Abstract: A system for accessing multiple different network stations without entry of a password is provided. The password is obtainable by use of a portion of an asymmetric crypto-key. A first station, representing any network entity, transmits an authentication request of a user seeking access. A second station, representing the user, forwards the request and user identity information to a third station. The third station, representing a sponsor, matches the transmitted identity information with stored identity information, generates a certificate, and transmits the certificate. The second station further transmits the certificate to the first station.

Abstract: A system for accessing multiple different network stations without entry of a password includes first, second and third network stations. The first network station represents a network entity and transmits a request for authentication of a user seeking access. The user has an associated password, identifier and asymmetric crypto-key, including a first private key portion obtainable with the password, a second private key portion and a public key portion. A second network station represents the user and has a user identifier, a combination symmetric crypto-key corresponding to a first symmetric crypto-key and a second symmetric crypto-key, and the first private key portion encrypted with the first symmetric crypto-key stored thereat. In response to the authentication request, this station (i) transmits the stored user identifier MAC'd with the stored combination symmetric key, and (ii) transmits the transmitted authentication request encrypted with the stored combination symmetric crypto-key.

Abstract: A first processor generates a private crypto-key and a public crypto-key. The first processor divides the private crypto-key into two portions, a first private key portion, based upon a user's password, and a second private key portion. The private crypto-key and the first private key portion are then destroyed. The remaining portion, second private key portion, and the public crypto-key are stored in a memory. A second processor generates the first private key portion based upon the user's password and responsive to receiving the user's password. The second processor then destroys the generated first private key portion with out storing the generated first private key portion.

Abstract: A system for authentication of network users which is operable in multiple modes, includes a plurality of user network stations and at least one sponsor network station representing a sponsor. Each network station represents a user associated with an asymmetric crypto-key having either a first or second number of private portions, the second number being greater than the first number. The one or more sponsor network stations receive authentication requests from the user network stations, determine the identity of a user associated with each of the received authentication requests, select from two or more available modes of operation based upon the determined identity. If operation in one mode is selected, the sponsor network station signs a particular received authentication request using one private portion of an asymmetric crypto-key having a first number of private portions.

Abstract: A system and method for authentication of a crypto-system user is provided. A user is authenticated by the use of both symmetric and asymmetric crypto-keys. A user associated with a first asymmetric crypto-key having a public portion and multiple private portions is represented by a first network station. The user transmits a first request for authentication to a second network station. The second network station is associated with a second asymmetric crypto-key having a public portion and at least one private portion. A first one of the multiple private portions of the first crypto-key is stored at the second network station. The second network station generates a shared symmetric crypto-key and encrypts the shared crypto-key with the first private portion of the first crypto-key to form a first message. The second network station signs the first message with a private portion of the second crypto-key and transmits the first message to the first network station.

Abstract: A method for authenticating a user includes receiving a request for access from a user claiming to be a particular user. A first challenge having a first level of complexity is transmitted to the user. A response to the transmitted first challenge is transmitted. A determination is made as to whether or not the transmitted response authenticates the user as the particular user. The requested access by the user is allowed if the transmitted response authenticates the user. However, a second challenge having a second level of complexity, greater than the first level of complexity, is transmitted to the user if the transmitted response does not authenticate the user.

Abstract: A method and system for generating asymmetric crypto-keys usable by network users to transform messages is provided. The system includes a first network station associated with a user, a second network station associated with a trusted entity, and a third network station associated with a sponsor. The trusted entity authorizes the sponsor to generate the asymmetric crypto-key. The sponsor generates a symmetric crypto-key and associated user identification. The sponsor both stores the generated symmetric crypto-key and the associated user identification and transmits the symmetric crypto-key and the associated user identification to the trusted entity. The trusted entity then distributes the symmetric crypto-key and user identification to the user. The user then presents the user identification to the sponsor. The sponsor then generates a challenge and transforms the challenge with the stored symmetric crypto-key. The sponsor transmits the transformed challenge to the user.

Abstract: A communications network is provided for securing communications of a user having a password, an identifier, a symmetric crypto-key, and an asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion. The network includes a first network station, representing any network entity, a second network station, representing the user, and a third network station, representing a sponsor. The first network station transmits a request for authentication of the user. The second network station, which stores the user identifier and the symmetric crypto-key, transmits the identifier and also transmits, either jointly or separately the authentication request and information relating to the identity of the user, both encrypted with the symmetric crypto-key stored at the second network station.

Abstract: A network device represents a user having a predefined associated password, a predefined associated symmetric crypto-key and a predefined associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion. The device includes a memory, input device and processor. The memory stores a function. The input device allows the inputting of the user password. The processor operates in either a first or second mode of operation. In the first mode of operation, the processor processes the input password in accordance with the stored function to generate the associated first private key portion, and encrypts and/or decrypts or signs a message with the generated first private key portion. In a second mode of operation, the processor processes the input password in accordance with the same stored function to generate the associated symmetric crypto-key, and encrypts and/or decrypts and/or authenticates a message with the generated symmetric crypto-key.