Single sign-on process
US008793779B2
(12) United States Patent
(10) Patent N0.: (45) Date of Patent:
Ferchichi et a1.
(54)
(56)
SINGLE SIGN-ON PROCESS
U.S. PATENT DOCUMENTS
Lauper, Bern (CH)
5,153,919 A 5,778,071 A
(73) Assignee: Swisscom AG (CH)
5,898,780 A * 5,983,350 A *
(*)
6,957,338 B1* 7,010,582 B1* 7,441,043 B1*
Subject to any disclaimer, the term of this patent is extended or adjusted under 35
2001/0028636 A1*
U.S.C. 154(b) by 2145 days. This patent is subject to a terminal dis claimer.
(22) Filed:
0 957 651 A2 WO 98/32301
Caputo et 31. Liu et a1. ..................... .. 713/155
Minearet al.
726/11
Sumino ........ ..
713/186
Cheng et a1. Henry et al.
709/219 709/238
Skog et al. .................. .. 370/328
11/1999 7/1998
Berniato, Scott; “Gemplus Has a Smart Suite,” PC Week. Jun. 15, 1998, pp. 37-38.*
Prior Publication Data
US 2006/0013393 A1
Reeds et a1.
OTHER PUBLICATIONS
Sep. 14, 2005
(65)
10/1992 7/1998 4/1999 11/1999 10/2005 3/2006 10/2008 10/2001
FOREIGN PATENT DOCUMENTS EP WO
(21) Appl. N0.: 11/226,724
*Jul. 29, 2014
References Cited
(75) Inventors: Azim Ferchichi, Vevey (CH); Eric
Notice:
US 8,793,779 B2
(Continued)
Jan. 19, 2006
Primary Examiner * Kaveh Abrishamkar
(74) Attorney, Agent, or Firm * McAndrews, Held &
Malloy, Ltd. (57)
Related US. Application Data
(63)
Continuation of application No. 10/207,513, ?led on Jul. 29, 2002, now Pat. No. 7,058,180, and a
continuation of application No. PCT/CH00/00438, ?led on Aug. 16, 2000.
(60)
Provisional application No. 60/181,090, ?led on Feb.
8, 2000.
(51)
Int. Cl.
G06F 7/04 G06F 21/41 G06F 21/34
(52)
(2006.01) (2013.01) (2013.01)
phone or with a laptop to remote-access a remote server,
comprising the steps of: (1) sending a ?rst authenticator over a ?rst communication layer to a ?rst intermediate equipment between said mobile equipment and said remote server,
(2) verifying in said ?rst intermediate equipment said ?rst authenticator sent by said mobile equipment, (3) if said ?rst authenticator is accepted by said ?rst inter mediate equipment, completing the communication layer between said mobile equipment and said interme diate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of succes
US. Cl.
sive communication layers, until a communication has
CPC .............. .. G06F 21/41 (2013.01); G06F 21/34
been completed at the last requested communication layer between said mobile equipment and said remote
(2013.01) USPC ...................... .. 726/8; 726/9; 726/19; 726/20
(58)
ABSTRACT
Single sign-on process allowing a mobile user with a mobile
Field of Classi?cation Search None
server,
wherein at least a plurality of said authenticators are fur
nished by a smart-card in said mobile equipment.
See application ?le for complete search history.
25 Claims, 16 Drawing Sheets Authentication Servers
Interface
Smart card
interface
/
US 8,793,779 B2 Page 2 (56)
References Cited
Inoue, A. et al: IP Layer Security and Mobility Support Design Policy and an Implementation Global Network Evolution: Convergence Or
OTHER PUBLICATIONS Microsoft Technet; “Single Sign-On in Window 2000 Networks,” pp. 1-12.*
GemSafe White Paper: “Understanding the Fundamentals of Smart Card Enabled Security for Web and E-mail,” Dec. 22, 1998 pp. 1-22. *
Collision?, Toronto, Sep. 21-26, 1997, Toronto, Pinnacle Group, CA, Sep. 21, 1997, p. 571-577, XP000720565. Schultz, E E: “Windows NT Security: Kodos, Concerns and Prescrip tions” Computers & Security. International Journal Devoted to the Study of Technical and Financial Aspects of Computer Security, NL, Elsevier Science Publishers. Amsterdam, vol. 18, No. 3, 1999, p.
Menezes, Van Oorschot, Vanstone: “Handbook of Applied Cryptog raphy” 1997, CRC Press, Boca Raton, Florida 33431, USA
204-210. XP004164021, ISSN: 0167-4048.
XP002153614, ISBN: 0-8493-8523-7 p. 506-508.
* cited by examiner
US. Patent
Jul. 29, 2014
Sheet 1 0f 16
US 8,793,779 B2
Telecommunication Protocol Stack
10
11
................. __
12 Smart card
interface
Smart card
15
Fig.1 30
36
31
a
33
35
37
38
Fig.2
US. Patent
Jul. 29, 2014
Sheet 2 0f 16
US 8,793,779 B2
One way hash function
50
\
\
52
W ______>
Fig.3 6,1
60
l
63
Cryptographic function
Secr t
66
6‘2 L
6F [IA-69
‘ 7O
I
Cryptographic function
Fig.5 Transformation function
90—_->
1491
i l
92 93
94m ——-———> 95
Cryptographic fénction
Fig.5
US. Patent
Jul. 29, 2014
Sheet 3 0f 16
US 8,793,779 B2
Transformation function 100
104
k
101
102
decryption
‘
~
193 Zt/module
105 ‘
106
107
108
Cryptographic function
Fig. 7
Authentication
Server I 113
-
Module 111
: mighenllcators
‘
u
112
17 Smart card
114
13
110 116
US. Patent
Jul. 29, 2014
Sheet 4 0f 16
US 8,793,779 B2
Authentication
122
Server/J
Module
\IT
120
e———————————
123 t
‘
124
121 17
13
Smart card
127
125
Fig. 9
Authentication Server
132
'
Module - Secret key
130
133
- ID
‘
134
131 17 Smart card
13
136 135
Fig. 10
US. Patent
Jul. 29, 2014
Sheet 5 0f 16
US 8,793,779 B2
Authentication
Server / 143 Module
141
144 ‘
145
142
‘
13
Smart card
‘
140
146
Fig. 11
Authentication
Server /
W10 17
Smart card
153 151
J
Module
154 t
155
152
13
150 156
Fig/12
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 6 0f 16
Authentication Servers
169
Interface
I
Module
file
160
168
/ Z/////,/////2
\L
13
/
167
I
161 K \\
10
Smart card
1B5 164
\
9 14
interface
163
/ // \\\\ IlSlmart-car‘dx
w
iPin/Password .' A, \
Auth1 or Auth3
Auth4 or ,
AuthS
A ms “
162
\\ w , Auth7 or Auth8,9
Fig. 13
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 7 0f 16
Fig. 14
170 Graphical User Interface Launched
177 Enter Login Name
171
Secret
Stand-Alone Mode
/
No
178
,
'sso module // Transmits
180 Increases internal (iNoé/ Counter
Yes
Yes
1 74
181
Card Becomes Un usable
Smart-card in Active State
182 880 Module
V/ 175 ’
Sentto
Acknowledged
880
*yi i:o
Module 13 I,
4' 183 Build Communication
Layers 184
i: i +1 188
= 0
4’ SmarteCard Returns to 880 module
I
Communication
counter Value
Layers
At Zero
189
Yes
Authentication
3: 3+1
\ /
ls Repeated
N°
Budd
187
i
L /
No
No i
190
s \
Authentication Verified
186
\lviYes4' Communication Layer Built-Up
J/V W
build
Yes
/(
/
\
imax layers
/
\
complele
if //
US. Patent
Jul. 29, 2014
Sheet 8 0f 16
‘ 1,214
Router
US 8,793,779 B2
US. Patent
Jul. 29, 2014
Sheet 9 0f 16
US 8,793,779 B2
Middle Ware
Network Layers
/ Single sign—on module Smart card
Fig.16
US. Patent
Jul. 29, 2014
Sheet 10 0f 16
US 8,793,779 B2
mg.5
~as3o1m ma
@N . ow
NN mm
US. Patent
Jul. 29, 2014
Sheet 11 0f 16
US 8,793,779 B2
Mobile/phone Smart card
¢/
232 233
Network
234 235
17
230
231
236
Fig. 17
253 ii
254
‘Server
256 255
Single
Fig. 18
sign—on
module\\1
Smart card
Server
261
262 17
263 13
260 264
Fig.19
US. Patent
Jul. 29, 2014
Sheet 12 0f 16
US 8,793,779 B2
Server
Smart card phone
271 17
‘
273 13
275 274
Fig. 20
Mobile
Server
phone Smart card
281
283
282 17
13
284 285
280
Fig, 21
US. Patent
Jul. 29, 2014
Initiator
Sheet 13 0f 16
US 8,793,779 B2
292
J_—
293
Responder
294
a,
295
I
290
I
291
296 297
Fig. 22
Initiator
310
312
,
\ Responder
313 314
3-H \
Fig, 23
US. Patent
Jul. 29, 2014
Sheet 14 0f 16
US 8,793,779 B2
Controller
Smart
Single
card
Sign on I
331
17
module
334 ‘ 335
13
330
332 333
336 337
Flg.224
US. Patent
Jul. 29, 2014
Sheet 15 0f 16
US 8,793,779 B2
350 Re boot Complete
l 351 Login GUI Launched by 880 module
NT352 Secret
361
362
Entered
Secret C'eared
N0 Smart-Card Detected
353 Normal NT domain Proceeds
Mg
362
Fig. 25
No Smart-Card Detected
\‘lncorrect/ Yes V
,"/\\
*7/355\ Request to \
I
Change
N0
363 NT Secret Cleared 365 From Memory
7"
”// 364 \\\‘ \‘
4>~~\Processing R 3?? Ended d
New Secret Concatenates with Old Secret
esut
tore
In RAM
357 NT Secret Change Procedure
// 358 / NT Secret Change
367 /
Y s
Encrypted Password
Procedure
Stored
Fails No Y
Y
359.
3670
RAM '5
O tional Des nchronization Set
Cleared
p
y
// L \\
(\
Processing 360 ) \\\ Ended //”
t
Processing 368 ,) \\ Ended //
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 16 0f 16
380 Computer Reboot
Compete
381 Graphical User Interface Launched
Fig. 26
Q‘
382
383
NT domain secret & name
Smart-Ca rd Presence
entered
Detected
384
o
\ \ Desynchronized State “
No
| I/ // Authentication 385 & \
Checked
// ’
\\
Contruction \\
/
Proceed
/’
I
388
386
Info
Encrypted Info \/ Sent to
Smart-Card
P Decrypted by
\\
Smart-Card
\
To Smart-Card
Authentication &
Proceed
New Secret Extracted
Old Secret Extracted
Optional Info Extracted
392 Old NT Secret
394 correct
=11Prewously/V/ \\Stored/ same YesAs
optiona| Fields
‘\~As Decrypteg/ Data/’
Yes—\
W‘ Construction of Layers
Y 393
\\
I,
NT Secret Passed\\ /—> \
,
V 391
\
v
387
L 389
396 \
De-
/
synchronization
/
Reset
Yes
' I
395 NT Secret can be Updated by Smart-Card
US 8,793,779 B2 1
2
SINGLE SIGN-ON PROCESS
More speci?cally, those problems are solved with a single sign-on process allowing a mobile user with a mobile equip
REFERENCE DATA
ment to remote-access a remote location, comprising the
steps of: This application is a continuation of US. Ser. No. 10/207, 513, ?led on Jul. 29, 2002 as continuation of international Patent Application PCT/CH00/0043 8 (W001 60013) ?led on
5
(1) sending a ?rst authenticator over a ?rst communication
layer to a ?rst intermediate equipment between said mobile equipment and said remote location, (2) verifying in said ?rst intermediate equipment said ?rst authenticator sent by said mobile equipment, (3) if said ?rst authenticator is accepted by said ?rst inter
Aug. 16, 2000, claiming priority of US. provisional applica tionU.S. 60/181,090 of Feb. 8, 2000, the contents whereof are
hereby incorporated.
mediate equipment, completing the communication layer between said mobile equipment and said interme diate equipment, (4) repeating steps (1) to (3) with a plurality of successive
FIELD OF THE INVENTION The invention concerns a single sign-on process and a
smart-card used for said single sign-on process. The present
intermediate equipment and over a plurality of succes
invention also concerns a process for changing a secret from
sive communication layers, until a communication has
a plurality of equipment in a network.
been completed at the last requested communication layer between said mobile equipment and said remote
DESCRIPTION OF RELATED ART
20
location, wherein at least a plurality of said authenticators are fur
When users remote-access a corporate network or a private
LAN, various communication layers have to be built-up. Gen erally, each layer requires an authentication. For each authen tication, the users may enter secrets, for example a PIN, a password, a passphrase or biometrics data. This leads to two problems. The more secrets the users have to remember, the more they tend to choose easy secrets and the more they tend
25
existing authentication mechanism already in place. More over, the use of a smart-card improves the overall security. No
to write them down. In addition, they also tend to forget them, which increases management costs.
30
One purpose of the invention is to use only one secret that serves for all authentications.
35
nication layer.
struction and transparent user or machine authentication at
each layer. Layers can be transparently reconstructed in case of unintentional communication cut-off. 40
BRIEF DESCRIPTION OF THE DRAWINGS
Another purpose of the invention is to provide a single sign-on process with an authentication that is not tied to machine log-on, but to layer construction. This means that each time a new layer has to be built-up, it may require a new
FIG. 1 shows the general concept of the inventive process. FIG. 2 illustrates the de?nition of an authenticator in an 45
authentication of the user or his/her machine.
Known single sign-on systems are based on central servers on which the users make their ?rst log-on. This approach is not practicable when the user does not have the required communication layers to contact the central authentication server. Another problem is that for each authentication required, we do not necessarily deal with the same company, and having one central server for all may lead to political and
authentication scheme. FIG. 3 illustrates a hashed authentication mechanism. FIG. 4 illustrates a cryptographic authentication mecha
Another purpose of the invention is to propose a single sign-on process that can be used for building a communica tion over different communication layers of different network
protocols.
an enterprise network, regardless of the number of authenti cations to be performed and regardless of the number of communication layers to be built up. The inventive process allows for a transparent layer con
type of known single log-on process only works once all necessary communication layers have already been built. More speci?cally it is generally assumed that machines are inside a corporate network with TCP/IP as the basic commu
central single sign-on server is needed. According to another aspect of the invention, one and only one password (or PIN, or biometric data, or any other secret) is entered by the user, e. g. by a mobile user, to remote-access
Single sign-on processes have already been proposed for users who want to log onto different machines, each having its own operating system and its own type of authentication. This
nished by a smart-card in said mobile equipment. According to an aspect of the invention, every step of the single sign-on process is carried out on the client side, pref erably in a smart-card. This process is advantageous in that it does not weaken any
nism without key protection. FIG. 5 illustrates a symmetric cryptographic authentica 50
tion mechanism with weak key protection. FIG. 6 illustrates a symmetric cryptographic authentica
tion mechanism with strong key protection. FIG. 7 illustrates an asymmetric cryptographic authentica
tion mechanism with strong key protection 55
FIG. 8 illustrates an authentication process for a permanent secret authentication mechanism. FIG. 9 illustrates the authentication process for a hashed
password authentication mechanism.
trust problems.
FIG. 10 illustrates an authentication process for a symmet
BRIEF SUMMARY OF THE INVENTION
60
ric authentication mechanism without key protection or with
weak key protection. In accordance with one embodiment of the present inven tion, those problems are solved with a process comprising the
steps of the disclosed single sign-on process and a smart-card used for said single sign-on process. The present invention
FIG. 11 illustrates an authentication process for a symmet
ric authentication mechanism with strong key protection. FIG. 12 illustrates an authentication process for an asym
also concerns a process for changing a secret from a plurality
metric authentication mechanism. FIG. 13 illustrates the interaction between the components
of equipment in a network.
used for the single sign-on process.
65
US 8,793,779 B2 4
3 FIG. 14 shows a data?ow illustrating the process steps executed for the layer construction in an embodiment of the inventive process. FIG. 15 illustrates a system comprising a GSM network, a PPP part, an IPSEC part and a NT part, in which the inventive
FIG. 2 shows a sender 30 and a receiver 36. The receiver 36
gives the sender access to the requested services only if an authenticator 37 received from the sender can be veri?ed. The
authenticator 33 sent by the sender is processed using pro cessing means 34 from a secret 31 entered by the user, e.g. from a password, a passphrase, a PIN or biometrics data, and from other data 32, such as the user ID, the time, etc. The authenticator is de?ned as being the raw data that is received by the receiver 3 6 in an authentication scheme and that will be
process can be used.
FIG. 16 shows how the layers are constructed in the system of FIG. 15.
FIG. 16a illustrates the layer construction according to the
used to verify the identity of the sender 30. This authenticator
inventive process. FIG. 17 illustrates the GSM authentication mechanism. FIG. 18 illustrates the authentication mechanism for PAP two -way handshake. FIG. 19 illustrates the authentication mechanism for PAP integrating a smart-card. FIG. 20 illustrates the authentication mechanism for CHAP integrating a smart-card. FIG. 21 illustrates the authentication mechanism for EAP
using OTP integrated with a smart-card. FIG. 22 illustrates the message exchanges during IKE (In ternet Key Exchange) main mode. FIG. 23 illustrates the message exchanges during IPSEC
is sent over a communication channel between the sender and
the receiver (arrow 35) and veri?ed in a veri?cation process 39 by the receiver 36, in order to deliver an authentication result 38. The veri?cation process 39 and the receiver 36 can use
20
by reading the authenticator. 1.3 .liPermanent Secret (Mechanism AUTHl)
quick mode. FIG. 24 illustrates the authentication mechanism for NT. FIG. 25 illustrates the process steps of a secret synchroni zation process which is performed when a secret change has
25
30
35
FIG. 1 shows a schema illustrating the general concept of the invention. The reference number 13 shows a single sign
of a telecommunication protocol stack. 45
13. When the user requests a remote access with his corporate
1 .4iCryptographic Authenticators
name and secrets. This step may include displaying a dialog box on a graphical user interface on the display of the user 50 equipment, a voice prompt, etc. The user 10 then enters his
login name and passwords (arrow 12). The secrets may include a password, a passphrase, user biometrics data, etc. The lo gin name and the secrets entered are then checked in 55
secrets stored in a protected memory area of the module 13
1.5iHashed Password (Mechanism AUTH 3) This category of cryptographic authentication mechanism is illustrated in FIG. 3. In this case, a one-way hash function 51 is used to transform the secret 50, together with some other data such as a replay attack protection, the user-ID, a sequence number or a random number, in an encrypted authenticator 52. The hash function is an algorithm that takes a variable
length input and produces a ?xed length output. A hash func tion is considered a secure transformation function if it ful?ls
65
the following characteristics: the output is a ?xed length string even if the input is a variable length string; they have to be one-way functions, i.e. given an output it is not possible to guess the input; they have to be collision-free, i.e. it is hard to generate two inputs that give the same output. These func
login information (arrow 16) needed for successively com General Theoretical Description We will now introduce a few de?nitions and theoretical
1 . liDe?nition
In this category, the secret 31 entered by the user 10 is converted in a non-readable form using a cryptographic func tion.
60
pleting the communication layers 22-27 (arrows 18-21). concepts that will be needed in the following sections. l-Classi?cation of Authentication Mechanism
replay attack. However, it shall be implemented in such a way that it shall not be possible to guess the next coming password or PIN, even if an attacker has all the previous ones.
network, the single sign-on module 13 launches the user interface (arrow 11) in order to prompt the user for his login
(not shown) to verify the user’ s authorization. If the test fails, the user may be requested to try again, until a prede?ned maximal number of tries has been reached. Otherwise, the smart-card 17 is activated (arrow 15) in order to retrieve the
tication process. In this case, the user 10 is provided with a token that display a new secret number each minute. At each authentication the user enters the new displayed number.
This type of authentication provides protection against
erence numbers 22, 23, . . . , 2i, . . . 27 show superposed layers
the single sign-on module 13 and compared with names and
In a second case (AUTH2), a new secret 31 is entered by the user 10 each time a new authentication is required. For example, the user can be provided with a list of passwords or PINs that he has to keep secret. The receiver 36 also has to have the same list. At each new authentication, the user takes the next password on the list and sends it in clear text to the receiver for veri?cation.
Another known example is the so-called SecureID authen 40
of a user 10. It includes a smart-card interface 14 for inter connecting over an API interface with a smart-card 17. Ref
All process steps are initiated by the single sign-on module
most UNIX machines. The user always types the same pass word and the password is sent in clear text to the machine. This type of authentication is the weakest one.
1.3.2iOne-Time Secret (Mechanism AUTH2)
DETAILED DESCRIPTION OF POSSIBLE EMBODIMENTS OF THE INVENTION
on module, which can include hardware and software parts. The single sign-on module can be realized as a software module running on a microprocessor in a mobile equipment
In a ?rst case of clear-text authentication mechanism, which will be denoted as the mechanism AUTHl, the same secret 31 included in the authenticator serves to perform
many authentications. A typical example is remote login on
been requested by the operating system. FIG. 26 illustrates the process steps of a secret synchroni zation process which is performed when a secret change has been requested by the user.
different kinds of authenticators 37: l .3iClear-Text Authenticators In this category, no processing is made to transform the secret 31 entered by the user 10 in a non-readable form. This implies that we can directly read the secret entered by the user
tions are generally referred to as one-way hash functions.
Example of such functions are: Snefru, N-Hash, MD4 (Mes
(12) United States Patent
(10) Patent N0.: (45) Date of Patent:
Ferchichi et a1.
(54)
(56)
SINGLE SIGN-ON PROCESS
U.S. PATENT DOCUMENTS
Lauper, Bern (CH)
5,153,919 A 5,778,071 A
(73) Assignee: Swisscom AG (CH)
5,898,780 A * 5,983,350 A *
(*)
6,957,338 B1* 7,010,582 B1* 7,441,043 B1*
Subject to any disclaimer, the term of this patent is extended or adjusted under 35
2001/0028636 A1*
U.S.C. 154(b) by 2145 days. This patent is subject to a terminal dis claimer.
(22) Filed:
0 957 651 A2 WO 98/32301
Caputo et 31. Liu et a1. ..................... .. 713/155
Minearet al.
726/11
Sumino ........ ..
713/186
Cheng et a1. Henry et al.
709/219 709/238
Skog et al. .................. .. 370/328
11/1999 7/1998
Berniato, Scott; “Gemplus Has a Smart Suite,” PC Week. Jun. 15, 1998, pp. 37-38.*
Prior Publication Data
US 2006/0013393 A1
Reeds et a1.
OTHER PUBLICATIONS
Sep. 14, 2005
(65)
10/1992 7/1998 4/1999 11/1999 10/2005 3/2006 10/2008 10/2001
FOREIGN PATENT DOCUMENTS EP WO
(21) Appl. N0.: 11/226,724
*Jul. 29, 2014
References Cited
(75) Inventors: Azim Ferchichi, Vevey (CH); Eric
Notice:
US 8,793,779 B2
(Continued)
Jan. 19, 2006
Primary Examiner * Kaveh Abrishamkar
(74) Attorney, Agent, or Firm * McAndrews, Held &
Malloy, Ltd. (57)
Related US. Application Data
(63)
Continuation of application No. 10/207,513, ?led on Jul. 29, 2002, now Pat. No. 7,058,180, and a
continuation of application No. PCT/CH00/00438, ?led on Aug. 16, 2000.
(60)
Provisional application No. 60/181,090, ?led on Feb.
8, 2000.
(51)
Int. Cl.
G06F 7/04 G06F 21/41 G06F 21/34
(52)
(2006.01) (2013.01) (2013.01)
phone or with a laptop to remote-access a remote server,
comprising the steps of: (1) sending a ?rst authenticator over a ?rst communication layer to a ?rst intermediate equipment between said mobile equipment and said remote server,
(2) verifying in said ?rst intermediate equipment said ?rst authenticator sent by said mobile equipment, (3) if said ?rst authenticator is accepted by said ?rst inter mediate equipment, completing the communication layer between said mobile equipment and said interme diate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of succes
US. Cl.
sive communication layers, until a communication has
CPC .............. .. G06F 21/41 (2013.01); G06F 21/34
been completed at the last requested communication layer between said mobile equipment and said remote
(2013.01) USPC ...................... .. 726/8; 726/9; 726/19; 726/20
(58)
ABSTRACT
Single sign-on process allowing a mobile user with a mobile
Field of Classi?cation Search None
server,
wherein at least a plurality of said authenticators are fur
nished by a smart-card in said mobile equipment.
See application ?le for complete search history.
25 Claims, 16 Drawing Sheets Authentication Servers
Interface
Smart card
interface
/
US 8,793,779 B2 Page 2 (56)
References Cited
Inoue, A. et al: IP Layer Security and Mobility Support Design Policy and an Implementation Global Network Evolution: Convergence Or
OTHER PUBLICATIONS Microsoft Technet; “Single Sign-On in Window 2000 Networks,” pp. 1-12.*
GemSafe White Paper: “Understanding the Fundamentals of Smart Card Enabled Security for Web and E-mail,” Dec. 22, 1998 pp. 1-22. *
Collision?, Toronto, Sep. 21-26, 1997, Toronto, Pinnacle Group, CA, Sep. 21, 1997, p. 571-577, XP000720565. Schultz, E E: “Windows NT Security: Kodos, Concerns and Prescrip tions” Computers & Security. International Journal Devoted to the Study of Technical and Financial Aspects of Computer Security, NL, Elsevier Science Publishers. Amsterdam, vol. 18, No. 3, 1999, p.
Menezes, Van Oorschot, Vanstone: “Handbook of Applied Cryptog raphy” 1997, CRC Press, Boca Raton, Florida 33431, USA
204-210. XP004164021, ISSN: 0167-4048.
XP002153614, ISBN: 0-8493-8523-7 p. 506-508.
* cited by examiner
US. Patent
Jul. 29, 2014
Sheet 1 0f 16
US 8,793,779 B2
Telecommunication Protocol Stack
10
11
................. __
12 Smart card
interface
Smart card
15
Fig.1 30
36
31
a
33
35
37
38
Fig.2
US. Patent
Jul. 29, 2014
Sheet 2 0f 16
US 8,793,779 B2
One way hash function
50
\
\
52
W ______>
Fig.3 6,1
60
l
63
Cryptographic function
Secr t
66
6‘2 L
6F [IA-69
‘ 7O
I
Cryptographic function
Fig.5 Transformation function
90—_->
1491
i l
92 93
94m ——-———> 95
Cryptographic fénction
Fig.5
US. Patent
Jul. 29, 2014
Sheet 3 0f 16
US 8,793,779 B2
Transformation function 100
104
k
101
102
decryption
‘
~
193 Zt/module
105 ‘
106
107
108
Cryptographic function
Fig. 7
Authentication
Server I 113
-
Module 111
: mighenllcators
‘
u
112
17 Smart card
114
13
110 116
US. Patent
Jul. 29, 2014
Sheet 4 0f 16
US 8,793,779 B2
Authentication
122
Server/J
Module
\IT
120
e———————————
123 t
‘
124
121 17
13
Smart card
127
125
Fig. 9
Authentication Server
132
'
Module - Secret key
130
133
- ID
‘
134
131 17 Smart card
13
136 135
Fig. 10
US. Patent
Jul. 29, 2014
Sheet 5 0f 16
US 8,793,779 B2
Authentication
Server / 143 Module
141
144 ‘
145
142
‘
13
Smart card
‘
140
146
Fig. 11
Authentication
Server /
W10 17
Smart card
153 151
J
Module
154 t
155
152
13
150 156
Fig/12
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 6 0f 16
Authentication Servers
169
Interface
I
Module
file
160
168
/ Z/////,/////2
\L
13
/
167
I
161 K \\
10
Smart card
1B5 164
\
9 14
interface
163
/ // \\\\ IlSlmart-car‘dx
w
iPin/Password .' A, \
Auth1 or Auth3
Auth4 or ,
AuthS
A ms “
162
\\ w , Auth7 or Auth8,9
Fig. 13
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 7 0f 16
Fig. 14
170 Graphical User Interface Launched
177 Enter Login Name
171
Secret
Stand-Alone Mode
/
No
178
,
'sso module // Transmits
180 Increases internal (iNoé/ Counter
Yes
Yes
1 74
181
Card Becomes Un usable
Smart-card in Active State
182 880 Module
V/ 175 ’
Sentto
Acknowledged
880
*yi i:o
Module 13 I,
4' 183 Build Communication
Layers 184
i: i +1 188
= 0
4’ SmarteCard Returns to 880 module
I
Communication
counter Value
Layers
At Zero
189
Yes
Authentication
3: 3+1
\ /
ls Repeated
N°
Budd
187
i
L /
No
No i
190
s \
Authentication Verified
186
\lviYes4' Communication Layer Built-Up
J/V W
build
Yes
/(
/
\
imax layers
/
\
complele
if //
US. Patent
Jul. 29, 2014
Sheet 8 0f 16
‘ 1,214
Router
US 8,793,779 B2
US. Patent
Jul. 29, 2014
Sheet 9 0f 16
US 8,793,779 B2
Middle Ware
Network Layers
/ Single sign—on module Smart card
Fig.16
US. Patent
Jul. 29, 2014
Sheet 10 0f 16
US 8,793,779 B2
mg.5
~as3o1m ma
@N . ow
NN mm
US. Patent
Jul. 29, 2014
Sheet 11 0f 16
US 8,793,779 B2
Mobile/phone Smart card
¢/
232 233
Network
234 235
17
230
231
236
Fig. 17
253 ii
254
‘Server
256 255
Single
Fig. 18
sign—on
module\\1
Smart card
Server
261
262 17
263 13
260 264
Fig.19
US. Patent
Jul. 29, 2014
Sheet 12 0f 16
US 8,793,779 B2
Server
Smart card phone
271 17
‘
273 13
275 274
Fig. 20
Mobile
Server
phone Smart card
281
283
282 17
13
284 285
280
Fig, 21
US. Patent
Jul. 29, 2014
Initiator
Sheet 13 0f 16
US 8,793,779 B2
292
J_—
293
Responder
294
a,
295
I
290
I
291
296 297
Fig. 22
Initiator
310
312
,
\ Responder
313 314
3-H \
Fig, 23
US. Patent
Jul. 29, 2014
Sheet 14 0f 16
US 8,793,779 B2
Controller
Smart
Single
card
Sign on I
331
17
module
334 ‘ 335
13
330
332 333
336 337
Flg.224
US. Patent
Jul. 29, 2014
Sheet 15 0f 16
US 8,793,779 B2
350 Re boot Complete
l 351 Login GUI Launched by 880 module
NT352 Secret
361
362
Entered
Secret C'eared
N0 Smart-Card Detected
353 Normal NT domain Proceeds
Mg
362
Fig. 25
No Smart-Card Detected
\‘lncorrect/ Yes V
,"/\\
*7/355\ Request to \
I
Change
N0
363 NT Secret Cleared 365 From Memory
7"
”// 364 \\\‘ \‘
4>~~\Processing R 3?? Ended d
New Secret Concatenates with Old Secret
esut
tore
In RAM
357 NT Secret Change Procedure
// 358 / NT Secret Change
367 /
Y s
Encrypted Password
Procedure
Stored
Fails No Y
Y
359.
3670
RAM '5
O tional Des nchronization Set
Cleared
p
y
// L \\
(\
Processing 360 ) \\\ Ended //”
t
Processing 368 ,) \\ Ended //
US. Patent
Jul. 29, 2014
US 8,793,779 B2
Sheet 16 0f 16
380 Computer Reboot
Compete
381 Graphical User Interface Launched
Fig. 26
Q‘
382
383
NT domain secret & name
Smart-Ca rd Presence
entered
Detected
384
o
\ \ Desynchronized State “
No
| I/ // Authentication 385 & \
Checked
// ’
\\
Contruction \\
/
Proceed
/’
I
388
386
Info
Encrypted Info \/ Sent to
Smart-Card
P Decrypted by
\\
Smart-Card
\
To Smart-Card
Authentication &
Proceed
New Secret Extracted
Old Secret Extracted
Optional Info Extracted
392 Old NT Secret
394 correct
=11Prewously/V/ \\Stored/ same YesAs
optiona| Fields
‘\~As Decrypteg/ Data/’
Yes—\
W‘ Construction of Layers
Y 393
\\
I,
NT Secret Passed\\ /—> \
,
V 391
\
v
387
L 389
396 \
De-
/
synchronization
/
Reset
Yes
' I
395 NT Secret can be Updated by Smart-Card
US 8,793,779 B2 1
2
SINGLE SIGN-ON PROCESS
More speci?cally, those problems are solved with a single sign-on process allowing a mobile user with a mobile equip
REFERENCE DATA
ment to remote-access a remote location, comprising the
steps of: This application is a continuation of US. Ser. No. 10/207, 513, ?led on Jul. 29, 2002 as continuation of international Patent Application PCT/CH00/0043 8 (W001 60013) ?led on
5
(1) sending a ?rst authenticator over a ?rst communication
layer to a ?rst intermediate equipment between said mobile equipment and said remote location, (2) verifying in said ?rst intermediate equipment said ?rst authenticator sent by said mobile equipment, (3) if said ?rst authenticator is accepted by said ?rst inter
Aug. 16, 2000, claiming priority of US. provisional applica tionU.S. 60/181,090 of Feb. 8, 2000, the contents whereof are
hereby incorporated.
mediate equipment, completing the communication layer between said mobile equipment and said interme diate equipment, (4) repeating steps (1) to (3) with a plurality of successive
FIELD OF THE INVENTION The invention concerns a single sign-on process and a
smart-card used for said single sign-on process. The present
intermediate equipment and over a plurality of succes
invention also concerns a process for changing a secret from
sive communication layers, until a communication has
a plurality of equipment in a network.
been completed at the last requested communication layer between said mobile equipment and said remote
DESCRIPTION OF RELATED ART
20
location, wherein at least a plurality of said authenticators are fur
When users remote-access a corporate network or a private
LAN, various communication layers have to be built-up. Gen erally, each layer requires an authentication. For each authen tication, the users may enter secrets, for example a PIN, a password, a passphrase or biometrics data. This leads to two problems. The more secrets the users have to remember, the more they tend to choose easy secrets and the more they tend
25
existing authentication mechanism already in place. More over, the use of a smart-card improves the overall security. No
to write them down. In addition, they also tend to forget them, which increases management costs.
30
One purpose of the invention is to use only one secret that serves for all authentications.
35
nication layer.
struction and transparent user or machine authentication at
each layer. Layers can be transparently reconstructed in case of unintentional communication cut-off. 40
BRIEF DESCRIPTION OF THE DRAWINGS
Another purpose of the invention is to provide a single sign-on process with an authentication that is not tied to machine log-on, but to layer construction. This means that each time a new layer has to be built-up, it may require a new
FIG. 1 shows the general concept of the inventive process. FIG. 2 illustrates the de?nition of an authenticator in an 45
authentication of the user or his/her machine.
Known single sign-on systems are based on central servers on which the users make their ?rst log-on. This approach is not practicable when the user does not have the required communication layers to contact the central authentication server. Another problem is that for each authentication required, we do not necessarily deal with the same company, and having one central server for all may lead to political and
authentication scheme. FIG. 3 illustrates a hashed authentication mechanism. FIG. 4 illustrates a cryptographic authentication mecha
Another purpose of the invention is to propose a single sign-on process that can be used for building a communica tion over different communication layers of different network
protocols.
an enterprise network, regardless of the number of authenti cations to be performed and regardless of the number of communication layers to be built up. The inventive process allows for a transparent layer con
type of known single log-on process only works once all necessary communication layers have already been built. More speci?cally it is generally assumed that machines are inside a corporate network with TCP/IP as the basic commu
central single sign-on server is needed. According to another aspect of the invention, one and only one password (or PIN, or biometric data, or any other secret) is entered by the user, e. g. by a mobile user, to remote-access
Single sign-on processes have already been proposed for users who want to log onto different machines, each having its own operating system and its own type of authentication. This
nished by a smart-card in said mobile equipment. According to an aspect of the invention, every step of the single sign-on process is carried out on the client side, pref erably in a smart-card. This process is advantageous in that it does not weaken any
nism without key protection. FIG. 5 illustrates a symmetric cryptographic authentica 50
tion mechanism with weak key protection. FIG. 6 illustrates a symmetric cryptographic authentica
tion mechanism with strong key protection. FIG. 7 illustrates an asymmetric cryptographic authentica
tion mechanism with strong key protection 55
FIG. 8 illustrates an authentication process for a permanent secret authentication mechanism. FIG. 9 illustrates the authentication process for a hashed
password authentication mechanism.
trust problems.
FIG. 10 illustrates an authentication process for a symmet
BRIEF SUMMARY OF THE INVENTION
60
ric authentication mechanism without key protection or with
weak key protection. In accordance with one embodiment of the present inven tion, those problems are solved with a process comprising the
steps of the disclosed single sign-on process and a smart-card used for said single sign-on process. The present invention
FIG. 11 illustrates an authentication process for a symmet
ric authentication mechanism with strong key protection. FIG. 12 illustrates an authentication process for an asym
also concerns a process for changing a secret from a plurality
metric authentication mechanism. FIG. 13 illustrates the interaction between the components
of equipment in a network.
used for the single sign-on process.
65
US 8,793,779 B2 4
3 FIG. 14 shows a data?ow illustrating the process steps executed for the layer construction in an embodiment of the inventive process. FIG. 15 illustrates a system comprising a GSM network, a PPP part, an IPSEC part and a NT part, in which the inventive
FIG. 2 shows a sender 30 and a receiver 36. The receiver 36
gives the sender access to the requested services only if an authenticator 37 received from the sender can be veri?ed. The
authenticator 33 sent by the sender is processed using pro cessing means 34 from a secret 31 entered by the user, e.g. from a password, a passphrase, a PIN or biometrics data, and from other data 32, such as the user ID, the time, etc. The authenticator is de?ned as being the raw data that is received by the receiver 3 6 in an authentication scheme and that will be
process can be used.
FIG. 16 shows how the layers are constructed in the system of FIG. 15.
FIG. 16a illustrates the layer construction according to the
used to verify the identity of the sender 30. This authenticator
inventive process. FIG. 17 illustrates the GSM authentication mechanism. FIG. 18 illustrates the authentication mechanism for PAP two -way handshake. FIG. 19 illustrates the authentication mechanism for PAP integrating a smart-card. FIG. 20 illustrates the authentication mechanism for CHAP integrating a smart-card. FIG. 21 illustrates the authentication mechanism for EAP
using OTP integrated with a smart-card. FIG. 22 illustrates the message exchanges during IKE (In ternet Key Exchange) main mode. FIG. 23 illustrates the message exchanges during IPSEC
is sent over a communication channel between the sender and
the receiver (arrow 35) and veri?ed in a veri?cation process 39 by the receiver 36, in order to deliver an authentication result 38. The veri?cation process 39 and the receiver 36 can use
20
by reading the authenticator. 1.3 .liPermanent Secret (Mechanism AUTHl)
quick mode. FIG. 24 illustrates the authentication mechanism for NT. FIG. 25 illustrates the process steps of a secret synchroni zation process which is performed when a secret change has
25
30
35
FIG. 1 shows a schema illustrating the general concept of the invention. The reference number 13 shows a single sign
of a telecommunication protocol stack. 45
13. When the user requests a remote access with his corporate
1 .4iCryptographic Authenticators
name and secrets. This step may include displaying a dialog box on a graphical user interface on the display of the user 50 equipment, a voice prompt, etc. The user 10 then enters his
login name and passwords (arrow 12). The secrets may include a password, a passphrase, user biometrics data, etc. The lo gin name and the secrets entered are then checked in 55
secrets stored in a protected memory area of the module 13
1.5iHashed Password (Mechanism AUTH 3) This category of cryptographic authentication mechanism is illustrated in FIG. 3. In this case, a one-way hash function 51 is used to transform the secret 50, together with some other data such as a replay attack protection, the user-ID, a sequence number or a random number, in an encrypted authenticator 52. The hash function is an algorithm that takes a variable
length input and produces a ?xed length output. A hash func tion is considered a secure transformation function if it ful?ls
65
the following characteristics: the output is a ?xed length string even if the input is a variable length string; they have to be one-way functions, i.e. given an output it is not possible to guess the input; they have to be collision-free, i.e. it is hard to generate two inputs that give the same output. These func
login information (arrow 16) needed for successively com General Theoretical Description We will now introduce a few de?nitions and theoretical
1 . liDe?nition
In this category, the secret 31 entered by the user 10 is converted in a non-readable form using a cryptographic func tion.
60
pleting the communication layers 22-27 (arrows 18-21). concepts that will be needed in the following sections. l-Classi?cation of Authentication Mechanism
replay attack. However, it shall be implemented in such a way that it shall not be possible to guess the next coming password or PIN, even if an attacker has all the previous ones.
network, the single sign-on module 13 launches the user interface (arrow 11) in order to prompt the user for his login
(not shown) to verify the user’ s authorization. If the test fails, the user may be requested to try again, until a prede?ned maximal number of tries has been reached. Otherwise, the smart-card 17 is activated (arrow 15) in order to retrieve the
tication process. In this case, the user 10 is provided with a token that display a new secret number each minute. At each authentication the user enters the new displayed number.
This type of authentication provides protection against
erence numbers 22, 23, . . . , 2i, . . . 27 show superposed layers
the single sign-on module 13 and compared with names and
In a second case (AUTH2), a new secret 31 is entered by the user 10 each time a new authentication is required. For example, the user can be provided with a list of passwords or PINs that he has to keep secret. The receiver 36 also has to have the same list. At each new authentication, the user takes the next password on the list and sends it in clear text to the receiver for veri?cation.
Another known example is the so-called SecureID authen 40
of a user 10. It includes a smart-card interface 14 for inter connecting over an API interface with a smart-card 17. Ref
All process steps are initiated by the single sign-on module
most UNIX machines. The user always types the same pass word and the password is sent in clear text to the machine. This type of authentication is the weakest one.
1.3.2iOne-Time Secret (Mechanism AUTH2)
DETAILED DESCRIPTION OF POSSIBLE EMBODIMENTS OF THE INVENTION
on module, which can include hardware and software parts. The single sign-on module can be realized as a software module running on a microprocessor in a mobile equipment
In a ?rst case of clear-text authentication mechanism, which will be denoted as the mechanism AUTHl, the same secret 31 included in the authenticator serves to perform
many authentications. A typical example is remote login on
been requested by the operating system. FIG. 26 illustrates the process steps of a secret synchroni zation process which is performed when a secret change has been requested by the user.
different kinds of authenticators 37: l .3iClear-Text Authenticators In this category, no processing is made to transform the secret 31 entered by the user 10 in a non-readable form. This implies that we can directly read the secret entered by the user
tions are generally referred to as one-way hash functions.
Example of such functions are: Snefru, N-Hash, MD4 (Mes
