System and method for establishing secure communication
First Claim
1. A method for establishing a secure communications session between a first computing device and a second computing device, the method comprising:
- retrieving a first random number at the first computing device;
retrieving a second random number at the second computing device;
retrieving at least one public-private key pair including a public key and a private key;
sending a message from said second computing device to said first computing device, said message from said second computing device to said first computing device including said first random number and the public key of said at least one public-private key pair to thereby share at least said first random number with said first communication device, said message from said second computing device to said first computing device being encrypted with an encoded password;
providing said encoded password to said first computing device;
using said provided encoded password to decrypt said first message at said first computing device to obtain at least said first random number that said second computing device sent in said message from said second computing device to said first computing device;
sending a message from said first computing device to said second computing device, said message from said first computing device to said second computing device including said second random number, said first computing device encrypting said message it sends to said second computing device;
generating, at each of said first and second computing devices, a shared session key by combining said first random number and second random number that is now available to each of said first and second computing devices through said above-mentioned message exchanges; and
using said shared session key to establish a secure private communication session between said first and second computing devices.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method is described in which two parties communicate a first shared random number and a second shared random number, and each independently use a combining function with inputs including the two shared random numbers to obtain a shared secret key. Secure communication of the shared random numbers is performed by using a password and an asymmetric key pair. The password and the private key are not communicated, thereby preventing eavesdroppers from obtaining information sufficient to determine the shared secret key. Direct attacks on the parties are foiled by preventing the password from being stored, not storing the private key, and using two shared random numbers in case one is compromised by an attack on one of the two parties. A party cannot be effectively impersonated without knowledge of the password, and a called party cannot be impersonated without additionally controlling the network.
70 Citations
16 Claims
-
1. A method for establishing a secure communications session between a first computing device and a second computing device, the method comprising:
-
retrieving a first random number at the first computing device; retrieving a second random number at the second computing device; retrieving at least one public-private key pair including a public key and a private key; sending a message from said second computing device to said first computing device, said message from said second computing device to said first computing device including said first random number and the public key of said at least one public-private key pair to thereby share at least said first random number with said first communication device, said message from said second computing device to said first computing device being encrypted with an encoded password; providing said encoded password to said first computing device; using said provided encoded password to decrypt said first message at said first computing device to obtain at least said first random number that said second computing device sent in said message from said second computing device to said first computing device; sending a message from said first computing device to said second computing device, said message from said first computing device to said second computing device including said second random number, said first computing device encrypting said message it sends to said second computing device; generating, at each of said first and second computing devices, a shared session key by combining said first random number and second random number that is now available to each of said first and second computing devices through said above-mentioned message exchanges; and using said shared session key to establish a secure private communication session between said first and second computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for establishing secure communication between a calling party and a called party, comprising:
-
generating, on demand at the called party, an asymmetric key pair including a public key and a private key; transmitting, from said called party to said calling party, a first encrypted message including a first random number and said public key of said asymmetric key pair, said called party encrypting said first message with an encoded password known to both the calling party and the called party; said calling party receiving and decrypting said first encrypted message using said encoded password to obtain said first random number and said public key; said calling party transmitting, to said called party, a second encrypted message including a second random number, said calling party encrypting said second message with said public key of said asymmetric key pair; said called party receiving and decrypting said second encrypted message to obtain said second random number; said calling and called parties each independently applying said now-shared first and second random numbers to combining functions to thereby each independently generate a shared secret key; and said calling and called parties encrypting further communications therebetween at least in part using said shared secret key. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification