Cryptographic protocol for secure communications
First Claim
1. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
- forming an outgoing signal by encrypting at least a portion of an excitation signal with a second symmetric key cryptosystem using a key based on said authentication signal, said excitation signal being based on a first signal, RA ;
transmitting said outgoing signal to one of said parties;
receiving a response signal, Q, in response to said outgoing signal; and
generating said cryptographic key based on said first signal and on said response signal.
4 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic communication system. The system, which employs a novel combination of public and private key cryptography, allows two parties, who share only a relatively insecure password, to bootstrap a computationally secure cryptographic system over an insecure network. The system is secure against active and passive attacks, and has the property that the password is protected against offline "dictionary" attacks. If Alice and Bob are two parties who share the password P one embodiment of the system involves the following steps: (1) Alice generates a random public key E, encrypts it with P and sends P(E) to Bob; (2) Bob decrypts to get E, encrypts a random secret key R with E and sends E(R) to Alice; (3) Alice decrypts to get R, generates a random challenge CA and sends R(CA) to Bob; (4) Bob decrypts to get CA, generates a random challenge CB and sends R(CA, CB) to Alice; (5) Alice decrypts to get (CA, CB), compares the first against the challenge and sends R(CB) to Bob if they are equal; (6) Bob decrypts and compares with the earlier challenge; and (7) Alice and Bob can use R as a shared secret key to protect the session.
-
Citations
42 Claims
-
1. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
forming an outgoing signal by encrypting at least a portion of an excitation signal with a second symmetric key cryptosystem using a key based on said authentication signal, said excitation signal being based on a first signal, RA ; transmitting said outgoing signal to one of said parties; receiving a response signal, Q, in response to said outgoing signal; and generating said cryptographic key based on said first signal and on said response signal. - View Dependent Claims (2, 3, 4)
-
-
5. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
forming an excitation signal based on a first signal, RA ; transmitting said excitation signal; receiving an incoming signal from one of said parties in response to said excitation signal; forming a response signal, Q, by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; and generating said cryptographic key based on said first signal and on said response signal. - View Dependent Claims (6, 7, 8)
-
-
9. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
forming an outgoing signal by encrypting at least a portion of an excitation signal with a second symmetric key cryptosystem using a key based on said authentication signal, said excitation signal being based on a first signal, RA ; transmitting said outgoing signal to one of said parties; receiving an incoming signal from one of said parties in response to said outgoing signal; forming a response signal, Q, by decrypting said incoming signal with a third symmetric key cryptosystem using a key based on said authentication signal; and generating said cryptographic key based on said first signal and on said response signal. - View Dependent Claims (10, 11, 12)
-
-
13. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving an incoming signal from one of said parties; forming an excitation signal, S, by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; forming a response signal based on a first signal, RB ; transmitting said response signal; and generating said cryptographic key based on said excitation signal and on said first signal. - View Dependent Claims (14, 15, 16)
-
-
17. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving an excitation signal, S; forming a response signal based on a first signal RB ; forming an outgoing signal by encrypting at least a portion of said response signal with a second symmetric key cryptosystem using a key based on said authentication signal; transmitting said outgoing signal to one of said parties; and generating said cryptographic key based on said excitation signal and on said first signal. - View Dependent Claims (18, 19, 20)
-
-
21. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving an incoming signal from one of said parties; forming a excitation signal, S, by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; forming a response signal based on a first signal RB ; forming an outgoing signal by encrypting at least a portion of said response signal with a third symmetric key cryptosystem using a key based on said authentication signal; transmitting said outgoing signal to one of said parties; and generating said cryptographic key based on said excitation signal and on said first signal. - View Dependent Claims (22, 23, 24)
-
-
25. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
generating a public key and a private key to a public key cryptosystem; forming an outgoing signal by encrypting at least a portion of said public key with a second symmetric key cryptosystem using a key based on said authentication signal; transmitting said outgoing signal to one of said parties; receiving a response signal in response to said outgoing signal; and generating said cryptographic key based on said response signal and on said private key. - View Dependent Claims (26, 27)
-
-
28. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
generating a public key and a private key to a public key cryptosystem; transmitting said public key; receiving an incoming signal from one of said parties in response to said public key; forming a response signal by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; and generating said cryptographic key based on said response signal and on said private key. - View Dependent Claims (29, 30)
-
-
31. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
generating a public key and a private key to a public key cryptosystem; forming an outgoing signal by encrypting at least a portion of said public key with a second symmetric key cryptosystem using a key based on said authentication signal; transmitting said outgoing signal to one of said parties; receiving an incoming signal from one of said parties in response to said public key; forming a response signal by decrypting said incoming signal with a third symmetric key cryptosystem using a key based on said authentication signal; and generating said cryptographic key based on said response signal and on said private key. - View Dependent Claims (32, 33)
-
-
34. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving an incoming signal from one of said parties; forming a public key to a public key cryptosystem by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; generating said crytographic key; forming a response signal by encrypting at least a portion of said cryptographic key with a public key cryptosystem using said public key; and transmitting said response signal. - View Dependent Claims (35, 36)
-
-
37. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving a public key to a public key cryptosystem; generating said cryptographic key; forming a response signal by encrypting at least a portion of said cryptographic key with a public key cryptosystem using said public key; forming an outgoing signal by encrypting at least a portion of said response signal with a second symmetric key cryptosystem using a key based on said authentication signal; and transmitting said outgoing signal to one of said parties. - View Dependent Claims (38, 39)
-
-
40. A method for generating a cryptographic key to a first symmetric key cryptosystem by using an authentication signal, said authentication signal being available to a plurality of parties, said method comprising the steps of:
-
receiving an incoming signal from one of said parties; forming a public key to a public key cryptosystem by decrypting said incoming signal with a second symmetric key cryptosystem using a key based on said authentication signal; generating said cryptographic key; forming a response signal by encrypting at least a portion of said cryptographic key with a public key cryptosystem using said public key; forming an outgoing signal by encrypting at least a portion of said response signal with a third symmetric key cryptosystem using a key based on said authentication signal; and transmitting said outgoing signal to one of said parties. - View Dependent Claims (41, 42)
-
Specification