Method for establishing user authenication with composite session keys among cryptographically communicating nodes

US 4,649,233 A
Filed: 04/11/1985
Issued: 03/10/1987
Est. Priority Date: 04/11/1985
Status: Expired due to Term

First Claim

Patent Images

1. A method for establishing a key commutatively between a pair of communicating nodes and for authenticating the node and user identities, said key being valid only for the duration of a single cryptographic session, each node of the pair having a local cryptographic facility including a pre-established cross-domain key and an identifier associated with the other node and user identity, comprising the steps at each node of:

(a) generating a local random number, encrypting said random number under the cross-domain key, transmitting said encrypted random number to the other node, and decrypting under the cross-domain key an encrypted random number received from said other node;

(b) forming a parameter by combining the attributes derived or associated with the identities of both nodes and users;

(c) forming an interim key from the composite of the local random and received encrypted random numbers; and

(d) combining the parameter with the interim key to produce the session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating nodes/users and in protecting data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.

189 Citations

16 Claims

1. A method for establishing a key commutatively between a pair of communicating nodes and for authenticating the node and user identities, said key being valid only for the duration of a single cryptographic session, each node of the pair having a local cryptographic facility including a pre-established cross-domain key and an identifier associated with the other node and user identity, comprising the steps at each node of:
- (a) generating a local random number, encrypting said random number under the cross-domain key, transmitting said encrypted random number to the other node, and decrypting under the cross-domain key an encrypted random number received from said other node;
  
  (b) forming a parameter by combining the attributes derived or associated with the identities of both nodes and users;
  
  (c) forming an interim key from the composite of the local random and received encrypted random numbers; and
  
  (d) combining the parameter with the interim key to produce the session key.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, wherein the cross-domain key includes a local and remote variant, all unidirectional keys being dissimilar.
  - 3. A method according to claim 1, wherein the identifier associated with each node and user identity is selectively obtained by either table lookup or by way of computation.
  - 4. A method according to claim 2, wherein the cryptographic facility of each node further includes no more than the local and remote variants of each of a plurality of distinguishable cross-domain keys corresponding to the number of nodes with which it can potentially cryptographically communicate.
  - 5. A method according to claim 1, wherein the step of combining the parameter with the interim key to produce the session key includes the step of encrypting the parameter with the interim key.
  - 11. A method according to claim 1 or 6, wherein the step of forming the interim key includes the exclusive OR'"'"'ing of the local and received random numbers.
  - 12. A method according to claim 1 or 6, wherein the steps of combining the identifiers to form a parameter or forming a composite of local and received random numbers are commutative steps.
  - 13. A method according to claim 1 or 6, wherein each identifier is a value ascertained as a one-way function of node/user identity or indicia.
  - 14. A method according to claim 1 or 6, wherein there is provided the additional step of checking to verify that the session key so generated is the same at both the sending and receiving nodes.
  - 15. A method as in claim 1 wherein the step of combining the parameter with the interim key to produce the session key includes the step of additively combining the attributes corresponding to the counterpart node and user identities, and then encrypting the additive combination with the interim key.

6. A method for establishing a key commutatively among n cryptographically communicating nodes and for authenticating node and user identities, said key being valid only for the duration of a single cryptographic session, each of the nodes having a local cryptographic facility including a plurality of pre-established cross-domain keys, and a concordance between a plurality of node and user identities and at least one identifier associated therewith, comprising the steps at each node of:
- (a) transmitting its node and user identity to the (n-1) other nodes and responsively obtaining the identity of said (n-1) other nodes;
  
  (b) generating a local random number, encrypting it under each of the pre-established cross-domain keys, transmitting each one of the set of encrypted random numbers to each one of the set of counterpart (n-1) other nodes, and decrypting under the counterpart cross-domain keys the encrypted random numbers received from the counterpart nodes;
  
  (c) forming a parameter by combining the identifies derived or associated with the identities of the n nodes and users;
  
  (d) forming an interim key from the composite of the local random and received encrypted random numbers; and
  
  (e) combining the parameter with the interim key to produce the session key.
- View Dependent Claims (7, 8, 9, 10, 16)
- - 7. A method according to claim 6, wherein each cross-domain key includes a local and remote variant thereof.
  - 8. A method according to claim 6, wherein generated random numbers are encrypted under the local variant corresponding to each cross-domain key while any received encrypted random numbers from counterpart nodes are decrypted under the remote variant of the counterpart cross-domain key.
  - 9. A method according to claim 6, wherein the local and received random numbers which form an interim key are encrypted under the counterpart remote variant.
  - 10. A method according to claim 6, wherein the step of combining the parameter with the interim key to produce the session key includes the step of encrypting the parameter with the interim key.
  - 16. A method as in claim 6 wherein the step of combining the parameter with the interim key to produce the session key includes the step of additively combining the attributes corresponding to the counterpart node and user identities, and then encrypting the additive combination with the interim key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bass, Walter E., Matyas, Stephen M., Oseas, Jonathan
Primary Examiner(s)
Cangialosi, Salvatore
Assistant Examiner(s)
Lewis, Aaron J.

Application Number

US06/722,091
Time in Patent Office

698 Days
Field of Search

178/22.08, 178/22.09, 178/22.14, 340/825.34, 235/380, 235/382
US Class Current

713/171
CPC Class Codes

H04L 9/002   Countermeasures against att...

H04L 9/0625   with splitting of the data ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0844   with user authentication or...

H04L 9/0869   involving random numbers or...

Method for establishing user authenication with composite session keys among cryptographically communicating nodes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

189 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method for establishing user authenication with composite session keys among cryptographically communicating nodes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links