Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and apparatus for authentication of client server communication

a client server and authentication technology, applied in the field of network communication, can solve the problems of insufficient to enable an intruder to forge a message, restricted financial data, and other users not being permitted to access that data

Inactive Publication Date: 2001-05-15
EMC CORP
View PDF11 Cites 50 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key)is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.
is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key)is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.

Problems solved by technology

In addition, there may be certain types of files or activities that are restricted from most users.
For example, financial data is often restricted to users who have a need to know or use the financial data.
Generally, other users are not permitted to access that data.
However, that alone is not sufficient to enable an intruder to forge a message.
If not, it is an invalid request and the server discards the packet.
A problem is that depending on the size of the window for allowed retries, an intruder could randomly provide a correct sequence number within the window.
If the window is made smaller, legitimate transactions might be interrupted when the correct sequence number is not provided by a legitimate user.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for authentication of client server communication
  • Method and apparatus for authentication of client server communication
  • Method and apparatus for authentication of client server communication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

A method and apparatus for message authentication is described. In the following description, numerous specific details, such as message type, message length, etc., are provided in detail in order to provide a more thorough description of the present invention. It will be apparent, however, that the present invention may be practiced without these specific details. In other instances, well-known features are not described in detail so as not to unnecessarily obscure the present invention.

The present invention provides a signature with each message that identifies and authenticates the sender. In addition, the invention tracks state information about the session and uses its cumulative effect to help protect and authenticate senders.

The signature scheme of the invention takes advantage of an operation known as "message digesting". Message digesting is a scheme to provide data integrity and detect errors. There are a number of message digesting algorithms available for use, some of wh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.

Description

BACKGROUND OF THE INVENTION1. Field of the InventionThis invention relates to the field of network communications.2. Background ArtPersonal computers, or workstations, may be linked through a computer network to allow the sharing of data, applications, files, processing power, communications and other resources, such as printers, modems, mass storage and the like. Generally, the sharing of resources is accomplished the use of a network server. The server is a processing unit dedicated managing the centralized resources, managing data and sharing these resources with other PC's and workstations, often referred to as "clients". The server, network and PC's or workstations, combined together, constitute client / server computer network. An example of a client / server network model is illustrated in FIG. 1.FIG. 1 illustrates a client machine 101 coupled to a server macabre 102. The client machine 101 may be a PC, workstation, etc. The server machine may be a dedicated processor, PC, workst...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L9/08H04L9/32H04L29/06G06F21/64G06F21/00G09C1/00
CPCH04L63/061H04L63/067H04L63/083H04L63/12H04L69/16H04L9/0827H04L9/3236H04L9/3247
Inventor KINGDON, KEVIN
Owner EMC CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com