Key generation method for communication session encryption and authentication system

US 7,581,100 B2
Filed: 09/02/2003
Issued: 08/25/2009
Est. Priority Date: 09/02/2003
Status: Active Grant

First Claim

Patent Images

1. A method for mutual authentication in communications between first and second stations, comprising:

generating and storing a set of ephemeral session keys at the first station, ephemeral session keys in the set being associated with respective session key initiation intervals, and being discarded upon expiry of respective session key lifetimes at a time later than expiration of the respective session key initiation intervals;

in response to a request to initiate a communication session received by the first station during a particular session key initiation interval, selecting the associated session key;

sending a message carrying said associated session key to the second station, and receiving a response from the second station including a digital identifier, the digital identifier being information shared between the first station and the second station, or between the first station and a user at the second station, the digital identifier being encrypted using said associated session key to verify receipt of the session key by the second station and to identify the second station or the user of the second station;

generating and storing, in the first station, a set of intermediate data keys, the set of intermediate data keys including intermediate data key (i), for i=1 to at least n, where n is at least 2, and being discarded at a time later than expiration of the particular session key initiation interval;

executing a first set of exchanges including one or more exchanges with the second station, after verifying in said first station receipt of the session key by the second station by decrypting the digital identifier using the associated session key at the first station and positively matching the decrypted digital identifier against an existing entry in a stored list of authorized users, the first set of exchanges including in the i^thexchangesending a message to the second station carrying intermediate data key (i) from said set of intermediate data keys encrypted using the associated session key for a first exchange in first set of exchanges and using the intermediate data key (i−

1) for subsequent exchanges in the first set of exchanges,receiving a response from the second station including a hashed version of intermediate data key (i) encrypted using intermediate data key (i), decrypting the hashed version of the intermediate data key (i), calculating a hashed version of intermediate data key (i) at the first station, and matching the calculated hashed version and the received hashed version of intermediate data key (i) to verify receipt by the second station of intermediate data key (i);

executing a second set of exchanges for mutual authentication after verifying in said first station receipt of the intermediate data key (n−

1) by the second station, includingsending a first message carrying intermediate data key (n) encrypted using a hashed version of a first shared secret,receiving a response from the second station carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the first shared secret, and decrypting the hashed version of the intermediate data key (n), calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the second station of the first shared secret;

sending a second message carrying intermediate data key (n) encrypted using a hashed version of a second shared secret; and

if the second station sends a response to the second message, carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the second shared secret, after possession by the first station of the second shared secret is verified at the second station, the verifying being accomplished at the second station by decrypting the intermediate data key (n) from the second message using the hashed version of the second shared secret, calculating a hashed version of the intermediate data key (n), and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the first station of the second shared secret, thenreceiving the response from the second station, and decrypting the hashed version of the intermediate data key (n) using the hashed version of the second shared secret, calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) at the first station to verify mutual authentication of the first and second stations; and

if mutual authentication is verified at the first station, then sending a message indicating successful authentication;

wherein the session key lifetimes have respective lengths which are longer than said session key initiation intervals, and less than a multiple M times a time required for verification of mutual authentication using said first and second sets of exchanges in expected circumstances, where M is less than or equal to 10.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server provides ephemeral encryption keys in response to a request during a Session Random Key (SRK) initiation interval. SRK is provided for all sessions initiated in the SRK initiation interval. A set of ephemeral intermediate Data Random Keys (DRK) is associated with each request. A message carrying the SRK is sent to the requestor. A response from the requester includes a shared parameter encrypted using the SRK verifying receipt of the SRK. After verifying receipt of the SRK at the requester, at least one message is sent by the server carrying an encrypted version of one of said set of ephemeral intermediate DRK to be accepted as an encryption key for the session.

48 Citations

View as Search Results

14 Claims

1. A method for mutual authentication in communications between first and second stations, comprising:
- generating and storing a set of ephemeral session keys at the first station, ephemeral session keys in the set being associated with respective session key initiation intervals, and being discarded upon expiry of respective session key lifetimes at a time later than expiration of the respective session key initiation intervals;
  
  in response to a request to initiate a communication session received by the first station during a particular session key initiation interval, selecting the associated session key;
  
  sending a message carrying said associated session key to the second station, and receiving a response from the second station including a digital identifier, the digital identifier being information shared between the first station and the second station, or between the first station and a user at the second station, the digital identifier being encrypted using said associated session key to verify receipt of the session key by the second station and to identify the second station or the user of the second station;
  
  generating and storing, in the first station, a set of intermediate data keys, the set of intermediate data keys including intermediate data key (i), for i=1 to at least n, where n is at least 2, and being discarded at a time later than expiration of the particular session key initiation interval;
  
  executing a first set of exchanges including one or more exchanges with the second station, after verifying in said first station receipt of the session key by the second station by decrypting the digital identifier using the associated session key at the first station and positively matching the decrypted digital identifier against an existing entry in a stored list of authorized users, the first set of exchanges including in the i^thexchangesending a message to the second station carrying intermediate data key (i) from said set of intermediate data keys encrypted using the associated session key for a first exchange in first set of exchanges and using the intermediate data key (i−
  
  1) for subsequent exchanges in the first set of exchanges,receiving a response from the second station including a hashed version of intermediate data key (i) encrypted using intermediate data key (i), decrypting the hashed version of the intermediate data key (i), calculating a hashed version of intermediate data key (i) at the first station, and matching the calculated hashed version and the received hashed version of intermediate data key (i) to verify receipt by the second station of intermediate data key (i);
  
  executing a second set of exchanges for mutual authentication after verifying in said first station receipt of the intermediate data key (n−
  
  1) by the second station, includingsending a first message carrying intermediate data key (n) encrypted using a hashed version of a first shared secret,receiving a response from the second station carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the first shared secret, and decrypting the hashed version of the intermediate data key (n), calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the second station of the first shared secret;
  
  sending a second message carrying intermediate data key (n) encrypted using a hashed version of a second shared secret; and
  
  if the second station sends a response to the second message, carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the second shared secret, after possession by the first station of the second shared secret is verified at the second station, the verifying being accomplished at the second station by decrypting the intermediate data key (n) from the second message using the hashed version of the second shared secret, calculating a hashed version of the intermediate data key (n), and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the first station of the second shared secret, thenreceiving the response from the second station, and decrypting the hashed version of the intermediate data key (n) using the hashed version of the second shared secret, calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) at the first station to verify mutual authentication of the first and second stations; and
  
  if mutual authentication is verified at the first station, then sending a message indicating successful authentication;
  
  wherein the session key lifetimes have respective lengths which are longer than said session key initiation intervals, and less than a multiple M times a time required for verification of mutual authentication using said first and second sets of exchanges in expected circumstances, where M is less than or equal to 10.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, including using said associated session key in response to another request to initiate a communication session from a third station received by the first station during said particular session key initiation interval, and using other session keys from the set of ephemeral session keys after expiry of said particular session key initiation interval.
  - 3. The method of claim 2, including associating a unique set of intermediate data keys with each session key.
  - 4. The method of claim 1, including:
    - providing a buffer at the first station;
      
      storing the set of ephemeral session keys in the buffer; and
      
      removing session keys from said buffer upon expiry of respective session key lifetime.
  - 5. The method of claim 4, wherein the session key lifetimes have respective lengths longer or equal to a time required for verification of mutual authentication using said first and second sets of exchanges in expected circumstances.
  - 6. The method of claim 1, wherein said message indicating successful authentication carries a signal encrypted using intermediate data key (n−
    - 1) or using another prearranged one of said intermediate data keys (i).
  - 7. The method of claim 1, including using intermediate data key (n) as a symmetrical key to encrypt data during post-authentication in communications between the first and second stations in the communication session.

8. A data processing apparatus, comprising:
- a processor associated with a first station, a communication interface adapted for connection to a communication medium, and memory storing instructions for execution by the data processor, the instructions including logic to receive a request via the communication interface for initiation of a communication session between a first station and a second station;
  
  logic to provide for mutual authentication in communications between the first station and a second station, comprising;
  
  generating and storing a set of ephemeral session keys at the first station, ephemeral session keys in the set being associated with respective session key initiation intervals, and being discarded upon expiry of respective session key lifetimes at a time later than expiration of the respective session key initiation intervals;
  
  in response to a request to initiate a communication session received by the first station during a particular session key initiation interval, selecting the associated session key;
  
  sending a message carrying said associated session key to the second station, and receiving a response from the second station including a digital identifier, the digital identifier being information shared between the first station and the second station, or between the first station and a user at the second station, the digital identifier being encrypted using said associated session key to verify receipt of the session key by the second station and to identify the second station or the user of the second station;
  
  generating and storing, in the first station, a set of intermediate data keys, the set of intermediate data keys including intermediate data key (i), for i=1 to at least n, where n is at least 2, and being discarded at a time later than expiration of the particular session key initiation interval;
  
  executing a first set of exchanges including one or more exchanges with the second station, after verifying in said first station receipt of the session key by the second station by decrypting the digital identifier using the associated session key at the first station and positively matching the decrypted digital identifier against an existing entry in a stored list of authorized users, the first set of exchanges including in the i^thexchangesending a message to the second station carrying intermediate data key (i) from said set of intermediate data keys encrypted using the associated session key for a first exchange in first set of exchanges and using the intermediate data key (i−
  
  1) for subsequent exchanges in the first set of exchanges,receiving a response from the second station including a hashed version of intermediate data key (i) encrypted using intermediate data key (i), and decrypting the hashed version of the intermediate data key (i), calculating a hashed version of intermediate data key (i) at the first station, and matching the calculated hashed version and the received hashed version of intermediate data key (i) to verify receipt by the second station of intermediate data key (i);
  
  executing a second set of exchanges for mutual authentication after verifying in said first station receipt of the intermediate data key (n−
  
  1) by the second station, includingsending a first message carrying intermediate data key (n) encrypted using a hashed version of a first shared secret,receiving a response from the second station carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the first shared secret, and decrypting the hashed version of the intermediate data key (n), calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the second station of the first shared secret;
  
  sending a second message carrying intermediate data key (n) encrypted using a hashed version of a second shared secret; and
  
  if the second station sends a response to the second message, carrying a hashed version of intermediate data key (n) encrypted using a hashed version of the second shared secret, after possession by the first station of the second shared secret is verified at the second station, the verifying being accomplished at the second station by decrypting the intermediate data key (n) from the second message using the hashed version of the second shared secret, calculating a hashed version of the intermediate data key (n), and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) to verify possession by the first station of the second shared secret, thenreceiving the response from the second station, and decrypting the hashed version of the intermediate data key (n) using the hashed version of the second shared secret, calculating a hashed version of intermediate data key (n) at the first station, and matching the calculated hashed version and the decrypted hashed version of intermediate data key (n) at the first station to verify mutual authentication of the first and second stations; and
  
  if mutual authentication is verified at the first station, then sending a message indicating successful authentication;
  
  wherein the session key lifetimes have respective lengths which are longer than said session key initiation intervals, and less than a multiple M times a time required for verification of mutual authentication using said first and second sets of exchanges in expected circumstances, where M is less than or equal to 10.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, including logic to use said associated session key in response to another request to initiate a communication session from a third station received by the first station during said particular session key initiation interval, and using other session keys from the set of ephemeral session keys after expiry of said particular session key initiation interval.
  - 10. The apparatus of claim 9, including logic to associate a unique set of intermediate data keys with each session key.
  - 11. The apparatus of claim 8, including a buffer at the first station;
    - logic to store the set of ephemeral session keys in the buffer and to remove session keys in said set of ephemeral session keys from said buffer after expiry of the respective session key lifetimes.
  - 12. The apparatus of claim 11, wherein the session key lifetimes have respective lengths longer or equal to a time required for verification of mutual authentication using said first and second sets of exchanges.
  - 13. The apparatus of claim 8, wherein said message indicating successful authentication carries a signal encrypted using intermediate data key (n−
    - 1) or using another prearranged one of said intermediate data keys (i).
  - 14. The apparatus of claim 8, including using intermediate data key (n) as a symmetrical key to encrypt data during post-authentication communications between the first and second stations in the communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative
Inventors
Mizrah, Len L.
Primary Examiner(s)
LaForgia; Christian
Assistant Examiner(s)
Homayounmehr; Farid

Application Number

US10/653,503
Publication Number

US 20050050328A1
Time in Patent Office

2,184 Days
Field of Search

713/164, 713/169, 713/150, 713/171, 380/277, 380/30, 726/5
US Class Current

713/171
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 9/0844   with user authentication or...

H04L 9/3273   for mutual authentication n...

Key generation method for communication session encryption and authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Key generation method for communication session encryption and authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links