Method and apparatus for privacy and authentication in wireless networks

US 5,371,794 A
Filed: 11/02/1993
Issued: 12/06/1994
Est. Priority Date: 11/02/1993
Status: Expired

First Claim

Patent Images

1. An improved method for providing secure communications between. a first data processing device and a second data processing device, comprising the steps of:

(a) said first data processing device transmitting a first message including;

a Mobile Certificate (Cert_-- Mobile) including a mobile public key (Pub_-- Mobile), a chosen challenge value (CH1), and a list of supported shared key algorithms (SKCS), to said second data processing device;

(b) said second data processing device receiving said first message and verifying a first signature of a first certificate authority (CA), said second data processing device validating said received Cert_-- Mobile, and if said Cert_-- Mobile is valid, said second data processing device transmitting a second message including;

a Base Certificate (Cert_-- Base) including a base public key (Pub_-- Base), a second digital signature, a random number (RN1), and an identifier of one of said SKCS chosen from said list of supported shared key algorithms, to said first data processing device;

(c) said first data processing device receiving said second message and validating said Cert_-- Base, and if said Cert_-- Base is valid, said first data processing device validating said second signature of said Cert_-- Base using said Pub_-- Base, such that if said second signature is valid, said first data processing device determining the value of RN1 by decrypting the value of E(Pub_-- Mobile, RN1) using a private key of said first data processing device (Priv_-- Mobile);

(d) said first data processing device generating a value RN2 and a first session key having the value (RN1⊕

RN2), said first data processing device encrypting the value of RN2 using said base public key (Pub_-- Base), and sending a third message to said second data processing device including said encrypted RN2 and the value of E(Pub_-- Mobile, RN1) along with a digital signature corresponding to said first data processing device;

(e) said second data processing device receiving said third message and verifying said digital signature of said first data processing device using Pub_-- Mobile obtained from said Cert_-- Mobile, and if said signature of said first data processing device is verified, said second data processing device decrypting the value of E(Pub_-- Base, RN2) using a private key of said second data processing device (Priv_-- Base), said second data processing device using said first session key having the value of (RN1⊕

RN2);

(f) said first and second data processing devices transferring data using encrypted data which is decrypted using said first session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert_-- Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert_-- Mobile is valid. If the Cert_-- Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert_-- Base, random number (RN1) encrypted in mobile'"'"'s public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert_-- Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub_-- Base) the signature on the message. The signature is verified by taking the base message and appending it to CH1 and the list of shared key algorithms that the mobile provided in the first message. If the base signature is not valid, then the communication attempt is aborted. In the event that the base signature is valid, the mobile determines the value of RN1 by decrypting Pub_-- Mobile, RN1 under the private key of the mobile. The mobile then generates RN2 and the session key, and encrypts RN2 under the Pub_-- Base. The mobile sends the encrypted RN2 and E(Pub_-- Mobile, RN1) to the base. The base then verifies the mobile signature using the Pub_-- Mobile obtained from the Cert_-- Mobile. If the mobile signature is verified, the base decrypts E(Pub_-- Base, RN2) using its private key. The base then determines the session key. The mobile and base may then enter a data transfer phase using encrypted data which is decrypted using the session key which is RN1 ⊕RN2.

Citations

32 Claims

1. An improved method for providing secure communications between. a first data processing device and a second data processing device, comprising the steps of:
- (a) said first data processing device transmitting a first message including;
  
  a Mobile Certificate (Cert_-- Mobile) including a mobile public key (Pub_-- Mobile), a chosen challenge value (CH1), and a list of supported shared key algorithms (SKCS), to said second data processing device;
  
  (b) said second data processing device receiving said first message and verifying a first signature of a first certificate authority (CA), said second data processing device validating said received Cert_-- Mobile, and if said Cert_-- Mobile is valid, said second data processing device transmitting a second message including;
  
  a Base Certificate (Cert_-- Base) including a base public key (Pub_-- Base), a second digital signature, a random number (RN1), and an identifier of one of said SKCS chosen from said list of supported shared key algorithms, to said first data processing device;
  
  (c) said first data processing device receiving said second message and validating said Cert_-- Base, and if said Cert_-- Base is valid, said first data processing device validating said second signature of said Cert_-- Base using said Pub_-- Base, such that if said second signature is valid, said first data processing device determining the value of RN1 by decrypting the value of E(Pub_-- Mobile, RN1) using a private key of said first data processing device (Priv_-- Mobile);
  
  (d) said first data processing device generating a value RN2 and a first session key having the value (RN1⊕
  
  RN2), said first data processing device encrypting the value of RN2 using said base public key (Pub_-- Base), and sending a third message to said second data processing device including said encrypted RN2 and the value of E(Pub_-- Mobile, RN1) along with a digital signature corresponding to said first data processing device;
  
  (e) said second data processing device receiving said third message and verifying said digital signature of said first data processing device using Pub_-- Mobile obtained from said Cert_-- Mobile, and if said signature of said first data processing device is verified, said second data processing device decrypting the value of E(Pub_-- Base, RN2) using a private key of said second data processing device (Priv_-- Base), said second data processing device using said first session key having the value of (RN1⊕
  
  RN2);
  
  (f) said first and second data processing devices transferring data using encrypted data which is decrypted using said first session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method as defined by claim 1 wherein said Cert_-- Mobile comprises the expression:
    - Signed(Priv_-- CA, Certificate contents).
  - 3. The method as defined by claim 2 wherein said Certificate contents comprises:
    - {Serial Number, Validity Period, Machine Name, Machine Public Key, CA name}.
  - 4. The method as defined by claim 3 wherein said MD is signed by said CA by encrypting said MD under said private key of said CA, such that the content of said Cert_-- Mobile are authenticated.
  - 5. The method as defined by claim 4 wherein said CH1 comprises a randomly generated number.
  - 6. The method as defined by claim 5 wherein said step of validating said received Cert_-- Mobile of step (b) includes the steps of:
    - said second data processing device independently computing said MD function on the contents of Cert_-- Mobile;
      
      said second data processing device comparing said independently computed MD function with the decryption under said public key of said CA of said MD signed by said CA in Step (b) of claim 1, such that if said MDs match said Cert_-- Mobile is valid.
  - 7. The method as defined by claim 6 wherein said RN1 value is encrypted using said Pub_-- Mobile of said first data processing device.
  - 8. The method as defined by claim 7 wherein said second data processing device stores said RN1 value, and includes said CH1 value and said identifier of said chosen SKCS in messages between said second and said first data processing devices.
  - 9. The method as defined by claim 8 wherein said second message comprises the expression:
    - {Cert_-- Base, E(Pub_-- Mobile, RN1), Chosen SKCS, Sig(Priv_-- Base,{E(Pub_-- Mobile, RN1), Chosen SKCS, CH1, List of SKCSs})}.
  - 10. The method as defined by claim 9 wherein said second digital signature is verified in Step (b) of claim 1 by appending said second message to CH1 and said list of SKCSs.
  - 11. The method as defined by claim 10 wherein said value RN2 comprises a random number.
  - 12. The method as defined by claim 11 wherein said third message comprises the expression:
    - {E(Pub_-- Base, RN2), Sig{Priv_-- Mobile, {E(Pub_-- Base,RN2), E(Pub_-- Mobile,
  - 13. The method as defined by claim 12 wherein said CH1 value comprises a 128 bit number.
  - 14. The method as defined by claim 12 further including a key change method to define a New Key, comprising the steps of:
    - (a) said second data processing device sending a forth message comprising;
      
      Signed(Priv_-- Base, {E(Pub_-- Mobile, New_-- RN1), E(Pub_-- Mobile, RN1)});
      
      (b) said first data processing device receiving said forth message and send a fifth message to said second data processing device comprising;
      
      Signed(Priv_-- Mobile, {E(Pub_-- Base, New_-- RN2), E(Pub_-- Base, RN2)});
      
      wherein the value of RN2⊕
      
      RN1 is used as the New Key.
  - 15. The method as defined by claim 12 further including a key change method to define a New Key, comprising the steps of:
    - (a) said first data processing device sending a forth message to said second data processing device comprising the expression;
      
      Signed(Priv_-- Mobile, {E(Pub_-- Base, New_-- RN2), E(Pub_-- Base, RN2)});
      
      (b) said second data processing device receiving said forth message and sending a fifth message to said first data processing device comprising the expression;
      
      Signed(Priv_-- Base, {E(Pub_-- Mobile, New_-- RN1), E(Pub_-- Mobile, RN1)});
      
      wherein the value of RN2 ⊕
      
      RN1 is used as the New Key.
  - 16. The method as defined by claim 1 further including a plurality of CAs, and wherein said second message is defined by the expression:
    - {Cert_-- Path, List of CRLs, E(Pub_-- Mobile, RN1), Chosen SKCS, Sig(Priv_-- Base, {E(Pub_-- Mobile, RN1), Chosen SKCS, CH1, List of SKCSs})}and wherein;
      
      CRL comprises a certificate revocation list for each of said CAs.

17. In a network having a first data processing device in communication with a second data processing device, an apparatus for providing a secure data transfer between said first data processing device and said second data processing device, comprising:
- a first message generation and transmission/receiving circuit coupled to said first data processing device for transmitting a first message including;
  
  a Mobile Certificate (Cert_-- Mobile) having a mobile public key (Pub_-- Mobile), a chosen challenge value (CH1), and a list of supported shared key algorithms (SKCS), to said second data processing device;
  
  second message generation and transmission/receiving circuit coupled to said second data processing device for receiving said first message, said second data processing device validating said received Cert_-- Mobile, and if said Cert_-- Mobile is valid, said second data processing device transmitting a second message including;
  
  a Base Certificate (Cert_-- Base) including a base public key (Pub_-- Base), a second digital signature, a random number (RN1), and an identifier of one of said SKCS chosen from said list of supported shared key algorithms, to said first data processing device;
  
  said first data processing device receiving said second message using said first message and transmission/receiving means and validating said Cert_-- Base, and if said Cert_-- Base is valid, said first data processing device validating said second signature of said message using said Pub_-- Base, such that if said second signature is valid, said first data processing device determines the value of RN1 by decrypting the value of E(Pub_-- Mobile, RN1) using a private key of said first data processing device (Priv_-- Mobile);
  
  said first data processing device generating a value RN2 and a first session key having the value (RN1⊕
  
  RN2), said first data processing device encrypting the value of RN2 using said base public key (Pub_-- Base), and sending a third message to said second data processing device including said encrypted RN2 and the value of E(Pub_-- Mobile, RN1) along with a digital signature corresponding to said first data processing device;
  
  said second data processing device receiving said third message using said second message and transmission/receiving means and verifying said digital signature of said first data processing device using Pub_-- Mobile obtained from said Cert_-- Mobile, and if said signature of said first data processing device is verified, said second data processing device decrypting the value of E(Pub_-- Base, RN2) using a private key of said second data processing device (Priv_-- Base), said second data processing device using said first session key having the value of (RN1⊕
  
  RN2);
  
  said first and second data processing devices transferring data using encrypted data which is decrypted using said first session key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The apparatus as defined by claim 17 wherein said Cert_-- Mobile comprises the expression:
    - Signed(Priv_-- CA, Certificate contents).
  - 19. The apparatus as defined by claim 18 wherein said Certificate contents comprises:
    - {Serial Number, Validity Period, Machine Name, Machine Public Key, CA name}.
  - 20. The apparatus as defined by claim 19 wherein said MD is signed by said CA by encrypting said MD under said private key of said CA, such that the content of said Cert_-- Mobile are authenticated.
  - 21. The apparatus as defined by claim 20 wherein said CH1 comprises a randomly generated number.
  - 22. The apparatus as defined by claim 21 wherein said step of validating said received Cert_-- Mobile is determined by:
    - said second data processing device independently computing said MD function on the contents of Cert_-- Mobile;
      
      said second data processing device comparing said independently computed MD function with the decryption under said public key of said CA of said MD signed by said CA, such that if said MDs match said Cert_-- Mobile is valid.
  - 23. The apparatus as defined by claim 22 wherein said RN1 value is encrypted using said Pub_-- Mobile of said first data processing device.
  - 24. The apparatus as defined by claim 23 wherein said second data processing device stores said RN1 value, and includes said CH1 value and said identifier of said chosen SKCS in messages between said second and said first data processing devices.
  - 25. The apparatus as defined by claim 24 wherein said second message comprises the expression:
    - {Cert_-- Base, E(Pub_-- Mobile, RN1), Chosen SKCS, Sig(Priv_-- Base,{E(Pub_-- Mobile, RN1), Chosen SKCS, CH1, List of SKCSs))}.
  - 26. The apparatus as defined by claim 25 wherein said second digital signature is verified by appending said second message to CH1 and said list SKCSs.
  - 27. The apparatus as defined by claim 26 wherein said value RN2 comprises a random number.
  - 28. The apparatus as defined by claim 27 wherein said third message comprises the expression:
    - {E(Pub_--Base, RN
      
      2), Sig{Priv_-- Mobile, {E(Pub_-- Base,RN2), E(Pub_-- Mobile,
  - 29. The apparatus as defined by claim 28 wherein said CH1 value comprises a 128 bit number.
  - 30. The apparatus as defined by claim 29 wherein a New Key may be defined:
    - said second data processing device using said second message and transmission/receiving means sends a forth message comprising;
      
      Signed(Priv_-- Base, {E(Pub_-- Mobile, New_-- RN1), E(Pub_-- Mobile, RN1)}) to said first data processing device;
      
      said first data processing device using said first message and transmission/receiving means receives said forth message and sends a fifth message to said second data processing device comprising;
      
      Signed(Priv_-- Mobile, {E(Pub_-- Base, New_-- RN2), E(Pub_-- Base, RN2)});
      
      wherein the value of RN2⊕
      
      RN1 is used as the New Key.
  - 31. The apparatus as defined by claim 30 wherein a New Key may be defined:
    - said first data processing device using said first message and transmission/receiving means sends a forth message to said second data processing device comprising the expression;
      
      Signed(Priv_-- Mobile, {E(Pub_-- Base, New_-- RN2), E(Pub_-- Base, RN2)});
      
      said second data processing device receiving said forth message using said second message and transmission/receiving means and sends a fifth message to said first data processing device comprising the expression;
      
      Signed(Priv_-- Base, {E(Pub_-- Mobile, New_-- RN1), E(Pub_-- Mobile, RN1)});
      
      wherein the value of RN2 if) RN1 is used as the New Key.
  - 32. The apparatus as defined by claim 17 further including a plurality of CAs, and wherein said second message is defined by the expression:
    - {Cert_-- Path, List of CRLs, E(Pub_-- Mobile, RN1), Chosen SKCS, Sig(Priv_-- Base, {E(Pub_-- Mobile, RN1), Chosen SKCS, CH1, List of SKCSs})}and wherein;
      
      CRL comprises a certificate revocation list for each of said CAs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Aziz, Ashar, Diffie, Whitfield
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/147,661
Time in Patent Office

399 Days
Field of Search

380/21, 380/30
US Class Current

713/156
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 63/205   involving negotiation or de...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3268   using certificate validatio...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Method and apparatus for privacy and authentication in wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for privacy and authentication in wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links