JNFS employs a more secure challenge-response mechanism for authentication. The protocol, outlined below, requires a user to use its digital signature to sign a random number to prove its authenticity. There are four stages to authentication:
In the initialization stage, the user U tells JNFS that it would like access to the file system. The server confirms that U's name appears in the user table and then proceeds to the challenge stage.
JNFS then generates a 64-bit random number R using the SecureRandom class in the java.security package. The server creates a challenge , records it, and issues it to U.
U receives the challenge and generates a response by signing with its secret key . Using the Digital Signature Algorithm , it creates a signature for . The user returns back to the server.
The JNFS server verifies the response by using U's public key to interpret the signature . If is indeed a signed version of the challenge that it had previously issued, the server accepts the user's credentials, since only U knows the private key used to produce the signature from the challenge. For efficiency, the server grants U a token ( ) it will use on subsequent transactions until it expires. When expires, U repeats the authentication process to obtain another token.