EFFICIENT METHODS FOR AUTHENTICATED COMMUNICATION
First Claim
1. A first computing device comprising:
- a processor; and
a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform;
determining an ephemeral key pair comprising an ephemeral public key and an ephemeral private key;
generating a first shared secret using the ephemeral private key and a static second device public key;
encrypting request data using the first shared secret to obtain encrypted request data;
sending a request message including the encrypted request data and the ephemeral public key to a second computing device;
receiving a response message including encrypted response data and a blinded static second device public key from the second computing device;
determining a second shared secret using the ephemeral private key and the blinded static second device public key; and
decrypting the encrypted response data using the second shared secret to determine response data.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.
114 Citations
20 Claims
-
1. A first computing device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform; determining an ephemeral key pair comprising an ephemeral public key and an ephemeral private key; generating a first shared secret using the ephemeral private key and a static second device public key; encrypting request data using the first shared secret to obtain encrypted request data; sending a request message including the encrypted request data and the ephemeral public key to a second computing device; receiving a response message including encrypted response data and a blinded static second device public key from the second computing device; determining a second shared secret using the ephemeral private key and the blinded static second device public key; and decrypting the encrypted response data using the second shared secret to determine response data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A second computing device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising instructions stored thereon, that when executed on the processor, perform; receiving, from a first computing device, a request message including encrypted request data and an ephemeral public key; generating a first shared secret using the ephemeral public key and a static second device private key; decrypting the encrypted request data using the first shared secret to obtain request data; generating a second shared secret using a blinded static second device private key and the ephemeral public key; encrypting response data using the second shared secret to determine encrypted response data; and sending, to the first computing device, a response message including the encrypted response data and a blinded static second device public key. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-implemented method comprising:
-
receiving, by a second computing device, from a first computing device, a request message including encrypted request data and an ephemeral public key; generating, by the second computing device, a first shared secret using the ephemeral public key and a static second device private key; decrypting, by the second computing device, the encrypted request data using the first shared secret to obtain request data; generating, by the second computing device, a second shared secret using a blinded static second device private key and the ephemeral public key; encrypting, by the second computing device, response data using the second shared secret to determine encrypted response data; and sending, by the second computing device to the first computing device, a response message including the encrypted response data and a blinded static second device public key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification