Data transmission links

US 20030210789A1
Filed: 01/16/2003
Published: 11/13/2003
Est. Priority Date: 01/17/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of establishing a secure communications link between a mobile terminal of a mobile communications system and a server, the method comprising:

retrieving from storage, in the mobile terminal a prime number, p, and generator, g, for a Diffie-Hellman key exchange protocol;

generating a positive integer b less than p−

1 at the terminal;

sending a message including the value of (g^bmod p) from the terminal to the server;

determining a shared secret number for the terminal and the server by calculating the value of (g^abmod p), where a is a positive integer less than p−

1, at both the terminal and the server, using b and a value y=g^amod p for the server at the terminal, and using a, b, g and p at the server; and

using the shared secret number to establish said secure communications between the terminal and the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention generally relates to secure communications links for data transmission and more particularly relates to data communications links in which asymmetric cryptographic techniques are used to establish a secure link using symmetric cryptography.

A method of establishing a secure communications link between a mobile terminal of a mobile communications system and a server, the method comprising: retrieving from storage, in the mobile terminal a prime number, p, and generator, g, for a Diffie-Hillman key exchange protocol; generating a positive integer b at the terminal; sending a message including the value of (g^bmod p) from the terminal to the server; determining a shared secret number for the terminal and the server by calculating the value of (g^abmod p), where a is a positive integer, at both the terminal and the server, using b and a public value for the server y=g^amod p at the terminal, and using a, b, g and p at the server; and using the shared secret number to establish said secure communications between the terminal and the server. Corresponding software is also provided.

The method facilitates fast and if desired, anonymous, download of software to a mobile communications system terminal.

Citations

28 Claims

1. A method of establishing a secure communications link between a mobile terminal of a mobile communications system and a server, the method comprising:
- retrieving from storage, in the mobile terminal a prime number, p, and generator, g, for a Diffie-Hellman key exchange protocol;
  
  generating a positive integer b less than p−
  
  1 at the terminal;
  
  sending a message including the value of (g^bmod p) from the terminal to the server;
  
  determining a shared secret number for the terminal and the server by calculating the value of (g^abmod p), where a is a positive integer less than p−
  
  1, at both the terminal and the server, using b and a value y=g^amod p for the server at the terminal, and using a, b, g and p at the server; and
  
  using the shared secret number to establish said secure communications between the terminal and the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 22, 25, 26)
- - 2. A method as claimed in claim 1 further comprising retrieving from storage in the mobile terminal the public value y.
  - 3. A method as claimed in claim 1 further comprising:
    - encrypting the public value y at the server end of the communications link using a public key for the terminal, the public key being a key of an asymmetric cryptographic technique, to provide a first encrypted message;
      
      sending the first encrypted message to the terminal; and
      
      decrypting the public value y from the first encrypted message at the terminal.
  - 4. A method as claimed in claim 3 wherein said encrypting further comprising encrypting an identifier for the server, whereby said first encrypted message includes said server identifier;
    - wherein said decrypting further comprises decrypting said server identifier; and
      
      wherein the method further comprising checking said server identifier at the terminal.
  - 5. A method as claimed in claim 3 wherein said encrypting further comprises encrypting a server-end time stamp, whereby said first encrypted message includes said server-end time stamp;
    - wherein said decrypting comprises decrypting said server-end time stamp for validating said secure communications link.
  - 6. A method as claimed in claim 4 wherein said encrypting further comprises encrypting a server-end time stamp, whereby said first encrypted message includes said server-end time stamp;
    - wherein said decrypting comprises decrypting said server-end time stamp for validating said secure communications link.
  - 7. A method according to claim 1 further comprising:
    - encrypting the value of (g^bmod p) at the terminal using a public key for the server, the public key being a key of an asymmetric cryptographic technique, to provide a second encrypted message;
      
      sending the second encrypted message to the server; and
      
      decrypting the value of (g^bmod p) from the second encrypted message at the server.
  - 8. A method according to claim 7 wherein said encrypting further comprises encrypting an identifier for the terminal, whereby said second encrypted message includes said terminal identifier;
    - wherein said decrypting further comprises decrypting said terminal identifier; and
      
      wherein the method further comprising checking said terminal identifier at the server.
  - 9. A method according to claim 7 wherein said encrypting further comprises encrypting a terminal-end time stamp, whereby said second encrypted message includes said terminal-end time stamp;
    - wherein said decrypting further comprises decrypting said terminal-end time stamp for validating said secure communications link.
  - 10. A method according to claim 8 wherein said encrypting further comprises encrypting a terminal-end time stamp, whereby said second encrypted message includes said terminal-end time stamp;
    - wherein said decrypting further comprises decrypting said terminal-end time stamp for validating said secure communications link.
  - 11. A method according to claim 5 further comprising:
    - encrypting the value of (g^bmod p) at the terminal using a public key for the server, the public key being a key of an asymmetric cryptographic technique, to provide a second encrypted message;
      
      sending the second encrypted message to the server; and
      
      decrypting the value of (g^bmod p) from the second encrypted message at the server and wherein said encrypting further comprises encrypting a terminal-end time stamp, whereby said second encrypted message includes said terminal-end time stamp, said decrypting further comprises decrypting said terminal-end time stamp for validating said secure communications link, and said second encrypted message includes said server-end time stamp.
  - 12. A method according to claim 1 further comprising:
    - sending a message digitally signed by the server from the server to the terminal.
  - 13. A method according to claim 12 wherein the digital signature provides for message recovery, and wherein the message which is digitally signed comprises at least a licence identifier.
  - 14. A method according to claim 12 wherein the message digitally signed by the server includes data encrypted using said shared secret number.
  - 15. A method according to claim 13 wherein the message digitally signed by the server includes data encrypted using said shared secret number.
  - 16. A method of securely communicating data comprising establishing a secure communications link by the method of claim 1 and securely communicating data over the link.
  - 17. A method as claimed in claim 1 wherein the message including the value of (g^bmod p) comprises a digital signature from which the value of (g^bmod p) is recoverable.
  - 20. A data transmission link configured to implement the method of claim 1 or 18.
  - 21. A carrier carrying computer program code for a terminal to implement the part of the method of claim 1 performed at the terminal end of the communications link.
  - 22. A mobile terminal including the carrier of claim 21.
  - 25. A carrier carrying computer program code for a server to implement the part of the method claim 1 performed at the server end of the communications link.
  - 26. A server including the carrier of claim 25.

18. A method of establishing a secure communications link between a server of a mobile communications system and a mobile terminal, the method comprising:
- retrieving from storage, in the server a prime number, p, and generator, g, for a Diffie-Hellman key exchange protocol;
  
  generating a positive integer b less than p−
  
  1 at the server;
  
  sending a message including the value of (g^bmod p) from the server to the terminal;
  
  determining a shared secret number for the server and the terminal by calculating the value of (g^abmod p), where a is a positive integer less than p−
  
  1, at both the server and the terminal, using b and a value y=g^amod p for the terminal at the server, and using a, b, g and p at the server; and
  
  using the shared secret number to establish said secure communications between the server and the terminal.
- View Dependent Claims (19, 23, 24, 27, 28)
- - 19. A method as claimed in claim 18 wherein the message including the value of (g^bmod p) comprises a digital signature from which the value of (g^bmod p) is recoverable.
  - 23. A carrier carrying computer program code for a terminal to implement the part of the method of claim 18 performed at the terminal end of the communications link.
  - 24. A mobile terminal including the carrier of claim 23.
  - 27. A carrier carrying computer program code for a server to implement the part of the method claim 18 performed at the server end of the communications link.
  - 28. A server including the carrier of claim 27.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Farnham, Timothy David, Yeun, Chan Yeob

Application Number

US10/345,227
Publication Number

US 20030210789A1
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/12   Applying verification of th...

H04L 9/0844   with user authentication or...

H04L 9/3297   involving time stamps, e.g....

H04W 12/04   Key management, e.g. using ...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/61   Time-dependent

Data transmission links

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Data transmission links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links