WO2002050630A3 - A system and method for password throttling - Google Patents

A system and method for password throttling Download PDF

Info

Publication number
WO2002050630A3
WO2002050630A3 PCT/US2001/048301 US0148301W WO0250630A3 WO 2002050630 A3 WO2002050630 A3 WO 2002050630A3 US 0148301 W US0148301 W US 0148301W WO 0250630 A3 WO0250630 A3 WO 0250630A3
Authority
WO
WIPO (PCT)
Prior art keywords
user
transmitted
response
challenge
complexity
Prior art date
Application number
PCT/US2001/048301
Other languages
French (fr)
Other versions
WO2002050630A9 (en
WO2002050630A2 (en
Inventor
Ravi Sandhu
Colin Desa
Karuna Ganesan
Original Assignee
Singlesignon Net
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Singlesignon Net filed Critical Singlesignon Net
Publication of WO2002050630A2 publication Critical patent/WO2002050630A2/en
Publication of WO2002050630A3 publication Critical patent/WO2002050630A3/en
Publication of WO2002050630A9 publication Critical patent/WO2002050630A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Abstract

A method for authenticating a user includes receiving a request for access from a user claiming to be a particular user. A first challenge (437) having a first level of complexity is transmitted to the user. A response to the transmitted first challenge is transmitted. A determination (460) is made as to whether or not the transmitted response authenticates the user as the particular user. The requested access by the user is allowed if the transmitted response authenticates the user. However, a second challenge having a second level of complexity, greater than the first level of complexity, is transmitted to the user if the transmitted response does not authenticate the user.
PCT/US2001/048301 2000-12-19 2001-12-18 A system and method for password throttling WO2002050630A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US79311000A 2000-12-19 2000-12-19
US09/793,110 2001-02-27

Publications (3)

Publication Number Publication Date
WO2002050630A2 WO2002050630A2 (en) 2002-06-27
WO2002050630A3 true WO2002050630A3 (en) 2002-11-07
WO2002050630A9 WO2002050630A9 (en) 2002-12-19

Family

ID=25159118

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/048301 WO2002050630A2 (en) 2000-12-19 2001-12-18 A system and method for password throttling

Country Status (1)

Country Link
WO (1) WO2002050630A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system

Also Published As

Publication number Publication date
WO2002050630A9 (en) 2002-12-19
WO2002050630A2 (en) 2002-06-27

Similar Documents

Publication Publication Date Title
WO2001077792A3 (en) System and method for authenticating a user
MacKenzie The PAK suite: Protocols for password-authenticated key exchange
WO2000076120A3 (en) Security architecture
WO1999060750A3 (en) Preventing unauthorized use of service
WO2000030285A8 (en) Method and apparatus for secure distribution of authentication credentials to roaming users
WO2004019550A3 (en) System and method for authenticating wireless component
WO2002069605A3 (en) Method and system for delegation of security procedures to a visited domain
EP1638034A3 (en) Method and system for controlling access privileges for trusted network nodes
WO2000067415A3 (en) Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment
JP2003188885A5 (en)
WO2001001627A3 (en) Server-assisted regeneration of a strong secret from a weak secret
PL363770A1 (en) Method and system designed to authenticate user for sub-location of network location
CA2263434A1 (en) Method for access control in a virtual postage metering system
WO2006099081A3 (en) Method and system for managing account information
WO2006039365A3 (en) Method and system of authentication on an open network
WO2002012987A3 (en) Systems and methods for authenticating a user to a web server
WO2003032126A3 (en) Multi-factor authentication system
WO2007047440A3 (en) Method and apparatus for re-authentication of a computing device using cached state
WO2003100544A3 (en) Method for authenticating a user to a service of a service provider
WO2004051413A3 (en) Biometric authentication of a client network connection
MY145724A (en) Persistent authorization context based on external authentication
WO2005048029A3 (en) System and method for controlling access to digital content, including streaming media
WO2006076664A3 (en) System and method for permission-based access using a shared account
WO2006010028A3 (en) System and method for managing content between devices in various domains
WO2004003679A3 (en) Method of registering home address of a mobile node with a home agent

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

COP Corrected version of pamphlet

Free format text: PAGES 1/12-12/12, DRAWINGS, REPLACED BY NEW PAGES 1/11-11/11; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

122 Ep: pct application non-entry in european phase