METHOD AND SYSTEM FOR GENERATING SESSION KEY, AND COMMUNICATION DEVICE

US 20090232301A1
Filed: 05/28/2009
Published: 09/17/2009
Est. Priority Date: 03/21/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for generating a session key, wherein the method is based on a cryptosystem and comprises:

selecting, by a first communication party, a first temporary private key;

operating at least the first temporary private key according to parameters of the cryptosystem to generate a first message;

sending the first message to a second communication party;

receiving, by the first communication party, a second message;

operating at least the second message and the first temporary private key according to the parameters of the cryptosystem to generate a first session key, wherein the second message is generated by the second communication party after at least a second temporary private key selected by the second communication party is operated according to the parameters of the cryptosystem.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a session key, a system, and a communication device are disclosed. The method includes: selecting, by a communication party, a temporary private key, and operating at least the temporary private key according to the parameters of the cryptosystem to generate a first message, and sending the first message to the opposite party; and after receiving the second message, operating, by the communication party, at least the second message and the temporary private key according to the parameters of the cryptosystem to generate a session key. The system includes a key management center and a communication device. The communication device includes: a temporary private key selecting unit, a message generating and sending unit, and a session key generating unit. In the disclosure, the session key generated after the communication party selects a temporary private key is variable, thus avoiding too much dependence on the key management center and improving the practicability and security of the key.

19 Citations

View as Search Results

12 Claims

1. A method for generating a session key, wherein the method is based on a cryptosystem and comprises:
- selecting, by a first communication party, a first temporary private key;
  
  operating at least the first temporary private key according to parameters of the cryptosystem to generate a first message;
  
  sending the first message to a second communication party;
  
  receiving, by the first communication party, a second message;
  
  operating at least the second message and the first temporary private key according to the parameters of the cryptosystem to generate a first session key, wherein the second message is generated by the second communication party after at least a second temporary private key selected by the second communication party is operated according to the parameters of the cryptosystem.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method for generating a session key according to claim 1,wherein the second message is generated by the second communication party after the second temporary private key selected by the second communication party, a second private key stored at the first communication party, and a first long-term public key of the first communication party are operated according to the parameters of the cryptosystem, andwherein operating at least the second message and the first temporary private key according to the parameters of the cryptosystem to generate the first session key further comprises:
    - generating the first session key by operating the second message and the first temporary private key according to the parameters of the cryptosystem.
  - 3. The method for generating a session key according to claim 1,wherein the second message is generated by the second communication party after the second temporary private key is selected by the second communication party, andwherein operating at least the second message and the first temporary private key to generate the first session key according to the parameters of the cryptosystem further comprises:
    - generating the first session key by operating the second message, the first temporary private key, and a first long-term private key stored by the first communication party, and a second long-term public key of the second communication party according to the parameters of the cryptosystem.
  - 4. The method for generating a session key according to claim 1, wherein the cryptosystem is based on one of a discrete logarithm or an elliptic curve.
  - 5. The method for generating a session key according to claim 2, wherein the first long-term public key is obtained from mapping according to an identifier of the communication party.
  - 6. The method for generating a session key according to claim 1, wherein after the first communication party selects the first temporary private key and generates the first message by operating at least the first temporary private key according to the parameters of the cryptosystem, the method further comprises:
    - generating a first Message Authentication Code (MAC), by operating the second long-term public key of the second communication party and the first long-term private key of the first communication party according to the parameters of the cryptosystem, and sending the first MAC to the second communication party; and
      
      receiving, after the first communication party receives the second message, a second MAC and using the second MAC to verify integrity of the second message, wherein the second MAC is a MAC of the second message and is generated by the second communication party after the first long-term public key of the first communication party and the second long-term private key of the second communication party are operated according to the parameters of the cryptosystem.
  - 7. The method for generating a session key according to claim 1, wherein selecting, by the first communication party, the first temporary private key further comprises:
    - selecting the first temporary private key randomly.
  - 8. The method for generating a session key according to claim 1, wherein the second temporary private key is selected by the second communication party randomly.

9. A system for generating a session key, wherein the system is a cryptosystem and comprises:
- a key management center adapted to generate a long-term public key and a long-term private key according to parameters of the cryptosystem, and send the long-term private key to a first communication device; and
  
  the first communication device adapted to select a temporary private key, operate at least the temporary private key according to the parameters of the cryptosystem to generate a first message, send the first message to a second communication device, and operate at least a received second message and the temporary private key according to the parameters of the cryptosystem to generate the session key, wherein the second message is generated by the second communication device after at least the temporary private key selected by the second communication device is operated according to the parameters of the cryptosystem.
- View Dependent Claims (10)
- - 10. The system for generating a session key according to claim 9, wherein the first communication device comprises:
    - a temporary private key selecting unit adapted to select the temporary private key;
      
      a message generating and sending unit adapted to operate at least the temporary private key selected by the temporary private key selecting unit according to the parameters of the cryptosystem to generate the local message, and send the local message to the opposite communication device; and
      
      a session key generating unit adapted to operate at least the received opposite message and the temporary private key selected by the temporary private key selecting unit according to the parameters of the cryptosystem to generate the session key, wherein the opposite message is generated by the opposite communication device after at least the temporary private key selected by the opposite communication device is operated according to the parameters of the cryptosystem.

11. A communication device based on a cryptosystem, the device comprising:
- a temporary private key selecting unit adapted to select a temporary private key;
  
  a message generating and sending unit adapted to operate at least the temporary private key selected by the temporary private key selecting unit according to parameters of the cryptosystem to generate a local message, and send the local message to an opposite communication device; and
  
  a session key generating unit adapted to operate at least a received opposite message and the temporary private key selected by the temporary private key selecting unit according to the parameters of the cryptosystem to generate a session key, wherein the opposite message is generated by the opposite communication device after at least the temporary private key selected by the opposite communication device is operated according to the parameters of the cryptosystem.
- View Dependent Claims (12)
- - 12. The communication device of claim 11, further comprising:
    - a Message Authentication Code (MAC) generating and sending unit adapted to operate at least a long-term private key stored in the communication device and a long-term public key of the opposite communication device according to the parameters of the cryptosystem to generate a MAC of the local message after the message generating and sending unit generates the local message, and send the MAC to the opposite communication device; and
      
      a message integrity verifying unit adapted to use a MAC of the received opposite message to verify integrity of the received opposite message, wherein the MAC of the opposite message is generated by the opposite communication device after the long-term public key of the local communication device and the long-term private key of the opposite communication device are operated according to the parameters of the cryptosystem.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
LI, Chunqiang

Application Number

US12/473,371
Publication Number

US 20090232301A1
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/0838 Key agreement, i.e. key est...

METHOD AND SYSTEM FOR GENERATING SESSION KEY, AND COMMUNICATION DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR GENERATING SESSION KEY, AND COMMUNICATION DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links