Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
2000-07-28
2002-08-06
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S171000, C713S161000, C713S168000
Reexamination Certificate
active
06430690
ABSTRACT:
This invention relates to a protocol for the secure verification of correspondents in a data communication system and in particular to the verification of at least one of the correspondents having limited computing power.
BACKGROUND OF THE INVENTION
Traditionally, a mechanical turnstile system was used to restrict the entry of persons into or out of a pre-determined area. In order to gain entry, the user is required to pay a fee, the fee being in the form of cash, tokens, fee cards or other payment medium. These mechanical turnstiles however allow entry without being able to identify the persons entering or leaving. In order to monitor users, an operator is required.
In order to alleviate this problem electronic card entry and exit systems were devised. In these types of systems, a user is issued with an identification card beforehand which is then inserted into a card reader and upon positive verification will allow entry via a locked door or similar barrier thus obviating the need for an operator. A disadvantage of this system is that for a large number of users, a database has to be maintained listing each of the users, particularly if each user has a unique identification then the verification system is required to scroll through each of the records to find a matching identity. Secondly, this system is also inconvenient if there are a large number of users entering a particular location at a given time such as a public transit way, the insertion and withdrawal of cards from a card reader is apt to cause bottlenecks at the entrance way.
Transit systems have been devised in which users are provided with a pre-programmed smart card. In this system, the turnstile or a terminal is able to monitor the smart card remotely thus the user simply walks past the turnstile without having to physically insert the card in a slot. The card is generally activated by the presence of a electromagnetic field generated by the terminal, the card then transmits an appropriate identification back to the terminal which verifies the card identification and allows entry of the user. These cards generally have limited computing power and are not able to perform complex computations. It is also desirable to authenticate these cards to prevent duplication or fraudulent entry. Because the cards have limited computing power, it is necessary to implement a authentication protocol that minimizes the computation performed by the card and furthermore is able to provide verification of the card by the terminal in a very short period of time, generally less than one second.
SUMMARY OF THE INVENTION
This invention seeks to provide a solution to the problem of card verification between a terminal and a card where the card device has limited computing power.
According to one aspect of this invention there is provided a method of authenticating at least one of a pair of correspondents T and C in an information exchange session, and wherein one of the correspondents T includes a secret key t and the other correspondent C has a public key C and a shared secret value t
C
derived from said public key C and said secret key t the method comprising the steps of:
the first correspondent C transmitting to the second correspondent T said public key C;
the second correspondent T generating a challenge value &khgr; and transmitting said challenge value &khgr; to said first correspondent C;
said second correspondent T generating a session shared secret value ss by combing said private key t with said public key C of said first correspondent C;
said second correspondent T generating a response test value k
t
by combining said session shared secret ss with said challenge &khgr;, in a mathematical function ƒ
1
;
said first correspondent C generating a response value k
c
by combining said shared secret t
C
with said challenge value &khgr; in said mathematical function ƒ
1
and sending said response value k
c
to said second correspondent T; and
said second correspondent T comparing said response test value k
t
to said challenge response value k
c
to verify said first correspondent C.
A further aspect of this invention provides for said public key C being included in a certificate Cert
C
, whereby the second correspondent verifies the certificate on C and the identity of the first correspondent C before generating the challenge &khgr;.
In accordance with a further aspect of this invention the mathematical function ƒ
1
is a one way function.
REFERENCES:
patent: 0535863 (1993-04-01), None
“Limitations of Challenge—Response Entity Authentication” Electronics Letters (Stevenage GB), vol. 25, No. 17, Aug. 17, 1989 p. 1195/1196 XP000054010.
Gallant Robert P.
Lambert Robert J.
Vadekar Ashok V.
Vanstone Scott A.
Certicom Corp.
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
Peeso Thomas R.
LandOfFree
Secure one-way authentication communication system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure one-way authentication communication system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure one-way authentication communication system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2945136