System method and apparatus for authenticating an encrypted signal
First Claim
1. In a cryptographic communication system including first and second terminals, said first and second terminals being connected via a telecommunications link, a method for authenticating encrypted signals between said first and second terminals, wherein said first terminal stores a user secret key and wherein said second terminal includes a keyset library memory for storing said user secret key, said method comprising:
- sending a first cryptographic challenge block including a first variable, from said second terminal to said first terminal;
receiving said first cryptographic challenge block at said first terminal;
responding to said first cryptographic challenge block by sending from said first terminal a first cryptographic challenge block response based on said first variable received in said first cryptographic challenge block and said user secret key stored in said first terminal;
receiving said first cryptographic challenge block response at said second terminal;
computing at said second terminal an expected first cryptographic challenge block response;
comparing said received first cryptographic challenge block response to said expected first cryptographic challenge block response in said second terminal; and
disconnecting said telecommunications link between said first and second terminals if said received first cryptographic challenge block response is not substantially equal to said expected first cryptographic challenge block response;
whereby said first terminal authenticates to said second terminal responsive to said cryptographic challenge block that said first terminal stores the same secret key as said second terminal;
sending a second cryptographic challenge block including a second variable, from said first terminal to said second terminal;
receiving said second cryptographic challenge block including said second variable, at said second terminal;
responding to said second cryptographic challenge block by sending from said second terminal a second cryptographic challenge block response based on said first variable in said first cryptographic challenge block, said received second variable in said second cryptographic challenge block and said user secret key stored in said keyset library of said second terminal;
receiving said second cryptographic challenge block response at said first terminal;
computing at said first terminal an expected second cryptographic challenge block response using said first variable received in said first cryptographic challenge block, said second variable in said second cryptographic challenge block and said user secret key stored in said first terminal;
comparing said received second cryptographic challenge block response to said expected second cryptographic challenge block response in said first terminal; and
disconnecting said telecommunications link between said second and first terminals if said received second cryptographic challenge block response is not substantially equal to said expected second cryptographic challenge block response;
whereby said second terminal authenticates to said first terminal responsive to said second cryptographic challenge block that said second terminal stores the same user secret key as said first terminal.
3 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic communications system includes a method and apparatus for exchanging messages between a user terminal, containing a secret key, and an operations center wherein each party authenticates signals received from the other party before any other information is exchanged. An initial identification message from the user terminal to the operations center contains an encrypted value of current time. The operations center checks the received message against local time to verify real time concurrent operation of the user terminal. Subsequently, the operations center and the user terminal mutually exchange encrypted challenge blocks, and each provide respective encrypted responses to the encrypted challenge blocks. The challenge and response exchanges demonstrate that each knows the secret key stored in the user terminal before other information, such as downloaded credit or uploaded data usage, is exchanged. In particular, the challenge and response messages exchange a first random number generated in the user terminal and a second random number generated in the operations center, which are variables used in conjunction with the user secret key to generate a new session key for encrypting the remainder of the messages exchanging data in the communication session.
329 Citations
14 Claims
-
1. In a cryptographic communication system including first and second terminals, said first and second terminals being connected via a telecommunications link, a method for authenticating encrypted signals between said first and second terminals, wherein said first terminal stores a user secret key and wherein said second terminal includes a keyset library memory for storing said user secret key, said method comprising:
-
sending a first cryptographic challenge block including a first variable, from said second terminal to said first terminal; receiving said first cryptographic challenge block at said first terminal; responding to said first cryptographic challenge block by sending from said first terminal a first cryptographic challenge block response based on said first variable received in said first cryptographic challenge block and said user secret key stored in said first terminal; receiving said first cryptographic challenge block response at said second terminal; computing at said second terminal an expected first cryptographic challenge block response; comparing said received first cryptographic challenge block response to said expected first cryptographic challenge block response in said second terminal; and disconnecting said telecommunications link between said first and second terminals if said received first cryptographic challenge block response is not substantially equal to said expected first cryptographic challenge block response; whereby said first terminal authenticates to said second terminal responsive to said cryptographic challenge block that said first terminal stores the same secret key as said second terminal; sending a second cryptographic challenge block including a second variable, from said first terminal to said second terminal; receiving said second cryptographic challenge block including said second variable, at said second terminal; responding to said second cryptographic challenge block by sending from said second terminal a second cryptographic challenge block response based on said first variable in said first cryptographic challenge block, said received second variable in said second cryptographic challenge block and said user secret key stored in said keyset library of said second terminal; receiving said second cryptographic challenge block response at said first terminal; computing at said first terminal an expected second cryptographic challenge block response using said first variable received in said first cryptographic challenge block, said second variable in said second cryptographic challenge block and said user secret key stored in said first terminal; comparing said received second cryptographic challenge block response to said expected second cryptographic challenge block response in said first terminal; and disconnecting said telecommunications link between said second and first terminals if said received second cryptographic challenge block response is not substantially equal to said expected second cryptographic challenge block response; whereby said second terminal authenticates to said first terminal responsive to said second cryptographic challenge block that said second terminal stores the same user secret key as said first terminal. - View Dependent Claims (2, 3)
-
-
4. In a cryptographic communication system including first and second terminals, said first and second terminals being connected via a telecommunications link, an apparatus for authenticating encrypted signals between said first and second terminals, wherein said first terminal stores a user secret key and wherein said second terminal includes a keyset library memory for storing said user secret key, said method comprising:
-
means for sending a first cryptographic challenge block including a first variable, from said second terminal to said first terminal; means for receiving said first cryptographic challenge block at said first terminal; means for responding to said first cryptographic challenge block by sending from said first terminal a first cryptographic challenge block response based on said first variable received in said first cryptographic challenge block and said user secret key stored in said first terminal; means for receiving said first cryptographic challenge block response at said second terminal; means for computing at said second terminal an expected first cryptographic challenge block response; means for comparing said received first cryptographic challenge block response to said expected first cryptographic challenge block response in said second terminal; and means for disconnecting said telecommunications link between said first and second terminals if said received first cryptographic challenge block response is not substantially equal to said expected first cryptographic challenge block response; whereby said first terminal authenticates to said second terminal responsive to said cryptographic challenge block that said first terminal stores the same secret key as said second terminal; means for sending a second cryptographic challenge block including a second variable, from said first terminal to said second terminal; means for receiving said second cryptographic challenge block including said second variable, at said second terminal; means for responding to said second cryptographic challenge block by sending from said second terminal a second cryptographic challenge block response based on said first variable in said first cryptographic challenge block, said received second variable in said second cryptographic challenge block and said user secret key stored in said keyset library of said second terminal; means for receiving said second cryptographic challenge block response at said first terminal; means for computing at said first terminal an expected second cryptographic challenge block response using said first variable received in said first cryptographic challenge block, said second variable in said second cryptographic challenge block and said user secret key stored in said first terminal; means for comparing said received second cryptographic challenge block response to said expected second cryptographic challenge block response in said first terminal; and means for disconnecting said telecommunications link between said second and first terminals if said received second cryptographic challenge block response is not substantially equal to said expected second cryptographic challenge block response; whereby said second terminal authenticates to said first terminal responsive to said second cryptographic challenge block that said second terminal stores the same user secret key as said first terminal. - View Dependent Claims (5, 6)
-
-
7. In a secure cryptographic communication system including first and second terminals, said first and second terminals being connected via a telecommunications link, a method for providing encrypted signals between said first and second terminals using a first communication session key and a second communication session key, wherein said first and second terminal each store a user secret key for generating said first communication session key common to said first and second terminals, said first communication session key being used for authenticating an encrypted signal in said secure cryptographic communications system, said second communication key being used as an encryption key for secure communications between said first and second terminals, said method comprising:
-
generating a first variable at said first terminal; generating a second variable at said second terminal; exchanging said first and second variables between said first and second terminals using said first communication session key; forming said second communication session key at each said first and second terminals from said first and second variables; and using said second communication session key as an encryption key for secure communications between said first and second terminals. - View Dependent Claims (8, 9, 10)
-
-
11. In a secure cryptographic communication system including first and second terminals, said first and second terminals being connected via a telecommunications link, an apparatus for providing encrypted signals between said first and second terminals using a first communication session key and a second communication session key, wherein said first and second terminal each store a user secret key for generating said first communication session key common to said first and second terminals, said first communication session key being used for authenticating an encrypted signal in said secure cryptographic communications system, said second communication key being used as an encryption key for secure communications between said first and second terminals said apparatus comprising:
-
means for generating a first variable at said first terminal; means for generating a second variable at said second terminal; means for exchanging said first and second variables between said first and second terminals using said first communication session key; means for forming said second communication session key at each said first and second terminals from said first and second variables; and means for using said second communication session key as an encryption key for secure communications between said first and second terminals. - View Dependent Claims (12, 13, 14)
-
Specification