Password based protocol for secure communications
First Claim
1. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
- sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for a first participant to establish a shared secret with a second participant, where the first participant and the second participant share a password-based first master key and a hash function includes sending a first message including a first private value for the second participant and a first authenticator for the second participant encrypted with the first master key. The first message also includes a first hashed authenticator for the first participant encrypted with a first shared secret key. The first message also includes a first public value for the first participant. The first participant receives a second message, the second message including the first authenticator for the second participant and a first public value for the second participant encrypted with the first shared secret key. The first participant sends a third message, the third message including the first authenticator for the first participant, a second hashed authenticator for the first participant, a second authenticator for the second participant and a second master key encrypted with a second shared secret key. The third message also includes a second public value for the first participant. A fourth message is received by the first participant, the fourth message including a second authenticator for the second participant and a second public value for the second participant encrypted with the second shared secret key.
-
Citations
93 Claims
-
1. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
-
sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
3. The method of claim 2 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
4. The method of claim 3 wherein said cryptographic hash function is SHA-1.
-
5. The method of claim 2 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
6. The method of claim 5 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
7. The method of claim 1 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
8. The method of claim 1 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
9. The method of claim 7, further comprising:
-
authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
-
-
10. The method of claim 2, further comprising:
-
decrypting said second message by using said first shared secret key;
decrypting said fourth message by using said second shared secret key; and
decrypting said sixth message by using said third shared secret key.
-
-
11. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
-
receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
13. The method of claim 12 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
14. The method of claim 13 wherein said cryptographic hash function is SHA-1.
-
15. The method of claim 12 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
16. The method of claim 15 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
17. The method of claim 11 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
18. The method of claim 11 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
19. The method of claim 12, further comprising:
-
decrypting said first message by using said first shared secret key;
decrypting said third message by using said second shared secret key; and
decrypting said fifth message by using said third shared secret key.
-
-
20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
-
sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
22. The program storage device of claim 21 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
23. The program storage device of claim 22 wherein said cryptographic hash function is SHA-1.
-
24. The program storage device of claim 22 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
25. The program storage device of claim 24 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
26. The program storage device of claim 20 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
27. The program storage device of claim 20 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
28. The program storage device of claim 26, said method further comprising:
-
authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
-
-
29. The program storage device of claim 28, said method further comprising:
-
decrypting said second message by using said first shared secret key;
decrypting said fourth message by using said second shared secret key; and
decrypting said sixth message by using said third shared secret key.
-
-
30. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising:
-
at least one memory having program instructions; and
at least one processor operatively coupled to said first participant and configured to use the program instructions to;
send a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receive a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
send a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
receive a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (31, 47, 48, 49, 50, 51, 52, 53, 54)
send a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
receive a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
47. The apparatus of claim 31 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
48. The apparatus of claim 47 wherein said cryptographic hash function is SHA-1.
-
49. The apparatus of claim 31 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
50. The apparatus of claim 49 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
51. The apparatus of claim 30 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
52. The apparatus of claim 30 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
53. The apparatus of claim 31 wherein said apparatus is further configured to:
-
authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
-
-
54. The apparatus of claim 31 wherein said apparatus is further configured to:
-
decrypting said second message by using said first shared secret key;
decrypting said fourth message by using said second shared secret key; and
decrypting said sixth message by using said third shared secret key.
-
-
32. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising:
-
at least one memory having program instructions; and
at least one processor operatively coupled to said second participant and configured to use the program instructions to;
receive a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
send a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
receive a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
send a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (33, 55, 56, 57, 58, 59, 60, 61)
receive a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
send a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
55. The apparatus of claim 33 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
56. The apparatus of claim 55 wherein said cryptographic hash function is SHA-1.
-
57. The apparatus of claim 33 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
58. The apparatus of claim 57 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
59. The apparatus of claim 32 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
60. The apparatus of claim 32 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
61. The apparatus of claim 33 wherein said apparatus is further configured to:
-
decrypting said first message by using said first shared secret key;
decrypting said third message by using said second shared secret key; and
decrypting said fifth message by using said third shared secret key.
-
-
34. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said first participant and comprising:
-
means for sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
means for receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
means for sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
means for receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (35, 62, 63, 64, 65, 66, 67, 68, 69)
means for sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
means for receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
62. The apparatus of claim 35 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
63. The apparatus of claim 62 wherein said cryptographic hash function is SHA-1.
-
64. The apparatus of claim 35 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
65. The apparatus of claim 64 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
66. The apparatus of claim 34 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
67. The apparatus of claim 34 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
68. The apparatus of claim 35, further comprising:
-
means for authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
means for authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
means for authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
-
-
69. The apparatus of claim 35, further comprising:
-
means for decrypting said second message by using said first shared secret key;
means for decrypting said fourth message by using said second shared secret key; and
means for decrypting said sixth message by using said third shared secret key.
-
-
36. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said second participant and comprising:
-
means for receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
means for sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
means for receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
means for sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (37, 70, 71, 72, 73, 74, 75, 76)
means for receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
means for sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
70. The apparatus of claim 37 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third said authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
71. The apparatus of claim 70 wherein said cryptographic hash function is SHA-1.
-
72. The apparatus of claim 37 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
73. The apparatus of claim 72 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
74. The apparatus of claim 36 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
75. The apparatus of claim 36 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
76. The apparatus of claim 37, further comprising:
-
means for decrypting said first message by using said first shared secret key;
means for decrypting said third message by using said second shared secret key; and
means for decrypting said fifth message by using said third shared secret key.
-
-
38. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
-
receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.
-
-
40. The program storage device of claim 39 wherein
each of said authenticators is a random number; -
each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
-
-
41. The program storage device of claim 40 wherein said cryptographic hash function is SHA-1.
-
42. The program storage device of claim 39 wherein
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
- and
-
43. The program storage device of claim 42 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
44. The program storage device of claim 38 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
45. The program storage device of claim 38 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
46. The program storage device of claim 39, said program storage device further comprising:
-
decrypting said first message by using said first shared secret key;
decrypting said third message by using said second shared secret key; and
decrypting said fifth message by using said third shared secret key.
-
-
77. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
-
sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function. - View Dependent Claims (78, 79, 80, 81)
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
-
-
80. The method of claim 79 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
81. The method of claim 77 wherein
said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters; - and
said method further comprises;
authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
- and
-
82. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
-
receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function. - View Dependent Claims (83, 84, 85)
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
-
-
85. The method of claim 84 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
86. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
-
sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function. - View Dependent Claims (87, 88, 89, 90, 91, 92, 93)
said first message, said third message and said fifth message include an identifier for said first participant; - and
said second message, said fourth message and said sixth message include an identifier for said second participant.
-
-
89. The program storage device of claim 88 wherein
said identifier for said first participant comprises an IP address; - and
said identifier for said second participant comprises an IP address.
- and
-
90. The program storage device of claim 86 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
-
91. The program storage device of claim 86 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
-
92. The program storage device of claim 90, said method further comprising:
-
authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
-
-
93. The program storage device of claim 91, said method further comprising:
-
decrypting said second message by using said first shared secret key;
decrypting said fourth message by using said second shared secret key; and
decrypting said sixth message by using said third shared secret key.
-
Specification