Method of distributing a public key

US 20050069137A1
Filed: 12/10/2002
Published: 03/31/2005
Est. Priority Date: 12/10/2001
Status: Active Grant

First Claim

Patent Images

1. A method of distributing the public key of an asymmetric key pair with a private key and the public key from a mobile station to a key managing computer, the method comprising the steps of:

communicating a password (OTP) from the key managing (203) computer to the mobile station (209) of a registered user (201) by means of a secure channel (202) to thereby provide a shared secret;

at the mobile station and at the key managing computer, generating a first code (MAC1) and a second code (MACT1), respectively, based on the same predefined generation method, which codes (MAC1;

MACT1) are generated from the password (OTP);

by means of the mobile station (209), transmitting the public key and the first code (MAC1) to the key managing computer (203);

at the key managing computer (203), receiving the public key and the first code (MAC1) from the mobile station (209);

checking the authenticity of the registered user (201) based on comparing the first code (MAC1) and the second code (MACT1).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of distributing the public key of an asymmetric key pair with a private key and the public key from a mobile station to a key managing computer, the method comprising the steps of: communicating a password (OTP) from the key managing (203) computer to the mobile station (209) of a registered user (201) by means of a secure channel (202) to thereby provide a shared secret; at the mobile station and at the key managing computer, generating a first code (MAC1) and a second code (MACT1), respectively, based on the same predefined generation method, which codes (MAC1; MACT1) are generated from the password (OTP); by means of the mobile station (209), transmitting the public key and the first code (MAC1) to the key managing computer (203); at the key managing computer (203), receiving the public key and the first code (MAC1) from the mobile station (209); checking the authenticity of the registered user (201) based on comparing the first code (MAC1) and the second code (MAC1).

79 Citations

View as Search Results

22 Claims

1. A method of distributing the public key of an asymmetric key pair with a private key and the public key from a mobile station to a key managing computer, the method comprising the steps of:
- communicating a password (OTP) from the key managing (203) computer to the mobile station (209) of a registered user (201) by means of a secure channel (202) to thereby provide a shared secret;
  
  at the mobile station and at the key managing computer, generating a first code (MAC1) and a second code (MACT1), respectively, based on the same predefined generation method, which codes (MAC1;
  
  MACT1) are generated from the password (OTP);
  
  by means of the mobile station (209), transmitting the public key and the first code (MAC1) to the key managing computer (203);
  
  at the key managing computer (203), receiving the public key and the first code (MAC1) from the mobile station (209);
  
  checking the authenticity of the registered user (201) based on comparing the first code (MAC1) and the second code (MACT1).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 22)
- - 2. A method according to claim 1, wherein said first and second codes (MAC1;
    - MACT1) are generated from the password (OTP) in combination with the said public key as a Message Authentication Code.
  - 3. A method according to claim 1, wherein said asymmetric key pair is generated by said mobile station (209), and the generation of said asymmetric key pair is initiated by the password (OTP) being entered into the mobile station (209).
  - 4. A method according to claim 3, wherein a user authentication is attached to the private key during generation of said asymmetric key pair, where the user authentication must be entered when the private key is to be accessed (i.e. used).
  - 5. A method according to claim 1, wherein the predefined generation method comprises the following steps:
    - generating a string at least comprising said password (OTP); and
      
      hashing the string using a predefined hashing function.
  - 6. A method according to claim 5, wherein the predefined hashing function is a secure hash algorithm, such as SHA-1.
  - 7. A method according to claim 1, further comprising the step of:
    - if, by comparing the first code (MAC1) and the second code (MACT1), a match is found, the registered user (201) is authenticated and a further code (MAC2), which is generated from a second public key in a second asymmetric key pair of the key managing computer (203) and the password (OTP), is transmitted to the mobile station (209).
  - 8. A method according to claim 7, further comprising the step of:
    - at the mobile station (209) generating a temporary code (MACT2) based on the second public key and the password (OTP) by means of the predefined generation method;
      
      comparing the further code (MAC2) and the temporary code (MACT2);
      
      if, by comparing the further code (MAC2) and the temporary code (MACT2), a match is found, the mobile station (209) accepts the second public key for subsequent secure communication with the key managing computer.
  - 9. A method according to claim 1, wherein the secure channel (202) is a channel where the mobile station (209) and the key managing computer (203) are authenticated to each other.
  - 10. A method according to claim 1, wherein the mobile station (209) comprises a smart card and wherein the private key is generated and stored at a first application on the smart card and wherein the first code (MAC1) is generated at a second application at the smart card.
  - 11. A method according to claim 10, wherein the smart card is a Subscriber Identity Module (SIM card).
  - 12. A method according to claim 1, wherein the key managing computer (203) represents at least one financial institute, such as a bank, and the mobile station is registered to a costumer with an account in said at least one financial institute.
  - 13. A method according to claim 1, wherein the communication between the mobile station (209) and the key managing computer (203) is performed by a cellular network.
  - 22. An application module according to claim 1, configured to:
    - receive the password and a further code, which is generated from a second public key in a second asymmetric key pair of the key managing computer;
      
      generate a temporary code based on the received public key, which is received from the specified key managing computer, and the password by means of the predefined generation method;
      
      compare the further code and the temporary code;
      
      if, by comparing the further code and the temporary code, a match is found, the mobile station accepts the second public key for subsequent secure communication with the key managing computer.

14. An application module arranged on a smart card, which is registered to a user for use of the smart card in a mobile station;
- and wherein the application module is configured to receive a password entered by the user, and to generate and store an asymmetric key pair with a public key and a private key characterized in that the application module further is configured to;
  
  generate a first code based on the same predefined generation method as is used for generating a second code at a specified key managing computer, which first and second codes are generated from the password as a Message Authentication Code;
  
  via the mobile station, transmit the public key and the first code to the specified key managing computer to enable authentication of the registered user'"'"'s public key, based on comparing the first and second code.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. An application module according to claim 14, configured to:
    - generate the private key and the public key;
      
      generate the code; and
      
      perform encryption and/or decryption operations of messages based on the private and/or public key.
  - 16. An application module according to claim 14, wherein the generation of the private key involves identification information (OTP) transmitted via a pre-established secure channel over the Internet, and where the OTP is entered into the mobile station via a keypad of the mobile station.
  - 17. An application module according to claim 14, wherein said first and second codes are generated from the password in combination with the public key.
  - 18. An application module according to claim 14, wherein said asymmetric key pair is generated by said mobile station, and the generation of said asymmetric key pair is initiated by the password being entered into the mobile station.
  - 19. An application module according to claim 14, wherein a user authentication is attached to the private key during generation of said asymmetric key pair, where the user authentication must be entered when the private key is to be accessed (i.e. used).
  - 20. An application module according to claim 14, wherein the predefined generation method comprises the following steps, generating a string at least comprising said password, hashing the string using a predefined hashing function.
  - 21. An application module according to claim 20, wherein the predefined hashing function is a secure hash algorithm, such as SHA-1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptomathic A/S (Infineon Technologies AG)
Original Assignee
Cryptomathic A/S (Infineon Technologies AG)
Inventors
Landrock, Peter

Granted Patent

US 7,362,869 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/80   Wireless network architectu...

H04L 2463/081   applying self-generating cr...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0863   involving passwords or one-...

H04L 9/0897   involving additional device...

H04L 9/3236   using cryptographic hash fu...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

Method of distributing a public key

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method of distributing a public key

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links