Method for two-party authentication and key agreement
First Claim
1. A method for authenticating a first party at a second party, comprising:
- (a) receiving a random number from said first party as a first challenge;
(b) incrementing a count value in response to receiving said first challenge;
(c) generating a first challenge response by performing a keyed cryptographic function (KCF) on said first challenge and said count value using a first key;
(d) transferring said count value, as a second challenge, and said first challenge response to said first party;
(e) receiving a second challenge response from said first party, said second challenge response being a result of performing said KCF on said second challenge using said first key; and
(f) verifying said first party based on said second challenge and said second challenge response, wherein said first party is a network of a wireless system and said second party is a mobile, and said step (c) generates said first challenge response by performing said KCF on said first challenge, said count value and type data using said first key, said type data indicating a type of protocol being performed by said network and said mobile.
10 Assignments
0 Petitions
Accused Products
Abstract
According to the two party authentication method, a first party generates and transfers a random number to a second party as a first challenge. The second party increments a count value in response to the first challenge, generates a first challenge response by performing a keyed cryptographic function (KCF) on the first challenge and the count value using a first key, and transfers the count value, as a second challenge, and the first challenge response to the first party. The first party verifies the second party based on the first challenge, the second challenge and the first challenge response. The first party also generates a second challenge response by performing the KCF on the second challenge using the first key, and transfers the second challenge response to the second party. The second party verifies the first party based on the second challenge and the second challenge response. For instance, the first and second parties can be a network and mobile, respectively, in a wireless system. Also, based on the first and second challenges, both the first and second parties may generate another key.
-
Citations
17 Claims
-
1. A method for authenticating a first party at a second party, comprising:
-
(a) receiving a random number from said first party as a first challenge;
(b) incrementing a count value in response to receiving said first challenge;
(c) generating a first challenge response by performing a keyed cryptographic function (KCF) on said first challenge and said count value using a first key;
(d) transferring said count value, as a second challenge, and said first challenge response to said first party;
(e) receiving a second challenge response from said first party, said second challenge response being a result of performing said KCF on said second challenge using said first key; and
(f) verifying said first party based on said second challenge and said second challenge response, wherein said first party is a network of a wireless system and said second party is a mobile, and said step (c) generates said first challenge response by performing said KCF on said first challenge, said count value and type data using said first key, said type data indicating a type of protocol being performed by said network and said mobile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating a first party at a second party, comprising:
-
(a) outputting a random number as a first challenge;
(b) receiving a second challenge and a first challenge response from said first party, said second challenge being a count value, and said first challenge response being a result of performing a keyed cryptographic function (KCF) on said first challenge and said count value using a first key;
(c) verifying said first party based on said first challenge, said second challenge, and said first challenge response;
(d) generating a second challenge response by performning said KCF on said second challenge using said first key; and
(e) transferring said second challenge response to said second party, wherein said first party is a mobile of a wireless system and said second party is a network, and said step (c) generates said second challenge response by performing said KCF on said second challenge and type data using said first key, said type data indicating a type of protocol being performed by said network and said mobile. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification
-
- Resources
-
Current AssigneeWSOU Investments, LLC (WSOU Holdings, LLC)
-
Original AssigneeLucent Technologies, Inc. (Nokia Corporation)
-
InventorsPatel, Sarvar
-
Primary Examiner(s)Caldwell, Andrew
-
Assistant Examiner(s)Callahan, Paul E.
-
Application NumberUS09/127,767Time in Patent Office2,538 DaysField of Search380247-249, 713/156, 713/168, 713/169, 713/202, 455/411US Class Current713/169CPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 63/0869 for achieving mutual authen...H04L 9/3242 involving keyed hash functi...H04W 12/041 Key generation or derivationH04W 12/0431 Key distribution or pre-dis...H04W 12/06 Authentication
