Secure communication method and apparatus

US 5,515,441 A
Filed: 05/12/1994
Issued: 05/07/1996
Est. Priority Date: 05/12/1994
Status: Expired due to Term

First Claim

Patent Images

1. In a communication system of the type in which a node may receive messages from any of a plurality of terminals and may forward any such message to any other of said plurality of terminals, the node and the terminals being equipped with data storage means and with computation means,a method for securing communications therewithin, comprising the steps of:

a. storing, at both the node and at a communicating terminal of said plurality of terminals, a set of universal vectors obtained from a Key Certification Authority (KCA);

b. transmitting from the node to the communicating terminal a node certificate obtained from said KCA, said node certificate including a KCA-certified digital signature, a node public key and a terminal identification (ID);

c. verifying in the communicating terminal, from the set of universal vectors stored thereat that the node certificate was obtained from the KCA;

d. retrieving a terminal secret key in the communicating terminal and generating therefrom in the communicating terminal a terminal public key;

e. transmitting the terminal public key from the communicating terminal to the node;

f. computing in the communicating terminal a first session cryptovariable from said node public key and from the terminal secret key;

g. computing in the node said first session cryptovariable from said terminal public key and from a node secret key associated with the node certificate;

h. performing a public key exchange between the node and the communicating terminal and computing therefrom in the node and in the communicating terminal a second session cryptovariable;

i. computing in the node and in the communicating terminal a common session key from said first session cryptovariable and said second session cryptovariable; and

j. encrypting and decrypting messages exchanged between said node and said communicating terminal using said common session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communication system in which a node may communicate over insecure channels with any of a plurality of terminals and may pass messages from any of the terminals to any other of the terminals, communication is secured by computing a first cryptovariable from information associated with certificates exchanged between the node and a terminal, computing a second cryptovariable from a prior-art public key exchange, and computing a session cryptovariable as a function of the first and second cryptovariables. This can be done asymmetrically, enabling a terminal to verify the security of an unattended node.

191 Citations

10 Claims

1. In a communication system of the type in which a node may receive messages from any of a plurality of terminals and may forward any such message to any other of said plurality of terminals, the node and the terminals being equipped with data storage means and with computation means,a method for securing communications therewithin, comprising the steps of:
- a. storing, at both the node and at a communicating terminal of said plurality of terminals, a set of universal vectors obtained from a Key Certification Authority (KCA);
  
  b. transmitting from the node to the communicating terminal a node certificate obtained from said KCA, said node certificate including a KCA-certified digital signature, a node public key and a terminal identification (ID);
  
  c. verifying in the communicating terminal, from the set of universal vectors stored thereat that the node certificate was obtained from the KCA;
  
  d. retrieving a terminal secret key in the communicating terminal and generating therefrom in the communicating terminal a terminal public key;
  
  e. transmitting the terminal public key from the communicating terminal to the node;
  
  f. computing in the communicating terminal a first session cryptovariable from said node public key and from the terminal secret key;
  
  g. computing in the node said first session cryptovariable from said terminal public key and from a node secret key associated with the node certificate;
  
  h. performing a public key exchange between the node and the communicating terminal and computing therefrom in the node and in the communicating terminal a second session cryptovariable;
  
  i. computing in the node and in the communicating terminal a common session key from said first session cryptovariable and said second session cryptovariable; and
  
  j. encrypting and decrypting messages exchanged between said node and said communicating terminal using said common session key.

2. In a communications system of the type in which any of a plurality of terminals may exchange messages with any other of said plurality of terminals, a method for securing communications therewithin, comprising the steps of:
- storing at first and second terminals of said plurality of terminals, respective first and second secret keys, and respective first and second terminal certificates issued by a Key Certification Authority (KCA), each said terminal certificate including a KCA-certified digital signature, a public key, and a terminal identification (ID);
  
  storing a set of KCA universal vectors at each said terminal;
  
  transmitting said first terminal certificate from said first terminal to said second terminal;
  
  transmitting said second terminal certificate from said second terminal to said first terminal;
  
  verifying at said first and second terminals, using the set of universal vectors, that the second and first terminal certificates, respectively, were generated by the KCA;
  
  computing, upon verification in the verifying step, a first cryptovariable at said first terminal from said first secret key and from said public key of said second terminal certificate, and at said second terminal from said second secret key and from said first public key of said first terminal certificate;
  
  performing another public key exchange between said first and second terminals and computing therefrom a second cryptovariable;
  
  computing in said first and second terminals a common session key from said first and second cryptovariables; and
  
  encrypting and decrypting messages exchanged between said first and second terminals, using said common session key.
- View Dependent Claims (3, 4, 5, 6)
- - 3. The method according to claim 2, wherein the asv is reported vocally in the reporting step.
  - 4. The method according to claim 2, wherein said asv is a four digit hexadecimal vector.
  - 5. The method according to claim 2 further comprising the steps of:
    - computing, at each of said first and second terminals, a cryptovariable cv as a function of dh, where cv is a mapping of the N-bit vector dh to a binary vector of length K, where K is less than N; and
      
      encrypting messages to be exchanged with the cryptovariable cv at each said first and second terminals, if the asv computed favorably compares with the asv reported in the comparing step; and
      
      decrypting the exchanged messages at said first and second terminals using cv.
  - 6. The method according to claim 2, wherein said first terminal is a node.

7. In a secure communications system of the type in which a first terminal may exchange messages with at least a second terminal, with the first and second terminals having respective first and second public keys and first and second associated secret keys, respectively, wherein said first terminal computes a secure key dh as a function of said second public key and said first secret key, said second terminal computing said secure key dh as a function of said first public key and said second secret key, wherein said secure key dh is an N-bit binary vector, a method for securing communication between said first and second terminals, comprising the steps of:
- computing, at each of said first and second terminals, an anti-spoof variable asv as a function of dh, where asv is a mapping from the N-bit vector dh to a hexadecimal vector;
  
  reporting, by said first terminal, the asv computed at said first terminal to said second terminal;
  
  comparing at said second terminal, the asv computed at said second terminal with the asv reported by said first terminal;
  
  proceeding with secure communications only if the asv computed favorably compares with the asv reported in the comparing step.

8. In a secure communications system of the type in which a first terminal may exchange messages with at least a second terminal, with the first and second terminals having respective first and second public keys and first and second associated secret keys, respectively, wherein said first terminal computes a secure key dh as a function of said second public key and said first secret key, said second terminal computing said secure key dh as a function of said first public key and said second secret key, a method for securing communication between said first and second terminals, comprising the steps of:
- storing at said first terminal, a first list of secret codewords;
  
  storing at said second terminal, a second list of secret codewords;
  
  exchanging said first and second lists of secret codewords between said first and second terminals;
  
  comparing, at said first and second terminals, the codewords of said first and second lists to determine if a common codeword exists on said lists;
  
  computing, if said common codeword is determined to exist in said comparing step, a cryptovariable cv at each of said first and second terminals, as a function of dh and said common codeword;
  
  encrypting messages to be exchanged with the cryptovariable cv at each said first and second terminals; and
  
  decrypting the exchanged messages at said first and second terminals using cv.
- View Dependent Claims (9, 10)
- - 9. The method according to claim 8, wherein cv is computed as a one-way hash value.
  - 10. The method according to claim 8, wherein said at least a second terminal comprises a plurality of secure terminals, each of said secure terminals having stored thereat said second list of secret codewords, said second list of secret codewords referred to as a netkey, wherein any of said secure terminals are capable of computing said cryptovariable cv as a function of dh and said netkey, so that secure communications between said first terminal and any of said secure terminals can occur via message encryption and decryption using cv.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Faucher, David W.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/241,534
Time in Patent Office

726 Days
Field of Search

380/21, 380/23, 380/25, 380/30, 380/43, 380/49
US Class Current

380/30
CPC Class Codes

H04L 9/0841 involving Diffie-Hellman or...

H04L 9/3263 involving certificates, e.g...

Secure communication method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

191 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links