Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N
First Claim
1. A method for computer-aided exchange of cryptographic keys between a user computer unit and a network computer unit comprising the steps of:
- generating a first random number;
calculating, using the first random number, a first value with a generating element of a finite group in the network computer unit;
forming a first message, which has at least the first value, in the network computer unit;
transmitting the first message by the network computer unit to the user computer unit;
generating a second random number in the user computer unit;
forming, using the second random number, a second value with a generating element of a finite group in the user computer unit;
calculating a first interim key in the user computer unit by raising a public network key to a power of the second random number;
calculating a first encoded term in the user computer unit by encoding an identity indication of the user computer unit with the first interim key using a cryptographic function;
calculating a second interim key in the user computer unit by the first value being raised to a power of a secret user key;
calculating a session key in the user computer unit by an operation on the first interim key with the second interim key;
forming a second message, which has at least the second value and at least the first encoded term, in the user computer unit;
transmitting a second message by the user computer unit to the network computer unit;
calculating the first interim key in the network computer unit by the second value being raised to a power of a secret network key;
calculating the second interim key in the network computer unit in that a public user key is raised to a power of the first random number;
calculating the session key in the network computer unit by operation on the first interim key with the second interim key;
decoding the first encoded term in the network computer unit; and
checking the identity indication of the user computer unit in the network computer unit.
1 Assignment
0 Petitions
Accused Products
Abstract
The method is for the exchange of cryptographic keys, in which the length of the transmitted messages is significantly reduced and the security properties of the method are considerably increased in comparison with known methods.
In a network computer unit and in a user computer unit, a first interim key and a second interim key are formed as a function of generated random numbers.
A session key is calculated by a bit-by-bit exclusive-OR operation on the first interim key and the second interim key. The keys are never transmitted in plain text. By use of a function, which for example may be a symmetric cryptographic function, a hash function or a one-way function, the network computer unit and the user computer unit authenticate each other.
58 Citations
9 Claims
-
1. A method for computer-aided exchange of cryptographic keys between a user computer unit and a network computer unit comprising the steps of:
-
generating a first random number; calculating, using the first random number, a first value with a generating element of a finite group in the network computer unit; forming a first message, which has at least the first value, in the network computer unit; transmitting the first message by the network computer unit to the user computer unit; generating a second random number in the user computer unit; forming, using the second random number, a second value with a generating element of a finite group in the user computer unit; calculating a first interim key in the user computer unit by raising a public network key to a power of the second random number; calculating a first encoded term in the user computer unit by encoding an identity indication of the user computer unit with the first interim key using a cryptographic function; calculating a second interim key in the user computer unit by the first value being raised to a power of a secret user key; calculating a session key in the user computer unit by an operation on the first interim key with the second interim key; forming a second message, which has at least the second value and at least the first encoded term, in the user computer unit; transmitting a second message by the user computer unit to the network computer unit; calculating the first interim key in the network computer unit by the second value being raised to a power of a secret network key; calculating the second interim key in the network computer unit in that a public user key is raised to a power of the first random number; calculating the session key in the network computer unit by operation on the first interim key with the second interim key; decoding the first encoded term in the network computer unit; and checking the identity indication of the user computer unit in the network computer unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification