Cryptographic method and apparatus for public key exchange with authentication
First Claim
1. A secure key generator, comprising:
- storage means for storing a number of a first type selected prior to placing the key generator in service, and a digitally signed composite quantity containing both a unique and publicly known identifier of the key generator and a number of a second type obtained by a practically irreversible transformation of the number of the first type;
a first input connected to receive the number of the first type;
a second input connected to receive an input quantity transmitted over an insecure communications channel from another key generator, the input quantity being digitally signed and containing both a publicly known identifier of the other key generator and a number of the second type generated by a practically irreversible transformation of a number of the first type stored in the other key generator;
a first output for transmitting the stored, digitally signed composite quantity over the insecure communications channel to the other key generator;
a second output;
means for decoding the signed input quantity received at the second input, to obtain the identifier of the other key generator and the received number of the second type; and
means for generating a session key at the second output, by performing a practically irreversible transformation of the number of the second type received through the second input, using the number of the first type received through the first input.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for use in a public key exchange cryptographic system, in which two user devices establish a common session key by exchanging information over an insecure communication channel, and in which each user can authenticate the identity of the other, without the need for a key distribution center. Each device has a previously stored unique random number Xi, and a previously stored composite quantity that is formed by transforming Xi to Yi using a transformation of which the inverse in computationally infeasible; then concatenating Yi with a publicly known device identifier, and digitally signing the quantity. Before a communication session is established, two user devices exchange their signed composite quantities, transform them to unsigned form, and authenticate the identity of the other user. Then each device generates the same session key by transforming the received Y value with its own X value. For further security, each device also generates another random number X'"'"'i, which is transformed to a corresponding number Y'"'"'i. These Y'"'"'i values are also exchanged, and the session key is generated in each device, using a transformation that involves the device'"'"'s own Xi and X'"'"'i number and the Yi and Y'"'"' i numbers received from the other device.
-
Citations
16 Claims
-
1. A secure key generator, comprising:
-
storage means for storing a number of a first type selected prior to placing the key generator in service, and a digitally signed composite quantity containing both a unique and publicly known identifier of the key generator and a number of a second type obtained by a practically irreversible transformation of the number of the first type; a first input connected to receive the number of the first type; a second input connected to receive an input quantity transmitted over an insecure communications channel from another key generator, the input quantity being digitally signed and containing both a publicly known identifier of the other key generator and a number of the second type generated by a practically irreversible transformation of a number of the first type stored in the other key generator; a first output for transmitting the stored, digitally signed composite quantity over the insecure communications channel to the other key generator; a second output; means for decoding the signed input quantity received at the second input, to obtain the identifier of the other key generator and the received number of the second type; and means for generating a session key at the second output, by performing a practically irreversible transformation of the number of the second type received through the second input, using the number of the first type received through the first input. - View Dependent Claims (2, 3, 4)
-
-
5. A method of generating a secure session key between two user devices connected by an insecure communications channel, comprising the following steps performed at both devices:
-
transmitting a digitally signed composite quantity to the other device, the composite quantity including a publicly known device identifier IDa and a number Ya derived by a practically irreversible transformation of a secret number Xa that it is unique to the device; receiving a similarly structured digitally signed composite quantity from the other device; transforming the received digitally signed composite quantity into an unsigned composite quantity containing a device identifier IDb of the other device and a number Yb that was derived by transformation from a secret number Xb that is unique to the other device; verifying the identity of the other device from the device identifier IDb; and generating a session key by performing a practically irreversible transformation involving the numbers Xa and Yb. - View Dependent Claims (6, 7)
-
-
8. A method of authentication in a public key cryptographic system, the method comprising the steps of:
-
selecting a unique random number Xi for each cryptographic device to be distributed; transforming the number Xi to a new number Yi using a practically irreversible transformation; forming a composite quantity by combining the number Yi with a publicly known device identifier IDi; digitally signing the composite quantity containing Yi and IDi; storing the signed composite quantity and the number Xi permanently in each device; exchanging, between two devices, a and b, desiring to establish secured communication, the signed composite quantities stored in each; authenticating, in each of the two devices, the identity of the other device; and generating, in each of the two devices, a session key to be used for secured communication. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
Specification