This invention relates to generating messages, in particular to generating messages for use in authentication of a user across a network. The invention also relates to authentication, in particular to user authentication across a network.
In recent years, electronic communication between a network device and a user device has become commonplace. The network device typically uses a network interface to send messages to the user device. The user device, which may be a computer, mobile phone or other device, typically has a user interface which can display the messages to a user. Often there is a need for the user to authenticate their identity to the network device. A common approach to authentication is to use logon passwords, where the network device checks the username and password against a stored record of valid username/password combinations.
Another approach for authenticating the user's identity uses an encryption infrastructure such as the Public Key Infrastructure (PKI). Using PKI, a user can digitally sign data using a private key of a private/public key pair. The network device can then authenticate the user's identity by decrypting the signed data using the public key of the key pair before analysing the data, for instance by checking the decrypted data against a record of the unsigned data.
If the same signed data is used for repeated authentication of a user, there is a risk that a third party may impersonate the user by simply repeating previously transmitted signed data. To avoid this, data for signing by the user device can be generated each time the user initiates communication with the network device.
Approaches to authenticating a user's identity have been developed which involve the passing of digital certificates issued and verified by a Certificate Authority. Such approaches are of particular use in commercial transactions conducted over a computer network, such as the Internet. A digital certificate usually comprises the user's public key and username, and typically identifies a chain of certification from the certification authority down to the certificate. The chain of certification can be checked by a network device during authentication of a user.
A user's digital certificate and/or private key can be stored locally for use by the user device.