Key generation method for communication session encryption and authentication system
First Claim
1. A method for producing ephemeral encryption keys at a first station for use in a communication session with a second station, comprising:
- assigning an ephemeral session key in said first station, in response to a request received by said first station during a session random key initiation interval for use in a first exchange of said plurality of exchanges;
associating, in said first station, a set of ephemeral intermediate data random keys with said request for use in said plurality of exchanges;
sending at least one message carrying said session key to the second station, and receiving a response from the second station including a shared parameter, which is shared between the first station and the second station, or between the first station and a user at the second station, encrypted using said session random key verifying receipt of the session random key; and
sending, after verifying receipt of the session random key at the second station, at least one message carrying an encrypted version of one of said set of ephemeral intermediate data random keys encrypted to be accepted as an encryption key for the session.
2 Assignments
0 Petitions
Accused Products
Abstract
An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server provides ephemeral encryption keys in response to a request during a Session Random Key (SRK) initiation interval. SRK is provided for all sessions initiated in the SRK initiation interval. A set of ephemeral intermediate Data Random Keys (DRK) is associated with each request. A message carrying the SRK is sent to the requestor. A response from the requester includes a shared parameter encrypted using the SRK verifying receipt of the SRK. After verifying receipt of the SRK at the requester, at least one message is sent by the server carrying an encrypted version of one of said set of ephemeral intermediate DRK to be accepted as an encryption key for the session.
-
Citations
21 Claims
-
1. A method for producing ephemeral encryption keys at a first station for use in a communication session with a second station, comprising:
-
assigning an ephemeral session key in said first station, in response to a request received by said first station during a session random key initiation interval for use in a first exchange of said plurality of exchanges;
associating, in said first station, a set of ephemeral intermediate data random keys with said request for use in said plurality of exchanges;
sending at least one message carrying said session key to the second station, and receiving a response from the second station including a shared parameter, which is shared between the first station and the second station, or between the first station and a user at the second station, encrypted using said session random key verifying receipt of the session random key; and
sending, after verifying receipt of the session random key at the second station, at least one message carrying an encrypted version of one of said set of ephemeral intermediate data random keys encrypted to be accepted as an encryption key for the session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A data processing apparatus, comprising:
-
a processor, a communication interface adapted for connection to a communication medium, and memory storing instructions for execution by the data processor, the instructions including logic to receive a request via the communication interface for initiation of a communication session between a first station and a second station;
logic to provide ephemeral encryption keys at the first station, in response to a request received by said first station during a session random key initiation interval for use in a first exchange of said plurality of exchanges, to associate, in said first station, a set of ephemeral intermediate data random keys with said request for use in said plurality of exchanges, and logic to send at least one message carrying said session random key to the second station, and to receive a response from the second station including a shared parameter encrypted using said session random key verifying receipt of the session random key; and
logic to send, after verifying receipt of the session random key at the second station, at least one message carrying an encrypted version of one of said set of ephemeral intermediate data random keys encrypted to be accepted as an encryption key for the session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article, comprising:
machine readable data storage medium having computer program instructions stored therein for establishing a communication session on a communication medium between a first data processing station and a second data processing station having access to the communication medium, said instructions comprising logic to receive a request via the communication interface for initiation of a communication session between a first station and a second station;
logic to provide ephemeral encryption keys at the first station, in response to a request received by said first station during a session random key initiation interval for use in a first exchange of said plurality of exchanges, to associate, in said first station, a set of ephemeral intermediate data random keys with said request for use in said plurality of exchanges, and logic to send at least one message carrying said session random key to the second station, and to receive a response from the second station including a shared parameter encrypted using said session random key verifying receipt of the session random key; and
logic to send, after verifying receipt of the session random key at the second station, at least one message carrying an encrypted version of one of said set of ephemeral intermediate data random keys encrypted to be accepted as an encryption key for the session. - View Dependent Claims (16, 17, 18, 19, 20, 21)
Specification