Patent Grant
9411952
This application is a 371 of International Application No. PCT/EP2007/058203, filed Aug. 7, 2007 and claims the benefit thereof. The International Application claims the benefit of German Application No. 102006039327.9 DE filed Aug. 22, 2006, both of the applications are incorporated by reference herein in their entirety.
A client is intended to be authenticated with a server without transmitting his password in plain text. Even a password which is always encrypted with the same key may be intercepted and used by unauthorized persons.
With the conventional method, a random signed challenge text (signed challenge) which is encrypted by the server is requested by the client and is sent. The client decrypts the text, forms a digest and signs and encrypts the latter again (signed digest). The server checks the digests for a match. This method is very complicated.
In a manner similar to a TAN list (One Time Pad), a (finite) list containing keys which should each be used only once could be interchanged in another manner (for example paper) before the first authentication. However, this list would need to be stored or the keys would have to be copied by the user (vulnerable and laborious and prone to error).
A method for authenticating a client with respect to a server includes generating a first key by the client and server according to an identical algorithm and independently of one another. The algorithm and the starting key of the algorithm were previously determined in a secret agreement between the client and the server. A second key is generated by the client such that the distance between the second key and the first key is within a predefined distance. The predefined distance and the metrics of the keys also were previously determined in a secret agreement between the client and the server. The second key is sent to the server, and the client is authenticated via the server if within the predefined distance. The second key is used as the new starting key for further authentication of the client with respect to the server if the client has been successfully authenticated by the server.
Additional features and advantages are described herein, and will be apparent from the following Detailed Description and the figures
The disclosed method is explained in more detail below with the aid of
At the outset (as part of a seed), both sides (client and server) agree on the same starting value and the same algorithm for generating keys.
As a result, the client and server are able to generate the same sequence of keys independently of one another. A sequence which can be generated in this manner is also referred to as a PRBS (Pseudo Random Binary Sequence). A PRBS can be generated, for example, with the aid of an LFSR (Linear Feedback Shift Register).
However, PRBS are strictly deterministic. Therefore, the method can be determined after a small number of results (keys) and an attacker then knows all further keys.
In addition, the sequence of keys is repeated exactly after a finite number of keys (period of the LFSR).
However, if interference is inserted into the sequence at regular intervals (that is to say into the formation of the keys with the aid of the LFSR), the result is neither periodic nor deterministic.
The interference in the sequence is achieved as follows (also see
Initially, the client and server form a first key from the starting value (starting key) with the aid of the LFSR. The first key may be referred to as the epsilon key below for the sake of better differentiation.
The epsilon key is not used for authentication since it is vulnerable.
Next, the client generates a second key and sends it to the server. This second key is used for authentication. In order to understand the formation of the second key, which differs from the formation with the aid of the LFSR, a small digression into metrics is made.
Metrics means the manner in which the distance (delta) between two points is defined. Applied to numbers which are stored by the computer in bits, this means the difference between two numbers in the simplest case. The difference between two binary numbers depends on the significance of the individual bits in the numbers. The significance of the bits is normally determined by their transmission order from 0 (20) to 31 (231) (old metrics):
According to the old metrics, the distance between the numbers 3040593782 and 2503657302 has the value 536936480. If new metrics are now defined by allocating or agreeing on new significances for different bits, said numbers are at a different distance. If, for example, bit 16 receives the new significance of bit 0 (20) bit 29 receives the new significance of bit 1 (21) and bit 5 receives the new significance of bit 2 (22), the two numbers shown above are only at a distance of 7. The order of the other bits is unimportant for this but not the state (0 or 1) of the bits.
If a delta of up to 7 is considered, according to the new metrics, the number 3040593782 is situated in the delta of 2503657302, but the number 2503657303 is further than 7 away from 2503657302 since one bit which has a higher significance than 2 differs.
In the case of the present disclosure, the client and server agree on the new metrics (as part of the seed) by agreeing on those bits (so-called interference bits) which, unlike their transmission order, have a different significance.
Assuming that 3040593782 is the first key (epsilon key) generated by the client and server, a key whose distance (delta) is within a predefined value with respect to the epsilon key according to the new metrics is then formed by the client as the next key (second key). This key is referred to as the delta key δ below. If the client thus generates the number 478651654 as the next key, it is a delta key since this number is situated in the delta of the epsilon key 3040593782.
Since only the client and server know the new metrics which have been amended according to the position of the interference bits, the server can thus authenticate the client using the second key received. If the second key sent by the client is within the delta, the client is authenticated. This key is used as the new seed on both sides and a further shift in the LFSR becomes the new first key (new epsilon key).
Only 32 bits are shown in the example illustrated above. In reality, the numbers are considerably greater, for example, 2048 or 4096 bits with 8 or 16 interference bits. Other operations can also be used as the difference for determining the distance.
If n is the number of interference bits, all 2n−1 delta keys form the delta. The area surrounding the epsilon in the case of known metrics, which delta is again known to both sides by virtue of the position of the interference bits and cannot be determined by the attacker.
An advantage of the disclosure is that a starting key is interchanged once at the outset as part of the seed with the conventional method. Only one key from the new delta then needs to be sent for each new log-on.
It should be understood that various changes and modifications to the presently preferred embodiments described herein will be apparent to those skilled in the art. Such changes and modifications can be made without departing from the spirit and scope of the present subject matter and without diminishing its intended advantages. It is therefore intended that such changes and modifications be covered by the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10 2006 039 327 | Aug 2006 | DE | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP2007/058203 | 8/7/2007 | WO | 00 | 5/13/2009 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2008/022917 | 2/28/2008 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5349642 | Kingdon | Sep 1994 | A |
| 5586260 | Hu | Dec 1996 | A |
| 6154541 | Zhang | Nov 2000 | A |
| RE37178 | Kingdon | May 2001 | E |
| 6292904 | Broomhall | Sep 2001 | B1 |
| 6633979 | Smeets | Oct 2003 | B1 |
| 7184546 | Garcia | Feb 2007 | B2 |
| 7450720 | Roelse | Nov 2008 | B2 |
| 7653197 | Van Dijk | Jan 2010 | B2 |
| 7764789 | Goettfert et al. | Jul 2010 | B2 |
| 8050405 | Camp et al. | Nov 2011 | B2 |
| 20020186840 | Rose | Dec 2002 | A1 |
| 20040123102 | Gehrmann et al. | Jun 2004 | A1 |
| 20050195975 | Kawakita | Sep 2005 | A1 |
| 20060067533 | Yanovsky | Mar 2006 | A1 |
| Number | Date | Country |
|---|---|---|
| 0388700 | Sep 1990 | EP |
| 2002217884 | Aug 2002 | JP |
| WO0079457 | Dec 2000 | WO |
| 2006003711 | Jan 2006 | WO |
| Entry |
|---|
| Mazieres et al.; Separating key management from file system security; Published in: Proceeding SOSP '99 Proceedings of the seventeenth ACM symposium on Operating systems principles; pp. 124-139; ACM New York, NY, USA 1999; ACM Digital Library. |
| Mishra et al.; Proactive key distribution using neighbor graphs; Published in: IEEE Wireless Communications (vol. 11 , Issue: 1 ); pp. 26-36; Date of Publication: Feb. 2004; IEEE Xplore. |
| Number | Date | Country | |
|---|---|---|---|
| 20090282252 A1 | Nov 2009 | US |
