Abstract: A system for authentication of network users which is operable in multiple modes, includes a plurality of user network stations and at least one sponsor network station representing a sponsor. Each network station represents a user associated with an asymmetric crypto-key having either a first or second number of private portions, the second number being greater than the first number. The one or more sponsor network stations receive authentication requests from the user network stations, determine the identity of a user associated with each of the received authentication requests, select from two or more available modes of operation based upon the determined identity. If operation in one mode is selected, the sponsor network station signs a particular received authentication request using one private portion of an asymmetric crypto-key having a first number of private portions.

Abstract: A system and method for authentication of a crypto-system user is provided. A user is authenticated by the use of both symmetric and asymmetric crypto-keys. A user associated with a first asymmetric crypto-key having a public portion and multiple private portions is represented by a first network station. The user transmits a first request for authentication to a second network station. The second network station is associated with a second asymmetric crypto-key having a public portion and at least one private portion. A first one of the multiple private portions of the first crypto-key is stored at the second network station. The second network station generates a shared symmetric crypto-key and encrypts the shared crypto-key with the first private portion of the first crypto-key to form a first message. The second network station signs the first message with a private portion of the second crypto-key and transmits the first message to the first network station.

Abstract: A network device represents a user having a predefined associated password, a predefined associated symmetric crypto-key and a predefined associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion. The device includes a memory, input device and processor. The memory stores a function. The input device allows the inputting of the user password. The processor operates in either a first or second mode of operation. In the first mode of operation, the processor processes the input password in accordance with the stored function to generate the associated first private key portion, and encrypts and/or decrypts or signs a message with the generated first private key portion. In a second mode of operation, the processor processes the input password in accordance with the same stored function to generate the associated symmetric crypto-key, and encrypts and/or decrypts and/or authenticates a message with the generated symmetric crypto-key.

Abstract: A method and system for generating asymmetric crypto-keys usable by network users to transform messages is provided. The system includes a first network station associated with a user, a second network station associated with a trusted entity, and a third network station associated with a sponsor. The trusted entity authorizes the sponsor to generate the asymmetric crypto-key. The sponsor generates a symmetric crypto-key and associated user identification. The sponsor both stores the generated symmetric crypto-key and the associated user identification and transmits the symmetric crypto-key and the associated user identification to the trusted entity. The trusted entity then distributes the symmetric crypto-key and user identification to the user. The user then presents the user identification to the sponsor. The sponsor then generates a challenge and transforms the challenge with the stored symmetric crypto-key. The sponsor transmits the transformed challenge to the user.

Abstract: A method for authenticating a user includes receiving a request for access from a user claiming to be a particular user. A first challenge having a first level of complexity is transmitted to the user. A response to the transmitted first challenge is transmitted. A determination is made as to whether or not the transmitted response authenticates the user as the particular user. The requested access by the user is allowed if the transmitted response authenticates the user. However, a second challenge having a second level of complexity, greater than the first level of complexity, is transmitted to the user if the transmitted response does not authenticate the user.