Key conversion method for communication session encryption and authentication system
First Claim
1. A method for mutual authentication of a first station and a second station, comprising:
- providing a particular data random key at the first station, disassembling and veiling the particular data random key by forming a first conversion array seeded by a shared secret and then encrypting the first conversion array to produce a first encrypted data set, where access to the shared secret indicates authenticity of the first station;
sending a first message to the second station including the first encrypted data set key, where the second station decrypts first encrypted data set and unveils and reassembles said particular data random key using the shared secret, and where the second station disassembles and veils a version of the particular data random key by forming a second conversion array seeded by the shared secret and then encrypts the second conversion array to produce a second encrypted data set, and sends a second message to the first station carrying the second encrypted data set, where access to the shared secret indicates authenticity of the second station;
receiving the second message, and decrypting the second encrypted data set, and reassembling and unveiling the version of the particular data random key at the first station using the shared secret;
determining at the first station if the version of the particular data random key matches an expected version the particular data random key, and if so providing an additional particular data random key at the first station, disassembling and veiling the additional particular data random key by forming a third conversion array seeded by the shared secret and then encrypting the third conversion array to produce a third encrypted data set, where access to the shared secret indicates authenticity of the first station;
sending a third message to the second station including the third encrypted data set, where the second station decrypts the third encrypted data set and reassembles and unveils said additional particular data random key using the shared secret, and where the second station disassembles and veils a version of the additional particular data random key by forming a fourth conversion array seeded by the shared secret and then encrypts the fourth conversion array to produce a fourth encrypted data set, and sends a fourth message to the first station carrying the fourth encrypted data set, where access to the shared secret indicates authenticity of the second station;
receiving the fourth message, and decrypting the fourth encrypted data set and reassembling and unveiling the version of the additional particular data random key at the first station using the shared secret;
determining at the first station if the version of the additional data random key matches an expected version of the additional data random key, and if so disassembling and veiling the additional particular data random key by forming a fifth conversion array seeded by an additional shared secret and then encrypting the fifth conversion array to produce a fifth encrypted data set, where access to the additional shared secret indicates authenticity of the first station; and
sending a fifth message to the second station including the fifth encrypted data set, where the second station decrypts the fifth encrypted data set, reassembles and unveils said additional particular data random key using the additional shared secret, and determines at the second station if a version of the additional data random key matches an expected version of the additional data random key.
2 Assignments
0 Petitions
Accused Products
Abstract
An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server encrypts a particular data random key by first veiling the particular data random key using a first conversion array seeded by a shared secret, and then encrypting the veiled particular data random key. The client decrypts and unveils the particular data random key using the shared secret, and returns a similarly veiled version of the particular data random key using a second conversion array seeded by a shared secret. Access to the shared secret indicates authenticity of the stations. The procedure may be repeated for a second shared secret for strong authentication, without allowing shared secrets to pass via untrusted media.
-
Citations
22 Claims
-
1. A method for mutual authentication of a first station and a second station, comprising:
-
providing a particular data random key at the first station, disassembling and veiling the particular data random key by forming a first conversion array seeded by a shared secret and then encrypting the first conversion array to produce a first encrypted data set, where access to the shared secret indicates authenticity of the first station; sending a first message to the second station including the first encrypted data set key, where the second station decrypts first encrypted data set and unveils and reassembles said particular data random key using the shared secret, and where the second station disassembles and veils a version of the particular data random key by forming a second conversion array seeded by the shared secret and then encrypts the second conversion array to produce a second encrypted data set, and sends a second message to the first station carrying the second encrypted data set, where access to the shared secret indicates authenticity of the second station; receiving the second message, and decrypting the second encrypted data set, and reassembling and unveiling the version of the particular data random key at the first station using the shared secret; determining at the first station if the version of the particular data random key matches an expected version the particular data random key, and if so providing an additional particular data random key at the first station, disassembling and veiling the additional particular data random key by forming a third conversion array seeded by the shared secret and then encrypting the third conversion array to produce a third encrypted data set, where access to the shared secret indicates authenticity of the first station; sending a third message to the second station including the third encrypted data set, where the second station decrypts the third encrypted data set and reassembles and unveils said additional particular data random key using the shared secret, and where the second station disassembles and veils a version of the additional particular data random key by forming a fourth conversion array seeded by the shared secret and then encrypts the fourth conversion array to produce a fourth encrypted data set, and sends a fourth message to the first station carrying the fourth encrypted data set, where access to the shared secret indicates authenticity of the second station; receiving the fourth message, and decrypting the fourth encrypted data set and reassembling and unveiling the version of the additional particular data random key at the first station using the shared secret; determining at the first station if the version of the additional data random key matches an expected version of the additional data random key, and if so disassembling and veiling the additional particular data random key by forming a fifth conversion array seeded by an additional shared secret and then encrypting the fifth conversion array to produce a fifth encrypted data set, where access to the additional shared secret indicates authenticity of the first station; and sending a fifth message to the second station including the fifth encrypted data set, where the second station decrypts the fifth encrypted data set, reassembles and unveils said additional particular data random key using the additional shared secret, and determines at the second station if a version of the additional data random key matches an expected version of the additional data random key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A data processing apparatus, comprising:
-
a processor, a communication interface adapted for connection to a communication medium, and memory storing instructions for execution by the data processor, the instructions including logic to provide a particular data random key at the first station and to disassemble and veil the particular data random key by forming a first conversion array seeded by a shared secret and then to encrypt the first conversion array to produce a first encrypted data set, where access to the shared secret indicates authenticity of the first station; logic to send a first message to the second station including the first encrypted data set, where the second station decrypts and unveils the first encrypted data set using the shared secret, and where the second station disassembles and veils a version of the particular data random key by forming a second conversion array seeded by the shared secret and then encrypts the second conversion array to produce a second encrypted data set, and sends a second message to the first station carrying the second encrypted data set, where access to the shared secret indicates authenticity of the second station; logic to receive the second message, and to decrypt and unveil the version of the particular data random key at the first station using the shared secret; logic to determine at the first station if the version of the particular data random key matches an expected version the particular data random key, and if so provide an additional particular data random key at the first station, disassemble and veil the additional particular data random key by forming a third conversion array seeded by the shared secret and then to encrypt the third conversion array to produce a third encrypted data set, where access to the shared secret indicates authenticity of the first station; logic to send a third message to the second station including the third encrypted data set, where the second station decrypts the third encrypted data set and reassembles and unveils the additional particular data random key using the shared secret, and where the second station disassembles and veils a version of the additional particular data random key by forming a fourth conversion array seeded by the shared secret and then encrypts the fourth conversion array to produce a fourth encrypted data set, and sends a fourth message to the first station carrying the fourth encrypted data set, where access to the shared secret indicates authenticity of the second station; logic to receive the fourth message, and decrypt the fourth encrypted data set and to reassemble and unveil the version of the additional particular data random key at the first station using the shared secret; logic to determine at the first station if the version of the additional data random key matches an expected version of the additional data random key, and if so to disassemble and veil the additional particular data random key by forming a fifth conversion array seeded by an additional shared secret and then encrypt the fifth conversion array to produce a fifth encrypted data set, where access to the additional shared secret indicates authenticity of the first station; and logic to send a fifth message to the second station including the fifth encrypted data set, where the second station can decrypt the fifth encrypted data set, and can reassemble and unveil said additional particular data random key using the additional shared secret, in order to determine at the second station if a version of the additional data random key matches an expected version of the additional data random key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article, comprising:
-
machine readable data storage medium having computer program instructions stored therein for establishing a communication session on a communication medium between a first data processing station and a second data processing station having access to the communication medium, said instructions comprising logic to provide a particular data random key at the first station and to disassemble and veil the particular data random key by forming a first conversion array seeded by a shared secret and then to encrypt the first conversion array to produce a first encrypted data set, where access to the shared secret indicates authenticity of the first station; logic to send a first message to the second station including the first encrypted data set, where the second station decrypts and unveils the first encrypted data set using the shared secret, and where the second station disassembles and veils a version of the particular data random key by forming a second conversion array seeded by the shared secret and then to encrypt the second conversion array to produce a second encrypted data set, and sends a second message to the first station carrying the second encrypted data set, where access to the shared secret indicates authenticity of the second station; logic to receive the second message, and to decrypt and unveil the version of the particular data random key at the first station using the shared secret; logic to determine at the first station if the version of the particular data random key matches an expected version the particular data random key, and if so provide an additional particular data random key at the first station, disassemble and veil the additional particular data random key by forming a third conversion array seeded by the shared secret and then to encrypt the third conversion array to produce a third encrypted data set, where access to the shared secret indicates authenticity of the first station; logic to send a third message to the second station including the third encrypted data set, where the second station decrypts the third encrypted data set and reassembles and unveils the additional particular data random key using the shared secret, and where the second station disassembles and veils a version of the additional particular data random key by forming a fourth conversion array seeded by the shared secret and then encrypts the fourth conversion array to produce a fourth encrypted data set, and sends a fourth message to the first station carrying the fourth encrypted data set, where access to the shared secret indicates authenticity of the second station; logic to receive the fourth message, and decrypt the fourth encrypted data set and to reassemble and unveil the version of the additional particular data random key at the first station using the shared secret; logic to determine at the first station if the version of the additional data random key matches an expected version of the additional data random key, and if so to disassemble and veil the additional particular data random key by forming a fifth conversion array seeded by an additional shared secret and then encrypt the fifth conversion array to produce a fifth encrypted data set, where access to the additional shared secret indicates authenticity of the first station; and logic to send a fifth message to the second station including the fifth encrypted data set, where the second station can decrypt the fifth encrypted data set, and can reassemble and unveil said additional particular data random key using the additional shared secret, in order to determine at the second station if a version of the additional data random key matches an expected version of the additional data random key. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for mutual authentication of a first station and a second station, comprising:
-
providing a particular data random key at the first station, disassembling and veiling the particular data random key by forming a first conversion array seeded by a shared secret and then encrypting the first conversion array to produce a first encrypted data set, where access to the shared secret indicates authenticity of the first station; sending a first message to the second station including the first encrypted data set, where the second station decrypts first encrypted data set and unveils and reassembles said particular data random key using the shared secret; receiving the first message at the second station and decrypting the first encrypted data set, and reassembling and unveiling the particular data random key at the second station; and determining at the second station if the particular data random key matches an expected version the particular data random key, and if so and disassembling and veiling a version of the particular data random key by forming a second conversion array seeded by the shared secret and then encrypting the second conversion array to produce a second encrypted data set, and sending a second message to the first station carrying the second encrypted data set, where access to the shared secret indicates authenticity of the second station; receiving the second message at the first station, and decrypting the second encrypted data set, and reassembling and unveiling the version of the particular data random key at the first station using the shared secret; determining at the first station if the version of the particular data random key matches an expected version the particular data random key, and if so providing an additional particular data random key at the first station, disassembling and veiling the additional particular data random key by forming a third conversion array seeded by the shared secret and then encrypting the third conversion array to produce a third encrypted data set, where access to the shared secret indicates authenticity of the first station; sending a third message to the second station including the third encrypted data set; receiving the third message at the second station and decrypting the third encrypted data set and unveiling and reassembling the additional particular data random key using the shared secret, and determining at the second station if the additional particular data random key matches an expected version the additional particular data random key, and if so disassembling and veiling a version of the additional particular data random key by forming a fourth conversion array seeded by the shared secret and then encrypting the fourth conversion array to produce a fourth encrypted data set; sending a fourth message to the first station carrying the fourth encrypted data set, where access to the shared secret indicates authenticity of the second station; receiving the fourth message, and decrypting the fourth encrypted data set and unveiling and reassembling the version of the additional particular data random key at the first station using the shared secret; determining at the first station if the version of the additional data random key matches an expected version the additional data random key, and if so disassembling and veiling the additional particular data random key by forming a fifth conversion array seeded by an additional shared secret and then encrypting the fifth conversion array to produce a fifth encrypted data set, where access to the additional shared secret indicates authenticity of the first station; sending a fifth message to the second station including the fifth encrypted data set; receiving the fifth message at the second station, and decrypting the fifth encrypted data set, and unveiling and reassembling said additional particular data random key using the additional shared secret; and determining at the second station if a version of the additional data random key matches an expected version of the additional data random key.
-
Specification