Secure handshake protocol

US 6,931,528 B1
Filed: 11/10/1998
Issued: 08/16/2005
Est. Priority Date: 11/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for a secure handshake protocol between a first party and a second party, connected via a communications channel, wherein each party supports a respective set of cipher suites and for each party, a respective certificate is defined, each of the certificates comprising a public key of its respective owner, the method being characterized in that comprising:

sending from the first party to the second party a first inter-party message indicating the set of cipher suites supported by the first party, parameters required by the cipher suites, and an identifier of the first party;

wherein in response to the first inter-party message, the second party;

selects one of said indicated cipher suites which is also supported by the second party;

uses said identifier to obtain the certificate of the first party over a connection which is significantly faster than the communications channel connecting said parties;

verifies said obtained certificate of the first party and thereby obtains the public key of the first party;

sends a second inter-party message comprising the certificate of the second party, an indication that the second party has verified the certificate of the first party, and an indication about said selected cipher suite;

wherein in response to the second inter-party message, the first party;

begins to use the selected cipher suite;

verifies the certificate of the second party and thereby obtains the public key of the second party;

sends a third inter-party message indicating that the first party has verified the certificate of the second party;

and wherein information not needed for the above steps can be sent from the first party to the second party in the third inter-party message, thus providing a two-way key-exchange and mutual verification with an effective overhead of two inter-party messages.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for a secure handshake protocol between A and B, connected by a slow channel is provided in which A sends a first message indicating a set of cipher suites with parameters, and its identifier and B selects a cipher suite, obtains A'"'"'s certificate over a fast connection, verifies A'"'"'s certificate and obtains A'"'"'s public key. Next B sends a second message comprising B'"'"'s certificate, and an indication that B has verified A'"'"'s certificate, and an indication about the selected cipher suite. A begins to use the selected cipher suite, verifies B'"'"'s certificate and obtains B'"'"'s public key. Next A sends a third message indicating that A has verified B'"'"'s certificate.

Citations

10 Claims

1. A method for a secure handshake protocol between a first party and a second party, connected via a communications channel, wherein each party supports a respective set of cipher suites and for each party, a respective certificate is defined, each of the certificates comprising a public key of its respective owner, the method being characterized in that comprising:
- sending from the first party to the second party a first inter-party message indicating the set of cipher suites supported by the first party, parameters required by the cipher suites, and an identifier of the first party;
  
  wherein in response to the first inter-party message, the second party;
  
  selects one of said indicated cipher suites which is also supported by the second party;
  
  uses said identifier to obtain the certificate of the first party over a connection which is significantly faster than the communications channel connecting said parties;
  
  verifies said obtained certificate of the first party and thereby obtains the public key of the first party;
  
  sends a second inter-party message comprising the certificate of the second party, an indication that the second party has verified the certificate of the first party, and an indication about said selected cipher suite;
  
  wherein in response to the second inter-party message, the first party;
  
  begins to use the selected cipher suite;
  
  verifies the certificate of the second party and thereby obtains the public key of the second party;
  
  sends a third inter-party message indicating that the first party has verified the certificate of the second party;
  
  and wherein information not needed for the above steps can be sent from the first party to the second party in the third inter-party message, thus providing a two-way key-exchange and mutual verification with an effective overhead of two inter-party messages.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said step of obtaining the certificate of the first party comprises retrieving it from a source external to the second party.
  - 3. A method according to claim 2, wherein said external source is a register of a telecommunications network or a directory service substantially conforming to ISO standard X.509.
  - 4. A method according to claim 1, wherein said step of obtaining the certificate of the first party comprises retrieving it from a local memory.
  - 5. A method according to claim 1, wherein said identifier of the first party is formed by means of a one-way function.
  - 6. A method according to claim 1, wherein said second inter-party message comprises a pre-master secret which the second party obtains by generating a random number and encrypting it with the public key of the first party.

7. A telecommunications apparatus configured to act as a first party in a secure handshake protocol between said apparatus and a second party, said apparatus comprising:
- a first party unit,wherein said first party unit is configured to;
  
  send a first message to the second party, said first message indicating a set of cipher suites, parameters required by said cipher suites, and an identifier of the apparatus;
  
  receive a second message from the second party, said second message comprising an indication about a cipher suite selected by said second party, a certificate of the second party, an indication that the second party has used said identifier of the apparatus to obtain and verify a certificate of the apparatus, and;
  
  use the cipher suite indicated by said second message;
  
  verify the certificate of the second party and thereby obtain a public key of the second party; and
  
  send a third message to the second party, said third message indicating that the apparatus has verified the certificate of the second party.
- View Dependent Claims (8)
- - 8. A telecommunications apparatus according to claim 7, wherein said first party unit is further configured to insert information not needed for the above operations in said third message.

9. A telecommunications apparatus configured to respond to a secure handshake protocol initiated by a first party, said apparatus being connectable to said first party by a communications channel, said apparatus comprising:
- a second party unit,wherein said second party unit is configured to;
  
  receive a first message from the first party, said first message indicating a set of cipher suites, parameters required by the cipher suites, and an identifier of the first party;
  
  select one of said indicated cipher suites;
  
  use the identifier to obtain a certificate of the first party over a connection which is significantly faster than said communications channel;
  
  verify said obtained certificate of the first party and thereby obtain a public key of the first party;
  
  send a second message to the first party, said second message comprising a certificate of the apparatus, indicating that the apparatus has verified the certificate of the first party, and indicating said selected cipher suite; and
  
  receive a third message from the first party, said third message indicating that the first party has verified the certificate of the apparatus.
- View Dependent Claims (10)
- - 10. A telecommunications apparatus according to claim 9, wherein said second party unit is further configured to extract information not needed for the above operations from said third message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Networks (Nokia Corporation)
Inventors
Immonen, Olli
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Revak, Christopher

Application Number

US09/554,112
Time in Patent Office

2,471 Days
Field of Search

713150-157, 713168-176, 713181-186, 709223-230, 455/511, 380/30, 380277-279, 380283-285, 380/44, 340/5.26, 705/50, 705/64, 705/71
US Class Current

713/151
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

Secure handshake protocol

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Secure handshake protocol

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links