Abstract: We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a “speaks for” relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

Abstract: A distributed computer system has a number of computers coupled thereto at distinct nodes. The computer at each node of the distributed system has a trusted computing base that includes an authentication agent for authenticating requests received from principals at other nodes in the system. Requests are transmitted to servers as messages that include a first identifier provided by the requester and a second identifier provided by the authentication agent of the requester node. Each server process is provided with a local cache of authentication data that identifies requesters whose previous request messages have been authenticated. When a request is received, the server checks the request's first and second identifiers against the entries in its local cache. If there is a match, then the request is known to be authentic. Otherwise, the server node's authentication agent is called to obtain authentication credentials from the requester's node to authenticate the request message. The principal identifier of the requester and the received credentials are stored in a local cache by the server node's authentication agent. The server process also stores a record in its local cache indicating that request messages from the specified requester are known to be authentic, thereby expediting the process of authenticating received requests.

Abstract: A number of protocols used to authenticate users, hosts and processes are described. The three main types of authentication in a distributed computing system-message content authentication, message origin authentication, and general identity authentication-are explained. Authentication exchanges are identified, and paradigms of authentication protocols are presented. Authentication protocol failures are addressed, and an authentication framework is provided. As case studies, two authentication services, Kerberos and SPX, are examined. >

Abstract: A distributed computer system, has a number of users and target applications. When a user logs on to the system, an authentication unit issues the user with a privilege attribute certificate (PAC) representing the user's access rights. When the user wishes to access a target application, he presents the PAC to that application as evidence of his access rights. The application, in turn, passes the PAC to a PAC use monitor (PUM) which validates the PAC. The PUM is shared between a plurality of applications.

Abstract: The authors extend the use of traditional point-to-point message authentication to multireceiver and/or multisender scenarios. They provide efficient cryptographic authentication methods for point-to-multipoint communication, where a single sender can broadcast (multicast) only one unconditionally secure authenticator for a message and which all receivers can verify. They further develop multipoint-to-point communication (incast) in which any subset (of a specified size) of a group of individuals can transmit a single authenticator (or a signature) for a message using the group's key. This method has been called threshold authentication. It is an application layer that is transparent to the receiver which only deals with the group as one entity. The bandwidth, computations, and storage overheads are reduced substantially when compared with the traditional approach. Threshold authentication hides some aspects of the internal structure of the group, which may be important in interenterprise communication. >

Abstract: A method and apparatus for authenticating a human user on a personal computer without requiring the user to expose his password or authentication secret to the personal computer of a server. Also a method for protecting a floppy disk with login software from unauthorized use.

Abstract: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.

Abstract: This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnight's protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm.

Abstract: SPX is a reference implementation of an open distributed authentication service architecture based on ISO Standard 9S94-8/CCITT X.S09 Directory Public Key Certificates and hierarchically organized Certification Authorities. SPX manages the end system state and provides the run-time environment that enables applications to take advantage of this certificate infrastructure to mutually authenticate on the basis of a global principal identity. SPX scales well in that it does not require on-line trusted components, and it permits management of global trust relationship policy in arbitrarily large distributed environments. Conceptual, component, and protocol descriptions are provided.

Abstract: A document secure against tampering or alteration and method and apparatus for producing and authenticating such a document. A document is scanned to produce a digital signal which is compressed, encrypted, and coded as a two dimensional barcode or as some other appropriate form of coding, which is incorporated into a label which is the affixed to the document. In one embodiment the signal representing the image is encrypted using a public key encryption system and the key is downloaded from a center. This key maybe changed from time to time to increase security. To facilitate authentication the corresponding decryption key is encrypted with another key and incorporated on the card. To validate the document the coded signal is scanned from the label, decoded, decrypted, expanded and displayed. The card may then be authenticated by comparison of the displayed representation of the image and the document.

Abstract: An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The authentication center receives an equipment ID for each terminal, generates a series of sequence numbers and uses a secret key to encrypt the sequence numbers and the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber's terminal. The authentication center sends a public key to network authentication nodes. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The node decrypts the encrypted block and evaluates the IDs and sequence number to determine whether to grant access to services.

Abstract: A data processing system, method and computer program provide for the secure updating an electronic purse which includes a list of purse records. The method includes the step of defining an authentication tree with an authentication tree function comprising a one way function of purse records in the list, the authentication tree having a first root for a first list of the purse records and storing the first root in a cryptographic facility. The authentication tree includes authentication MDC vectors, one for each purse record in the list. The method includes the step of receiving a transaction record in the cryptographic facility, including an authentication code, a cryptographic key, and an authentication MDC vector, for updating an existing purse record in the first list. The method then performs the step of performing a purse update function in the cryptographic facility. The method first authenticates the transaction record using the authentication code and cryptographic key and authenticates the existing purse record with the authentication MDC vector and first root. The method next performs the step of substituting an updated purse record for the existing purse record in the first list, forming a second list. The method then computes with the updated purse record and the first authentication MDC vector, a second path MDC vector and a second root of the authentication tree for the second list by computing a path MDC vector of the authentication tree between the updated purse record and the first root and stores the second root in the cryptographic facility.

Abstract: The concept of integrated security system (ISS) and its realization are described. An integrated security system protects information network systems from computer viruses, hackers and other computer crimes. For this purpose, the ISS requires three mechanisms: information secrecy, user identification and access control mechanisms. The information secrecy mechanism protects information against intrusion through 'non-gates' of the information network systems. User identification mechanism permits authorized users to enter the systems only at 'the gates'. Access control mechanism allows only the users with permission to actually access data. The author implements an integrated security system using an ID-based security scheme. The ID-based security scheme provides encryption tools and authentication tools Encryption tools are used for information secrecy, and authentication tools are used for user identification and access control. >

Abstract: The basic server-assisted authentication protocol of Matsumoto et al (1984) can be broken in a one-round active attack. The improvements necessary to make it secure may well render it impractical.

Abstract: This paper discusses the use of time in distributed authentication. Our first objective is to give reasons for the provision of authentication protocols whose correctness depends on the correct generation of timestamps. Our second objective is to explain that this proposal is not, at least theoretically, as insecure as it first seems to be. The conclusion of this paper motivated our current effort of designing a secure clock synchronization protocol as a part of our overall goal of building a secure distributed system.

Abstract: In this paper, we propose a conference key distribution system for generating a common secret key for two or more users. In our system, each user possesses a secret key and a public key. Initially, the chairperson constructs a conference key associated with his secret key and the conference members' public keys. Then each member can obtain and authenticate the conference key by using his secret key. Further, we have shown that the security of our proposed system is based on the difficulty of breaking the Diffie-Hellman key distribution system.

Abstract: Second generation mobile and cordless telephone systems, like GSM and DECT, provide for intersystem roaming and have integrated security features. These security features and the role played by smart cards in the implementation and management are discussed. The focus is on the security features provided in DECT because these are more comprehensive, and probably less widely known, then those provided in GSM. The method of authentication is identical to that used for authenticating subscribers accessing a GSM network. However, the DECT authentication mechanism includes an additional feature which is not provided within GSM. This feature provides for greater flexibility in the way authentication keys and authentication data may be managed. >

Abstract: It is expected that personal communications services (PCSs) will provide access to the wireline telephone network for a large number of telephone calls via low-power, portable, digital radio telephones. The use of radio makes such a PCS more susceptible to eavesdropping than are conversations carried via wires. The mobility of PCS users also presents new problems relating to 1) authentication-ensuring service is not obtained fraudulently, and 2) the privacy of information about the PCS user's location. It is important that PCSs provide privacy (of conversation and location) and fraud control comparable to that of the wireline network. The paper compares two approaches to providing privacy and authentication for PCSs: a conventional approach using "private-key" cryptographic technology, and a new approach using "public-key" technology. It is concluded that the public-key approach provides superior security while maintaining comparable call set-up performance. >

Abstract: Two enhancements to a recently published hierarchical encryption key management protocol for end-to-end secure communication in internet environments are outlined. The first one concerns a more reliable authentication of the principals which can be realized by a modification of the message structures being exchanged, while the second one concerns a modified protocol that permits the implementation of the hierarchical key management approach in the widely employed TCP/IP-based network interconnections. >

Abstract: The goal of DASS is to provide authentication services in a distributed environment which are both more secure and easier to use than existing mechanisms. This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard.

Abstract: Focuses mainly on communications and communication standards with emphasis also on risk analysis, ITSEC, EFT and EDI with numerous named viruses described. The dictionary contains extended essays on risk analysis, personal computing, key management, pin management and authentication.

Abstract: The method involves connecting a subscriber identification module, code card, to a mobile radio to allow data exchange. After input of a device code, the system is initialised. A number is transmitted from the mobile to the ID module. There, an authentication parameter is calculated from the number, using a code or key stored in the module and this is transmitted to the mobile. The latter stores the number and parameter as duplets in a non-volatile memory. During operation, a personal identification number is input to the radio for authentication checking. The duplet-stored number is transmitted to the ID module. An authentication parameter is calculated and transmitted to the mobile. In the mobile, the transmitted parameter is compared with the stored parameter. If they do not match, further operation, especially making connections, is blocked. If the parameters match, the mobile is freed for use. ADVANTAGE - Simple, reliable method of preventing unauthorised use.

Abstract: Increasing user demands to access resources, such as databases and application programmes, beyond those available in a single network has resulted in the introduction of teleprocessing systems and communication services between networks supported by different organisations. Consequently, the sharing of network resources introduces security threats such as unauthorised reading, modifying, adding or deleting of the contents of resources. It is therefore necessary to implement certain access control mechanisms to protect these resources from unauthorised access. In the paper, an internet access control scheme which operates at the network level (or the packet level) is presented. This scheme allows controlled access to the internal resources of a network, and only trusted systems can gain access to external networks. In this scheme, a secure communication link is established between a requesting machine and the requested remote resource at the initiation of an external session. All the entities, the network gateways and the machines at the end points, along this communication path are authenticated during the initiation process. Any subsequent packets transmitted along this path are also authenticated throughout the session to ensure that they originated from the machine initiating the session. The scheme uses the RSA and the DES security algorithms to implement session initiation and packet origin authentication, respectively. A major issue in internet access control is the distribution of packet keys (which are used for packet authentication purposes) to network entities for each communication session. This problem has been overcome in the scheme by deriving the packet authentication key from the RSA private key of each network entity, using a reference key number concept, and allowing a different packet authentication key for each external session between communicating entities. This eliminates the need to distribute the packet authentication keys, which otherwise could be a major threat to the integrity of an access control scheme. The overheads incurred due to the extra access control procedures have been quantified and are presented in the paper. It was found that the overheads of this scheme are smaller in comparison with the visa scheme [1].

Abstract: For persons with operating authorisation in addition to the subscriber possessing an authorisation card, a smart card is provided as evidence of authorisation. On this card, the telephone number has a notional authentication centre as a home location, which is connected to all the EDP installations of the network operation. The EDP installations are thus made able, through comparison of a response code (SRES) which is produced when a booking order is despatched from the authentication centre to a local exchange by transmitting a random number as an inquiry word and subsequent calculation with a subscriber-specific code, and a further response code (SRES) which is produced upon the inquiry of the subscriber by a random number through the local exchange and calculation in the SIM (Subscriber Identity Module) of the subscriber, to check the identity of the authorised person and provide the code to be used to set up a connection.

Abstract: In the absence of systematic techniques to detect the existence of computer viruses, preventing suspicious software from entering the system at the initial point of entry appears to be the best method to protect computing resources against attacks of computer viruses. Currently, software is distributed primarily by diskettes instead of online transmission. Diskettes are more susceptible to modification and masquerading while on-line transmission usually follows proper user/message authentication. A software authentication system is proposed which does not require a mutually trusted center of both software vendors and users, or users' interaction with any key center. Vendors assume responsibility by signing released software and users verify the authenticity of received software before using it. Through such an authentication process, users eliminate the risk of running “unlicensed” or modified programs, thus eliminating the possibility of virus infections.

Abstract: PURPOSE:To reduce the load on an authentication machine and a server machine and to shorten the processing time by reconfirming a ticket which was confirmed in the part without decoding CONSTITUTION:The authentication machine 2, a client machine 3, and the server machine 4 are connected by a communication medium 1 The authentication machine 2 and server machine 4 have ticket reconfirmation part (a) and (c) and ticket compressing and holding parts (b) and (d) respectively The ticket compressing and holding parts (b) and (d) compress newly confirmed tickets into shapes which can not be restored to their original contents by a certain compressing method and hold them in a cash list The ticket reconfirmation parts (a) and (c) compress tickets sent fro users by a similar compressing method and compares the compressed tickets with the compressed tickets held at the ticket compressing and holding parts (b) and (d) to reconfirm the users

Abstract: In this paper we define and rationalize a policy for propagation of authentication trust across realm boundaries. This policy helps limit global security exposures that ensue whenever an authentication service is compromised. It is based on a hierarchical model of inter-realm authentication, and can be supported by both public-key and secret-key systems. As an example, we present a simple protocol which selects inter-realm authentication paths that satisfy the policy. The protocol is part of a design which provides application transparency for inter-realm, authentication-path selection and acceptance as the default mode of opera lion. The design can be integrated with the security services of existing systems; e.g., of theOpen Software Foundation's Distributed Computing Environment (DCE). DCE implementation issues are also discussed.