Computer systems intercommunicate via computer networks. For example, a first computer system frequently communicates with a second computer system over a computer network to obtain information. The computer network may include many different communication media. In one example, the computer network is an Ethernet local area network (“LAN”). In another example, the computer network is a wireless LAN. Information stored on the first computer system is often sensitive such that access to the information must be restricted. Accordingly, the first computer system often requires that the second computer system be authenticated before allowing the second computer system to access the information. Access to the computer network may also be restricted, requiring any computer system wishing to join the computer network to be authenticated before communicating with other devices on the network.
Authentication typically utilizes an identification protocol that requires a computer system to identify itself with authority to access a restricted computer system. In one example, a first computer system may require a “password” from the second computer system to enable authentication. However, in situations where the communication between the first and second computer systems is monitored by a third computer system, the password may be obtained by the third computer system, allowing unauthorized access by the third computer system to the first computer system. Identification protocols that provide authentication without transmission of a secret password, known as a ‘key’, are therefore utilized. A zero-knowledge identification protocol (“ZKIP”) is one example of a protocol that provides authentication without transmitting the key, thereby preventing the key from being stolen and misused.
Typically, in a computer network that uses authentication, there is only one authenticator that stores keys used to authenticate requests from other computer systems. The use of a single authenticator, however, may result in access problems when the computer system running the authenticator fails, or where communications to the authenticator fail, for example. Where the authentication is for important data or services, failure of the authenticator may prevent access to the data or services. Further, the use of a single authenticator also causes congestion within the computer network as all authentication traffic is directed to a single location.
Where a computer network is highly scalable and dynamic it is important to authenticate each computer system as it attempts to access the computer network. A digital mobile telephone network is one example of a dynamic computer network. The digital mobile telephone network consists of multiple base stations that are networked together, each base station providing one or more cells for the digital telephone network. Each mobile telephone handset connects to, and disconnects from, these cells as the handset changes location. It is therefore important that any authentication process used within the cell network be as fast and efficient as possible. Typically, to meet speed requirements for a digital mobile telephone network, the authentication process is simplified, thereby making it less reliable and less secure, making the mobile telephone network highly susceptible to snooping by third parties.