CHALLENGE-AND-RESPONSE USER AUTHENTICATION PROTOCOL

A distributed authentication system that prevents unauthorized access to any computer system (10) in a distributed environment. Authentication using the present invention involves three distinct phases. In the first phase, user passwords are generated by the computer system (10) and encrypted on a coded card (27) together with a message authentication code to prevent alterations prior to any access attempts. These are complex and impersonal enough not to be easily guessed. This coded card (27)must be used whenever requesting access to the system (10). Second, in addition to supplying a password, the user is required to correctly respond to a set of randomly selected authentication challenges (28) when requesting access. The correct responses (29) may vary between the right response, a wrong response or no response depending on some predetermined variable, e.g., the day of the week or hour of the day. The dual randomness thus introduced significantly reduces the usefulness of observed logon information. Third, at random times during the session, the user is required again to respond to selected authentication challenges (28). This detects piggybacking attempts. Since authentication depends on the correctness of the entire set of responses (29) rather than on the response to a single question, the present invention provides a significant increase in the probability of detecting and preventing unauthorized computer access.