The present invention relates generally to a communication network, and more particularly to a method of authentication between servers within the network.
In a conventional three party network protocol, a user that is remote from a network accesses the network via a dial-up connection through a network access server. The network access server then communicates secured data to a security server or authentication server prior to the user gaining access to the network. The network access server acts as a client to the authentication server and passes identification information from the user to the security server with encryption or without encryption whenever the identification information is represented by a response to a random challenge. In a typical arrangement using such a protocol, the security server decrypts the encrypted user identification information or checks the user response and verifies the user. An access-accept or access challenge message is sent back to the user via the network access server if the identification information is recognized or authorized. An access-reject message is returned if the identification information is not recognized.
The conventional trust model of such a three party protocol system is to trust the network access server whereby the network access server does not authenticate itself to the authentication server. When the authentication server receives the access-request message from the network access server, it immediately decrypts or checks the password or other identification data of the user and verifies the user. No verification of the network access server is undertaken.
The network access server and the authentication server in such a three party network protocol typically share a secret value between them. When the network access server encrypts the identification information of the user, a network access server will encrypt it with the shared secret value and send the encrypted information to the authentication server. When the security server receives the information, the server automatically decrypts or otherwise checks the data using the shared secret, assuming an authorized network access server. However, in such a trust arrangement, a number of different situations can arise that cannot be distinguished by the network. An authentication server in such a three party protocol network cannot distinguish between the following several distinct instances that, instead, will appear essentially the same to the authentication server: (1) an authorized network access server correctly encrypts an invalid password from an illegal user and forwards it to the authentication server; (2) a cheating or imposter network access server incorrectly encrypts a valid password from a valid user, such as by using an invalid shared secret value, and forwards it to the authentication server: and (3) an imposter network access server incorrectly encrypts an invalid password from an illegal user, perhaps using an invalid shared secret value, and forwards it to the authentication server.
The authentication server will verify the encrypted information from the user against a list of authorized users and passwords. However, in such a network the authentication sever cannot distinguish between these three instances. In each instance the server will try to decrypt the data utilizing the shared secret value. In the first instance, the authentication server will correctly determine that the user is invalid because it will not recognize the decrypted password. In the second instance, the server will end up with junk after decrypting the information because it was not encrypted using the proper shared information. However, the server will still only determine that the user is an illegal user upon not recognizing the password. The server will not recognize the imposter network access server and will not recognize the valid user. Similarly, in the third instance the server will also receive only junk and will determine that only the user is illegal, not recognizing that the network access server is also an imposter. It is therefore a problem where a dishonest or imposter network access server attempts to access the security server.
There is therefore a need for a method of authenticating a network access server in such a three party network protocol to a security server before the security server exposes network access information to the imposter client server.