Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1997-11-10
2003-02-25
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S277000, C380S278000
Reexamination Certificate
active
06526509
ABSTRACT:
BACKGROUND OF THE INVENTION
Information technology systems are subject to various threats. For example, transmitted information can be monitored and changed by an unauthorized third party. A further threat relating to communication between two communication partners is the use of a false identity of one communication partner under false pretences.
These and other threats are countered by various security mechanisms which are intended to protect the information technology system against the threats. One security mechanism which is used for protection is the encryption of the transmitted data. In order that the data in a communication link between two communication partners can be encrypted, steps must first be taken before the transmission of the actual data to prepare for the encryption. The steps may comprise, for example, the two communication partners using the same encryption algorithm, and the common, secret code possibly being agreed.
The security mechanism for encryption in the case of mobile radio systems is gaining particular importance, since the transmitted data in these systems can be monitored by any third party without any special additional cost.
This leads to the requirement to make a choice of known security mechanisms and to combine these security mechanisms in a suitable manner and to specify communication protocols such that they ensure the security of information technology systems.
Various asymmetric methods are known for computer-aided interchange of cryptographic codes. Asymmetric methods, which are suitable for mobile radio systems are (A. Aziz, W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE Personal Communications, 1994, pages 25 to 31) and (M. Beller, “Proposed Authentication and Key Agreement Protocol for PCS”, Joint Experts Meeting on Privacy and Authentication for Personal Communications, P&A JEM 1993, 1993, pages 1 to 11).
The method described in (A. Aziz, W. Diffie, “Privacy and Authentication in Wireless Local Area Networks”, IEEE Personal Communications, 1994, pages 25 to 31) relates expressly to local networks and places more stringent computation performance requirements on the computer units of the communication partners while interchanging the codes. In addition, more transmission capacity is required in the method than in the method according to the invention, since the length of the messages is greater than in the case of the method according to the invention.
The method described in (M. Beller, “Proposed Authentication and Key Agreement Protocol for PCS”, Joint Experts Meeting on Privacy and Authentication for Personal Communications, P&A JEM 1993, 1993, pages 1 to 11) did not implement a number of basic security aims. Explicit authentication of the network by the user is not achieved. In addition, a code which is transmitted by the user to the network is not confirmed to the user by the network. In addition, no assurance is provided regarding the freshness (current validity) of the code for the network. A further disadvantage of this method is the limitation to the Rabin method for the implicit authentication of the code by the user. This limits the method in a relatively flexible application.
Furthermore, no security mechanism is provided to ensure that transmitted data cannot be disputed. This is a considerable disadvantage, particularly when producing charge invoices, which cannot be contested, for a mobile radio system. The limitation of the method to the National Institute of Standards in Technology Signature Standard (NIST DSS) as the signature function used also limits the general applicability of the method.
A method for secure data interchange between a large number of subscribers, involving an actual certificate, has been disclosed (U.S. Pat. No. 5,214,700). The protocol used in this method has a random number, an identity statement as well as a public code and a session code. However, this method does not implement basic security aims.
Furthermore, a method has been disclosed for PC-PC communication with the involvement of a trust center (DE Brochure: Telesec. Telekom, Produktentwicklung Telesec beim Fernmeldeamt Siegen [Telesec product development at the Siegen Telecommunications Authority], pages 12-13 and FIG.
16
).
U.S. Pat. No. 5,222,140 discloses a method in which a session code is produced using both a public code and a secret code, as well as using a random number. This session code is linked to a public code.
Furthermore, U.S. Pat.No. 5,153,919 describes a method in which a user unit identifies itself to a network unit. An authentication process then takes place, using a hash function between the user unit and the network unit.
Other secure communication protocols are known, but do not implement essential, basic security aims (M. Beller et al, Privacy and Authentication on a Portable Communication System, IEEE Journal on Selected Areas in Communications, Vol. 11, No. 6, pages 821-829, 1993).
SUMMARY OF THE INVENTION
The problem to which the invention relates is to specify a simplified method for computer-aided interchange of cryptographic codes.
A first value is formed in the first computer unit from a first random number with the aid of a generating element of a finite group, and a first message is transmitted from the first computer unit to the second computer unit, the first message having at least the first value. A session code is formed in the second computer unit with the aid of a first hash function, a first input variable of the first hash function having at least one first term which is formed by exponentiation of the first value with a secret network code. The session code is formed in the first computer unit with the aid of the first hash function, a second input variable of the first hash function having at least one second term which is formed by exponentiation of a public network code using the first random number. Furthermore, a fourth input variable is formed in the first computer unit with the aid of a second hash function or of the first hash function, a third input variable for the first hash function or for the second hash function having at least the session code in order to form the fourth input variable. Then, a signature term is formed in the first computer unit from at least the fourth input variable, using a first signature function. A third message is transmitted from the first computer unit to the second computer unit, the third message having at least the signature term of the first computer unit. The signature term is verified in the second computer unit.
The advantages achieved by the method according to the invention are primarily a considerable reduction in the length of the transmitted messages and the implementation of further security aims.
The method according to the invention achieves the following security aims:
mutual explicit authentication by the user and the network, that is to say mutual verification of the asserted identity,
code agreement between the user and the network with mutual implicit authentication, that is to say that the method results in a common, secret session code being available after completion of the procedure, from which each party knows that only the authentic opposite number may also be in possession of the secret session code,
assurance of the freshness (current validity) of the session code for the user,
mutual confirmation of the session code by the user and the network, that is to say the confirmation that the opposite number is actually in possession of the agreed secret session code.
The following advantageous developments of the method also relate to these security aims.
The first message also has an identity statement of a certifying computer unit, which supplies a network certificate which can be verified by the first computer unit. A second message is transmitted from the second computer unit to the first computer unit, the second message having at least the network certificate. The network certificate is verified in the first computer unit.
In this development of the method trustworthy public use
Horn Günther
Kessler Volker
Müller Klaus
Hayes Gail
Morrison & Foerster / LLP
Song Ho S.
LandOfFree
Method for interchange of cryptographic codes between a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for interchange of cryptographic codes between a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for interchange of cryptographic codes between a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3126915