Method for securing a communication

US 7,607,012 B2
Filed: 10/01/2003
Issued: 10/20/2009
Est. Priority Date: 10/01/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

computing an authentication code using a first key and a second key within a responder,transmitting both said second key and said authentication code from said responder to an initiator using a first communication channel, after computing said authentication code,transmitting said first key from said responder to said initiator using a second communication channel,computing a verification code using said first key and said second key within said initiator,comparing said verification code with said authentication code within said initiator, andauthenticating said responder as a correct communication partner if said comparing checks out,wherein said second key is a secret key and said first communication channel is a secure channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing a communication between at least one initiator (I) and one responder (R) generates a first key (KEr) within the responder (R), generates a second key (K) within the responder (R), computes an authentication code (C) using the first key (KEr) and the second key within said responder (R), transmits the second key (K) and the authentication code (C) from the responder (R) to the initiator (I) using a first communication channel, transmits the first key (KEr) from the responder (R) to the initiator (I) using a second communication channel, computes a verification code (C′) using the first key (KEr) and the second key (K) within the initiator (I), and compares the verification code (C′) with the authentication code (C) within the initiator.

Citations

32 Claims

1. A method comprising:
- computing an authentication code using a first key and a second key within a responder,transmitting both said second key and said authentication code from said responder to an initiator using a first communication channel, after computing said authentication code,transmitting said first key from said responder to said initiator using a second communication channel,computing a verification code using said first key and said second key within said initiator,comparing said verification code with said authentication code within said initiator, andauthenticating said responder as a correct communication partner if said comparing checks out,wherein said second key is a secret key and said first communication channel is a secure channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first key is generated within said responder.
  - 3. The method of claim 1, wherein the second key is generated within said responder.
  - 4. The method of claim 1, wherein in the transmitting of said second key and said authentication code, said second key and said authentication code are transmitted via a confidential or authenticated communication channel or both.
  - 5. The method of claim 1, wherein in the transmitting of said first key, said first key is transmitted via an open communication channel.
  - 6. The method of claim 1, wherein said second key is composed of a first part and a second part and wherein said first part is used for computing said authentication code and said second part is used for calculating an authentication value.
  - 7. The method of claim 6, wherein said first part is an empty string and wherein said authentication code is calculated as an unkeyed hash code.
  - 8. The method of claim 1, wherein said authentication code and said verification code are computed using an algorithm to compute a short message authentication code.
  - 9. The method of claim 1, wherein if the comparison of authentication code and verification code yields a difference, said initiator requests said responder to retransmit said first key.
  - 10. The method of claim 1 further comprising calculating an authentication value within said initiator using said second key.
  - 11. The method of claim 10, wherein said authentication code is calculated using a pseudo random function.
  - 12. The method of claim 10, further comprising using said authentication value for authenticating messages that have been transmitted from said initiator to said responder, or vice versa.
  - 13. The method of claim 12, wherein the computing of an authentication code and the transmitting of said second key and said authentication code are utilize pre-authentication messages, and wherein the transmitting of said first key and the using of said authentication value utilize internet key exchange protocol messages.
  - 14. The method of claim 1, wherein said computing the authentication code and said computing the verification code both use a message authentication code function of only two variables, said two variables being the first key and the second key.

15. A method comprising:
- computing an authentication code using a raw public key and a second key within a responder,transmitting both said second key and said authentication code from said responder to an initiator using a first communication channel, after computing said authentication code,transmitting said raw public key from said responder to said initiator within an encrypted certification payload using a second communication channel,extracting said raw public key from said encrypted certification payload,computing a verification code using said raw public key and said second key within said initiator,comparing said verification code with said authentication code within said initiator, andauthenticating said responder as a correct communication partner if said comparing checks out,wherein said second key is a secret key and said first communication channel is a secure channel.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, wherein said raw public key is generated within said responder.
  - 17. The method of claim 15, wherein the second key is generated within said responder.
  - 18. The method of claim 15, wherein the transmitting of said second key and said authentication code, said second key and said authentication code are transmitted via a confidential or authenticated communication channel or both.
  - 19. The method of claim 15, wherein said second key is composed of a first part and a second part and wherein said first part is used for computing said authentication code and said second part is used for calculating an authentication value.
  - 20. The method of claim 15, wherein said first part is an empty string and wherein said authentication code is calculated as an unkeyed hash code.
  - 21. The method of claim 15, wherein in the transmitting of said raw public key, said encrypted certification payload comprising said raw public key is transmitted via an open communication channel.
  - 22. The method of claim 15, wherein said authentication code and said verification code are computed using an algorithm to compute a short message authentication code.
  - 23. The method of claim 15, wherein if the comparison of the authentication code and the verification code yields a difference, said initiator requests said responder to retransmit said certification payload.
  - 24. The method of claim 15, wherein in further steps for communicating the second key is used for authenticating the initiator to the responder.
  - 25. The method of claim 15, wherein the computing of an authentication code and the transmitting of said second key and said authentication code utilize pre-authentication messages and wherein the transmitting of said raw public key is utilizes an internet key exchange protocol with extended authentication protocol message.

26. A system comprising an initiator and a responder,whereinsaid responder comprisescomputing means configured to compute an authentication code from a first key and a second key,first transmission means configured to transmit both said second key and said authentication code from said responder to said initiator using a first communication channel, after computing said authentication code, andsecond transmission means configured to transmit said first key from said responder to said initiator using a second communication channel, and whereinsaid initiator comprisesfirst transmission means configured to receive said second key and said authentication code from said responder via said first communication channel,second transmission means configured to receive said first key from said responder via said second communication channel,computing means configured to compute a verification code from said first key and said second key, andcomparing means configured to compare said verification code with said authentication codewherein said second key is a secret key and said first communication channel is a secure channel.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The system of claim 26, wherein said responder further comprises generating means for generating the first key or the second key or both.
  - 28. The system of claim 26, wherein said first transmission means of said responder and said initiator allow communicating via a confidential or authenticated communication channel or both.
  - 29. The system of claim 26, wherein said second transmission means of said responder and said initiator allow communicating via an open communication channel.
  - 30. The system of claim 26, wherein said initiator and said responder comprise operating means to be operated according to an internet key exchange protocol.

31. A computer readable medium stored with instructions operable to cause a processor to secure a communication between an initiator and a responder of said communication by:
- computing an authentication code using a first key and a second key within said responder,transmitting both said second key and said authentication code from said responder to said initiator using a first communication channel, after computing said authentication code,transmitting said first key from said responder to said initiator using a second communication channel,computing a verification code using said first key and said second key within said initiator, andcomparing said verification code with said authentication code within said initiator,wherein said second key is a secret key and said first communication channel is a secure channel.
- View Dependent Claims (32)
- - 32. The computer readable medium of claim 31, wherein the communication is also secured by said initiator requesting said responder to retransmit said first key if the comparison of authentication code and verification code yields a difference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 3, LLC (Intellectual Ventures LLC)
Original Assignee
Nokia Corporation
Inventors
Nyberg, Kaisa
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/677,642
Publication Number

US 20050076216A1
Time in Patent Office

2,211 Days
Field of Search

380/33, 713168-169
US Class Current

713/168
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 9/0844   with user authentication or...

H04L 9/3273   for mutual authentication n...

Method for securing a communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securing a communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links