When computers were first developed they were large, relatively slow and incredibly expensive. Since each computer was such a valuable resource, a model was developed wherein a single computer was shared among multiple users. This was accomplished typically by having a central computer and several terminals connected to the central computer, forming a rudimentary network. This network had most of the "intelligence" in the central computer, with the terminals doing little more than giving a user remote access to the computer. Each terminal had, therefore, a minimum amount of processing power, memory and storage capabilities.
One problem with sharing a central computer, however, was that the communications techniques and equipment allowing a remote terminal to access the central computer created a bottleneck in terms of speed and convenience. A user frequently had to wait a long period of time to access a computer program or file stored on the central computer. In addition, a user had to go through a cumbersome and tedious process for receiving permission to use the computer, and logging in to the computer from a remote terminal.
The advent of personal computers changed this computing model. The development of powerful microprocessors, high-speed memory and mass storage devices at relatively modest costs made it possible for each user to have their own personal computer and application software. As a result, a user could avoid using a network to access or retrieve computer information, such as a computer program or data file. Rather, they could simply store this information "locally" on their personal computer.
Recent technological advances in the networking industry, however, have created a movement back to the original concept of shared computer resources. The emergence of high-speed communication networks gives users the same level of convenience when accessing computer information stored at a location remote from the user as when the information is stored at the user's own personal computer. Thus, a user has the advantage of utilizing the computing resources of their personal computer, while also having the benefit of connecting to a network having a wide variety of computing resources attached to it, such as powerful servers having high-speed processors and high-capacity mass storage devices, laser printers, and so forth. Further, a user was not limited to the information stored on their own computer, but could gain access to information stored on hundreds, even thousands, of individual computers linked together by a single network. An example of such networks are the Internet and World Wide Web (WWW).
Consequently, the popularity of the Internet and WWW is increasing at a phenomenal rate due to the fact that these networks provide a user with tremendous computing resources and information. A problem that has consistently plagued the networking industry in general, and the Internet and WWW in particular, however, is the authentication of network users. Invariably, some computers connected to the Internet and WWW contain restricted information that is accessible to only a limited number of users. As a result, it becomes necessary to confirm the identify of a user, and that the user has authorization to access the restricted information. Since the restricted information is stored remotely from the user, the authentication of the user to the access control agent responsible for the security of the restricted information requires an exchange of messages that constitute a user authentication protocol. The authentication protocol permits a user to prove his or her identity to the authentication server (AS) by demonstrating his or her knowledge of a secret, e.g. an access code such as a password or personal identification number (PIN), that is shared with the AS.
User authentication protocols, however, suffer from an inherent exposure to masquerading by malicious intruders. An intruder can spoof, intercept and replay the authentication messages. In cases where a secret is sent in clear text (as in most traditional log-in procedures), simple spoofing and replay is sufficient to break the protocol.
To solve the spoofing problem, various encryption schemes have been developed to encode the secret during transmission. These encoding schemes, however, are unsatisfactory for a number of reasons. For example, a technique has been developed where a user's secret is used as an encryption key or as a seed from which an encryption key is derived. This measure is only partly useful, however, since such an encryption key is weak and can be easily broken by wiretappers. This weakness is due to the lack of randomness in the way users choose their secrets and to a user's difficulty in remembering perfectly random numbers. In other words, the user's secret is chosen out of a space that is relatively small in comparison with the minimum key space required by a good cryptographic algorithm. Typically, the secret is a password chosen from a dictionary the size of which (on the order of 10**5) is by several orders of magnitude smaller than, for example, the one (2**56) required by the Data Encryption Standard (DES) promulgated by the National Bureau of Standards: "Federal Information Processing Standards, Publication 46", 1977. The cryptographic keys derived from such weak secrets can be easily broken by brute force attacks with an exhaustive search in the relatively small key space from which the secret is chosen.
A practical mechanism for recovering strong cryptographic keys using weak secrets without exposure is provided through the use of smart cards. A smart card is a device that is typically the size of a credit card, having a microprocessor and limited storage memory. An example of a smart card is the Cryptoflex(.TM.) smart card by Schlumberger Electronic Transactions. Since a smart card has memory, a smart card can store a strong cryptographic key that is randomly chosen out of the total key space of the cryptographic algorithm in use. The probability of success with a brute force attack based on exhaustive search in the key space becomes negligible due to the strong key. Although the user must typically activate the smart card operation by authenticating himself using a weak initial secret, this interaction takes place directly between the user and the card without any involvement of untrusted media. Thereafter, all data exchanged over the untrusted network is sent under the protection afforded by encryption using the smart card's strong secret. Since the card is a simple device (not unlike a calculator), it is trusted by the principals involved.
A smart card reader is required to access information stored on the smart card. In many instances, the smart card reader is a stand-alone device that attaches to a computer, or is integrated with existing computer hardware such as a keyboard. The problem with such readers is that a separate reader is required for every computer used to access information on a smart card. Further, the reader requires that proprietary software be installed on the computer to read and write information to the smart card.
Recently, a smart card reader has been developed by Fischer International Systems Corporation that is designed to work with the Cryptoflex smart card, and that can be inserted into a conventional 3.5" floppy drive. This reader is referred to as the Fischer Internationalis Smarty(.TM.) smart card reader ("Smarty"). The Smarty removes the need to have a separate reader for every computer used to read and write information to the Cryptoflex smart card. The Smarty, however, requires an Application Interface (API) developed by Fischer to permit a computer to read and write information from a smart card inserted into the Smarty with the Smarty inserted into a computer's 3.5" floppy drive. Thus, the Smarty requires that the API be installed on every computer where the Smarty is used. Further, the Smarty API is designed to work on a personal computer, and not from a remote computer on a network such as a server or "host" computer.
In view of the foregoing, it can be appreciated that a substantial need exists for a method and apparatus for securing network computers having restricted information with smart cards without having to install hardware or software on the client.