System and method for establishing secure communication

US 20020056040A1
Filed: 11/08/2001
Published: 05/09/2002
Est. Priority Date: 08/10/2000
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a shared secret key, comprising the steps of:

identifying a first shared random number;

identifying a second shared random number; and

obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is described in which two parties communicate a first shared random number and a second shared random number, and each independently use a combining function with inputs including the two shared random numbers to obtain a shared secret key. Secure communication of the shared random numbers is performed by using a password and an asymmetric key pair. The password and the private key are not communicated, thereby preventing eavesdroppers from obtaining information sufficient to determine the shared secret key. Direct attacks on the parties are foiled by preventing the password from being stored, not storing the private key, and using two shared random numbers in case one is compromised by an attack on one of the two parties. A party cannot be effectively impersonated without knowledge of the password, and a called party cannot be impersonated without additionally controlling the network.

Citations

152 Claims

1. A method for obtaining a shared secret key, comprising the steps of:
- identifying a first shared random number;
  
  identifying a second shared random number; and
  
  obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein said combining function includes a logical function.
  - 3. The method of claim 2, wherein said logical function includes an exclusive or (XOR) function.

4. A method for obtaining a shared secret key utilized in a network having at least a first computer and a second computer, said method comprising the steps of:
- transmitting a first message from said first computer to said second computer, said first message including a first shared random number;
  
  generating a second shared random number in said second computer; and
  
  generating a shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 99, 100, 101, 102, 104, 105, 106, 107, 108, 109, 110, 111, 112, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152)
- - 5. The method of claim 4, further comprising the step of transmitting a second message from said second computer to said first computer, said second message including said second shared random number.
  - 6. The method of claim 5, wherein said first message is encoded using an encoded password.
  - 7. The method of claim 6, wherein said encoded password is an encrypted password.
  - 8. The method of claim 6, wherein said step of encoding said first message comprises encrypting said first message using said encoded password.
  - 9. The method of claim 5, wherein said first message also includes an asymmetric key.
  - 10. The method of claim 9, wherein said second message is encoded using said asymmetric key.
  - 11. The method of claim 10, wherein said second message is encrypted using said asymmetric key.
  - 12. The method of claim 5, wherein said combining function includes a logical function.
  - 13. The method of claim 12, wherein said logical function includes an exclusive or (XOR) function.
  - 15. The data signal of claim 13, wherein said data signal is propagated through a network.
  - 16. The data signal of claim 13, wherein said information is encoded using said shared secret key.
  - 17. The data signal of claim 15, wherein said information is encrypted using said shared secret key.
  - 18. The signal of claim 13, wherein said signal comprises a packet of data representing a portion of said information.
  - 19. The signal of claim 13, wherein said signal is a wireless signal.
  - 20. The signal of claim 13, wherein said signal is embedded in a carrier wave.
  - 21. The signal of claim 13, wherein said signal is propagated as an analog signal.
  - 22. The signal of claim 13, wherein said signal is propagated as a digital signal.
  - 23. The signal of claim 13, wherein said combining function includes a logical function.
  - 24. The method of claim 22, wherein said logical function includes an exclusive or (XOR) function.
  - 26. The method of claim 24, further comprising the step of transmitting a second message including said second shared random number.
  - 27. The method of claim 25, wherein said step of identifying a second shared random number comprises generating said second shared random number.
  - 28. The method of claim 25, wherein said first message is encoded using a first key obtained using information obtained from a password.
  - 29. The method of claim 27, wherein said first message is encoded using a first key obtained using information obtained from a password.
  - 30. The method of claim 28, wherein said first message is encrypted using a first key obtained using information obtained from a password.
  - 31. The method of claim 27, wherein said first key is obtained by encoding said password.
  - 32. The method of claim 30, wherein said step of encoding said password comprises encrypting said password.
  - 33. The method of claim 27, wherein said first message also includes a second key.
  - 34. The method of claim 32, wherein said second key is an asymmetric key.
  - 35. The method of claim 32, wherein said second message is encoded with said second key.
  - 36. The method of claim 34, wherein said second message is encrypted with said second key.
  - 37. The method of claim 32, further comprising receiving said password from a user.
  - 38. The method of claim 24, wherein said combining function includes a logical function.
  - 39. The method of claim 24, wherein said logical function includes an exclusive or (XOR) function.
  - 40. The method of claim 27, wherein said first key is generated using an encoded password obtained from said password.
  - 41. The method of claim 39, wherein said encoded password is an encrypted password.
  - 42. The method of claim 40, wherein said encrypted password is obtained from an output of a one-way function having an input including said password.
  - 43. The method of claim 41, wherein said one-way function is a hash function.
  - 44. The method of claim 27, further comprising the step of receiving said password from a user.
  - 45. The method of claim 43, further comprising transmitting information identifying said user.
  - 46. The method of claim 43, wherein said user is a human user.
  - 47. The method of claim 43, further comprising the step of obtaining said first key from an output of a one-way function having an input including said password.
  - 48. The method of claim 43, further comprising decrypting said first message using information obtained from said password.
  - 49. Otto The method of claim 27, further comprising transmitting identification information for a user.
  - 50. The method of claim 27, wherein said first message also includes a second key.
  - 51. The method of claim 49, wherein said second key is an asymmetric key.
  - 52. The method of claim 50, wherein said second message is encoded with said second key.
  - 53. The method of claim 37, wherein said second message is encrypted with said second key.
  - 54. The method of claim 51, wherein said second message also includes a timestamp.
  - 55. The method of claim 27, wherein said first message also includes a timestamp.
  - 56. The method of claim 27, wherein said first message also includes a second key and a timestamp.
  - 57. The method of claim 55, wherein said second key is an asymmetric key.
  - 59. The device of claim 57, wherein the first shared random number is communicated to a user.
  - 60. The device of claim 58, wherein the shared secret key is obtained from said user.
  - 61. The device of claim 57, wherein the shared secret key is obtained from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.
  - 62. The method of claim 60, wherein said step of identifying a first shared random number comprises generating said first shared random number.
  - 63. The method of claim 61, wherein said step of identifying a second shared random number comprises receiving a second message including said second shared random number.
  - 64. The method of claim 60, wherein said step of identifying a second shared random number comprises generating said second shared random number.
  - 65. The method of claim 63, wherein said step of identifying a first shared random number comprises receiving a first message including said first shared random number.
  - 66. The device of claim 60, wherein said device is capable of transforming messages by encoding messages using the shared secret key.
  - 67. The device of claim 65, wherein said encoding messages using the shared secret key comprises encrypting messages using the shared secret key.
  - 68. The device of claim 60, wherein said device is capable of transforming messages by decoding messages using the shared secret key.
  - 69. The device of claim 67, wherein said decoding messages using the shared secret key comprises decrypting messages using the shared secret key.
  - 70. The device of claim 60, wherein said device comprises a computer.
  - 71. The device of claim 60, wherein said device comprises a handheld device.
  - 72. The device of claim 60, further comprising a memory coupled to said processor, wherein at least a portion of said software module is stored in said memory.
  - 74. The device of claim 72, wherein said device decrypts said first message.
  - 75. The method of claim 72, wherein said step of identifying a second shared random number comprises generating said second shared random number.
  - 76. The device of claim 72, wherein said device transmits a second message including the second shared random number.
  - 77. The device of claim 75, wherein said first message is encoded using a first key obtained using information obtained from a password.
  - 78. The device of claim 76, wherein said first message is encrypted using a first key obtained using information obtained from a password.
  - 79. The device of claim 76, wherein said first message also includes an asymmetric key.
  - 80. The device of claim 78, wherein said second message is encoded with said asymmetric key.
  - 81. The device of claim 79, wherein said second message is encrypted with said asymmetric key.
  - 83. The device of claim 81, wherein said device decrypts said second message.
  - 84. The method of claim 81, wherein said step of identifying a first shared random number comprises generating said first shared random number.
  - 85. The device of claim 81, wherein said software module generates a first message including said first shared random number.
  - 86. The device of claim 84, wherein said first message also includes a second key.
  - 87. The device of claim 85, wherein said first message also includes an asymmetric key.
  - 88. The device of claim 86, wherein said second message is encoded with said asymmetric key.
  - 89. The device of claim 87, wherein said second message is encrypted with said asymmetric key.
  - 90. The device of claim 85, wherein said first key corresponds to a password known by a user.
  - 92. A storage medium according to claim 90 wherein said storage medium is at least one of a group including semiconductor memory device, magnetic device, optical device, magneto-optical device, floppy diskette, hard drive, CD-ROM, magnetic tape, computer memory, and memory card.
  - 93. A storage medium according to claim 90, wherein said combining function includes a logical function.
  - 94. A storage medium according to claim 92 wherein said logical function includes an exclusive or (XOR) function.
  - 96. The storage medium of claim 94, further comprising encoded computer means for decrypting said first message.
  - 97. The storage medium of claim 94, further comprising encoded computer means for generating a second message including said second shared random number.
  - 98. The storage medium of claim 96, wherein said first message is encoded using a first key obtained using information obtained from a password.
  - 99. The storage medium of claim 97, wherein said first message is encrypted using a first key obtained using information obtained from a password.
  - 100. The storage medium of claim 97, wherein said first message also includes an asymmetric key.
  - 101. The storage medium of claim 99, wherein said second message is encoded with said asymmetric key.
  - 102. The storage medium of claim 100, wherein said second message is encrypted with said asymmetric key.
  - 104. The storage medium of claim 102, further comprising encoded computer means for decrypting said second message.
  - 105. The storage medium of claim 102, further comprising encoded computer means for transmitting a first message including said first shared random number.
  - 106. The storage medium of claim 104, wherein said first message also includes a second key.
  - 107. The storage medium of claim 105, wherein said second key is an asymmetric key.
  - 108. The storage medium of claim 106, wherein said second message is encoded with said asymmetric key.
  - 109. The storage medium of claim 107, wherein said second message is encrypted with said asymmetric key.
  - 110. The storage medium of claim 105, wherein said first message is encoded using a first key.
  - 111. The storage medium of claim 109, wherein said first message is encrypted using a first key.
  - 112. The storage medium of claim 109, wherein said first key corresponds to a password known by a user.
  - 114. The method of claim 112, further comprising the step of transmitting a first message including said first shared random number.
  - 115. The method of claim 113, wherein said step of identifying a first shared random number comprises generating said first shared random number.
  - 116. The method of claim 113, wherein said first message is encoded using a first key.
  - 117. The method of claim 115, wherein said first message is encrypted using a first key.
  - 118. The method of claim 115, wherein said first message also includes a second key.
  - 119. The method of claim 115, wherein said first key corresponds to a password.
  - 120. The method of claim 118, wherein said first key is an encoded password.
  - 121. The method of claim 119, wherein said first key is an encrypted password.
  - 122. The method of claim 118, wherein said step of obtaining the shared secret key comprises obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.
  - 123. The method of claim 121, wherein said combining function includes a logical function.
  - 124. The method of claim 122, wherein said logical function includes an exclusive or (XOR) function.
  - 125. The method of claim 117, wherein said second key is an asymmetric key.
  - 126. The method of claim 117, wherein said second message is encoded with said second key.
  - 127. The method of claim 125, wherein said second message is encrypted with said second key.
  - 128. The method of claim 125, further comprising decoding said second message.
  - 129. The method of claim 127, wherein said decoding said second message comprises decoding said second message using a third key.
  - 130. The method of claim 128, wherein said third key and said second key form an asymmetric key pair.
  - 131. The method of claim 129, further comprising the step of generating said asymmetric key pair.
  - 132. The method of claim 130, wherein said asymmetric key pair is generated dynamically.
  - 133. The method of claim 130, wherein said asymmetric key pair is selected from a set of pre-generated asymmetric key pairs.
  - 134. The method of claim 115, further comprising receiving information identifying a user.
  - 135. The method of claim 133, wherein said first key is associated with said user.
  - 136. The method of claim 134, wherein said first key corresponds to a password known by said user.
  - 137. The method of claim 135, wherein said first key is an encoded value of said password.
  - 138. The method of claim 135, wherein said encoded value of said password is an encrypted value of said password.
  - 139. The method of claim 136, wherein said first key is a value of said password after being sent through a one-way function.
  - 140. The method of claim 136, further comprising the step of obtaining said first key by looking up said user in a password file.
  - 141. The method of claim 139, wherein said password file contains an encoded password.
  - 142. The method of claim 140, wherein said encoded password is an encrypted password.
  - 143. The method of claim 139, wherein said password file is encoded.
  - 144. The method of claim 142, wherein said encoded password file is an encrypted password file.
  - 145. The method of claim 115, wherein said first message also includes a second key.
  - 146. The method of claim 144, wherein said second key is an asymmetric key.
  - 147. The method of claim 145, wherein said second message is encoded with said second key.
  - 148. The method of claim 146, wherein said second message is encrypted with said second key.
  - 149. The method of claim 146, wherein said second message also includes a timestamp.
  - 150. The method of claim 115, wherein said first message also includes a timestamp.
  - 151. The method of claim 115, wherein said first message also includes a second key and a timestamp.
  - 152. The method of claim 150, wherein said second key is an asymmetric key.

14. An electronic data signal including information encoded using a shared secret key, wherein said shared secret key is obtained from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

25. A method for obtaining a shared secret key, comprising the steps of:
- receiving a first message including a first shared random number;
  
  identifying a second shared random number;
  
  obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

58. A device including at least one processor, said at least one processor executing software instructions for obtaining a shared secret key, said software instructions comprising a software module identifying a first shared random number and a second shared random number and obtaining the shared secret keybased on said first shared random number and said second shared random number, wherein the device is capable of transforming messages using the shared secret key.

73. A device including at least one processor, said at least one processor executing software instructions for obtaining a shared secret key, said software instructions comprising a software module parsing a first message including a first shared random number to identify said first shared random number, identifying a second shared random number, and obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number, wherein the shared secret key is used by the device to transform messages.

82. A device including at least one processor, said at least one processor executing software instructions for obtaining a shared secret key, said software instructions comprising a first software module identifying a first shared random number, parsing a second message including a second shared random number to identify said second shared random number, and obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number, wherein the shared secret key is used by the device to transform messages.

91. A machine-readable storage medium containing instructions for a processor, said instructions being the steps for the processor, comprising:
- encoded computer means for identifying a first shared random number;
  
  encoded computer means for identifying a second shared random number; and
  
  encoded computer means for obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

95. A machine-readable storage medium containing instructions for a processor, said instructions being the steps for the processor, comprising:
- encoded computer means for parsing a first message including a first shared random number to obtain said first shared random number;
  
  encoded computer means for identifying a second shared random number; and
  
  encoded computer means for obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

103. A machine-readable storage medium containing instructions for a processor, said instructions being the steps for the processor, comprising:
- encoded computer means for identifying a first shared random number;
  
  encoded computer means for parsing a second message including a second shared random number to obtain said second shared random number; and
  
  encoded computer means for obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

113. A method for obtaining a shared secret key, comprising the steps of:
- identifying a first shared random number;
  
  receiving a second message including a second shared random number; and
  
  obtaining the shared secret key from an output of a combining function having a first input including said first shared random number and having a second input including said second shared random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Timothy J. Simms
Original Assignee
Timothy J. Simms
Inventors
Simms, Timothy J.

Granted Patent

US 7,373,507 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

A41B 2400/20 Air permeability; Ventilation

H04L 9/0844 with user authentication or...

System and method for establishing secure communication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

152 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for establishing secure communication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

152 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links