terminal device is destroyed under predetermined conditions, for example, the memory is erased.
This is the case, for example, if an unspecified user attempts to access the database, or if suspicious or nonstandard attempts are made to access the database. The database may also be corrupted if the terminal detects a physical attack, for example opening a physical case of the terminal. In the embodiment, when the user of the terminal device is de-authenticated (when the authentication process fails), the user authentication database existing in the memory 112 of the terminal device is destroyed.

Also, in some embodiments, a specific user / terminal detachment procedure may be provided. For example, the user / terminal detachment procedure may specify it.
And the user must first enter the desorption code, then log off,
The smart card port of the terminal device 110 may then be designated to remove the smart card. When the terminal device 110 detects the detachment without the detachment procedure,
It destroys the user authentication database in memory 112.

During use, each terminal device 110 is connected to the network and authorized users are allowed access to the network. In embodiments, the user is required to wear a health sensor and the terminal device includes a health sensor detector that constantly or regularly monitors the user's health. Therefore, in this embodiment, if the session user terminal 110 detects that the user is unable to conduct a terminal session based on the status from the health sensor (eg, the user is dead), this information is provided to the user authentication site. Sent to 120, the latter withdrawing authentication. Alternatively,
The terminal device 110 withdraws the authentication directly and / or removes itself from the network 100.

In an embodiment, in order to maintain access to the terminal and the network, the user's health sensor must indicate to the terminal 110 that the user is alive. If the health sensor indicates that the user has died, the terminal device 11
0 detects this, deauthenticates the user, automatically sends this information to other user authentication sites, and updates the user authentication database.

Therefore, since a peer-to-peer network is used in the present invention, the user terminal must also store a user authentication database, whereby the user terminal acts as a user authentication site. However, in order to prevent an unauthorized person accessing the terminal device from being able to access the network or to obtain a user authentication database by attacking the memory of the terminal device, each terminal device Put all credentials behind a firewall and generally don't allow users to access this database. Also, the user cannot be authenticated by his terminal device. The user can only be authenticated by one or more other terminal devices. Therefore, when the user tries to access the user terminal 110, the user terminal 110 requests another terminal device, for example, the terminal device 120, to function as a user authentication site. Also, if a user accesses a terminal device other than that assigned to him / her, this user must be re-authenticated.

Further, in the embodiment, re-authentication of all users is performed periodically. For example, the terminal device 120 or another terminal device may check the user authentication database and, after a while, notify that the timeout time has elapsed since the user of the terminal device 110 last authenticated. Then the next scheduled recertification can begin. The re-authentication procedure may also be initiated by any terminal device if it is suspected that another user has died and been caught or another terminal device has been hijacked. Further, in the embodiment, when the terminal device is disconnected from the user by the detachment protocol, the terminal device itself is disconnected from the network for security.

Referring now to FIG. 2, a flowchart of a network user authentication protocol method 200 for network 100 according to an embodiment of the present invention is shown. First, the user initiates access to the user terminal 110 (step 201).
. Alternatively, if the user has been using the predetermined terminal device for a while after the timeout, the authentication site 120 notifies the user terminal 110 that the user will be reauthenticated (step 203). The authentication site 120 may also initiate re-authentication if the user of the terminal device 110 is suspected of being dead, arrested, or already arrested. Next, the terminal device 110 notifies the user to input the user ID and password within a predetermined time (step 205).

In the case of re-authentication, step 205 may involve issuing an authentication warning to the user, which warning may be a visual, audible or cutaneous sensory message. Also,
In case of re-authentication when the user is currently participating in the session, the terminal device 110 still stores the user ID, in which case it only needs to prompt the user for the password.

In an embodiment, in the case of authenticating a new user, the user must first insert the smart card into the terminal device 110. In the case of re-authentication of the currently authenticated user, the user inserts the smart card into the user's terminal device 110
You are already logged on to. In this embodiment, the smart card must be inserted and the smart card information is read and verified to continue or maintain authentication. In another embodiment, the authentication protocol of the present invention does not require a smart card.

If the user is an authorized user, then the user will probably only have a password. In this case, the authorized user inputs the user ID and password within a predetermined time-out period if necessary in step 205 (step 2).
07). Next, the terminal device 110 generates a user authentication encryption key by the encryption key generation algorithm (209) and converts the password with this key. Thus, the user need not own or even know the authentication encryption key, other than their own password (and ID).

The terminal device 110 also generates a first random number (step 211), and then encrypts this random number using the user's authentication encryption key (step 213). The user terminal then notifies the user authentication site 120 of the user's identification and sends the encrypted random number to the user authentication site 120 (step 215). In the embodiment, the authentication site is notified of the user's identification by transmitting the user ID to the authentication site. The user ID is preferably first encrypted with the user's authentication encryption key, and then the encrypted ID is sent to the authentication site 120. Then with any possible authentication decryption key until a user ID that matches the valid user ID of the network (which also matches the user ID of the decryption key used to successfully decrypt the message) is generated. The authentication site 120 can thoroughly decrypt the received encrypted message. In this way, once authentication site 1
If 20 successfully decrypts the user ID message, the authentication site 120 knows the user ID, and thus the user ID is used to decrypt the next encrypted message sent during the authentication process. . In the embodiment, the ID of the user terminal 10 is also encrypted and transmitted to the authentication site 120 together with the user ID. In the case of re-authentication, the encryption and transmission of the user ID can be skipped; or, for convenience and brevity, the user ID can still be transmitted, in which case the authentication site 120 can The encrypted user ID can be decrypted simply by using the previously determined decryption key, rather than performing a secure decryption.

After decrypting the encrypted user ID message, the authentication site 120 receives the encrypted first random number. The user authentication site 120 decrypts this message with the authentication decryption key of the particular user and provides the original first random number (step 217). Next, the user authentication site 120 generates a second random number and transmits it to the user terminal 110 (step 219). In another embodiment, the encrypted version of the second random number is transmitted to the user terminal 110, where the second encryption / decryption key pair is utilized.

At this very moment, the user authentication site 120 knows the user's identity and / or password, the user's authentication encryption / decryption key (or at least the decryption key), and the first and second random numbers. The user terminal 110 stores the user's password and the authentication encryption key only temporarily during the authentication process.

After receiving the second random number from the authentication site 120, the user terminal device 110
The first and second random numbers are combined and encrypted with the user authentication encryption key, and this message is transmitted to the user authentication site (step 221). The two random numbers are combined by various specified methods, such as adding, subtracting, multiplying, concatenating strings, etc., as long as they are used by the user terminal 110 and known to the user authentication site 120. Good. The binding technique used is preferably preset and specified as part of the authentication protocol of the present invention.

Accordingly, the user authentication site 120 receives the encrypted message, which is the encrypted version of the combined two random numbers, and decrypts this message using the user's authentication decryption key. The authentication site 120 then verifies that both random numbers are correct. If both random numbers are correct, then there was no arbitrator attack. At this point, the authentication site 120 knows the identity of the user seeking access. If the user's identity and access right allow access to the network, the authentication site 120 authenticates the user by sending an appropriate authentication message to the terminal device 110, and the user terminal according to the level of the user's access right. Allow the user to use network resources from 110 (step 223). If the user is a new user and the authentication fails, then the user is either authenticated or denied access. In the case of re-authentication, this user is either re-authenticated or de-authenticated if the authentication fails.

If the user is authenticated and a new transport and message key is needed, the new way to get them from the terminal's clock is sent to the terminal 110. If the user is not authenticated, the user authentication site indicates to all other users on the network that the user has been revoked and that communication to and from this user has ended. Terminal access is also denied. The distributed user authentication database is updated to indicate revocation of authentication and any local copy is updated according to the update so that the update is distributed throughout the network.

As described above, in the embodiment, the user authentication site 120 may also query the user terminal 110 for smart card information, that is, the user's health status and / or iris recognition information. This information may be used by the authentication site 120 for additional security in the step 223 of verifying the identity and capabilities of the user conducting the terminal session. After the authentication process is complete (step 225), in both cases, even if the memory 112 maintains a copy of all user authentication databases for additional security, regardless of whether the authentication fails or succeeds. The user terminal 110 erases the user's password and authentication encryption key from its memory 112.

As will be appreciated, the term “user” as used herein refers to a person who is trying to gain access to the network 100 by the user terminal 110, or who already has access. Therefore, future users are users as well as those already authorized by the authentication process.

As will be appreciated, the authentication protocol of the present invention is not vulnerable to arbitrator attacks. Further, authentication data security is achieved by not allowing individual terminal users to access authentication information that resides on the secure side of various user terminals 110. By having another terminal device, such as the user authentication site 120, control access to the user terminal 110 achieves terminal device access and security.

Various changes in details, materials and arrangements of parts described and illustrated to explain the nature of the invention may be made without departing from the principles and scope of the invention as claimed. It should be understood that this may be done by a vendor.

[Brief description of drawings]

[Figure 1]   FIG. 3 is a block diagram of a computer network according to an embodiment of the present invention.

2 is a flowchart illustrating an authentication protocol of the network of FIG. 1 according to an embodiment of the present invention.

─────────────────────────────────────────────────── ─── Continued front page    (81) Designated countries EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, I T, LU, MC, NL, PT, SE), OA (BF, BJ , CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, K E, LS, MW, MZ, SD, SL, SZ, TZ, UG , ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, BZ, C A, CH, CN, CR, CU, CZ, DE, DK, DM , DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, K E, KG, KP, KR, KZ, LC, LK, LR, LS , LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NO, NZ, PL, PT, RO, R U, SD, SE, SG, SI, SK, SL, TJ, TM , TR, TT, TZ, UA, UG, UZ, VN, YU, ZA, ZW

Claims (9)

[Claims] 1. A method for authenticating a user in a peer-to-peer network (100) having a plurality of user terminals (110, 120), comprising: (a) a memory on the secure side (114) of a first terminal device (110). (112) and storing a user authentication database in a memory (122) on the secure side (124) of the second terminal device (120), and (b) a password from a user in the first terminal device of the network. (207) and (c) converting the password into an authentication encryption key for the user (20)
9) step, and (d) using an authentication encryption key to authenticate the user with the second terminal device functioning as a user authentication site for the first terminal device (211-225). Method. 2. The step (d) includes: (1) generating a first random number in the first terminal device (211); and (2) encrypting the first random number with an authentication encryption key. (213), providing a first encrypted message, and transmitting the first encrypted message from the first terminal device to a user authentication site (215), (3) In the user authentication site (217) Decrypting the encrypted first random number message and providing the first random number; (4) Generating a second random number at the user authentication site, and generating a second random number from the second random number. (219) step of transmitting to the first terminal device, and (5) combining and encrypting the first and second random numbers in the first terminal device,
(221) providing a second encrypted message and transmitting the second encrypted message from the first terminal device to the user authentication site; (6) the encrypted message at the user authentication site. Decrypting the second message and providing the combined first and second random numbers (223), (7) verifying that the first and second random numbers are correct, and (8) ) Authenticating the user according to the confirmation. 3. After user authentication, the method further includes the step of 225 erasing the password from the first terminal device regardless of whether the authentication is successful.
The method of claim 2. 4. The step (b) further includes a step (207) of receiving a user ID from a user in the first terminal device, and the steps (d) and (2) include a user ID using an authentication encryption key. Further comprising the step of: (215) encrypting the encrypted user ID message to provide an encrypted user ID message, and transmitting the encrypted user ID message from the first terminal device to the user authentication site (215); and (d) ) (3) further comprising decrypting a user ID message encrypted with a valid authentication decryption key at the user authentication site until a decrypted user ID matching a valid user of the network is generated. , Step (d) (3) succeeds in the encrypted first message and the encrypted user ID message. The method of claim 2, further comprising the step of decrypting with an authentication decryption key used to decrypt well and providing a first random number. 5. The step (d) (8) further comprises authenticating the user (223) if the first and second random numbers are correct and the user is authorized to access the network. The method of claim 2. 6. A health sensor reads the health condition of the user, the health condition of the user is transmitted to a user authentication site, the health condition of the user and the step (d).
) The method of claim 2, further comprising the step of recognizing the user by confirmation of (7). 7. The authentication site queries the first terminal device to read the user information from the user's smart card, the user information and step (d).
) The method of claim 2, further comprising authenticating the user according to the confirmation of (7). 8. The step (b) comprises: (1) when one of the new users starts accessing the terminal device (201), and (2) when it is used for re-authentication after a timeout, the user ID and The method of claim 1, comprising notifying (205) a user at a terminal device to enter a password, and receiving a user ID from the user at the first terminal device. 9. The method further comprises preventing the user from accessing the secure side of the first terminal if the user is not a designated user.
The method of claim 1.