Verification protocol

US 7,036,015 B2
Filed: 01/28/2002
Issued: 04/25/2006
Est. Priority Date: 01/31/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of establishing a session key between a pair of correspondents in a data communication system, each of said correspondents sharing secret information, said method comprising the steps of:

a) one of said correspondents generating additional secret information and deriving therefrom a session key;

b) said one of said correspondents combining said secret information and said additional secret information in a signal algorithm to provide a first signature component;

c) said one of said correspondents deriving a second signature component from said secret information;

d) said one of said correspondents transferring said first and second signature components to the other of said correspondents;

e) said other of said correspondents using said secret information to obtain said additional secret information from said first signature component and generating a said session key from said secret information and said additional secret information; and

f) said other of said correspondents verifying said second signature component by operating upon said session key obtained at said other of said correspondents to obtain a value corresponding to said second signature component and comparing such value with said second signature component.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital signature verification protocol utilises a pair of signature components incorporating a pair of private keys, one of which is a long term key and the other of which is a short term key.

The long term key is applied to one of the signature components to reveal the short term key.

The short tern key is then used to compute a value of a signature component contained in the signature. If the computed value and received values agree then authenticity is verified.

34 Citations

View as Search Results

12 Claims

1. A method of establishing a session key between a pair of correspondents in a data communication system, each of said correspondents sharing secret information, said method comprising the steps of:
- a) one of said correspondents generating additional secret information and deriving therefrom a session key;
  
  b) said one of said correspondents combining said secret information and said additional secret information in a signal algorithm to provide a first signature component;
  
  c) said one of said correspondents deriving a second signature component from said secret information;
  
  d) said one of said correspondents transferring said first and second signature components to the other of said correspondents;
  
  e) said other of said correspondents using said secret information to obtain said additional secret information from said first signature component and generating a said session key from said secret information and said additional secret information; and
  
  f) said other of said correspondents verifying said second signature component by operating upon said session key obtained at said other of said correspondents to obtain a value corresponding to said second signature component and comparing such value with said second signature component.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method of claim 1 wherein said first signature component includes public information associated with said other correspondent and said other correspondent utilizes said public information to obtain said additional secret information.
  - 3. A method according to claim 2 wherein said secret information and public information are combined in said signature algorithm and such combination is precomputed and stored by said one correspondent.
  - 4. A method according to claim 3 wherein said combination is the product of said secret information and said public information.
  - 5. A method according to claim 1 wherein a portion of said secret information is utilized to provide said second signature component.
  - 6. A method according to claim 5 wherein said secret information represents the coordinates of a point on an elliptic curve and said portion is one of said coordinates.
  - 7. A method according to claim 5 wherein said portion is hashed by a secure hash function to provide said second signature component.

8. A method of establishing a session key between a first correspondent and a selected one of a plurality of second correspondents connected to said first correspondent, said method comprising providing each of said second correspondents a respective secret information;
- storing each said secret information at said first correspondent to associate each said stored secret information with a respective second correspondent;
  
  said selected one of said second correspondents combing said secret information and additional secret information in a signature algorithm to provide a first signature component, said additional secret information being used by said selected correspondent to generate a session key;
  
  said selected one of said second correspondents deriving a second signature component from said secret information;
  
  said first correspondent receiving from said selected one of said second correspondents said first and second signature components;
  
  said first correspondent retrieving said stored secret information associated with said selected one of said second correspondents and using said secret information to obtain said additional secret information and generating said session key from said secret information of said selected one of said second correspondents and said additional secret information; and
  
  said first correspondent verifying said second signature component by operating upon said session key obtained at said first correspondent to obtain a value corresponding to said second signature component and comparing such value with said second signature component.
- View Dependent Claims (9, 10, 11, 12)
- - 9. A method of claim 8 wherein said first signature component includes public information associated with said first correspondent and said first correspondent utilizes said public information to obtain said additional secret information.
  - 10. A method according to claim 8 wherein a portion of said secret information is utilized to provide said second signature component.
  - 11. A method according to claim 10 wherein said secret information represents the coordinates of a point on an elliptic curve and said portion is one of said coordinates.
  - 12. A method according to claim 10 wherein said portion is hashed by a secure hash function to provide said second signature component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certicom Corporation (Blackberry Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Vanstone, Scott A., Johnson, Donald B.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Kim, Jung W.

Application Number

US10/056,060
Publication Number

US 20020152385A1
Time in Patent Office

1,548 Days
Field of Search

713/180, 713/171, 380/28, 380/30
US Class Current

713/180
CPC Class Codes

G06F 7/725   over elliptic curves

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3066   involving algebraic varieti...

H04L 9/3247   involving digital signatures

Verification protocol

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Verification protocol

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links