| 摘要 |
The present invention relates generally to cryptography, and more specifically, to secure authentication of a First Computer Program to a Second Computer Program. The approaches known in the art require that secure data positively identifying Client accounts be stored at a central location, either the Server or a Certifying Authority, requiring large overheads of memory and computational power, and presenting obvious and high-value targets for attacks. The invention provides a means of authenticating Clients to Servers without requiring confidential data to either be stored at the Server, or transmitted to the Server. The Client generates a series of one-time passwords by successive iterations of a non-reversible function on a seed value. The last value in the series is then sent to the Server to establish an account. When the Client wishes to log on to his account, he sends the previous value in the non-reversible series as his password. The Server can easily authenticate the Client by executing the same non-reversible function on the password and verifying that is equal to the previous password. However, given such a one-time password, there is no practical means for generating a prior value in the non-reversible series. Therefore, even if the password is intercepted or the Server data accessed, there is no useful information available in either the transmission or the central storage.
|
