Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-11-02
2002-11-26
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S155000, C380S229000, C380S232000
Reexamination Certificate
active
06487660
ABSTRACT:
This invention relates to a protocol for verifying parties in a transaction and, in particular, cryptographic protocols for providing secure personal ATM transactions between an electronic device and a server and in which the protocols are based on a public key algorithm.
BACKGROUND OF THE INVENTION
With advent of electronic commerce, the use of cash in financial transactions in becoming less popular, in favour of electronic wallets. Typically, a financial institution will issue its customers with a personal ATM device (P-ATM) and an electronic cash card. The user then uses the electronic cash card, which stores a cash amount thereon, in various financial transactions. The cash card communicates with the financial institution's central server via the personal ATM. Because there is less control exercised by a financial institution on a P-ATM than a regular ATM installed, for example, at a bank site, it is necessary for the P-ATMs to be authenticated both by the issuing financial institution as well as by the cash card user in addition to the usual verification of the cash card used by the institution and sometimes vice versa.
In order to simplify the manufacturing process for personal ATMs, the mapping of a P-ATM's cryptographic parameters to a server is unknown until the customer purchases the P-ATM device. To perform P-ATM to server binding, it is necessary to issue the appropriate server public key to the P-ATM and to issue the P-ATM public key and ID to the appropriate server. Both of these actions must be done securely. The difficulty in the authentication presented by this type of application is that the cash card must trust the server and vice versa. Thus, it is necessary that the server then verify the P-ATM and vice versa. Once the server and the P-ATM trust each other, the user can then use the cash card with the ATM with relative confidence. Furthermore, these verifications must be performed relatively quickly. Thus, there is a need for a verification and authentication protocol that meets the needs of this type of transaction.
SUMMARY OF THE INVENTION
This invention seeks to provide a verification and authentication protocol that enables at least one party in at least a three party transaction to be authenticated by the remaining parties.
Furthermore this invention seeks to provide an authentication protocol in a cash-card, personal ATM and server transaction.
This invention also seeks to provide a key distribution method for personal ATM's and the like.
In accordance with an aspect of the invention there is provided a method of authenticating a pair of correspondents C,S to permit exchange of information therebetween, each of said correspondents C,S having a respective private key e,d and a public key Q
u
and Q
s
derived from a generator P and a respective ones of said private keys e,d, a list of said correspondents C having a unique identification information ID
u
stored therein, said a second of said correspondent a including a memory for storing public keys of one or more of said first correspondents, said method comprising steps of:
a) said second of said correspondents generating a random value y upon initiation of a transaction between said correspondents;
b) said second correspondent S forwarding to said first correspondent C said value y;
c) said first correspondent C generating a first random number x and computing a public session key tP from a private key t;
d) said first correspondent C generating a message H by combining said first random number x, said value y, said public session key tP and said unique identification information ID
u
and computing a signature S
e
of said message H;
e) said first correspondent C transmitting said signature S
e
, said public session key tP, said value x and said identification ID
u
to said second correspondent;
f) said second correspondent upon receipt of said message from said previous step (Q) retrieving said public key Q
u
of said first correspondent from said memory using said received identification information ID
u
;
g) said second correspondent verifying said received signature using said recovered public key Q
u
and verifying said message H and computing a shared secret key d(tP), whereby both said correspondents may calculate a shared secret key k by combining the computed secret tQ
s
=d(tP) with said first random number x and said random value y, said key K being utilized in subsequent transactions between said correspondents for a duration of said session.
Also, this aspect of the invention provides for apparatus for carrying out the method. Such an apparatus can comprise any computational apparatus such as a suitably programmed computer.
REFERENCES:
patent: 4949380 (1990-08-01), Chaum
patent: 5272755 (1993-12-01), Myiaji et al.
patent: 5504817 (1996-04-01), Shamir
patent: 6011848 (2000-01-01), Kanda et al.
patent: 0225010 (1987-06-01), None
patent: 0440800 (1991-08-01), None
patent: 0461983 (1991-12-01), None
patent: 8911706 (1989-11-01), None
patent: 9320538 (1993-10-01), None
Menezes et al, “Handbook of Applied Cryptography”, Protocol 12.5.2(iii), pp 427-429, CRC Press, Oct. 17, 1996.*
Schnorr, C.P.: “Efficient signature generation by smart cards” Journal of Cryptology, Vo. 4, No. 3, Jan. 1, 1991, pp. 161-174, XP000574352.
Bellare, M. et al.: “Keying hash functions for message authentication” Advances in Cryptology—Crypto 1996, 16th Annual International Cryptology Conference Santa Barbara, Aug. 18-22, 1996. Proceedings, No. Conf. 16, Aug. 18, 1996, pp. 1-15, XP000626584 Koblitz N (Ed.).
Kenji, Koyama et al.: “Elliptic curve cryptosystems and their applications” IEICE Transactions on Information and Systems vol. E75-D, No. 1, Jan. 1, 1992, pp. 50-57, XP000301174.
Johnson Donald B.
Lambert Robert J.
Vadekar Ashok
Vanstone Scott Alexander
Certicon Corp.
Orange John R. S.
Orange & Chari
Peeso Thomas R.
LandOfFree
Two way authentication protocol does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Two way authentication protocol, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Two way authentication protocol will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2990710