Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-10-28
2004-04-06
Sheikh, Ayaz (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S168000, C713S169000, C713S152000, C713S184000, C380S281000, C380S284000
Reexamination Certificate
active
06718467
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to computer science. More particularly, the present invention relates a password-based protocol for secure communications.
2. Background
Computer security is an important consideration in modern computer systems. With advances in technology and new paradigms, enhanced security is becoming a priority, particularly with the growing interest in e-commerce. This concern has led to the use of cryptography to establish authenticated and/or private communications between parties who initially share only a relatively insecure secret.
Cryptography involves the design of algorithms for encryption and decryption, to ensure the secrecy and/or authenticity of messages. Encryption is the conversion of data (called plaintext) into an unintelligible form (called ciphertext) by means of a reversible translation, based on a translation table or algorithm. Decryption is the translation of ciphertext into plaintext. Typically, cryptographic functions require “keys” which are used to encrypt and decrypt the data and are known only by trusted entities.
There are two commonly known types of key-based cryptography, known as symmetric key and asymmetric key. Symmetric key cryptography uses the same key to encrypt and decrypt data while asymmetric key cryptography uses two keys which are mutual inverses (one decrypts the other's encryption). Asymmetric key cryptography is also known as ‘public key’ cryptography because one half of a pair of keys can be published without compromising the overall security of the system.
Public key technology is has some cryptographic and scaling advantages over symmetric key techniques. For example, public keys can be more easily published without compromising the security of the private key or the overall system. However, public key technology suffers from some problems that are similar to those experienced by well-known symmetric key systems such as Kerberos, Sesame and standard Unix login security. One problem is that of key management, where keys must be generated and passed around through the system. The problem is slightly different in symmetric systems and public key systems. Key negotiation is required in symmetric systems so that the secrecy of keys is maintained, while in public key systems, broadcast of public keys and establishing trust in the public key is the main requirement. Symmetric key systems use trusted third parties, typically called Key Distribution Centers (as in Kerberos), to manage this process and an analogous technique can be used in public key systems.
Moreover, public key systems suffer from additional problems. Many corporate environments are unsuitable for the deployment of public key systems because the infrastructure for widespread use of such systems does not exist. Accepted standards and software tools to support those standards are not in place. The absence of such an infrastructure for public key systems, in addition to other problems, prevents the widespread use of public key systems.
An important goal in security design is to limit the harm caused by the exposure of keys. This is especially important for long-lived keys. If the compromise of a single key exposes to the attacker all the traffic exchanged by a party during a relatively long time period, such a key becomes an attractive target for an adversary, and a major bottleneck for system security. An improvement is made possible by limiting the advantage for the attacker that breaks the key only to future active impersonation attacks, where the potential of being detected is high. A key exchange mechanism that protects short-lived keys from compromise even in the case of exposure of long-lived keys, is said to provide perfect forward secrecy (PFS). In a system that provides PFS, keys actually used to encrypt traffic are periodically changed such that prior traffic keys cannot be recovered (and prior encrypted traffic cannot be decrypted) even when the attacker has a complete recording of all traffic and a complete readout of the “current machine state” for both parties. “Current machine state” includes all long-lived secret keys, but does not include any state that was destroyed at the last key change.
For example, if all session keys exchanged by a party C are encrypted under C's public key, then an attacker that breaks the private key of C would also learn all past, and even future, session keys of C. In contrast, by using the Diffie-Hellman algorithm for key exchange and C's private key only to sign this exchange, a much better level of security is achieved. In that case, the attacker that compromises the private key will be able to actively impersonate C in future communications, but will learn nothing about past communications, or even future ones in which the attacker is not actively involved.
Another important goal in security design is authentication. Authentication is a technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter. In mutual authentication, both communication partners verify the identity of the other. In a typical authentication protocol, a first party sends a random number to the a second party, who then transforms it in a special way using key shared only by the two parties and then returns the result. If the returned result is as expected, the first party is assured that the message came from the second party because no other party knew the shared key. Such protocol is called a challenge-response protocol.
Accordingly, a need exists in the prior art for a method and apparatus for a relatively secure communications protocol that provides mutual authentication, key establishment and perfect forward secrecy. A further need exists for such a method and apparatus in an environment unsuitable for full deployment of public key cryptographic solutions.
BRIEF DESCRIPTION OF THE INVENTION
A method for a first participant to establish a shared secret with a second participant, where the first participant and the second participant share a password-based first master key and a hash function includes sending a first message including a first private value for the second participant and a first authenticator for the second participant encrypted with the first master key. The first message also includes a first hashed authenticator for the first participant encrypted with a first shared secret key. The first message also includes a first public value for the first participant. The first participant receives a second message, the second message including the first authenticator for the second participant and a first public value for the second participant encrypted with the first shared secret key. The first participant sends a third message, the third message including the first authenticator for the first participant, a second hashed authenticator for the first participant, a second authenticator for the second participant and a second master key encrypted with a second shared secret key. The third message also includes a second public value for the first participant. A fourth message is received by the first participant, the fourth message including a second authenticator for the second participant and a second public value for the second participant encrypted with the second shared secret key.
REFERENCES:
patent: 5163147 (1992-11-01), Orita
patent: 5241594 (1993-08-01), Kung
patent: 5241599 (1993-08-01), Bellovin et al.
patent: 5351136 (1994-09-01), Wu et al.
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5491749 (1996-02-01), Rogaway
patent: 5502765 (1996-03-01), Ishiguro et al.
patent: 5590199 (1996-12-01), Krajewski et al.
patent: 5655077 (1997-08-01), Jones et al.
patent: 5671354 (1997-09-01), Ito et al.
patent: 5680461 (1997-10-01), McManis
patent: 5684950 (1997-11-01), Dare et al.
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5764772 (1998-06-01), Kaufman et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5835727 (1998-11-01), Wong et al.
patent: 5845070 (1998-12-01), Ikudome
pate
Cisco Technology Inc.
Schaub John P.
Sheikh Ayaz
Thelen Reid & Priest LLP
Zand Kambiz
LandOfFree
Password based protocol for secure communications does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Password based protocol for secure communications, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Password based protocol for secure communications will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3248423