Method and apparatus for access control and/or identification
First Claim
Patent Images
1. A method for access control for authorizing a user device, comprising the steps of:
- generating in an authorizing device an identification data signal representative of identification data unique to the user device;
generating in the authorizing device an encrypted data signal includingdata encrypted depending on the identification data and having been calculated mod n, where n is a product of at least two prime numbers;
providing the encrypted data signal to the user device from the authorizing device;
exchanging between the user device and a verifier device at least a portion of the encrypted data;
checking by the verifier device the validity of the data exchanged on a mod n basis; and
further comprising authorizing steps performed in an initial user set-up interval including;
a) combining by the authorizing device the identification data with public key data PKj and data representative of a number c to produce data representative of a combined number G having a d-th root g mod n such that G=gd mod n, and such that each PKj has ε
roots rood n, designated SKj-1 ;
b) storing data representative of g and n in a memory included in the user device; and
further comprising verifying steps including;
c) sending data representative of g from the user device to the verifier device;
d) computing, in the verifier device, G=g2 mod n; and
separating, in the verifier device, the identification data and the public key data PKj from G;
e) selecting, in the user device, a random number δ
in the range ##EQU12## and computing in the user device, a value E where E=δ
.sup.ε
mod n; and
sending E to the verifier device;
f) selecting in the verifier device a random binary vector v where v=(v1 v2 . . . vk); and
sending v to the user deviceg) computing in the user device;
##EQU13## sending z to the verifier device;
h) checking in the verifier device to determine if;
##EQU14## wherein ε
=2 or ε
=3 and a and b are a constant, especially a=b=1.
0 Assignments
0 Petitions
Accused Products
Abstract
A system providing access control, including encryption and decryption capability, replaces a public key directory by a transmission between an authority, or a sender S, and a receiver R of a "seed" value. The seed is processed to provide both identity information for R and public keys, i.e. a "virtual public key directory", or VPKD. The VPKD is generated prior to execution of the algorithm requiring the public directory, i.e. the host algorithm.
-
Citations
28 Claims
-
1. A method for access control for authorizing a user device, comprising the steps of:
-
generating in an authorizing device an identification data signal representative of identification data unique to the user device; generating in the authorizing device an encrypted data signal including data encrypted depending on the identification data and having been calculated mod n, where n is a product of at least two prime numbers; providing the encrypted data signal to the user device from the authorizing device; exchanging between the user device and a verifier device at least a portion of the encrypted data; checking by the verifier device the validity of the data exchanged on a mod n basis; and
further comprising authorizing steps performed in an initial user set-up interval including;a) combining by the authorizing device the identification data with public key data PKj and data representative of a number c to produce data representative of a combined number G having a d-th root g mod n such that G=gd mod n, and such that each PKj has ε
roots rood n, designated SKj-1 ;b) storing data representative of g and n in a memory included in the user device; and
further comprising verifying steps including;c) sending data representative of g from the user device to the verifier device; d) computing, in the verifier device, G=g2 mod n; and
separating, in the verifier device, the identification data and the public key data PKj from G;e) selecting, in the user device, a random number δ
in the range ##EQU12## and computing in the user device, a value E where E=δ
.sup.ε
mod n; and
sending E to the verifier device;f) selecting in the verifier device a random binary vector v where v=(v1 v2 . . . vk); and
sending v to the user deviceg) computing in the user device;
##EQU13## sending z to the verifier device;
h) checking in the verifier device to determine if;
##EQU14## wherein ε
=2 or ε
=3 and a and b are a constant, especially a=b=1. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 26)
-
-
12. The method of 11, wherein t has a value of at least t=4.
-
16. In an access control system or identification system, a user device which has been authorized by an authorizing device having calculated identification data ID unique to the user device and having provided the user device with encrypted data depending on the identification data ID which are calculated mod n, wherein for verifying the identity of the user device, the user device exchanges at least a part of the encrypted data with a verifier device which checks the validity of the data exchanged on a mod n basis, n being a product of at least two prime numbers, and wherein the identification data ID are combined with a public key data PKj and data representative of a number c to provide data representative of a combined number G having a d-th root g mod n according to G=gd mod n, and wherein each data value PKj has ε
- -roots mod n designated SKj-1, the user device comprising;
memory means for storing data representative of g and n; means for calculating; and interface means for exchanging data between the verifier device and the user device;
wherein for verifying;i) the user device sends, via the interface means, data representative of g to the verifier device; j) the user device selects a random number δ
in the range ##EQU18## and computes in the calculating means a value E=δ
.sup.ε
mod n, and sends via the interface means data representative of value E to the verifier device;k) the user device receives from the verifier device via the interface means data representative of a random binary vector v=(v1 v2 . . . vk); l) the user device computes in the calculating means ##EQU19## sends data representative of z via the interface means to the verifier device, wherein ε
=2 or ε
=3 and a and b are a constant, especially a=b=1. - View Dependent Claims (17, 18, 19, 20, 27)
- -roots mod n designated SKj-1, the user device comprising;
-
21. In a system for access control or identification, a verifier device which verifies the identity of a user device which has been authorized by an authorizing device, the authorizing device having calculated identification data ID unique to the user device, and having provided the user device with encrypted data depending on the identification data ID which are calculated mod n, wherein the verifier device and the user device exchange at least a part of the encrypted data and check the validity of the data exchanged on a mod n basis, wherein n is a product of at least two prime numbers, and wherein the identification data ID are combined with data representative of a public key PKj and data representative of a number c to provide data representative of a combined number G having a d-th root g mod n such that G=gd mod n, and wherein each PKj has ε
- -roots mod n designated SKj-1, the verifier device comprising;
memory means for storing data representative of the value n; means for calculating; and interface means for exchanging data between the verifier device and the user device;
wherein for verifying;m) the verifier device receives data representative of g via the interface means from the user device and, in the calculating means, computes G=g2 mod n and separates from G the identification data ID and the public key data values PKj ; n) the verifier device receives data representative of a value E=δ
.sup.ε
mod n from the user device via the interface means, and selects a random binary vector v=(v1 v2 . . . vk) and sends data representative of v to the user device via the interface means;o) the verifier device receives data representative of the value z from the user device via the interface means where ##EQU20## and p) the verifier device checks to determine if ##EQU21## wherein ε
=2 or ε
=3 and a and b are a constant, especially a=b=1. - View Dependent Claims (22, 23, 24, 25, 28)
- -roots mod n designated SKj-1, the verifier device comprising;
Specification