System and method for establishing secure communication

US 7,373,507 B2
Filed: 11/08/2001
Issued: 05/13/2008
Est. Priority Date: 08/10/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure communications session between a first computing device and a second computing device, the method comprising:

retrieving a first random number at the first computing device;

retrieving a second random number at the second computing device;

retrieving at least one public-private key pair including a public key and a private key;

sending a message from said second computing device to said first computing device, said message from said second computing device to said first computing device including said first random number and the public key of said at least one public-private key pair to thereby share at least said first random number with said first communication device, said message from said second computing device to said first computing device being encrypted with an encoded password;

providing said encoded password to said first computing device;

using said provided encoded password to decrypt said first message at said first computing device to obtain at least said first random number that said second computing device sent in said message from said second computing device to said first computing device;

sending a message from said first computing device to said second computing device, said message from said first computing device to said second computing device including said second random number, said first computing device encrypting said message it sends to said second computing device;

generating, at each of said first and second computing devices, a shared session key by combining said first random number and second random number that is now available to each of said first and second computing devices through said above-mentioned message exchanges; and

using said shared session key to establish a secure private communication session between said first and second computing devices.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is described in which two parties communicate a first shared random number and a second shared random number, and each independently use a combining function with inputs including the two shared random numbers to obtain a shared secret key. Secure communication of the shared random numbers is performed by using a password and an asymmetric key pair. The password and the private key are not communicated, thereby preventing eavesdroppers from obtaining information sufficient to determine the shared secret key. Direct attacks on the parties are foiled by preventing the password from being stored, not storing the private key, and using two shared random numbers in case one is compromised by an attack on one of the two parties. A party cannot be effectively impersonated without knowledge of the password, and a called party cannot be impersonated without additionally controlling the network.

70 Citations

View as Search Results

16 Claims

1. A method for establishing a secure communications session between a first computing device and a second computing device, the method comprising:
- retrieving a first random number at the first computing device;
  
  retrieving a second random number at the second computing device;
  
  retrieving at least one public-private key pair including a public key and a private key;
  
  sending a message from said second computing device to said first computing device, said message from said second computing device to said first computing device including said first random number and the public key of said at least one public-private key pair to thereby share at least said first random number with said first communication device, said message from said second computing device to said first computing device being encrypted with an encoded password;
  
  providing said encoded password to said first computing device;
  
  using said provided encoded password to decrypt said first message at said first computing device to obtain at least said first random number that said second computing device sent in said message from said second computing device to said first computing device;
  
  sending a message from said first computing device to said second computing device, said message from said first computing device to said second computing device including said second random number, said first computing device encrypting said message it sends to said second computing device;
  
  generating, at each of said first and second computing devices, a shared session key by combining said first random number and second random number that is now available to each of said first and second computing devices through said above-mentioned message exchanges; and
  
  using said shared session key to establish a secure private communication session between said first and second computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said combining includes a logical function.
  - 3. The method of claim 2, wherein said logical function includes an exclusive or (XOR) function.
  - 4. The method of claim 1 wherein said password comprises a user password.
  - 5. The method of claim 1 wherein said encoded password comprises a user password encoded with a hash function.
  - 6. The method of claim 1 further including generating said first and second random numbers on demand.
  - 7. The method of claim 1 further including generating said public-private key pair on demand.
  - 8. The method of claim 1 wherein said second computing device comprises a server, and said first computing device comprises a client wishing to communicate with said server.
  - 9. The method of claim 1 wherein said first computing device uses said public key obtained from said message send from said second computing device to said first computing device to encrypt said message from said first computing device to said second computing device.
  - 10. The method of claim 1 further including prompting a user to input a password into said first computing device, and encoding said inputted password at said first computing device to provide said encoded password.

11. A method for establishing secure communication between a calling party and a called party, comprising:
- generating, on demand at the called party, an asymmetric key pair including a public key and a private key;
  
  transmitting, from said called party to said calling party, a first encrypted message including a first random number and said public key of said asymmetric key pair, said called party encrypting said first message with an encoded password known to both the calling party and the called party;
  
  said calling party receiving and decrypting said first encrypted message using said encoded password to obtain said first random number and said public key;
  
  said calling party transmitting, to said called party, a second encrypted message including a second random number, said calling party encrypting said second message with said public key of said asymmetric key pair;
  
  said called party receiving and decrypting said second encrypted message to obtain said second random number;
  
  said calling and called parties each independently applying said now-shared first and second random numbers to combining functions to thereby each independently generate a shared secret key; and
  
  said calling and called parties encrypting further communications therebetween at least in part using said shared secret key.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 wherein said symmetric encryption key comprises a password.
  - 13. The method of claim 11 wherein said called party comprises a server and said calling party comprises a client that wishes to communicate with said server.
  - 14. The method of claim 11 further including said called party retrieving said password or encoded password from a user database in response to receipt of a request by said calling party for a secure communication.
  - 15. The method of claim 11 wherein said generating comprises generating said asymmetric key pair at said called party.
  - 16. The method of claim 11 wherein said encrypted communication proceeds between said calling party and said called party without requiring said calling party to generate an asymmetric key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Plethora Technology, Inc.
Original Assignee
Plethora Technology, Inc.
Inventors
Simms, Timothy J.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Abrishamkar; Kaveh

Application Number

US09/986,319
Publication Number

US 20020056040A1
Time in Patent Office

2,378 Days
Field of Search

713/171, 713/183, 713/169, 713/150, 380/283, 380/285
US Class Current

713/168
CPC Class Codes

A41B 2400/20 Air permeability; Ventilation

H04L 9/0844 with user authentication or...

System and method for establishing secure communication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for establishing secure communication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links