System and method for providing masquerade protection in a computer network using hardware and timestamp-specific single use keys

摘要

An authentication session key is generated on a trusted machine based upon an identifier of its CPU, hardware configuration, and a timestamp. The trusting machine retrieves this same information about the trusted machine, and then generates session locks for the machine which are valid for a predetermined time interval. If the incoming session key matches one of the session locks, and the incoming session key is not on the list of used keys, the session key is appended to a list of keys which will no longer thereafter be valid, and access is then granted, thereby employing single-use keys. Because the locks and keys are also generated during a timestamp, a user may request service from the same machine multiple times by waiting no more than a predetermined time between requests, or front ends to the masquerade protection tools could be written that re- try until successful. Because the keys generated are specific to the hardware characteristics of the trusted machine upon which they are generated, attempts to gain access from an imposter machine will generate unusable session keys.