Showing papers on "Data Authentication Algorithm published in 1997"

An Extension to HTTP : Digest Access Authentication

Abstract: The protocol referred to as "HTTP/1.0" includes the specification for a Basic Access Authentication scheme. This scheme is not considered to be a secure method of user authentication, as the user name and password are passed over the network as clear text. A specification for a different authentication scheme is needed to address this severe limitation. This document provides specification for such a scheme, referred to as "Digest Access Authentication". Like Basic, Digest access authentication verifies that both parties to a communication know a shared secret (a password); unlike Basic, this verification can be done without sending the password in the clear, which is Basic's biggest weakness. As with most other authentication protocols, the greatest sources of risks are usually found not in the core protocol itself but in policies and procedures surrounding its use.

Verification server for use in authentication on networks

Abstract: The authentication of users on networks is performed more easily and efficiently, as follows: Authentication data sent from the application client 20 is relayed to a verification server 30 by the application server 10. The verification server 30 maintains a database of valid authentication data, against which it verifies received authentication data. Verification results are sent to the application server 10, which then processes users on the basis of these results. As a result, the configuration of application servers 10 is simplified. Verification servers or servers 30 can be used by a plurality of application servers 10, allowing for the efficient use of resources on a network.

Verifying authentication protocols with CSP

Abstract: The paper presents a general approach for analysis and verification of authentication properties in the language of communicating sequential processes (CSP). It is illustrated by an examination of the Needham-Schroeder public key protocol (R. Needham and M. Schroeder, 1978). The contribution of the article is to develop a specific theory appropriate to the analysis of authentication protocols, built on top of the general CSP semantic framework. This approach aims to combine the ability to express such protocols in a natural and precise way with the facility to reason formally about the properties they exhibit.

System and method for establishing identity of a speaker

Abstract: A system for establishing an identity of a speaker including a computerized system which includes at least two voice authentication algorithms. Each of the at least two voice authentication algorithms is different from one another and serves for independently analyzing a voice of the speaker for obtaining an independent positive or negative authentication of the voice by each of the algorithms. If every one of the algorithms provide positive authentication, the speaker is positively identified, whereas, if at least one of the algorithms provides negative authentication, the speaker is negatively identified.

Management of authentication keys in a mobile communication system

Abstract: A mobile communication system comprising at least one authentication center (102) comprising authentication keys, base stations and mobile stations which communicate with the base stations and to which subscriber identity modules (101, SIM) may be coupled. The mobile communication system comprises an identifier generating means for generating identifiers which correspond to the authentication keys required in the authentication and on the basis of which the authentication keys may be found in the authentication center (102) when authentication is being carried out.

A Family of Attacks upon Authentication Protocols

Abstract: In this paper we present four similar attacks upon well known au-thentication protocols, and suggest that similar attacks exist for other protocols. Each of these attacks causes an agent B to think that another agent A is attempting to set up two (or more) simultaneous sessions with B, when in fact A is trying to establish only a single session. We describe how such an attack may have serious consequences.

Authentication method and system using IC card

Abstract: A method and system for authenticating between a user or client and a network access entity such as a server or another client using an IC card. The method includes a step of executing an initial authentication using the IC card when the user first communicates with the network access entity, a step of commonly holding authentication information in both the user and the network access entity if the initial authentication achieves success, and a step of executing a re-authentication using the commonly held authentication information without using the IC card when the user communicates again with the same network access entity within a predetermined period of time after the last authentication.

Weaknesses of North American wireless authentication protocol

Abstract: Security for cellular and PCS systems in the United States will be based on secret key schemes for authentication and encryption. The effectiveness of security for wireless, as in other applications of cryptography, will depend on the ability of the basic cryptographic algorithms to withstand attacks and on sound protocol design. We show the IS-41 authentication protocol to be unsound by pointing to multiple flaws in the protocol which allow a network impersonator to gain service without "breaking the CAVE algorithm". These flaws effectively nullify authentication.

Incremental cryptography and memory checkers

Abstract: We introduce the relationship between incremental cryptography and memory checkers. We present an incremental message authentication scheme based on the XOR MACs which supports insertion, deletion and other single block operations. Our scheme takes only a constant number of pseudorandom function evaluations for each update step and produces smaller authentication codes than the tree scheme presented in [BGG95]. Furthermore, it is secure against message substitution attacks, where the adversary is allowed to tamper messages before update steps, making it applicable to virus protection. From this scheme we derive memory checkers for data structures based on lists. Conversely, we use a lower bound for memory checkers to show that so-called message substitution detecting schemes produce signatures or authentication codes with size proportional to the message length.

RIP-2 MD5 Authentication

Abstract: Growth in the Internet has made us aware of the need for improved authentication of routing information. RIP-2 provides for unauthenticated service (as in classical RIP), or password authentication. [STANDARDS-TRACK]

An authentication protocol without trusted third party

Abstract: A secure authentication protocol which supports both the privacy of messages and the authenticity of communicating parties is proposed. The trusted third party (key information center) is not needed once the secure network system is set up. Mutual authentication and key distribution can be achieved with two messages merely between two parties involved.

Chosen-text attack on CBC-MAC

Abstract: The author presents a new chosen-text attack on the CBC-MAC, which based on DES, is a widely used algorithm to compute a message authentication code (MAC). Using DES with a MAC of size 32 bits, the attack requires /spl sim/2/sup 17/ chosen texts and two known texts.

Process and authentication device for secured authentication between two terminals

Abstract: Process and device for secured authentication of the transmission of data between two terminals includes a secured authentication process for the communication between a user's station and a server station, through a communication network, the user's station bring the content of an authentication device depending on information coming from a server station, in which a link is established between the user's station and the server station, a server code is chosen at random at the level of the server station, representative data of the server code are transmitted in a first server-to-user direction, thanks to those data, a corresponding user's code is recognized in the content of the authentication device, the recognized user's code is transmitted in a second user-to-server direction, the user's code is compared with the server code, and the authentication is validated if the user's code is identical to the server code.

Fast Message Authentication Using Efficient Polynomial Evaluation

Abstract: Message authentication codes (MACs) using polynomial evaluation have the advantage of requiring a very short key even for very large messages. We describe a low complexity software polynomial evaluation procedure, that for large message sizes gives a MAC that has about the same low software complexity as for bucket hashing but requires only small keys and has better security characteristics.

Authenticating method, authenticating device, storage medium, authenticating server and authenticating terminal

Abstract: PROBLEM TO BE SOLVED: To provide an authenticating method which prevents a third person from reusing stolen authentication information. SOLUTION: A server preserves a 1st check data (value = D n-1 ) which checks authentication information of a client, and the client also preserves a 1st seed data (value = D n-1 ) which generates authentication information. The client enciphers an authentication information request that is sent from the server by using his security key K s and generates authentication information (value = D n ) and answers by sending it to the server. The server performs decoding through the public key K p of the client, generates 2nd check data (value = D n-1 ) and compares it with the 1st check data (value = D n-1 ). When they coincide, the server allows the authentication request and preserves authentication information D n in exchange for the 1st check data. When the client receives permission, he preserves authentication information (value = D n ) as a 2nd seed data in exchange for the 1st seed data (value = D n-1 ). COPYRIGHT: (C)1998,JPO

Device authentication method, system and authentication system

Abstract: PROBLEM TO BE SOLVED: To allow a system to authenticate securely and surely whether or not an opposite party is a valid device by making more difficult to estimate a secret key against a 3rd party's attack. SOLUTION: The system is provided with a storage means that stores a bundle of a plurality of different private keys, a random number generating means 105a, encryption means 106a, 107a that uses a random number generated by a random number generating means or applies a prescribed arithmetic operation to the random number, uses any private key of the bundle for an encryption key to conduct encryption and to produce authentication information a communication means that sends the authentication information to a device of an authentication object, and a decoding means 108a that decodes return information received from the device of the authentication object by using the key bundle, and an authentication means 111c that compares decoding information r1' decoded by the decoding means with a random number r1 and authenticates the device of the authentication object to be a legal device when the docoded information is based on the random number.

Token distribution and registration system and method

Abstract: A user entitlement database (30) is connected to an authentication server (20). The authentication server (20) is in turn connected to an application server (25) and a communication network (5). A token issuer/certification authority (35) communicates with the authentication server (20) through a direct link. The authentication server (20) communicates through the network (5) with a plurality of clients (10). Each authorized authentication server (20) is assigned a private key of a public key/private key cryptographic pair.

System for authenticating network user

Abstract: PROBLEM TO BE SOLVED: To prevent a third person from pretending to be a client in a network user authentication system. SOLUTION: An authentication information generation part 21 generates an authentication information valid time limit and random numbers from a user identifier, a password and valid time, which are given from the input device 1 of a client, and generates authentication information. An authentication information ciphering part 22 ciphers authentication information with the open key of a server and an authentication information transmission part 23 transmits ciphered authentication information to the server. The authentication information reception part 51 of the server receives ciphered authentication information and an authentication information decoding part 52 decodes ciphered authentication information with the secret key of the server. The authentication information verification part 53 verifies that the authentication information valid time limit of authentication information is not expired and the random numbers of authentication information are not similar to those of previous authentication time and authenticates the password. An authentication result transmission part 54 transmits an identified result to the client, and an authentication result display part 24 displays the authenticated result to an output device.

A signature based password authentication method

Abstract: To prevent illegal access to a computer and its resources, most systems in the market use a password as the only means to ensure the user's identity. Although there are many password mechanisms proposed, most of them suffer from serious pitfalls associated with the tradeoff between memorizability and security. We propose an additional level of security to the current password mechanism by incorporating an online signature authentication method. The major advantages of the new method are that dynamic information of signing a signature is hidden from other users and the comparison process is made very efficient through the signature discretization process.

A Computer Aided Design of a Secure Registration Protocol

Abstract: We use the formal language LOTOS to specify a registration protocol between a user and a Trusted Third Party, that requires mutual authentication. We explain how a model-based verification method can be used to verify its robustness to attacks by an intruder. This method is also used to find a simpler protocol that remains secure.

Topics in Authentication Theory

Abstract: Authentication theory deals with problems connected with the protection of information sent over insecure channels. This thesis concerns different problems in authentication theory. In particular, we consider unconditionally secure authentication, i.e., providing authentication protection agains an enemy equipped with unlimited computing power. Several topics in authentication theory are treated: random authentication coding, multiround authentication, group authentication, anonymous secret sharing, and fast MACs. Random authentication encoding constructions are investigated. Expressions for the probability of a successful attack are given. We give an expression for the asymptotic behaviour of the key size of the random construction as a function of the message size. We provide some experimental data. Unconditionally secure multiround authentication schemes are treated. We define a multiround authentication model and show how to calculate the probability of a successful attack for this model. A multiround scheme constructed by Gemmell and Naor is cryptanalysed. We propose new multiround constructions for a 3-round protocol and for a protocol with an arbitrary number of rounds. A new upper bound on the key size is given. We define an authentication model for shared generation of an authenticator among a set of participants, called group authentication. Expressions for the probability of a successful attack for this model are given. We derive information theoretic lower bounds for the probability of a successful attack. Linear schemes are investigated and constructions based on codes for the rank metric are given. We give definitions of anonymous secret sharing schemes. Two different anonymity levels are used, called anonymous and strongly anonymous. Using the new definitions, threshold schemes and general access structures are investigated. A necessary and sufficient condition for the existence of a strongly anonymous secret sharing scheme is given. We investigate how a MAC can be calculated fast in software. Two different approaches are used: one that uses polynomial evaluation over a finite field and one tha uses random polynomial residue class codes. The binary complexity of the two suggested procedures is calculated. Examples of constructions are given. (Less)

System for issuing authentication data based on a specific time, medium for storing authentication data issued by the issuing system and system for authenticating authentication data

Abstract: A system for issuing authentication data based on a specific time transmits authentication data formed sequentially with the lapse of time counted by a specific time generating device (6) from a reference computer (1) to intermediate-order computers (2A) as shown in the Figure. To the authentication data, the low-order computers (2A) and low-order computers (3A) add specific authentication data successively and transmit the resultant data to the lowest-order vending machines. A computer of the vending machine (5) adds specific data to the transmitted data, and generates and issues specific authentication data, and stores them in a prepaid card (20). At the same time, reversely to the above process, the specific authentication data are transmitted to the reference computer (1) and are lastly registered in the reference computer (1). When such an issued prepaid card (20) is used in a pachinko (pin-ball game) machine in a pachinko parlor affiliated to the reference computer (1), the pachinko machine reads the specific authentication data stored in the card, refers to the reference computer for the read data, and collates and authenticates it.

Authentication system and method for a remote keyless entry system

Abstract: An authentication system and method changes (407) a symbolic value of a challenge count and encodes (411) it into an authentication symbol using an encoding process. Then, the symbolically-changed challenge count and the authentication symbol are transmitted (415). When received, the symbolically-changed challenge count is encoded (507) using the encoding process, and a receive-side derived authentication symbol is formed therefrom. Authentication is indicated (511) when the authentication symbol and the receive-side derived authentication symbol match.

Authentication using IC card

Abstract: A method and system for authenticating between a user or client and a network access entity such as a server (14) or another client, using an IC card (10), includes executing an initial authentication using the IC card when the user first communicates with the network access entity, commonly holding authentication information in both the user and the network access entity if the initial authentication achieves success, and executing a re-authentication using the commonly held authentication information without using the IC card when the user communicates again with the same network access entity within a predetermined period of time after the last authentication.

Video Compression and Person Authentication

Abstract: In this paper, we address the possible effects of video compression on the visual quality of images, that should be considered by person authentication algorithms. We present the block based compression approach which is part of most of the current video compression standards, and two other classes of very low bitrate video compression methods, which are the region-based and model-based methods. Various possible distortions of facial images and sequences caused by these compression algorithms are mainly studied, in order to be considered by person authentication algorithms.

Access qualification authentication device and its method

Abstract: PROBLEM TO BE SOLVED: To relieve the load derived from handling lots of specific information such as authentication keys on both the user side and the protect side such as an application author. SOLUTION: An access ticket generator 12 generates an accessticket from user specific information and characteristic information of access qualification authentication. A user qualification data generator 11 receivers an access ticket and converts authentication data received from a qualification data certification device 10 into the authentication data by using the access ticket and the user specific information and returns the authentication data to the qualification data certification device 10. The qualification data certification device 10 certificates the qualification data by using an expected value or the like stored in itself.

Cryptanalysis of Message Authentication Codes

Abstract: This paper gives a survey of attacks on Message Authentication Codes (MACS). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACS. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACS described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.