Data transmission links

US 20030172278A1
Filed: 01/16/2003
Published: 09/11/2003
Est. Priority Date: 01/17/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of establishing a secure communications link between a terminal and a server, the method comprising:

assembling a message comprising a secret number and a digital signature for the secret number, the digital signature being generated using a private key for the server;

encrypting the message at the server end of the communications link using a public key for the terminal;

sending said encrypted message from the server to the terminal;

decrypting said encrypted message at the terminal using a private key for the terminal;

validating the message by checking the digital signature using a public key for the server; and

establishing said secure communications link using said secret number;

wherein the public and private keys for the terminal and server are public and private keys of an asymmetric cryptographic technique.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention generally relates to secure communications links for data transmission and more particularly relates to data communications links in which asymmetric cryptographic techniques are used to establish a secure link using symmetric cryptography.

A method of establishing a secure communications link between a terminal and a server, the method comprising, assembling a message comprising a secret number and a digital signature for the secret number, the digital signature being generated using a private key for the server, encrypting the message at the server end of the communications link using a public key for the terminal, sending said encrypted message from the server to the terminal, decrypting said encrypted message at the terminal using a private key for the terminal, validating the message by checking the digital signature using a public key for the server; and establishing said secure communications link using said secret number, wherein the public and private keys for the terminal and server are public and private keys of an asymmetric cryptographic technique. Corresponding software is also provided.

The method facilitates fast and if desired, anonymous, download of software to a mobile communications system terminal.

64 Citations

View as Search Results

21 Claims

1. A method of establishing a secure communications link between a terminal and a server, the method comprising:
- assembling a message comprising a secret number and a digital signature for the secret number, the digital signature being generated using a private key for the server;
  
  encrypting the message at the server end of the communications link using a public key for the terminal;
  
  sending said encrypted message from the server to the terminal;
  
  decrypting said encrypted message at the terminal using a private key for the terminal;
  
  validating the message by checking the digital signature using a public key for the server; and
  
  establishing said secure communications link using said secret number;
  
  wherein the public and private keys for the terminal and server are public and private keys of an asymmetric cryptographic technique.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 17, 18, 19, 20, 21)
- - 2. A method as claimed in claim 1 wherein said message further comprises an identifier for the terminal and said digital signature is generated by performing a signing operation on both said secret number and said terminal identifier.
  - 3. A method as claimed in claim 1 wherein the secret number is valid for a time period and wherein the message further comprises a time stamp, the method further comprising checking the validity of said secret number using the time stamp and establishing said secure communication link dependent upon the result of said checking.
  - 4. A method according to claim 1 wherein the digital signature is generated by a signing operation which permits a message on which the signing operation is performed to be recovered from the digital signature, and wherein the secret number in the message is contained within said digital signature.
  - 5. A method according to claim 1 wherein said digital signature is generated using a digest of said secret number.
  - 6. A method as claimed in claim 1 wherein the terminal and server comprise, respectively, a mobile terminal and server of a digital mobile communications system.
  - 7. A method as claimed in claim 6 further comprising:
    - retrieving a public key for the server from the storage in the mobile terminal for checking said digital signature.
  - 17. A data transmission link configured to implement the method of any one of claims 1, 8, 9, 13 and 15.
  - 18. A carrier carrying computer program code for a terminal to implement the part of the method of any one of claims 1, 8, 9, 13 and 15 performed at the terminal end of the communications link.
  - 19. A terminal including a carrier carrying computer program code for a terminal to implement the part of the method of any one of claims 1, 8, 9, 13 and 15 performed at the terminal end of the communications link.
  - 20. A carrier carrying computer program code for a server to implement the part of the method of any one of claims 1, 8, 9, 13 and 15 performed at the server end of the communications link.
  - 21. A server including a carrier carrying computer program code for a server to implement the part of the method of any one of claims 1, 8, 9, 13 and 15 performed at the server end of the communications link.

8. A method of establishing a secure communications link between a server and a terminal, the method comprising:
- assembling a message comprising a secret number and a digital signature for the secret number, the digital signature being generated using a private key for the terminal;
  
  encrypting the message at the terminal end of the communications link using a public key for the server;
  
  sending said encrypted message from the terminal to the server;
  
  decrypting said encrypted message at the server using a private key for the server;
  
  validating the message by checking the digital signature using a public key for the terminal; and
  
  establishing said secure communications link using said secret number;
  
  wherein the public and private keys for the server and terminal are public and private keys of an asymmetric cryptographic technique.

9. A method of establishing a secure communications link between a terminal and a server, the method comprising:
- performing, at the server-end of the communications link, a signing operation on a message comprising a secret number, using a private key for the server, to generate a digital signature, the message being recoverable from the digital signature;
  
  sending a message comprising the digital signature from the server to the terminal;
  
  extracting the secret number from the digital signature at the terminal and establishing said secure communications links using the secret number.
- View Dependent Claims (10, 11, 12)
- - 10. A method as claimed in claim 9 wherein the secret number comprises a Diffie-Hellman value gⁿmod p, where p is a prime number and g is a generator for a Diffie-Hellman key exchange protocol and n is a positive integer less than p−
    - 1.
  - 11. A method as claimed in claim 9 wherein the message further comprises an identifier for the server, the method further comprising:
    - retrieving from storage in the terminal an identification certificate for the server including at least a public key for the server; and
      
      using the server public key to extract said secret number.
  - 12. A method as claimed in claim 9 wherein the secret number is valid for a time period and wherein the message further comprises a time stamp, the method further comprising checking the validity of said secret number using the time stamp and establishing said secure communications link dependent upon the result of said checking.

13. A method of establishing a secure communications link between a server and a terminal, the method comprising:
- performing, at the terminal-end of the communications link, a signing operation on a message comprising a secret number using a private key for the terminal to generate a digital signature, the message being recoverable from the digital signature;
  
  sending a message comprising the digital signature from the terminal to the server;
  
  extracting the secret number from the digital signature at the server and establishing said secure communications links using the secret number.
- View Dependent Claims (14)
- - 14. A method as claimed in claim 13 wherein the secret number comprises a Diffie-Hellman value gⁿmod p, where p is a prime number and g is a generator for a Diffie-Hellman key exchange protocol and n is a positive integer less than p−
    - 1.

15. A method of establishing a secure communications link between a mobile terminal and a server, of a mobile communications system, one of the terminal and server being an originator and the other a recipient, the method comprising:
- sending a first message from the originator to the recipient, the first message comprising;
  
  an identity certificate for the originator, the certificate including a public key for the originator, a first data block, and a signature of the originator generated by operating on the first data block, the first data block comprising at least an identifier for the originator and a secret number encrypted using a public key of the recipient; and
  
  authenticating the first message at the recipient using the originator identifier.
- View Dependent Claims (16)
- - 16. A method as claimed in claim 15 further comprising:
    - sending a second message from the recipient to the originator, the second message comprising;
      
      an identity certificate for the recipient, the certificate including a public key for the recipient, a second data block; and
      
      a signature of the recipient generated by operating on the second data block, the second data block comprising at least an identifier for the recipient and a secret number encrypted using a public key of the sender; and
      
      authenticating the second message at the originator using the recipient identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Farnham, Timothy David, Yeun, Chan Yeob

Application Number

US10/345,342
Publication Number

US 20030172278A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/80   Wireless network architectu...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 9/0844   with user authentication or...

H04W 12/033   of the user plane, e.g. use...

H04W 12/10   Integrity

Data transmission links

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Data transmission links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links