Cryptographic method and apparatus for public key exchange with authentication

US 4,956,863 A
Filed: 04/17/1989
Issued: 09/11/1990
Est. Priority Date: 04/17/1989
Status: Expired due to Fees

First Claim

Patent Images

1. A secure key generator, comprising:

storage means for storing a number of a first type selected prior to placing the key generator in service, and a digitally signed composite quantity containing both a unique and publicly known identifier of the key generator and a number of a second type obtained by a practically irreversible transformation of the number of the first type;

a first input connected to receive the number of the first type;

a second input connected to receive an input quantity transmitted over an insecure communications channel from another key generator, the input quantity being digitally signed and containing both a publicly known identifier of the other key generator and a number of the second type generated by a practically irreversible transformation of a number of the first type stored in the other key generator;

a first output for transmitting the stored, digitally signed composite quantity over the insecure communications channel to the other key generator;

a second output;

means for decoding the signed input quantity received at the second input, to obtain the identifier of the other key generator and the received number of the second type; and

means for generating a session key at the second output, by performing a practically irreversible transformation of the number of the second type received through the second input, using the number of the first type received through the first input.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for use in a public key exchange cryptographic system, in which two user devices establish a common session key by exchanging information over an insecure communication channel, and in which each user can authenticate the identity of the other, without the need for a key distribution center. Each device has a previously stored unique random number Xi, and a previously stored composite quantity that is formed by transforming Xi to Yi using a transformation of which the inverse in computationally infeasible; then concatenating Yi with a publicly known device identifier, and digitally signing the quantity. Before a communication session is established, two user devices exchange their signed composite quantities, transform them to unsigned form, and authenticate the identity of the other user. Then each device generates the same session key by transforming the received Y value with its own X value. For further security, each device also generates another random number X'"'"'i, which is transformed to a corresponding number Y'"'"'i. These Y'"'"'i values are also exchanged, and the session key is generated in each device, using a transformation that involves the device'"'"'s own Xi and X'"'"'i number and the Yi and Y'"'"' i numbers received from the other device.

Citations

16 Claims

1. A secure key generator, comprising:
- storage means for storing a number of a first type selected prior to placing the key generator in service, and a digitally signed composite quantity containing both a unique and publicly known identifier of the key generator and a number of a second type obtained by a practically irreversible transformation of the number of the first type;
  
  a first input connected to receive the number of the first type;
  
  a second input connected to receive an input quantity transmitted over an insecure communications channel from another key generator, the input quantity being digitally signed and containing both a publicly known identifier of the other key generator and a number of the second type generated by a practically irreversible transformation of a number of the first type stored in the other key generator;
  
  a first output for transmitting the stored, digitally signed composite quantity over the insecure communications channel to the other key generator;
  
  a second output;
  
  means for decoding the signed input quantity received at the second input, to obtain the identifier of the other key generator and the received number of the second type; and
  
  means for generating a session key at the second output, by performing a practically irreversible transformation of the number of the second type received through the second input, using the number of the first type received through the first input.
- View Dependent Claims (2, 3, 4)
- - 2. A secure key generator as defined in claim 1, wherein the key generator further comprises:
    - a third input, connected to receive another number of the first type, generated randomly;
      
      means for generating at the first output, for transmission with the digitally signed composite quantity, a number of the second type obtained by a practically irreversible transformation of the number of the first type received through the third input; and
      
      means for receiving from the second input another number of the second type generated in and transmitted from the other key generator;
      
      and wherein the means for generating a session key performs a practically irreversible transformation involving both numbers of the first type, received at the first and third inputs, and both numbers of the second type received at the second input, whereby a different session key may be generated for each message transmission session.
  - 3. A secure key generator as defined in claim 2, wherein:
    - the number of the second type stored in digitally signed form in the storage means is obtained by the transformation Ya=α
      
      ^Xa mod p, where Xa is the number of the first type stored in the storage means, and α and
      
      p are publicly known transformation parameters;
      
      the number of the second type received in the digitally signed composite quantity from the other key generator is designated Yb; and
      the means for generating the session key performs the transformation
      
      space="preserve" listing-type="equation">K=(Y'"'"'b).sup.Xa mod p ⊕
      
      (Yb).sup.X'"'"'a mod p,where X'"'"'a is the number of the first type that is randomly generated, Y'"'"'b is the additional number of the second type received from the other key generator, and the ⊕
      
      symbol denotes an exclusive OR operation.
  - 4. A secure key generator as defined in claim 1, wherein:
    - the number of the second type stored in digitally signed form in the storage means is obtained by the transformation Ya=α
      
      ^Xa mod p, where Xa is the number of the first type stored in the storage means, and α and
      
      p are publicly known transformation parameters;
      
      the number of the second type received in the digitally signed composite quantity from the other key generator is designated Yb; and
      
      the means for generating the session key performs the transformation K=Yb^Xa mod p.

5. A method of generating a secure session key between two user devices connected by an insecure communications channel, comprising the following steps performed at both devices:
- transmitting a digitally signed composite quantity to the other device, the composite quantity including a publicly known device identifier IDa and a number Ya derived by a practically irreversible transformation of a secret number Xa that it is unique to the device;
  
  receiving a similarly structured digitally signed composite quantity from the other device;
  
  transforming the received digitally signed composite quantity into an unsigned composite quantity containing a device identifier IDb of the other device and a number Yb that was derived by transformation from a secret number Xb that is unique to the other device;
  
  verifying the identity of the other device from the device identifier IDb; and
  
  generating a session key by performing a practically irreversible transformation involving the numbers Xa and Yb.
- View Dependent Claims (6, 7)
- - 6. A method as defined in claim 5, and further including the steps of:
    - generating another number X'"'"'a randomly prior to generation of a session key;
      
      transforming the number X'"'"'a to a number Y'"'"'a using a practically irreversible transformation;
      
      transmitting the number Y'"'"'a to the other device; and
      
      receiving a number Y'"'"'b from the other device;
      
      wherein the step of generating a session key includes a practically irreversible transformation involving the numbers Xa, X'"'"'a, Yb and Y'"'"'b.
  - 7. A method as defined in claim 6, wherein:
    - the transformations from X numbers to Y numbers is of the type Y=α
      
      ^X mod p, where α and
      
      p are chosen to maximize irreversibility of the transformations; and
      the step of generating a session key includes the transformation
      
      space="preserve" listing-type="equation">K=(Y'"'"'b).sup.Xa mod p ⊕
      
      (Yb).sup.X'"'"'a mod p,where ⊕
      
      denotes an exclusive OR operation.

8. A method of authentication in a public key cryptographic system, the method comprising the steps of:
- selecting a unique random number Xi for each cryptographic device to be distributed;
  
  transforming the number Xi to a new number Yi using a practically irreversible transformation;
  
  forming a composite quantity by combining the number Yi with a publicly known device identifier IDi;
  
  digitally signing the composite quantity containing Yi and IDi;
  
  storing the signed composite quantity and the number Xi permanently in each device;
  
  exchanging, between two devices, a and b, desiring to establish secured communication, the signed composite quantities stored in each;
  
  authenticating, in each of the two devices, the identity of the other device; and
  
  generating, in each of the two devices, a session key to be used for secured communication.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. A method as defined in claim 8, wherein the step of authenticating includes:
    - transforming the digitally signed composite quantity received from the other device into unsigned form; and
      
      comparing the value of IDb in the unsigned quantity with the known IDb of the other device.
  - 10. A method as defined in claim 9, wherein:
    - the step of generating the session key includes performing a transformation that involves a value Yb received from the other device and the value Xa of this device.
  - 11. A method as defined in claim 10, wherein:
    - the step of digitally signing includes computing a modular square root of the composite quantity;
      
      the step of transforming the digitally signed composite quantity to unsigned form includes computing a modular square of the signed quantity.
  - 12. A method as defined in claim 11, wherein:
    - the steps of computing a modular square root and computing a modular square both employ a modulus that is the product of two prime numbers.
  - 13. A method as defined in claim 8, and further comprising the steps of:
    - transforming, in each of the two devices, the digitally signed composite quantity received from the other device into unsigned form; and
      
      generating, in each of the two devices, a, b, a random number X'"'"'a, X'"'"'b;
      
      transforming the numbers X'"'"'a, X'"'"'b into numbers Y'"'"'a, Y'"'"'b by a transformation that is practically irreversible; and
      
      exchanging the numbers Y'"'"'a, Y'"'"'b between the two devices;
      
      and wherein the step of generating the session key includes performing a practically irreversible transformation involving the numbers Xa, X'"'"'a, Yb, and Y'"'"'b in device a, and the numbers Xb, X'"'"'b, Ya, and Y'"'"'a in device b.
  - 14. A method as defined in claim 13, wherein:
    - the transformations from X numbers to Y numbers is of the type Y=α
      
      ^X mod p, where α and
      
      p are chosen to maximize irreversibility of the transformations; and
      
      the step of generating a session key includes the transformations
      K=(Y'"'"'b)^Xa mod p ⊕
      
      (Yb)^X'"'"'a mod p,for device a, and
      
      space="preserve" listing-type="equation">K=(Y'"'"'a).sup.Xb mod p ⊕
      
      (Ya).sup.X'"'"'b mod p,for device b, where ⊕
      
      denotes an exclusive OR operation.
  - 15. A method as defined in claim 13, wherein:
    - the step of digitally signing includes computing a modular square root of the composite quantity;
      
      the step of transforming the digitally signed composite quantity to unsigned form includes computing a modular square of the signed quantity.
  - 16. A method as defined in claim 15, wherein:
    - the steps of computing a modular square root and computing a modular square both employ a modulus that is the product of two prime numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jones Futurex Incorporated
Original Assignee
TRW Inc. (Northrop Grumman Corporation)
Inventors
Goss, Kenneth C
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
GREGORY, BERNARR E

Application Number

US07/339,555
Time in Patent Office

512 Days
Field of Search

380/30, 380/44-47, 380/18, 380/21, 380/23, 380/25, 380/43
US Class Current

380/30
CPC Class Codes

H04L 9/0844 with user authentication or...

Cryptographic method and apparatus for public key exchange with authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic method and apparatus for public key exchange with authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links