The present invention relates to an improved method by which a user or other principal in a computing system may authenticate to a computer system and establish a shared secret key for the protection of subsequent messages, with reduced risk that the information in question will be improperly obtained or modified by a would-be intruder or imposter.
In one aspect, the invention pertains to a method by which a server in a distributed computing system may authenticate a user, authorizing access by the user to specified system resources and establishing a shared secret key with which to protect subsequent messages. In a specific embodiment, the invention pertains to a method by which an authentication server in a distributed computing system may transmit an authentication "ticket" to a user, authorizing access by the user to specified system resources. In a related aspect, the invention pertains to a method of increasing the difficulty of password guessing attacks in a distributed authentication scheme that employs authentication tokens.