Method for establishing user authenication with composite session keys among cryptographically communicating nodes
First Claim
1. A method for establishing a key commutatively between a pair of communicating nodes and for authenticating the node and user identities, said key being valid only for the duration of a single cryptographic session, each node of the pair having a local cryptographic facility including a pre-established cross-domain key and an identifier associated with the other node and user identity, comprising the steps at each node of:
- (a) generating a local random number, encrypting said random number under the cross-domain key, transmitting said encrypted random number to the other node, and decrypting under the cross-domain key an encrypted random number received from said other node;
(b) forming a parameter by combining the attributes derived or associated with the identities of both nodes and users;
(c) forming an interim key from the composite of the local random and received encrypted random numbers; and
(d) combining the parameter with the interim key to produce the session key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating nodes/users and in protecting data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.
189 Citations
16 Claims
-
1. A method for establishing a key commutatively between a pair of communicating nodes and for authenticating the node and user identities, said key being valid only for the duration of a single cryptographic session, each node of the pair having a local cryptographic facility including a pre-established cross-domain key and an identifier associated with the other node and user identity, comprising the steps at each node of:
-
(a) generating a local random number, encrypting said random number under the cross-domain key, transmitting said encrypted random number to the other node, and decrypting under the cross-domain key an encrypted random number received from said other node; (b) forming a parameter by combining the attributes derived or associated with the identities of both nodes and users; (c) forming an interim key from the composite of the local random and received encrypted random numbers; and (d) combining the parameter with the interim key to produce the session key. - View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15)
-
-
6. A method for establishing a key commutatively among n cryptographically communicating nodes and for authenticating node and user identities, said key being valid only for the duration of a single cryptographic session, each of the nodes having a local cryptographic facility including a plurality of pre-established cross-domain keys, and a concordance between a plurality of node and user identities and at least one identifier associated therewith, comprising the steps at each node of:
-
(a) transmitting its node and user identity to the (n-1) other nodes and responsively obtaining the identity of said (n-1) other nodes; (b) generating a local random number, encrypting it under each of the pre-established cross-domain keys, transmitting each one of the set of encrypted random numbers to each one of the set of counterpart (n-1) other nodes, and decrypting under the counterpart cross-domain keys the encrypted random numbers received from the counterpart nodes; (c) forming a parameter by combining the identifies derived or associated with the identities of the n nodes and users; (d) forming an interim key from the composite of the local random and received encrypted random numbers; and (e) combining the parameter with the interim key to produce the session key. - View Dependent Claims (7, 8, 9, 10, 16)
-
Specification