System and method for providing identity hiding in a shared key authentication protocol

US 20070180247A1
Filed: 12/21/2005
Published: 08/02/2007
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising authentication based on a Hint of the ID, the Hint being a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for hiding an initiator'"'"'s identity (ID), e.g. a ClientID, in a shared key authentication protocol, using authentication based on a hint of the ID. The hint is a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, for example, a hash function over the ID, such as a modular N sum hash of the initiator'"'"'s identity where N corresponds to N hash buckets in a shared key database; a cryptographic hash over the ID and a corresponding shared key; or a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity and a pair of MAC values wherein the MAC values are compared to find a shared key. The resulting hash may be reduced to a required number of bits for identification of a hash bucket in the database. The system and method thereby provide a computationally efficient method of protecting, or hiding, a client ID in a client-server system for shared-key authentication, which avoids the requirement of known systems to send the client ID in clear text early in the message exchange, which leaves known shared-key protocols open to passive and active identity disclosure attacks.

21 Citations

View as Search Results

32 Claims

1. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising authentication based on a Hint of the ID, the Hint being a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1 wherein the Hint comprises a hash function over the ID.
  - 3. A method according to claim 2, wherein the hint comprises a modular N sum hash of the initiator'"'"'s identity where N corresponds to N hash buckets in a shared key database.
  - 4. A method according to claim 1 wherein the Hint comprises a cryptographic hash function over the ID.
  - 5. A method according to claim 1, wherein the Hint comprises a cryptographic hash over the ID and a corresponding shared key.
  - 6. A method according to claim 5, wherein the resulting hash is reduced to a required number of bits for identification of a hash bucket in the shared key database.
  - 7. A method according to claim 6, wherein the Hint is determined by Hint=Reduce(H(ID, Key)), where H(x) is a chosen hash function and Reduce is a function to reduce the output of the hash function to the required number of bits.
  - 8. A method according to claim 7 wherein the chosen hash function H(x) is one of MD5, SHA-1 and HMAC functions.
  - 9. A method according to claim 7 wherein the chosen hash function H(x) is one of Tiger, RIPEM-D, MD2, MD5, a function of SHA-2 family.

10. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising authentication based on a hint of the ID wherein the hint is a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, and a pair of MAC values wherein the MAC values are compared to find a shared key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 18)
- - 11. A method according to claim 10, wherein the hint comprises a simple hash of the initiator'"'"'s identity ID
  - 12. A method according to claim 10 wherein the hint comprises a modular N sum hash of the initiator'"'"'s identity where N corresponds to N hash buckets in a shared key database.
  - 13. A method according to claim 10, wherein the hint comprises a cryptographic hash over the ID and a corresponding shared key.
  - 14. A method according to claim 13, wherein the resulting hash is reduced to a required number of bits for identification of a hash bucket in the database.
  - 15. A method according to claim 13, wherein the hint=Reduce(H(ID, Key)) where H(x) is a chosen hash function and Reduce is a function to reduce the output of the hash function to the required number of bits.
  - 16. A method according to claim 15 wherein the chosen hash function H(x) is one of MD5, SHA-1, HMAC, Tiger, RIPEM-D, MD2, MD5, a function of SHA-2 family.
  - 18. A system according to claim 11 wherein a database of shared keys is structured as N linear arrays with array indices based on the hint of the initiator identity.

17. A system for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising a database to store shared keys and an authenticator to provide authentication of the initiator based on a hint of the ID wherein the hint is a function that of the ID that cannot be easily inverted to produce the initiators identity.

19. A system for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising a processor to generate a hint of the ID and a MAC value.

20. A machine-readable medium encoded with a plurality of processor-executable instruction sequences for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising authentication based on a hint of the ID wherein the hint is a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity and a pair of MAC values wherein the MAC values are compared to find a shared key.

21. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol for authentication and shared key agreement between an initiator and a receiver comprising steps by the initiator of:
- generating a Hint of the ID, the Hint being a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity generating a MAC transmitting the Hint of the ID and MAC to the receiver for authentication and key agreement
- View Dependent Claims (22, 23, 24, 25)
- - 22. A method according to claim 21 wherein the step of generating a Hint of the ID comprises generating a hash over the ID.
  - 23. A method according to claim 21 wherein the step of generating a Hint of the ID comprises generating a cryptographic hash over the ID.
  - 24. A method according to claim 21 wherein the step of generating a Hint of the ID comprises generating a cryptographic hash over the ID and a corresponding shared key.
  - 25. A method according to claim 21 wherein the initiator is a client and the receiver is a server.

26. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol for authentication and shared key agreement between an initiator and a receiver comprising the steps by the receiver of:
- receiving from an initiator a Hint of the ID, the Hint being a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, and a MAC value, providing authentication and key agreement based the Hint and MAC values.
- View Dependent Claims (27, 28, 29, 30)
- - 27. A method according to claim 26 comprising receiving from an initiator a Hint of the ID comprising a hash over the ID
  - 28. A method according to claim 26 comprising receiving from an initiator a Hint of the ID comprising a cryptographic hash over the ID
  - 29. A method according to claim 26 comprising receiving from an initiator a Hint of the ID comprising a cryptographic hash over the ID and a corresponding shared key.
  - 30. A method according to claim 26 wherein the initiator is a client and the receiver is a server.

31. A method of identity protection in a shared key encryption algorithm, for authentication and key agreement between a client and a server, said method comprising the steps by the client of:
- generating a message, a message authentication code and a hash over the client identifier and a corresponding shared key;
  
  transmitting to the server said message, message authentication code and hash over the client identifier and a corresponding shared key to the server, for processing by the server for authentication and shared key agreement.

32. A method of identity protection in a shared key encryption system for authentication and key agreement between a client and a server, said method comprising steps by the server of:
- receiving from the client a message, a message authentication code and a hash over the clients identifier and a corresponding shared key;
  
  processing said message authentication code and hash over the clients identifier and corresponding shared key, to find the shared key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Leech, Marcus

Granted Patent

US 7,752,444 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 63/0209   Architectural arrangements,...

H04L 63/08   for authentication of entit...

H04L 9/0844   with user authentication or...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3273   for mutual authentication n...

System and method for providing identity hiding in a shared key authentication protocol

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing identity hiding in a shared key authentication protocol

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others