Abstract: A method of providing user identification and authentication using ultra long identification key codes and/or ultra large databases of identification key codes in a manner providing secure access to a remote computer terminal to a database or server transaction program stored on a host computer.

Abstract: A method and apparatus for authenticating a roaming subscriber. In a preferred embodiment, a subscriber receives a challenge (305) that is in a format of a local authentication protocol, and determines (310) whether the local authentication protocol is the subscriber's home system authentication protocol. If it is not, the subscriber converts the challenge into a format (e.g., bit length) compatible (325) with its home system authentication protocol, and processes the converted challenge with the subscriber's secret key and authentication algorithm into an authentication response (330). The authentication response is converted (335) to be compatible with the local authentication protocol, and transmitted (340) to a local system communication unit. The challenge and response is then forwarded to the subscriber's home system (345) for similar conversion and processing, and the subscriber's response is compared against a home system generated response (355).

Abstract: Library service protocols are provided for moving large data objects into an out of a data image library with attention to security, authentication, and consistency of related images stored in different machines. The protocol consists of particular message sequences, special tokens within messages, and out-of-sequence database changes.

Abstract: The security processes and products are based on coded topological and/or biometric information. Coded topological data, corresponding to a security document comprising an image, may be printed on the document in order to the used for its authentication. It is thus possible to establish a relationship between an image and certain pattern features contained in a database, said relationship being used for the fabrication and authentication of security documents and for the facial recognition of individuals.

Abstract: Method for providing user authentication and a memory for storing a computer program for providing user authentication are described. The method includes the steps of providing a first argument including a one-way cryptographic transformation of a password and a second argument including a one-way cryptographic transformation of a cryptographic combination of the password and a first nonce, computing a first term using the first argument and computing a second term using the first nonce, and comparing the second term with the second argument. The memory storing a computer program, the computer program including, means for providing a first argument including a one-way cryptographic transformation of a password and a second argument including a one-way cryptographic transformation of a cryptographic combination of the password and a first nonce, means for computing a first term using the first argument and computing a second term using the first nonce, and means for comparing the second term with the second argument.

Abstract: The invention concerns a personal data archive system with portable personal storage devices allowing the owner to enter and store personal data. Authorization checking devices are allocated to the storage devices and grant access to at least some of the personal data stored in the storage devices only in the event of a positive authorization and/or authentication.

Abstract: The goal ofincremental cryptography is to design cryptographic algorithms with the property that having applied the algorithm to a document, it is possible to quickly update the result of the algorithm for a modifled document, rather than having to re-compute it from scratch. In settings where cryptographic algorithms such as encryption or signatures are frequently applied to changing documents, dramatic e‐ciency improvements can be achieved. One such setting is the use of authentication tags for virus protection. We consider documents that can be modifled by powerful (and realistic) document modiflcation operations such as insertion and deletion of character-strings (or equivalently cut and paste of text). We provide e‐cient incremental signature and message authentication schemes supporting the above document modiflcation operations. They meet a strong notion of tamper-proof security which is appropriate for the virus protection setting. We initiate a study of incremental encryption, providing deflnitions as well as solutions. Finally, we raise the novel issue of \privacy" of incremental authentication schemes.

Abstract: A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.

Abstract: Disclosed are methods, systems and articles of manufacture for creating and authenticating self-verifying articles (104). Self-verifying articles include, for example, commercial instruments (i.e. notes, drafts, checks, bearer paper, etc.), transaction cards (i.e. ATM cards, calling cards, credit cards, etc.), personal identification documents (i.e., driver's licenses, passports, personal identification papers, etc.) and labels affixed to package surfaces for identification of the package owner or sender, which, for example, may be used for verifying imported goods by customs agents. Self-verifying article (104) creation includes receiving recipient specific data, encoding a first selected subset of the recipient specific data and fixing the encoded subset along with other human recognizable data on a surface of an article. Self-verifying article authentication includes scanning (502) a surface to locate an encoded first data set, decoding (503) the first data set and comparing (504) the decoded first data set with a control data set, which may also be fixed upon the surface, to determine (505) the authenticity of the received self-verifying article.

Abstract: The Kerberos authentication system is based on the trusted third-party Needham-Schroeder (1978) authentication protocol. The system is one of the few industry standards for authentication systems and its use is becoming fairly widespread. The system has some limitations, many of which are traceable to the decision of the Kerberos designers to solely use symmetric key cryptosystems. Using asymmetric (public-key) cryptosystems in an authentication protocol would prevent some of the shortcomings. Several such protocols have been proposed and some have been implemented. However, all these designs are either completely different from the Kerberos system, or require major changes to the basic system. Any attempts to improve Kerberos would do so with only minimal impact to the protocol and the source tree. In this work, we describe Yaksha, a new approach to achieving these goals. Yaksha uses as its building block an RSA (Rivest, Shamir & Adelman, 1978) algorithm variant independently invented by Boyd (1989) and by Ganesan and Yacobi (1994), in which the RSA private key is split into two portions. One portion becomes a user's Yaksha password, and the other the Yaksha server's password for that user. Using this simple but useful primitive, we show how we can blend the Kerberos system with a public-key infrastructure to create Yaksha, a more secure version of Kerberos, with minimal changes to the protocol. >

Abstract: The terminal and the user module are authenticated in a combined manner on the basis of an authentication key calculated on the one hand by the terminal and on the other hand by the network. A session key is firstly calculated by the user module on the basis of a secret user key, of a terminal identification parameter and of a first random number. Calculation of the authentication key by the terminal involves this session key calculated by the user module, a secret terminal identification key and a second random number. The network calculates in the same way the session key and the authentication key by retrieving the secret keys on the basis of the identification parameters transmitted by the terminal. The terminals can then be authenticated by the network independently of the associated user modules.

Abstract: User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user’s reai identity during the authentication process, or other procedures specific to mobile networks. Such disclosure allows an unauthorized third-party to track the m.obile user’s movements and current whereabouts. Depending ou the context, access to auy information related to a mobile user’s location without his consent can be a serious violation of his privacy. This new issue might be seen as a conflicting requirement with respect to authentication: untraceability requires hiding the user’s identity while authentication requires the user’s identity to be revealed in order to be proved. What is needed is a single mechanism reconciling both authentication and privacy of a mobile user’s identification. The basic :solution to this problem is the use of uliases. Aliases insure untraceability by hiding the user’s real identity as well as his relationship with domain authorities. In this paper, we present a classification scheme to identify the various degrees of untraceability requirements. We then present an efficient method for the computation of aliases and apply It to a new set of inter-domain authentication protocols. We demonstrate that these protocols can be designed to meet various degrees of untraceability requirements. In designing these protocols, we try to avoid the drawbacks of authentication protoc:ols in existing mobile network architectures such as CDPD and GSM.

Abstract: An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight. >

Abstract: The present invention is an improved certificate revocation process that improves the efficiency of an authentication exchange in a public key distributed network system. Specifically, the present invention includes a novel revocation service (RS) that, in response to a unique request from a server node, selects certain revoked certificates from a current CRL to include in its reply so as to consume minimal system bandwidth. The unique request includes a number of parameters for consideration by the RS in generating its reply, including a maximum CRL size and/or a timestamp. The maximum CRL size indicates the largest number of revoked certificate serial numbers that the server node can process and thus receive in the revocation service reply, whereas the timestamp indicates the latest certificate revocation date of the certificates included in the CRL presently retained by the server node. Significantly, the RS generates an optimal CRL for its reply that contains all, part, or none of the current CRL revoked certificate serial numbers. Determination of the optimal CRL entails consideration of any number and combination of optimization factors, including the number of revoked certificates stored in the CRL storage facility and the time remaining before the current CRL is to be updated by a certificate authority (CA), the expiration date of the certificates, as well as the maximum CRL size and/or timestamp parameters provided to the RS in the server node request. The server node may control whether it will receive an optimal CRL and if so, what portion of the current CRL it will include by manipulating the parameters it provides to the RS. This enables each server node to request the CRL based upon its own specific security needs while optimizing the certificate revocation process. Further, the RS and/or server node may discard certificate serial numbers as their expiration dates come to pass.

Abstract: Host mobility is becoming an important issue due to the recent proliferation of notebook and palmtop computers, the development of wireless network interfaces, and the growth in global internetworking. This paper describes the design and implementation of a mobile host protocol, called the Internet mobile host protocol (IMHP), that is compatible with the TCP/IP protocol suite, and allows a mobile host to move around the Internet without changing its identity, In particular, IMHP provides host mobility over both the local and wide area, while remaining transparent to the user and to other hosts communicating with the mobile host. IMHP features route optimization and integrated authentication of all management packets. Route optimization allows a node to cache the location of a mobile host and to send future packets directly to that mobile host. By authenticating all management packets, IMHP guards against possible attacks on packet routing to mobile hosts, including the interception or redirection of arbitrary packets within the network. A simple new authentication mechanism is introduced that preserves the level of security found in the Internet today, while accommodating the transition to stronger authentication based on public key cryptography or shared keys that may either be manually administered or provided by a future Internet key management protocol. >

Abstract: A method and an apparatus for authenticating a data carrier enables a transaction or access to a service or a location, and the corresponding carrier. The carrier (1) has a specific number (Ns) and an authentication value calculated from the specific number and from information (I) that defines the rights attaching to the carrier by means of an asymmetrical algorithm (F) and a secret key (Ks). Two types of authentication are provided. One is current, in a mode disconnected from the authorizing organization. The other is periodic, in a connected mode. In the disconnected mode, an algorithm (G) correlated with the asymmetrical algorithm (F) and using a public key (Kp) is applied to the authentication value (VA), read from the carrier, in order to verify that the authentication value (VA) is compatible with the specific number (Ns) and the information (I), and that the transaction or service requested is compatible with the information (I). In the connected mode, it is also possible to modify the authentication value of the carrier.

Abstract: This document describes the use of keyed MD5 with the IP Authentication Header. [STANDARDS-TRACK]

Abstract: A communications system is designed to exempt communications services users, such as wireless communications subscribers and calling card callers, from entering an authentication code for calls directed to pre-selected destination numbers, notwithstanding the authentication code entry requirement implemented by the communications services provider for all other calls.

Abstract: Describes progress in the development of authentication and key agreement (AKA) processes for personal communication systems (PCS). A conceptual framework is first established; this is a three-part general model that characterizes all AKA techniques. Then three proposed AKA methods are compared using this model. These methods are the so-called secret key method of GSM, the secret key method of United States Digital Cellular (IS-54, IS-95), and a public key/secret key method. Finally, a summary is presented that indicates the AKA method of preference for some proposed PCS air interfaces that are under development by standards bodies. >

Abstract: Existing one-time password (OTP) schemes suffer several drawbacks. Token-based systems are expensive, while software-based schemes rely on one-time passwords that are dependent on each other. There are disadvantages to authentication schemes that rely on dependent OTP's. It is difficult to replicate the authentication server without lowering security. Also, current authentication schemes based on dependent OTP's only authenticate the initial connection; the remainder of the session is assumed to be authenticated. Experience shows that connections can be hijacked. A new scheme for generating one-time passwords that are independent is presented. The independence property enables easy replication of the authentication server, and authentication that is persistent for the lifetime of a connection. This mechanism is also ideally suited for smart card applications. Our implementation and several applications are discussed.

Abstract: We describe the first operational Internet payment switch that provides real-time authorization suitable for direct use by merchant servers. A payment switch is a server that creates digital representations of conventional financial instruments, and forwards authentic payment orders on these instruments to their corresponding conventional financial networks and institutions. Our payment switch provides support for time-based and item-based pricing, implements switch based authorization and settlement aggregation for micropayments, and includes an extensive customer support system in order to provide a high level of customer confidence in electronic commerce. Fraud control is based on a transaction-specific multi-level security model that accommodates existing Internet browsers. Multiple authentication technologies are applied to every transaction.

Abstract: We propose a new service for digital mobile communication systems. The service enables two or more users to hold a secure conference. Two requirements must be considered: privacy and authentication. Privacy involves ensuring that an eavesdropper cannot intercept the conversations of the parties holding the conference. Authentication involves ensuring that service is not obtained fraudulently in order to avoid usage charges. We present two new conference key distribution schemes for digital mobile communication systems. In these schemes, a group of users can generate a common secret keg over a public channel so that they may hold a secure conference. >

Abstract: The authentication and security mechanism in a first program is used to access an application program which requires a different type of authentication and password. A server program runs in the same machine as the application program. The server program communicates with the first program and it is accessed and it authenticates the user utilizing the security and authentication mechanism of the first program. After the user ID of a user who desires access to the second program has been authenticated using the authentication mechanism of the first program, the server program (a) generates a temporary password for the authenticated user I.D., (b) changes the password for the authenticated user ID to the temporary password, (c) accesses the second program using the authenticated ID and the temporary password, and (d) receives data and/or commands from the first program using the security mechanism from the first program and transmits this data and/or commands to the second program and (e) receives data and/or commands from the second program and transmits the data and/or commands to the user using the security mechanism of the first program.

Abstract: The authors first discuss the basic cellular digital packet data (CDPD) architecture and its authentication protocols. They then present threats to the network. Next, they investigate the basic requirements of the security architecture and goals in light of attacks. Then they present the improved authentication protocol in operation, and how it deals with faults. Next, they add authenticated key exchange for confidentiality, followed by anonymity provisions. Then, they summarize the design and present the complete protocol, and identify which protocol transmissions goes on which CDPD message. Finally, they present further issues and concerns that are beyond the scope of this protocol. >

Abstract: An integrated circuit component for enforcing licensing restrictions. Such enforcement is performed through remote transmission of access privileges for executing a licensed program from the integrated circuit component to another similar component. The integrated circuit component comprising a non-volatile memory for storing a uniquely designated key pair, an authentication device certificate and a manufacturer public key along with cryptographic algorithms, a processor for executing the cryptographic algorithms in order to process information inputted into the integrated circuit component and for transmitting the processed information into volatile memory and a random number generator for generating the uniquely designated key pair internally within the integrated circuit component.

Abstract: There are increasing requirements for the availability of practical solutions to the problem of providing secure single sign-on for users to applications anywhere on a network, but with affordable security management. Kerberos has been proven to be an effective solution to this problem for a local network, or within closely linked groups of users, but Kerberos is constrained by its current limitations of supporting purely symmetric key distribution, and an identity-based authorisation model. This paper describes how the SESAME (Secure European System for Applications in a Multi-vendor Environment) project has integrated asymmetric key distribution, and authorisation support to extend Kerberos to provide significant scalability and manageability improvements. >

Abstract: Research in authentication protocols has focused largely on developing and analyzing protocols that are secure against certain types of attacks There is little and only scattered discussion on protocol efficiency This paper presents results on the lower bounds on the numbers of messages, rounds, and encryptions required for network authentication For each proven lower bound, an authentication protocol achieving the bound is also given, thus proving that the bound is a tight bound if the given optimal protocol is secure Moreover, we give impossibility results of obtaining protocols that are simultaneously optimal with respect to the numbers of messages and rounds