 Optical fiber connectors |
| What is claimed is: 1. Connector for two optical fibers comprising at least one body composed of a ... |
|
| Connector for optical fiber cables |
| The embodiments of the invention in which an exclusive property or privilege is claimed are defined ... |
|
| Method of coiling an optical fiber gyroscope and an optical fiber coil thus obtained |
| The invention provides then a process for coiling a gyroscope of the Sagnac interferometer type ... |
|
| Optical waveguide arrangement for a high-voltage insulator |
| We claim: 1. Optical waveguide arrangement for a high-voltage insulator, particularly for a current ... |
|
| Synthetic resin optical fiber |
| What is claimed is: 1. A synthetic resin optical fiber comprising: a core of a transparent ... |
|
| Electric terminal and assembly containing same |
| We claim: 1. An electrical terminal for a multiplicity of conductors, especially for breadboarding ... |
|
| Rotary storage and suspension apparatus |
| The present invention relates generally to a new and unique rotary storage cabinet construction, ... |
|
| Signal transmitting system having spurious radiation preventing function |
| Accordingly, a principal object of the present invention is to provide an improved signal ... |
|
| Medical image diagnostic system |
| The present invention has been attained in view of the foregoing disadvantages, and an object of ... |
|
| Electrical/lightwave connection arrangement |
| In the present illustrative embodiment, as seen in FIGS. 1 and 2, the male portion, or plug, 10 of ... |
|
|
Authentication using random challenges
| Details |
Inventors: Hellman, Martin E.;
Assignee: America Online, Inc. (Dulles, VA)
Primary Examiner: Beausoliel, Jr.; Robert W.
Assistant Examiner: Elisca; Pierre E.
Attorney, Agent or Firm: Standley & Gilcrest
A method is disclosed for authenticating one or both of two parties, for example, a user and a host computer. The first party and second party each know the same password. The first party sends a challenge to the second party. The second party generates and sends to the first party a response based on a first function of the password, the first party's challenge, and an extra value unknown to the first party. The first party, which knows only the length of the extra value, then attempts to match the response by using the same function, password, and challenge by cycling through the possible values for the extra value of known format. A method of bi-directional authentication may be achieved by having the first party return to the second party a response using a different function of the password, a preferably different challenge, and the extra value. The second party already knows the input values, including the extra value, and therefore, does not incur the costs associated with learning the extra value. The identity of the first party is confirmed by matching the transmitted response with a value generated locally. |
|
DETAILED DESCRIPTION The present invention addresses the problems of short or non-random passwords present in current authentication schemes, and, particularly, challenge-response authentication schemes.
In the authentication scheme of the present invention, the authenticating party and/or the party to be authenticated prove that they know a shared password.
Proof of knowledge of the password is provided without actually revealing the password during the exchange of data in an authentication sequence.
In a unidirectional authentication scheme using the present invention, in which the host computer verifies the identity of the user, the following exchange may take place.
First, the host computer sends a challenge to the user.
The user takes the challenge and generates a response based on a function of the password and additional input values.
The user sends the response to the host computer which then compares the response to the result of a function applied to the password and additional input values.
Identity of the user is confirmed when the host computer generates locally a match for the response from the user.
The user's response is based on the result of a function that includes an extra input value, called PAD, which is unknown to the host.
The use of the value PAD is unique to the present invention.
To confirm the identity of the user, the host, which knows the format of the extra input value, but not the actual value, may need to try all possible values for the extra input value in attempting to match the user's response.
While a usual goal is to minimize the computational cost to the host and user, one of the surprising advantages of the present invention is the increased cost of generating a response--in this instance, the host response, because that cost increase also extends to the opponent.
As a result, the present invention increases the difficulty of dictionary attacks by increasing significantly the number of operations an opponent must perform to generate a match and learn a password
|
| Related patents |
|
|
Device and method for authenticating user's access rights to resources
The present invention has been made in view of the above circumstances and has an object to provide a device for authenticating user's access rights to resources and its ...
|
|
|
Information processing system, electronic device and control method
Accordingly, an object of the present invention is to provide an information processing system, as well as a control method, in which it is possible to maintain the ...
|
|
|
Connector system for coaxial cables
In one aspect of the present invention, this is accomplished by providing an electrical connector system which includes a housing, at least one electrical cable assembly,...
|
|
|
Removable data storage drive security module with lockable write protect feature
The present invention provides a docking base and a removable disk drive module having a lockable hardware write protection feature. The invention may be configured such ...
|
|
|
Multimedia interface device and method
In one form, the present invention is an interface device between one of a plurality of optical or magnetic media reader devices and a host. The interface device ...
|
|
|
Scalable tree structured high speed input/output subsystem architecture
A system according to the present allows a computer to utilize existing applications software, but allows for a great improvement in I/O capabilities at a lower cost ...
|
|
|
Control device for controlling a central processing unit on instantaneous voltage drop
An object of the present invention is to provide a control device which is favorably capable of controlling a central processing unit without frequent occurrence of a ...
|
|
|
Synchronizer circuit which controls switching of clocks based upon synchronicity, asynchronicity, or change in frequency
In accordance with the teachings of the present invention, a synchronizer circuit is provided. The synchronizer circuit includes a synchronizer having first and second ...
|
|
|
Receptacle for light waveguide splice connections having adhesive glue gripping means
The object of the present invention is to provide a holding of light waveguides in a particularly simple and gentle way. This is achieved in accordance with the present ...
|
|
|
Article having heating elements comprising conductive polymers capable of dimensional change
I have now discovered that if a laminar conductive polymer member is sandwiched between a pair of laminar flexible electrodes, and suitable apertures are formed in the ...
|
|
|
I/O Systems 
