Methods and apparatus for authenticating an originator of a message

US 6,119,227 A
Filed: 10/20/1997
Issued: 09/12/2000
Est. Priority Date: 04/18/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method of enabling a first party to authenticate a second party by confirming that a communication from the second party must have been derived using a password of the first party, wherein the second party does not know the password, comprising the steps:

the first party;

applying a commutative one-way function to the password to form a first result, generating a first random value and providing the first result and the first random value to the second party;

the second party;

generating a second random value and a session key, applying the commutative one-way function to the first result received from the first party and the second random value to calculate a second result, combining the first random value received from the first party with the second result to obtain a first hashed result, calculating a protected hashed result from the first hashed result and the session key, and applying the commutative one-way function to the second random value to form a protected second random value and providing the first party with the protected second random value and the protected hashed result;

whereby the first party can calculate;

(a) the second result from the password and the protected second random value, (b) the first hashed result from the second result the first party calculates and the first random value, and (c) the session key by combining the hashed result calculated by the first party with the protected hashed result received from the second party.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication by an intermediary F (e.g. a bank) of an originator C of a message (e.g. a client sending an instruction to pay a merchant M) is accomplished using a protocol which does not require the intermediary to possess passwords used by the originator C and the merchant M to protect the contents of the message. Furthermore, the protocol does not require any party to the transaction to decrypt any value previously encrypted by any other party, so a reversible encryption algorithm is not required.

53 Citations

View as Search Results

14 Claims

1. A method of enabling a first party to authenticate a second party by confirming that a communication from the second party must have been derived using a password of the first party, wherein the second party does not know the password, comprising the steps:
- the first party;
  
  applying a commutative one-way function to the password to form a first result, generating a first random value and providing the first result and the first random value to the second party;
  
  the second party;
  
  generating a second random value and a session key, applying the commutative one-way function to the first result received from the first party and the second random value to calculate a second result, combining the first random value received from the first party with the second result to obtain a first hashed result, calculating a protected hashed result from the first hashed result and the session key, and applying the commutative one-way function to the second random value to form a protected second random value and providing the first party with the protected second random value and the protected hashed result;
  
  whereby the first party can calculate;
  
  (a) the second result from the password and the protected second random value, (b) the first hashed result from the second result the first party calculates and the first random value, and (c) the session key by combining the hashed result calculated by the first party with the protected hashed result received from the second party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the second party also calculates from the session key and the first random value a second hashed result and provides the second hashed result to the first party, whereby the first party can verify the session key by (a) recalculating the second hashed result from the first random value and the session key and (b) comparing the recalculated second hashed result with the second hashed result received from the second party.
  - 3. The method of claim 1, wherein the commutative one-way function is a modular exponentiation function.
  - 4. The method of claim 1, wherein the protected hashed result provided to the first party is the result of an exclusive OR operation on the hashed result and the session key.
  - 5. The method of claim 1, wherein the second party:
    - (a) calculates a digitally signed version of the protected second random value, and (b) provides the digitally signed version of the protected second random value to the first party, and the first party verifies the digitally signed version of the protected second random value to authenticate the protected second random value received from the second party.
  - 6. The method of claim 5, wherein the calculating and verifying steps of the digitally signed version of the protected second random value are performed with a digital signature algorithm.
  - 7. The method of claim 1, wherein the first party:
    - (a) generates a third random value, and (b) calculates a digital signature using said third random value, and (c) provides the digital signature to the second party;
      
      after the first party has calculated the second result from the password and the protected second random value, the first party provides the third random value to the second party; and
      
      the second party responds to the third random value verifying the digital signature.
  - 8. The method of claim 1, further comprising authenticating a communication between the first party and a third party, the third party communicating with the second party in the same manner as the first party communicates with the second party, the first and second random values in the communication between the first party and the third party being independent of the first and second random values generated in the communication between the first party and the second party and the session key is the same as that generated in communication between the first party and the second party, such that the session key may be used by each of the first party and the third party to authenticate the other party.
  - 9. The method of claim 1, wherein the first party:
    - calculates (a) the second result from the password and the protected second random value, (b) the first hashed result from the second result the first party calculates and the first random value, and (c) the session key by combining the hashed result calculated by the first party with the protected hashed result received from the second party.
  - 10. The method of claim 1, wherein the first and second random values are one-time random values.

11. A first device for authenticating an originator of a message from a second device by confirming that a message from the second device must have been derived using a password of the first device, the first device being arranged for sending (a) a protected version of the password and (b) a first random value to the second device, the second device being arranged for generating a second random value, the second device being arranged for using (a) and (b) received from the first device and the second random value to protect a session key, the second device being arranged for generating a protected version of the second random value, the devices being arranged so the second device can send to the first device the protected session key and the protected second random value, the first device being arranged so it can recover the session key from the protected session key received from the second device using the password of the first device and a protected second random value received from the second device, the first device comprising:
- a protecting mechanism for protecting the password of the first device;
  
  a first random value source for generating a first random value for the first device;
  
  a transmitter for supplying the protected password and the first random value of the first device to the second device;
  
  a receiver for receiving the protected session key and a protected second random value from the second device; and
  
  a computer arrangement for calculating the session key from the protected session key received from the second device using the password of the first device and the protected second random value received from the second device.

12. A second device for generating an authenticating message adapted to be supplied to a first device to enable the first device to confirm that a message from the second device must have been derived using a password of the first device, the first device being arranged for sending to the second device:
- (a) a protected version of the password and (b) a first random value, the second device being arranged for receiving (a) and (b) from the first device, the second device being arranged for protecting a session key using (a) and (b) as received from the first device, the second device being arranged for sending the protected session key to the first device, the first device being arranged for recovering the session key from the protected session key received from the second device by using the password of the first device, the second device comprising;
  
  a receiver for receiving from the first device (a) the protected version of the password and (b) the first random value;
  
  a second random value source for generating a second random value;
  
  a protecting mechanism for generating a protected version of the second random value;
  
  a session key source for deriving the session key;
  
  a calculating mechanism for calculating the protected session key using (a) the protected version of the password and (b) the first random value from the first device, the second random value, and the session key; and
  
  a transmitter for supplying the protected session key and protected second random value to the first device for authentication.

13. A computer system for authenticating a message by confirming that the message must have been derived using a password of the computer system, comprising:
- a first processor for receiving and transmitting data;
  
  a communication interface for exchanging signals between the first processor and a first device, the first device including a first memory and a second processor for executing instructions; and
  
  a second memory coupled to said first processor;
  
  the second memory having stored therein sequences of instructions which, when executed by said first processor, cause said first processor to authenticate a message from the first device by causing said first processor to execute instructions for;
  
  protecting a password of the first device;
  
  generating a first random value for the first device;
  
  transmitting the protected password and the first random value to the first device using the communication interface;
  
  receiving a protected session key and a protected second random value from the first device using the communication interface; and
  
  calculating a session key from the protected session key received from the first device using the password of the computer system and the protected second random value received from the first device.

14. A computer system for generating an authenticating message to confirm that the message must have been derived using a password that is not known to the computer system, comprising:
- a first processor for receiving and transmitting data;
  
  a communication interface for exchanging signals between the first processor and a first device, the first device including a first memory and a second processor for executing instructions; and
  
  a second memory coupled to said first processor;
  
  the second memory having stored therein sequences of instructions which, when executed by said first processor, cause said first processor to authenticate a message from the first device by causing said first processor to execute instructions for;
  
  receiving (a) a protected version of the password and (b) a first random value from the first device using the communication interface;
  
  generating a second random value;
  
  protecting the second random value;
  
  creating a session key;
  
  calculating a protected version of the session key using (a) the protected version of the password, (b) the first random value, the second random value, and the session key; and
  
  transmitting the protected session key and protected second random value to the first device for authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Mao, Wenbo
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
KABAKOFF, STEPHEN ERIC

Application Number

US08/930,217
Time in Patent Office

1,058 Days
Field of Search

380/24, 380/23, 380/25, 380/277, 380/278, 380/279, 380/283, 380/284, 713/168, 713/171, 713/200
US Class Current

713/171
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/29   characterised by micropayments

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3825   Use of electronic signatures

H04L 2209/56   Financial cryptography, e.g...

H04L 63/083   using passwords cryptograph...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Methods and apparatus for authenticating an originator of a message

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for authenticating an originator of a message

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links