Exchange certificate for one way validation of information

US 5,515,439 A
Filed: 11/09/1994
Issued: 05/07/1996
Est. Priority Date: 12/03/1993
Status: Expired due to Fees

First Claim

Patent Images

1. A method for transmitting a value K'"'"' of a variable, between a first user A of a communications system and a second user B, and for validating said value K'"'"', said users sharing a common secret key S and having established a first communication session identified by a first unique session freshness proof N2 known to both user A and user B, said method being characterized in that it comprises the steps of:

a. transmitting from A to B said value K'"'"' by means of an exchange certificate comprising at least two fields M1 and M2 of the minimum form;

M1=f( S, K'"'"', . . . )M2=g( S, K'"'"', N2, c1, . . . )wherein f( ) and g( ) are functions such that,f( S, K'"'"', . . . )=m1 cannot be solved for K'"'"' without knowledge of S, m1 being a given value of field M1 and,g( S, K'"'"', N2, c1, . . . )=m2 cannot be solved for K'"'"' without knowledge of S, m2 being a given value of field M2;

and wherein,c1 is an exchange counter controlled by A and representative of the number of values of said variable exchanged between user A and user B during said first communication session;

b. processing by B of said exchange certificate M comprising the steps of;

•

deriving from said exchange certificate M said value K'"'"' as a result of solving for K'"'"' equation;
space="preserve" listing-type="equation">f( S, K'"'"', . . . )=M1; and

•

validating said value K'"'"' as a result of the verification of a set of validation conditions comprising at least an equation of the minimum form;
space="preserve" listing-type="equation">g( S, K'"'"', N2, c2, . . . )=M2 wherein,c2 is an exchange counter controlled by B and representative of the number of values of said variable exchanged between user A and user B during said first communication session.c. interrupting at the initiative of either A or B said first communication session between A and B and opening a second communication session identified by a second unique session freshness proof upon occurrence of anyone of a set of session reset conditions, said set of reset conditions comprising failure of at least one of said validation conditions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.

51 Citations

View as Search Results

18 Claims

1. A method for transmitting a value K'"'"' of a variable, between a first user A of a communications system and a second user B, and for validating said value K'"'"', said users sharing a common secret key S and having established a first communication session identified by a first unique session freshness proof N2 known to both user A and user B, said method being characterized in that it comprises the steps of:
- a. transmitting from A to B said value K'"'"' by means of an exchange certificate comprising at least two fields M1 and M2 of the minimum form;
  
  M1=f( S, K'"'"', . . . )M2=g( S, K'"'"', N2, c1, . . . )wherein f( ) and g( ) are functions such that,f( S, K'"'"', . . . )=m1 cannot be solved for K'"'"' without knowledge of S, m1 being a given value of field M1 and,g( S, K'"'"', N2, c1, . . . )=m2 cannot be solved for K'"'"' without knowledge of S, m2 being a given value of field M2;
  
  and wherein,c1 is an exchange counter controlled by A and representative of the number of values of said variable exchanged between user A and user B during said first communication session;
  b. processing by B of said exchange certificate M comprising the steps of;
  •
  
  deriving from said exchange certificate M said value K'"'"' as a result of solving for K'"'"' equation;
  space="preserve" listing-type="equation">f( S, K'"'"', . . . )=M1; and
  •
  
  validating said value K'"'"' as a result of the verification of a set of validation conditions comprising at least an equation of the minimum form;
  space="preserve" listing-type="equation">g( S, K'"'"', N2, c2, . . . )=M2 wherein,
  c2 is an exchange counter controlled by B and representative of the number of values of said variable exchanged between user A and user B during said first communication session.
  c. interrupting at the initiative of either A or B said first communication session between A and B and opening a second communication session identified by a second unique session freshness proof upon occurrence of anyone of a set of session reset conditions, said set of reset conditions comprising failure of at least one of said validation conditions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein said set of session reset conditions further comprises the event that either of exchange counters c1 and c2 reaches its maximum value.
  - 3. The method according to any one of claims 1 or 2 wherein,f(S, K'"'"', . . . )=Es(q)g(S, K'"'"', N2, c1, . . . )=Es(r op Es(s op'"'"' t))whereinEs( ) is a data encryption function using S as the encryption key;
    - op and op'"'"' are mathematical or Boolean operations; and
      
      q, r, s, t are functions of the minimum formq=q(K'"'"', . . . )r=r(N2, . . . )s=s(K'"'"', . . . )t=t(c1, . . .).
  - 4. The method of claim 3 wherein op and op'"'"' represent exclusive bit by bit OR Boolean.
  - 5. The method of claim 4 wherein functions q, r, s and t are:
    - q(K'"'"', . . . )=K'"'"'r(N2, . . . )=N2s(K'"'"', . . . )=K'"'"'t(c1, . . . )=c1
  - 6. The method according to any one of claims 1 or 2 wherein said exchange certificate further comprises a third field M3 of the minimum formM3=h( c1, . . . ).
  - 7. The method of claim 6 wherein said set of validation conditions further comprises verifying thath( c2, . . . )=M3.
  - 8. The method of claim 7 wherein function h is h( c, . . . )=c.

9. A system for transmitting a value K'"'"' of a variable, between a first user A of a communications system and a second user B, and for validating said value K'"'"', said users sharing a common secret key S and having established a first communication session identified by a first unique session freshness proof N2 known to both user A and user B, said system comprising:
- a. means for transmitting from A to B said value K'"'"' by means of an exchange certificate comprising at least two fields M1 and M2 of the minimum form;
  
  M1=f(S, K'"'"', . . . )M2=g(S, K'"'"', N2, c1, . . . )wherein F() and g() are functions such that,f(S, K'"'"', . . . )=m1 cannot be solved for K'"'"' without knowledge of S, m1 being a given value of field M1 and,g(S, K'"'"', N2, c1, . . .)=m2 cannot be solved for K'"'"' without knowledge of S, m2 being a given value of field M2;
  
  and wherein,c1 is an exchange counter controlled by A and representative of the number of values of said variable exchanged between user A and user B during said first communication session;
  
  b. means for processing by B of said exchange certificate M comprising;
  means for deriving from said exchange certificate M said value K'"'"' as a result of solving for K'"'"' equation;
  space="preserve" listing-type="equation">f(S, K'"'"', . . . )=M1; and
  means for validating said value K'"'"' as a result of the verification of a set of validation conditions comprising at least an equation of the minimum form;
  space="preserve" listing-type="equation">g(S, K'"'"', N2, c2, . . .)=M2 wherein,
  c2 is an exchange counter controlled by B and representative of the number of values of said variable exchanged between user A and user B during said first communication session;
  
  c. means for interrupting at the initiative of either A or B said first communication session between A and B and opening a second communication session identified by a second unique session freshness proof upon occurrence of any one of a set of session reset conditions, said set of reset conditions comprising failure of at least one of said validation conditions.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The system of claim 9 wherein said set of session reset conditions further comprises the event that either of exchange counters c1 and c2 reaches its maximum value.
  - 11. The system of either of claims 9, or 10 wherein,f(S, K'"'"', . . . )=Es(q)g(S, K'"'"', N2, c1, . . . )=Es(r op Es(s op'"'"'t))whereinEs( ) is a data encryption function using S as the encryption key;
    - op and op'"'"' are mathematical or Boolean operations; and
      
      q, r, s, t are functions of the minimum formq=q(K'"'"', . . . )r=r(N2, . . . )s=s(K'"'"', . . . )t=t(c1, . . . ).
  - 12. The system of claim 11 wherein op and op'"'"' represent exclusive bit by bit OR Boolean operation.
  - 13. The system of claim 12 wherein functions q, r, s and t are:
    - q(K'"'"', . . . )=K'"'"'r(N2, . . . )=N2s(K'"'"', . . . )=K'"'"'t(c1, . . . )=c1.
  - 14. The system according to any of claims 9 or 10 wherein said exchange certificate further comprises a third field M3 of the minimum formM3=h(c1, . . . ).
  - 15. The system of claim 14 wherein said set of validation conditions further comprises means for verifying thath(c2, . . . )=M3.
  - 16. The system of claim 15 wherein function h is h(c, . . . )=c.
  - 17. The system of claim 9 wherein said communications system uses a radio frequency communication channel.
  - 18. The system of claim 9 wherein said communications system uses an infrared communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bauchot, Frederic, Mansour, Yishay, Bantz, David, Herzberg, Amir, Kutten, Shay, Bello, Eliane D., Krawczyk, Hugo
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/336,605
Time in Patent Office

545 Days
Field of Search

380/9, 380/21, 380/23, 380/25, 380/49, 380/50, 380/30
US Class Current

713/156
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

Exchange certificate for one way validation of information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Exchange certificate for one way validation of information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links