Secure component authentication system
First Claim
1. A method whereby a first terminal may authenticate a second terminal wherein the terminals each possess an encryption key and the second terminal is authenticated if the encryption keys are equal, the steps of the method comprising:
- generating a first number at the first terminal and creating a second number by encrypting the first number using the encryption key of the first terminal;
transmitting the second number to the second terminal;
generating a third number at the second terminal by decrypting the second number using the encryption key of the second terminal;
generating a fourth number at the second terminal by encrypting the encryption key of the second terminal using the third number as the key;
transmitting the fourth number to the first terminal; and
verifying at said first terminal that said fourth number equals the encryption of said encryption key of said first terminal using said first number as key to thereby authenticate said second terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for authenticating components in a communications system using cryptographic techniques to determine if each has the proper key without disclosing information which would be useful to an imposter in deriving the key. A random number generated at a first terminal is encrypted under its key for transmission as a first value to a second terminal whose identity is to be authenticated. The second terminal decrypts the transmitted first value using its key deriving a second value (which equals the random number if the keys are identical.) The second terminal then encrypts its key using the second value as the key, generating a third value which is transmitted back to the first terminal for verification. The first terminal then verifies the third value, either by decrypting it using the random number as the key to obtain its key or by encrypting its key using the random number as key to derive the third number (if the two keys are identical.) Optionally, roles of the two terminals are then reversed after the second terminal has been identified, allowing the second terminal to authenticate the first terminal.
191 Citations
9 Claims
-
1. A method whereby a first terminal may authenticate a second terminal wherein the terminals each possess an encryption key and the second terminal is authenticated if the encryption keys are equal, the steps of the method comprising:
-
generating a first number at the first terminal and creating a second number by encrypting the first number using the encryption key of the first terminal; transmitting the second number to the second terminal; generating a third number at the second terminal by decrypting the second number using the encryption key of the second terminal; generating a fourth number at the second terminal by encrypting the encryption key of the second terminal using the third number as the key; transmitting the fourth number to the first terminal; and verifying at said first terminal that said fourth number equals the encryption of said encryption key of said first terminal using said first number as key to thereby authenticate said second terminal. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method whereby a first terminal having a first encryption key determines whether a second encryption key in a second terminal is identical to said first encryption key, the steps of the method comprising:
-
transmitting from said first terminal to said second terminal a first value representing the encryption of a secret value under the said first encryption key; deriving at said second terminal a second value by decrypting said first value using said second encryption key; transmitting from said second terminal to said first terminal a third value representing said second encryption key encrypted using the second value as key; and verifying at said first terminal that said third value is equal to the decryption of said first value using said first encryption key forming an intermediate result followed by encryption of said first encryption key using the intermediate result as an encryption key, to verify that the first and second terminal have the same keys, whereby authentication of the second terminal occurs if and only if the encryption keys used by said first and second terminals are equal. - View Dependent Claims (8)
-
-
9. A secure encryption system wherein a first terminal having a first encryption key challenges a second terminal having a second encryption key which responds with a response based upon the challenge, the improvement wherein the second terminal includes means for decrypting the challenge using said second encryption key and means for encrypting said second encryption key using the decrypted challenge as an encryption key to generate its response and the first terminal includes means for generating the challenge by encrypting a random number using said first encryption key, means for encrypting said first encryption key using said random number as key, and means for comparing the encrypted first encryption key to the challenge, in order to verify the response.
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsNeckyfarow, Steven W., Abraham, Dennis G., Double, Glen P.
-
Primary Examiner(s)Griffin, Robert L.
-
Assistant Examiner(s)Smith, Ralph E.
-
Application NumberUS06/799,367Time in Patent Office1,156 DaysField of Search340/825.34, 340/825.3, 340/825.31, 340/825.33, 235/379, 235/380, 178/22.08, 178/22.09, 375/2.1, 380/23, 380/24, 380/25US Class Current340/5.26CPC Class CodesH04L 63/0869 for achieving mutual authen...H04L 9/3271 using challenge-response
