System and method for authentication in a crypto-system utilizing symmetric and asymmetric crypto-keys

摘要

A system and method for authentication of a crypto-system user is provided. A user is authenticated by the use of both symmetric and asymmetric crypto-keys. A user associated with a first asymmetric crypto-key having a public portion and multiple private portions is represented by a first network station. The user transmits a first request for authentication to a second network station. The second network station is associated with a second asymmetric crypto-key having a public portion and at least one private portion. A first one of the multiple private portions of the first crypto-key is stored at the second network station. The second network station generates a shared symmetric crypto-key and encrypts the shared crypto-key with the first private portion of the first crypto-key to form a first message. The second network station signs the first message with a private portion of the second crypto-key and transmits the first message to the first network station. The second network station also encrypts the shared crypto-key with the public portion of a third crypto-key to form a second message. The second network station signs the second message and transmits it to a third network station. The third network station, associated with the third crypto-key, authenticates the second network station, further encrypts the second message with a second private portion of the first crypto-key stored at the third network station, forming a third message. The third network station transmits the third message to the first network station. The first network station authenticates the first network station, combines the first and third messages to form a fourth message, further encrypts the fourth message with another private portion of the first crypto-key, forming a fifth message. The first network station applies the public portion of the first crypto-key to the fifth message to recover the shared crypto-key. The first network station encrypts a second authentication request with the shared crypto-key to form a sixth message, and transmits the sixth message to authenticate the user.