1. Technical Field
The present invention relates to a method of and an apparatus for the authentication of users of a network. It has particular application for IP (Internet Protocol) networks, but is equally applicable to other networks where a given network entity may wish to authenticate a second network entity (e.g. with which it is communicating).
2. Related Art
It is common in networks for one user or entity on the network to wish to be able to authenticate another user or entity on the network. For example, two network users wishing to communicate with each other may first wish to authenticate the other user to confirm that they are communicating with a legitimate network user (and/or with who they think they are communicating with). A network server may wish to authenticate a client computer before, for example, granting the client computer communications access or resources on the network.
Any such authentication process must be able to confirm a legitimate user, but not be susceptible to a malicious user masquerading as a legitimate user (“spoofing”). Existing authentication procedures therefore typically involve encryption and the passing of passwords and/or encryption keys, etc, that should only be known to, or derivable by, legitimate users of the network.
However, the Applicants have recognised that in some cases it may not always be desirable to have to use cryptographic algorithms, passwords and stored cryptographic keys for authentication procedures. There therefore remains a need for an authentication process that does not have to rely on, for example, encryption for its security.