×

Method for distributing and authenticating public keys using random numbers and Diffie-Hellman public keys

  • US 7,480,384 B2
  • Filed: 02/10/2003
  • Issued: 01/20/2009
  • Est. Priority Date: 02/10/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for a second machine to distribute a public cryptographic key (PKs) to a first machine, said method comprising:

  • receiving message data, by the second machine from the first machine as a result of the message data having been sent by the first machine to the second machine, wherein the message data consists of a concatenation of an identifier (ID) of the first machine, a character string (StrPKc) denoting that a private key (PKc) of the first machine has been compromised, and eSKc(Hash(ID,StrPKc)), wherein Hash(ID,StrPKc) denotes a hashing of ID and StrPKc, and wherein eSKc(Hash(ID,StrPKc)) denotes an encryption of Hash(ID,StrPKc) using the private key PKc to form a signature represented by the encryption;

    after said receiving the message data, said second machine verifying the signature using a public key associated with PKc;

    after a suspension of data exchange between the first machine and the second machine after said verifying the signature, receiving a message, by the second machine from the first machine as a result of the message having been sent by the first machine to the second machine, wherein the message consists of a concatenation of ID, a first Diffie-Hellman public key (Dc), and a prime modulus (P), wherein Dc=(PW**Rc) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein Rc is a first random number;

    after said receiving the message, generating, by the second machine, a second random number (Rs);

    after said generating Rs, computing, by the second machine, a second Diffie-Hellman public key (Ds) according to Ds=(PW**Rs) Mod P;

    after said computing Ds, computing, by the second machine, a Diffie-Hellman symmetric secret key (S) according to S=(Dc**Rs) Mod P;

    after said computing S, providing, by the second machine, an argument (ARGs) that consists of a concatenation of ID, Dc, P, PKs, Ds, and S;

    after said providing ARGs, hashing ARGs, by the second machine, to provide a hashed value denoted as Hash(ARGs);

    after said hashing ARGs, forming, by the second machine, an extended concatenation EXTs that consists of a concatenation of ID, PKs, Ds, and Hash(ARGs); and

    after said forming EXTs, sending, by the second machine to the first machine, EXTs.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×