| 摘要 |
This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a partially ordered set to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice. Thus, for example, during authentication of multiple entities, a shared key is computed incrementally as the Diffie-Hellman keys arrive from the entities for which a multi-identity authentication is required. The shared key represents a proof of group authentication.
|
