| 发明名称 |
Lattice scheme for establishing a secure multi-identity authentication context |
| 摘要 |
This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice. Thus, for example, during authentication of multiple entities, a shared key is computed incrementally as the Diffie-Hellman keys arrive from the entities for which a multi-identity authentication is required. The shared key represents a proof of group authentication. |
| 申请公布号 |
US8755519(B2) |
申请公布日期 |
2014.06.17 |
| 申请号 |
US201113172387 |
申请日期 |
2011.06.29 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Benantar Messaoud |
| 分类号 |
H04L9/00 |
主分类号 |
H04L9/00 |
| 代理机构 |
|
代理人 |
LaBaw Jeffrey S.;Judson David H. |
| 主权项 |
1. A method of authentication, comprising:
receiving, from each of one or more entities, a unique key value generated according to a key exchange protocol; ordering the unique key values in a lattice as a partially ordered set, each vertex of the lattice having an associated key corresponding to a unique group of the one or more entities and derived from the unique key values of the one or more entities in the unique group; responsive to an authentication request, the authentication request associated with an operation by a group of entities, obtaining a key from the lattice, the key representing a single authentication context for the group of entities; and performing an authentication using the key obtained from the lattice to enable the operation by the group of entities; wherein at least one of the obtaining and performing steps is carried out in software executing in a hardware element.
|
| 地址 |
Armonk NY US |
