One of challenging problems in network applications, especially in Internet services, such as online banking or purchasing, is authentication. Authentication is a process by which a service server or service provider ensures that the parties are who they say they are. Effective authentication is the basis for protecting financial data, business transactions, valuable assets and resources, digital content and confidential information from theft, misuse, and fraud in the digital world.
Single-factor authentication, which commonly utilizes a pair of a user identifier and a password, is one of the most common authentication methods. Because no parties know the password except the user and the service server, the server authenticates the user if the stored user identifier/password pair matches the one provided by the user in login session.
Traditional password authentication is widely considered insecure. Passwords can be discovered through brute force attack by trying every possible code. People create passwords that can be easily remembered, but can also be easily guessed by hackers. Writing passwords down and leaving it in the desk, or storing it to the computer, is just making it easy to get for someone who has physical access to those places. Passwords could also be eavesdropped in communication channel when it is used in remotely login. Blocking the access if the number of login failures hits a predetermined threshold, the service servers are effective to defend against brute force attack. But this technique is also used by attackers in account-lockout attack with a few failed logins to block someone's account.
Actually, the more serious threat for password stealing is Trojan attack. A Trojan is a malicious program that is disguised as or embedded within legitimate software. The Trojan can be installed on a user's computing device if the user visits an infected website or downloads free software. Various Trojan distribution models include email or instant message attachment, piggybacking within a program, Internet worms, web browser exploit, content injection, hacking into a system and affiliate marketing programs. Trojan steals user's password by recording keystrokes, capturing the screen and sending the information obtained to the hacker.
Single password authentication is also vulnerable to phishing attack. Phishing is a type of deception designed to steal victim's personal identity data. Phisher might send millions of fraudulent e-mail messages to lead recipients to counterfeit websites designed to trick victims into divulging identity data such as credit card numbers, account usernames and passwords.
To address the inherent vulnerabilities of single password authentication scheme, various authentication methods were proposed. For example, a variable password method is disclosed in U.S. Pat. No. 5,682,475. In each login session, the user has to compute a new password with a function based on the new parameter value provided by the server. Both the user and the server share the same secret function. Other methods include a one-time password method disclosed in U.S. Pat. No. 5,768,373, a method of one-time password encrypted with a modified Diffie-Hellman key exchange algorithm disclosed in U.S. Pat. No. 6,539,479, and an enterprise single sign-on method disclosed in U.S. Pat. No. 6,763,468.
Additionally, authentication with the factor of the current Base Transceiver Station location used by the cell phone is reported by Looi (M. Looi, Enhanced Authentication Services for Internet Systems Using Mobile Networks, Global Telecommunications Conference, 2001, GLOBECOM '01, IEEE, vol. 6, 3468-3472.) A two-factor authentication system that requires that the user enters something they know their PINs and something they have the constantly changing token codes on their BlackBerry devices to gain access to the protected applications (RSA White Paper: Leveraging Two-factor Authentication to Provide Secure Access to Corporate Resources from BlackBerry Devices, 2006, RIMB WP 1006).
One-time password authentication methods are effective to prevent against Trojan attack. However one-time password authentication methods, even with multi-factor authentication schemes, are vulnerable to man-in-the-middle (MITM) attack, A phishing attack against Citibank using MITM tactics was reported to defeat a two-factor authentication and gain access to online banking accounts.
The MITM attack is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. For example, the attacker first sends a phishing email to lead a victim to access attacker's website, and that website looks like the victim's banking website. The victim enters his ID, one-time password into the fake web page to login. The attacker enters the same ID and password received from the victim into the login page of the real bank website. The bank might call the victim to confirm the possession of the cell phone of the logger if two-factor authentication is applied. The victim responds confirmation that leads the attacker being authenticated.
The MITM attack is one of the most difficult attacks to defend. Capturing the password, the fingerprint or retina of the user, or the data encrypted with the most secure algorithm, the hacker between the user and the service server can impersonate the user by relaying the unknown message to meet the server's authentication measures.
Additionally, offline user authentication for rendering the protected digital content is more challenge than online user authentication because (i) the rendering devices, used by an offline user, are not connected with the Internet, or networks, so that no other party, such as a trusted central database to store the user's access key, can be used to ensure the identity of the user. The rendering device, the rendering program, or at least few components of them must be trusted; (ii) there is no effective way to prevent unauthorized users from trying all possible access keys to render an unauthorized digital content on an offline rendering device; and (iii) the offline users may transfer or publish their access keys associated with a piece of digital content, such as a DVD movie or an editing program, to unauthorized parties without losing anything. In contrast, the online users never give the access keys of their banking accounts to others.
Generally, there are four parties in the digital content distribution world: the content publishers, the device manufacturers, the license issuers and the consumers.
In a typical business model, the content publishers and the device manufacturers set up a consortium with the aim of certifying the compliant devices and delegating the right to produce these devices to the participating manufacturers. The content publishers joining the consortium package the digital content so that the content can only be rendered by the compliant devices that enforce the content publisher's copyrights. On the other hand, the device manufacturers joining the consortium only produce the compliant devices based on the security rules set by the publishers. To guarantee the copyright protection, the digital content is encrypted as the protected digital content by the publisher joining the consortium with a secret key. Accordingly, only those device manufacturers who join the consortium can obtain the secret keys, or the hardware module that contains the secret keys. The compliant devices must incorporate such a tamper-proof hardware module with the stored keys and decryption steps in order to prevent malicious users from extracting these keys and build circumvention devices.
To authenticate a user, the license issuers delegating the publishers usually issue a digital license and a password to a user. The compliant device rejects the request of rendering the protected content if the password provided the user could not be verified based on the digital license stored in the device.
Various systems have been developed to prevent unauthorized rendering of the digital content. For example, SafeNet and Aladdin Knowledge Systems offer USB hardware tokens for the software delivered. U.S. Pat. No. 6,920,567 uses the license that binds the digital content to the device, but does not bind the digital content to the user. U.S. Pat. No. 6,353,888 utilizes tamper-proof hardware components in the device and the user identifier to bind the digital content to both the device and the user. U.S. Pat. No. 7,065,787 employs a digital license to bind the digital content to a user.
While these systems have enjoyed various levels of success in reducing unauthorized rendering of the digital content, they often impose a significant burden on the authorized users or are easily defeated by unauthorized users.
Therefore, a heretofore unaddressed need exists in the art to address the aforementioned deficiencies and inadequacies.