Administration and utilization of secret fresh random numbers in a networked environment

US 6,151,676 A
Filed: 12/24/1997
Issued: 11/21/2000
Est. Priority Date: 12/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of administration of secret fresh random numbers for use by users in a networked environment to which a server is coupled, there being associated with each user a unique respective set including an ID, a private key, and a public key corresponding to the private key, and with the server a private key and a public key, said method comprising, at the server:

receiving via the network a user'"'"'s ID;

generating at least a first random number;

forming an encrypted component using the public key of the user, said encrypted component containing at least the first random number in encrypted form;

forming a freshness value corresponding to a current date/time;

hashing together items including the first random number and the freshness value to form a first hash;

forming a first signature of the first hash using the private key of the server;

sending to the user via the network a package including at least the encrypted component, freshness value, and first signature;

receiving a second signature of a second hash which has been formed by signing data from said package, derived at least from the first random number, said second signature being formed using the private key of the user; and

first verifying, using the public key of the user, whether the second signature is for the same first random number as was sent by the server.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a public key cryptosystem employing the El-Gamal algorithm, secret fresh random numbers are generated at a server and private keys of users, as encrypted with a symmetric algorithm by using individual user identifying keys determined by hashing the users'"'"' respective passphrases or biometric information (fingerprint, voiceprint, retina scan, or face scan) are maintained in a store accessible to the server, and the fresh random numbers and encrypted private keys are transmitted to the user equipment when needed via a network which is not secure. In order to prevent an attacker from discovering the random numbers or employing formerly used random numbers in a block replay attack, an interchange in the nature of a challenge response protocol is employed which passes at least one secret fresh random number from the server to the user equipment while also authenticating the user to the server. In this interchange, a first random number to be distributed to the user for use in signing a document and a second random number which is to be used by the user in forming a signature of a hashing together of the first and second random numbers as part of the challenge response protocol, are supplied to the user equipment in encrypted form together with a freshness value, and a signature by the server of a hashing together of the first and second random numbers and the freshness value.

168 Citations

20 Claims

1. A method of administration of secret fresh random numbers for use by users in a networked environment to which a server is coupled, there being associated with each user a unique respective set including an ID, a private key, and a public key corresponding to the private key, and with the server a private key and a public key, said method comprising, at the server:
- receiving via the network a user'"'"'s ID;
  
  generating at least a first random number;
  
  forming an encrypted component using the public key of the user, said encrypted component containing at least the first random number in encrypted form;
  
  forming a freshness value corresponding to a current date/time;
  
  hashing together items including the first random number and the freshness value to form a first hash;
  
  forming a first signature of the first hash using the private key of the server;
  
  sending to the user via the network a package including at least the encrypted component, freshness value, and first signature;
  
  receiving a second signature of a second hash which has been formed by signing data from said package, derived at least from the first random number, said second signature being formed using the private key of the user; and
  
  first verifying, using the public key of the user, whether the second signature is for the same first random number as was sent by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1, wherein:
    - in addition to said first random number, at least second, third, and fourth random numbers are generated;
      
      at least the first and second random numbers are encrypted using the public key of the user and the third random number;
      
      said first hash is formed by hashing together at least said first random number, another random number contained in the package in encrypted form, and said freshness value;
      
      said first signature of the first hash is formed using the private key of the server and the fourth random number;
      
      said data is formed by hashing together the first and at least another random number contained in said package in encrypted form to produce a second hash;
      
      said second signature of the second hash has been formed using the private key of the user and the second random number.
  - 3. The method as claimed in claim 1, further comprising reading from a storage means data corresponding to the user having the received ID, which data comprises the user'"'"'s private key encrypted using a key determined from identifying information of the user, and said package further includes the encrypted private key of the user.
  - 4. The method of claim 1, further comprising reading from a storage means data corresponding to the user having the received ID, which data comprises the user'"'"'s private key encrypted using a key determined from identifying information of the user, and said package further includes the encrypted private key of the user.
  - 5. The method as claimed in claim 3, wherein the user identifying information comprises a passphrase entered by the user at the user equipment, or biometric information which is obtained from the user by suitable measurement or scanning at the user equipment.
  - 6. The method as claimed in claim 4, wherein the user identifying information comprises a passphrase entered by the user at the user equipment, or biometric information which is obtained from the user by suitable measurement or scanning at the user equipment.
  - 7. The method as claimed in claim 4, further comprising receiving a third signature of a third hash of a document, which third signature has been formed using the private key of the user and the first random number, and second verifying the third signature using the public key of the user and an independently computed hash of the document.
  - 8. The method as claimed in claim 6, further comprising receiving a third signature of a third hash of a document, which third signature has been formed using the private key of the user and the first random number, and second verifying the third signature using the public key of the user and an independently computed hash of the document.

9. A method for obtaining and using secret fresh random numbers at user equipment in a networked environment to which a server is coupled, there being associated with each user a unique respective set including an ID, a private key, and a public key corresponding to the private key, and with the server a private key and a public key, said method comprising, at the user equipment:
- transmitting an ID of a user;
  
  receiving a package including an encrypted component containing at least a first random number in encrypted form, which encrypted component has been produced using the private key of the user, a freshness value corresponding to a date/time, and a first signature of a first hash, said first hash having been formed by hashing together items including said first random number and the freshness value, and said first signature having been formed using the private key of the server;
  
  decrypting the at least first random number using the public key of the user;
  
  determining whether the current date/time is no more than a predetermined amount later than the freshness value;
  
  independently computing the first hash;
  
  verifying the first signature using the public key of the server and the independently computed first hash; and
  
  if the results of the determining and verifying are positive;
  
  forming a second signature of data from said package, derived from at least the first random number using the private key of the user; and
  
  sending the second signature via the network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method as claimed in claim 9, wherein:
    - said encrypted component contains at least first and second random numbers which have been encrypted together using the public key of the user and a third random number;
      
      said first hash has been formed by hashing together at least said first random number, another random number contained in said package, and said freshness value;
      
      said first signature of the first hash has been formed using the private key of the server and a fourth random number;
      
      at least said first and second random numbers are decrypted from the encrypted component using the private key of the user;
      
      said data is formed by hashing together at least two of the random numbers contained in said package in encrypted form to produce a second hash;
      
      said second signature of the second hash is formed using the private key of the user and the second random number.
  - 11. The method as claimed in claim 9, wherein said package further includes the private key of the user encrypted with a user identifying key associated with the user, and said method further comprises decrypting the encrypted private key using a user identifying key determined from interaction with the user at the user equipment.
  - 12. The method as claimed in claim 10, wherein said package further includes the private key of the user encrypted with a user identifying key associated with the user, and said method further comprises decrypting the encrypted private key using a user identifying key determined from interaction with the user at the user equipment.
  - 13. The method as claimed in claim 11, wherein the user identifying key determined by interaction with the user at the user equipment is determined from a passphrase entered by the user at the user equipment or biometric information which is obtained from the user by suitable measurement or scanning at the user equipment.
  - 14. The method as claimed in claim 12, wherein the user identifying key determined by interaction with the user at the user equipment is determined from a passphrase entered by the user at the user equipment or biometric information which is obtained from the user by suitable measurement or scanning at the user equipment.
  - 15. The method as claimed in claim 12, further comprising:
    - computing a third hash of a document;
      
      forming a third signature of the third hash using the user'"'"'s private key and the first random number; and
      
      transmitting the third signature.
  - 16. The method as claimed in claim 14, further comprising:
    - computing a third hash of a document;
      
      forming a third signature of the third hash using the user'"'"'s private key and the first random number; and
      
      transmitting the third signature.

17. A server system for supplying items for a plurality of users for use in signature or encryption operations employing the El-Gamal algorithm, there being associated with each user a unique respective set including a private key, and a public key corresponding to the private key, and with the server a private key and a public key, said system comprising:
- a random number generator for generating at least first, second, third, and fourth random numbers; and
  
  means for forming a package including an encrypted component containing at least the first and second random numbers encrypted together using the public key of a user and the third random number;
  
  a freshness value; and
  
  a first signature of a first hash formed by hashing together said first random number, at least another random number contained in said package in encrypted form, and said freshness value, said first signature being formed using the private key of the server and the fourth random number.
- View Dependent Claims (18, 19, 20)
- - 18. The system as claimed in claim 17, further comprising verification means for verifying received second and third signatures, said second signature being of a second hash which has been formed by hashing together the first and at least another random number contained in said package, and having been made using the private key of the user and the second random number, and said third signature being of a hash of a document, and having been made using the private key of the user and the first random number.
  - 19. The system as claimed in claim 18, further comprising computer readable storage means characterized in that there is stored therein encrypted private keys for the respective users which private keys have been encrypted using respective keys determined from respective user identifying information, and wherein said package further includes the encrypted private key of the user.
  - 20. The system of claim 19, wherein the user identifying information comprises a passphrase or biometric information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uniloc 2017 LLC (SoftBank Group Corp.)
Original Assignee
Philips Electronics North America Corporation (Koninklijke Philips N.V.)
Inventors
Pasieka, Michael S., Epstein, Michael A., Cuccia, David
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US08/989,875
Time in Patent Office

1,063 Days
Field of Search

380/30, 380/43, 380/44, 380/47, 380/268, 380/259, 380/262, 380/278, 380/281, 380/282, 380/283, 380/46, 705/67, 705/72, 705/76, 713/156, 713/168, 713/170, 713/171, 713/176, 713/178, 713/200
US Class Current

713/176
CPC Class Codes

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/002   Countermeasures against att...

H04L 9/3013   involving the discrete loga...

H04L 9/3247   involving digital signatures

Administration and utilization of secret fresh random numbers in a networked environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Administration and utilization of secret fresh random numbers in a networked environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links