This invention relates to use of one or more authentication mechanisms in secure communications.
During the last decade of the Twentieth Century, the Internet has become a vital communication medium for a variety of application domains, including simple e-mail, home banking, electronic trading of stocks, net-based telephonic communications and many other electronic commerce applications. Authentication of a user is becoming a key requirement in allowing or authorizing a legitimate user to execute the user""s privileges in a particular network or sub-network.
Presently, many user authentication mechanisms are available, including simple user name/password, one-time password (e.g., S/Key), RSA-based digital signature authentication, Kerberos, challenge-and-response, and Secure Socket Layer SSL v3.0 with user/client authentication. Bruce Schneier, in Applied Cryptographv, John Wiley and Sons, Inc., New York, Second Edition, 1996, pp. 34-74 and 566-572, discusses and characterizes several user and/or key authentication tests that are often based on, or associated with, an underlying encryption procedure.
One interesting authentication scheme is the Sun Pluggable Authentication Mechanism (PAM), discussed in more detail in the following, which facilitates integration of several authentication packages or tests without requiring change of the underlying application (e.g., login). Although a system such as PAM provides a framework for integration, such a system often deals with the plurality of authentication mechanisms as if all have the same cryptographic or authentication strength or priority. For example, one enterprise might require both Kerberos (relatively strong) and user password (relatively weak) to be used for user authentication. Use of several authentication modules can be accommodated within PAM, through the use of stacking. If the user fails to pass one of the authentication tests, among many that are applied in stacking, authentication is denied, without indicating which of the many tests the user has failed to pass. PAM treats all authentication tests in an integrated package as equally strong and equally suitable.
What is needed is a system that integrates one or more authentication tests but allows assignment of a priority or strength to each of such tests and allows authentication to be treated as a necessary, but not a sufficient, condition for user authorization. Preferably, where authentication tests are integrated, these tests should be executed based on an indicium that is a measure of priority and/or strength for each authentication test. Preferably, the system should allow identification of, and take account of, which authentication test or tests the user has failed to pass and should grant or withhold access to selected subsets of a resource, depending upon which tests are passed. Preferably, the system should be flexible enough to allow assignment of different priorities and/or strengths to tests within an integrated authentication package, based on the application and the current circumstances.
These needs are met by the invention, which provides a system that integrates one or more authentication tests and allows assignment of arbitrary (and changeable) relative priority and/or relative strength to each of these tests. In one embodiment, the system allows an integrated electronic authentication system to accept physical objects, such as drivers licenses, birth certificates, passports, social security cards and the like for partial or full authentication of a user, although each of these documents is used for a different primary purpose, and the purposes seldom overlap.
In a first embodiment, the system applies one or more authentication tests with increasing or differing numerical priority or strength and grants access to a resource or selected subset thereof (which may be the empty set), depending upon which test or tests are satisfied. In another embodiment, the system withdraws access to a selected subset (which may be the empty set) of a resource for each authentication test the user fails to satisfy.
The invention has the following advantages: (1) the invention strengthens an association or linkage between authentication and the authorization process; (2) the invention allows identification of which authentication test(s) is being used; (3) the invention extends an integration procedure, such as PAM, without distorting the procedure; (4) the invention enhances total security of the authorization process; (5) the invention preserves and deals with authentication mechanisms based on their relative merits and can allocate relative priority based on relative cryptographic strength; and (6) the invention allows an entity to classify those with whom it deals (customers, suppliers, etc.) for authorization purposes.