Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2000-10-25
2004-07-27
Jung, David (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S182000, C713S171000, C713S176000
Reexamination Certificate
active
06769060
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates generally to cryptographic methods and, more particularly, to authentication protocols using cryptographic methods to authenticate parties involved in a communication.
Encryption is the process of disguising intelligible information, called plaintext, to hide its substance from eavesdroppers. Encrypting plaintext produces unintelligible data called ciphertext. Decryption is the process of converting ciphertext back to its original plaintext. Using encryption and decryption, two parties can send messages over an insecure channel without revealing the substance of the message to eavesdroppers.
A cryptographic algorithm or cipher is a mathematical function used in the encryption and decryption of data. A cryptographic algorithm typically works in combination with a key to encrypt and decrypt messages. The key, typically a large random number, controls the encryption of data by the cryptographic algorithm. The same plaintext encrypts to different ciphertext with different keys. In general, it is extremely difficult to recover the plaintext of a message without access to the key, even by an eavesdropper having full knowledge of the cryptographic algorithm.
In general, there are two types of key-based cryptographic algorithms—symmetric algorithms and asymmetric algorithms. In symmetric algorithms, also called secret key algorithms, one key is used both for encryption and decryption. Symmetric algorithms require that the sender and receiver of the message agree on a secret key before they can communicate securely. One benefit of symmetric algorithms is that symmetric algorithms execute quickly in a microprocessor. However, key distribution can be a problem, particularly where the communicating parties are in different physical locations. The parties must agree to a key in secret, since anyone possessing the key can encrypt or decrypt messages. If the key is compromised, then an eavesdropper can decrypt any messages encrypted to that key. The eavesdropper could also pretend to be one of the parties and produce false messages to deceive the other party.
The Diffie-Hellman algorithm is a key exchange algorithm that allows two parties to agree on a secret key over an insecure channel without divulging the secret key. According to the Diffie-Hellman algorithm, the parties agree on two, non-secret prime numbers N and G. N is typically a large prime number. The security of the system is based on the difficulty of factoring numbers the same size as N. G may be a one-digit prime number. Each party generates a large random integer, denoted x and y, respectively. The parties then calculate derived numbers X and Y. The first party computes X using the equation X=G
x
mod N. The second party computes Y using the equation Y=G
y
mod N. The first party transmits X to the second party. The second party transmits Y to the first party. The first party computes the key K using the equation K=Y
x
mod N. The second party computes the key K using the equation K=X
Y
mod N. K is equal to G
xy
mod N. An eavesdropper cannot compute K with knowledge, only of N, G, X, and Y. Therefore, the value K, which was computed independently by the two parties using information exchanged over the insecure channel, may be used by the parties as the secret key for secure communications. The Diffie-Hellman algorithm does not establish the identity of either party, but only allows them to communicate in privacy using the secret key K in a symmetric encryption device.
Asymmetric encryption algorithms, also known as public key algorithms, use different keys for encryption and decryption. The encryption key, also called the public key, can be made public. Anyone can use the public key to encrypt messages. The decryption key, also called the private key, is secret. Only a person with the private key can decrypt messages encrypted with the corresponding public key.
Using an asymmetric encryption algorithm, the sender encrypts a message using the public key of the intended recipient. Only the intended recipient can decipher the message using his private key. Since the private key is not distributed, public key algorithms avoid the problems of key exchange inherent in symmetric algorithms. However, public key algorithms are computationally complex and take longer to execute than symmetric algorithms.
One of the most popular public key algorithms is the RSA algorithm, named after its three inventors—Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is based on a modulus N which is the product of two large prime numbers P and Q. A public exponent E is chosen such that the public exponent E and (P−1)(Q−1) are relatively prime, which means they have no prime factors in common. The public exponent E does not have to be a prime number, but it must be smaller than the modulus N and it must be odd. The public exponent E is used to compute a private exponent D such that (DE−1) is evenly divisible by (P−1)(Q−1). This relationship may be written as DE=1 mod(P−1)(Q−1). The public key comprises the public exponent E and modulus N. The private exponent D is the private key.
In operation, the sending party divides message bits into blocks smaller than the word length of the modulus N to obtain a word of value X. The message block is encrypted by computing Y=X
E
mod N, which is a word of length equal to N. The encrypted message is transmitted to the receiving party. The receiving party can decrypt the message by computing X=Y
D
mod N where Y is the ciphertext.
The RSA algorithm and other public key algorithms allow secure communications between two parties, but do not provide means for authenticating the parties. When a person receives a message encrypted with his public key, he can be assured that the content of the encrypted message is secret from all but the sending party, since only he possesses the private key for decrypting the message. However, the party receiving the encrypted message has no assurance of the identity of the sending party, since anyone with his public key could have encrypted the message. If the receiving, party desires to authenticate the sending party's identity, the sending party may encrypt a message with his secret key. The receiving party can then use the public key to decrypt the message. If the message decrypts successfully, only the sending party could have sent the message. In this case, the ability to authenticate messages has been preserved at the expense of completely giving up secrecy, since anyone with the sender's public key can decipher the message.
It is known to doubly encrypt messages to provide both secure communications and authentication capability. In this case, each party to the communication possesses a public key used for encrypting messages and a private key used for decrypting messages. Assume that party A wishes to send party B a message. Party A encrypts the message first, using party A's private key. The resulting ciphertext is encrypted a second time using party B's public key. The result of the second encryption operation is transmitted to party B. Party B decrypts the message using party B's private key. Since party B is the only person in possession of the private key, only he can decrypt the message so the communication is secure. The result of the first decryption operation is the inner ciphertext produced by encrypting the original message with party A's private key. Thus, party B can then use party A's public key to decrypt the inner ciphertext to obtain the original message. Since only party A possesses the private key that can generate the inner ciphertext, party A's identity is authenticated to party B.
Key certification authorities have been used in the past to provide a means for obtaining and/or verifying the public key of an intended recipient. The key certification authority issues digital certificates that include a person's public key and information identifying the
Dent Paul W.
Rydbeck Nils
Coats & Bennett P.L.L.C.
Ericsson Inc.
Jung David
LandOfFree
Method of bilateral identity authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of bilateral identity authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of bilateral identity authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3248614