1. Field of the Invention
The invention relates generally to a secure protocol for authorizing a user's access to a Limited access network or a local network.
2. Description of the Related Art
Prior art processes authorize access of a user to a restricted access network, such as a Limited access network or a local network, using a combination of two strings of characters. The first such string generally serves to identify the user, and may be referred to as a “user id”, a “user name” or a similar term. The second string is generally referred to as a “password”, a “pass code”, a “personal identification number” or PIN, or some such term.
An account server associated with the restricted access network keeps a lookup table of registered combinations of first strings and second strings. A user presenting a registered combination of a first string (hereinafter referred to as UserID) and a second string (hereinafter referred to as password”) is provided access to the restricted access network. The UserID is generally left unchanged during the lifetime of an account. The password is supposed to be changed frequently, but this practice is experienced as cumbersome and often neglected.
The existing systems are attractive for unauthorized entry attempts, such as hacking. For example, a user may use identical UserID and password combinations for a number of different limited access networks. If only one becomes compromised, a whole number of that user's limited access accounts may be open to unauthorized access. Many users choose UserIDs and passwords that are easy to guess. Even if users choose more or less random strings to make guessing difficult, they are tempted to use short strings that are increasingly vulnerable to cracking by brute force computing. And, as mentioned earlier, most users do not follow the advice of frequently changing their passwords.
Hackers may also gain access to a user's computer, where a file with UserIDs and passwords may be stored in memory, for example on a hard drive. Hackers may also gain access to UserID and password combinations by a method called “phishing”, in which a hacker poses as a legitimate website, thereby enticing users to enter their UserID and password combinations.
Another source of vulnerability is the communication of UserIDs and passwords via unsecure connections. In most cases a user communicates with a limited access network via the Internet, and the user's UserID and password are communicated to, for example, a web server via unsecure communication channels, where they are vulnerable to interception.
Yet another area of vulnerability is the lookup table stored in the account server. There have been frequent reports of unauthorized access to, and theft of, the login accounts of thousands, sometimes millions of users of a particular service. Given the common practice of re-using UserIDs and passwords for a number of different accounts, these break-ins have a serious multiplier effect. In addition, there have no doubt been break-ins that have not been reported, making the problem even bigger than the general public may realize.
Satyanarayanan, M: “Integrating security in a large distributed system.” ACM Transactions on Computer Systems, Vol. 7. No. 3, pages 247-280 provides a description of a distributed network implemented at Carnegie Mellon University (CMU) in the 1990's. Access to the network was limited to students and faculty of CMU. Users of the system would initiate a login protocol by entering a UserID and a password at a workstation connected to the network. An account server used a lookup table to associate the UserID with an encryption key, provided that the user had entered the correct password. Completion of the login protocol comprised a challenge/response based on the encryption key. The account server contained a lookup table of UserIDs and lightly encrypted passwords. The paper does not disclose how users of the system were first registered with their UserIDs and passwords, or how the encryption key was created and associated with the user.
The Secure Remote Password Protocol (SRP), a description of which can be found at http://srp.stanford.edu/design.html seeks to avoid the transmission of a password between a user device and a server. The user still uses a password, but the password is encrypted before it is sent to a server.
The Simple Certificate Enrollment Protocol (SCEP), a description of which can be found at www.cisco.com/, was designed to handle device registration in a relatively well-controlled environment. The SCEP server creates a challenge password, which is delivered to the requester and must be included with the submission back to the server. Although the SCEP protocol is used with untrusted devices, such use is ill-advised as explained by Shorter and Harris, “The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices,” see www.css-security.com/.
US 2011/0082801 discloses a login protocol comprising use of an encryption key stored by a requester in a secure storage. The encryption key is accessed using biometric data (such as a fingerprint template) uniquely associated with the requester. The protocol requires use of a biometric sensor.
In summary, existing systems are vulnerable to attack for any one or a combination of the following reasons:                UserIDs and passwords are easy to guess;        UserIDs and passwords are too short, and open to brute force attacks;        UserIDs and passwords are re-used for various login accounts;        Passwords are changed insufficiently frequently, if at all;        UserIDs and passwords are transmitted over unsecure communication lines;        UserIDs and passwords are stored in unsecure places;        Once stolen, UserIDs and passwords can be used by a hacker without risk of detection of the unauthorized use;        Attempts at improving the security of existing systems fail due to the need of many users to have UserIDs and passwords that are easy to remember. Solutions proposed in the prior art include protocols that still require the use of passwords, but avoid the need for transmitting such passwords between a requester and a server, or encrypt the password before transmitting it. These proposals potentially solve some of the above problems, but do not obviate the need of remembering and managing numerous passwords of undesirable complexity.        
Other proposed solutions may work well in relative well-controlled environments, but are unsuitable for implementation to the general public on the Internet.
Protocols relying on biometric identification require that the requester have access to a biometric device at any time the requester wants to access a web service.
Thus, there is a need for a secure login protocol that avoids or mitigates some or all of the above problems. There is a particular need for such protocol that can be implemented in an uncontrolled environment, such as the Internet, with members of the general public. There is a further need for such protocol that does not require specific hardware for identification.