Method for distributing and authenticating public keys using random numbers and Diffie-Hellman public keys
First Claim
Patent Images
1. A method for a second machine to distribute a public cryptographic key (PKs) to a first machine, said method comprising:
- receiving message data, by the second machine from the first machine as a result of the message data having been sent by the first machine to the second machine, wherein the message data consists of a concatenation of an identifier (ID) of the first machine, a character string (StrPKc) denoting that a private key (PKc) of the first machine has been compromised, and eSKc(Hash(ID,StrPKc)), wherein Hash(ID,StrPKc) denotes a hashing of ID and StrPKc, and wherein eSKc(Hash(ID,StrPKc)) denotes an encryption of Hash(ID,StrPKc) using the private key PKc to form a signature represented by the encryption;
after said receiving the message data, said second machine verifying the signature using a public key associated with PKc;
after a suspension of data exchange between the first machine and the second machine after said verifying the signature, receiving a message, by the second machine from the first machine as a result of the message having been sent by the first machine to the second machine, wherein the message consists of a concatenation of ID, a first Diffie-Hellman public key (Dc), and a prime modulus (P), wherein Dc=(PW**Rc) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein Rc is a first random number;
after said receiving the message, generating, by the second machine, a second random number (Rs);
after said generating Rs, computing, by the second machine, a second Diffie-Hellman public key (Ds) according to Ds=(PW**Rs) Mod P;
after said computing Ds, computing, by the second machine, a Diffie-Hellman symmetric secret key (S) according to S=(Dc**Rs) Mod P;
after said computing S, providing, by the second machine, an argument (ARGs) that consists of a concatenation of ID, Dc, P, PKs, Ds, and S;
after said providing ARGs, hashing ARGs, by the second machine, to provide a hashed value denoted as Hash(ARGs);
after said hashing ARGs, forming, by the second machine, an extended concatenation EXTs that consists of a concatenation of ID, PKs, Ds, and Hash(ARGs); and
after said forming EXTs, sending, by the second machine to the first machine, EXTs.
1 Assignment
0 Petitions
Accused Products
Abstract
A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.
62 Citations
2 Claims
-
1. A method for a second machine to distribute a public cryptographic key (PKs) to a first machine, said method comprising:
-
receiving message data, by the second machine from the first machine as a result of the message data having been sent by the first machine to the second machine, wherein the message data consists of a concatenation of an identifier (ID) of the first machine, a character string (StrPKc) denoting that a private key (PKc) of the first machine has been compromised, and eSKc(Hash(ID,StrPKc)), wherein Hash(ID,StrPKc) denotes a hashing of ID and StrPKc, and wherein eSKc(Hash(ID,StrPKc)) denotes an encryption of Hash(ID,StrPKc) using the private key PKc to form a signature represented by the encryption; after said receiving the message data, said second machine verifying the signature using a public key associated with PKc; after a suspension of data exchange between the first machine and the second machine after said verifying the signature, receiving a message, by the second machine from the first machine as a result of the message having been sent by the first machine to the second machine, wherein the message consists of a concatenation of ID, a first Diffie-Hellman public key (Dc), and a prime modulus (P), wherein Dc=(PW**Rc) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein Rc is a first random number; after said receiving the message, generating, by the second machine, a second random number (Rs); after said generating Rs, computing, by the second machine, a second Diffie-Hellman public key (Ds) according to Ds=(PW**Rs) Mod P; after said computing Ds, computing, by the second machine, a Diffie-Hellman symmetric secret key (S) according to S=(Dc**Rs) Mod P; after said computing S, providing, by the second machine, an argument (ARGs) that consists of a concatenation of ID, Dc, P, PKs, Ds, and S; after said providing ARGs, hashing ARGs, by the second machine, to provide a hashed value denoted as Hash(ARGs); after said hashing ARGs, forming, by the second machine, an extended concatenation EXTs that consists of a concatenation of ID, PKs, Ds, and Hash(ARGs); and after said forming EXTs, sending, by the second machine to the first machine, EXTs.
-
-
2. A method for a first machine to authenticate a public cryptographic key (PKs) of a second machine, said method comprising:
-
sending, by the first machine to the second machine, message data consisting of a concatenation of an identifier (ID) of the first machine, a character string (StrPKc) denoting that a private key (PKc) of the first machine has been compromised, and eSKc(Hash(ID,StrPKc)), and wherein eSKc(Hash(ID,StrPKc)) denotes an encryption of Hash(ID,StrPKc) using the private key PKc to form a signature represented by the encryption; after said sending the message data and after a suspension of data exchange between the first machine and the second machine following verification of the signature by the second machine using a public key associated with PKc, generating, by the first machine, a first random number (Rc); after said generating Rc, computing, by the first machine, a first Diffie-Hellman public key (Dc), wherein Dc=(PW**Rc) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein P is a prime modulus; after said computing Dc, sending, by the first machine to the second machine, a message consisting of ID, Dc, and P; after said sending the message, receiving an extended concatenation EXTs, by the first machine from the second machine as a result of EXTs having been sent by the second machine to the first machine, wherein EXTs consists of a concatenation of ID, PKs, a second Diffie-Hellman public key (Ds), and a first hashed value Hash(ARGs), wherein ARGs consists of a concatenation of ID, Dc, P, PKs, Ds, and a first Diffie-Hellman symmetric secret key (S), wherein Ds=(PW**Rs) Mod P, wherein Rs is a second random number, and wherein S=(Dc**Rs) Mod P; after said receiving EXTs, computing, by the first machine, a second Diffie-Hellman symmetric secret key (S′
) according to S′
=(Ds**Rc) Mod P;after said computing S′
, providing, by the first machine, an argument (ARGs′
) that consists of a concatenation of ID, Dc, P, PKs, Ds, and S′
;after said providing ARGs′
hashing ARGs′
, by the first machine, to provide a hashed value denoted as Hash(ARGs′
); andafter said hashing ARGs′
, determining, by the first machine, that Hash(ARGs′
) is equal to Hash(ARGs) to confirm that PKs is authentic.
-
Specification