Authenticating an Ephemeral Diffie-Hellman using a Trusted Third Party
First Claim
Patent Images
1. A method comprising:
- transmitting, by a first network device, a plurality of messages including (i) a first message that comprises a first public value encrypted with a first key and (ii) a second message that comprises the first message and a second public value, the second message being encrypted with a second key;
receiving, by the first network device, a third message that comprises (i) a fourth message, (ii) the first public value and (iii) the second public value encrypted with the second key, the fourth message including the first public value and the second public value encrypted with the first key;
transmitting, by the first network device, the fourth message to a second network device;
generating a shared key based on one of the first public value and the second public value.
3 Assignments
0 Petitions
Accused Products
Abstract
Authentication of parties through a trusted intermediary is described. The standard Ottway-Rees authentication protocol is modified to provide authentication between A and B using intermediary T such that T serves only as an authenticator, and does not participate in the generation of the key shared between A and B.
-
Citations
24 Claims
-
1. A method comprising:
-
transmitting, by a first network device, a plurality of messages including (i) a first message that comprises a first public value encrypted with a first key and (ii) a second message that comprises the first message and a second public value, the second message being encrypted with a second key; receiving, by the first network device, a third message that comprises (i) a fourth message, (ii) the first public value and (iii) the second public value encrypted with the second key, the fourth message including the first public value and the second public value encrypted with the first key; transmitting, by the first network device, the fourth message to a second network device; generating a shared key based on one of the first public value and the second public value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
transmitting, by a first network device, a plurality of messages including (i) a first message that comprises a hash result of a first public value encrypted with a first key and (ii) a second message that comprises a hash result of a second public value and the first message, the second message being encrypted with a second key; receiving, by the first network device, a third message third message that comprises the hash result of the first public value, the hash result of the second public value and a fourth message encrypted with the second key, the fourth message including the hash result of the first public value and the hash result of second public value encrypted with the first key; transmitting, by the first network device, the fourth message to a second network device, wherein one of the hash result of the first public value and the hash result of the second public value is used to generate a shared key to secure communications with the first network device.
-
-
17. A non-transitory computer readable medium including software that, when executed by a processor within a network device, performs operations, comprising:
-
transmitting a plurality of messages including (i) a first message that comprises a first public value encrypted with a first key and (ii) a second message that comprises the first message and a second public value, the second message being encrypted with a second key; receiving a third message third message that comprises the first public value, the second public value and a fourth message encrypted with the second key, the fourth message including the first public value and the second public value encrypted with the first key; transmitting the fourth message to a first network device, wherein one of the first public value and the second public value is used to generate a shared key to secure communications with the first network device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification