| 发明名称 | Multi-factor password-authenticated key exchange | ||
| 摘要 | Apparatus, methods, and computer program products are disclosed that enable a first computer and a second computer to mutually authenticate each other over a network. A first computer sends first authentication evidence to a second computer. The first authentication evidence is used to prove to the second computer that the first computer has access to a first plurality of authentication secrets without exposing the first plurality of authentication secrets. In addition, the second computer sends second authentication evidence to the first computer. The second authentication evidence is used to prove to the first computer that the second computer has access to a second plurality of authentication secrets without exposing the second plurality of authentication secrets. The first plurality of authentication secrets is related to the second plurality of authentication secrets. Thus, the first computer is authenticated to the second computer and the second computer is authenticated to the first computer. | ||
| 申请公布号 | US8776176(B2) | 申请公布日期 | 2014.07.08 |
| 申请号 | US200812143964 | 申请日期 | 2008.06.23 |
| 申请人 | Oracle America, Inc. | 发明人 | Stebila Douglas J.;Udupi Poornaprajna V.;Shantz Sheueling Chang |
| 分类号 | G06F21/00 | 主分类号 | G06F21/00 |
| 代理机构 | Park, Vaughan, Fleming & Dowler LLP | 代理人 | Park, Vaughan, Fleming & Dowler LLP |
| 主权项 | 1. A computer controlled method for mutually authenticating a first computer and a second computer over a network, the computer controlled method comprising: sending first authentication evidence by said first computer to said second computer, said first authentication evidence used to prove to said second computer that said first computer has access to a first plurality of authentication secrets without exposing said first plurality of authentication secrets, wherein said first authentication evidence comprises a shielded ephemeral public key (m) that is generated using an ephemeral public DH key (X), a hash τ, and a hash γ, in accordance with m=X·γ·τ, wherein τ is computed using a hash of an account identifier (C), an identifier for the first computer (S), and a short-term password (reC,S), and wherein γ is computed using a hash of C, S, and a long-term password (pwC,S; and sending second authentication evidence by said second computer to said first computer, said second authentication evidence used to prove to said first computer that said second computer has access to a second plurality of authentication secrets without exposing said second plurality of authentication secrets, said first plurality of authentication secrets related to said second plurality of authentication secrets, whereby said first computer is authenticated to said second computer and said second computer is authenticated to said first computer. | ||
| 地址 | Redwood Shores CA US | ||