Device authentication
First Claim
1. A method for the authentication of a first and a second device by a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the method comprising the steps of:
- the first device communicating a product RD of a random value rD and P to the second device using the third device, the third device retaining a copy of the product RD;
the second device communicating a product RB of a random value rB and P, and a challenge value eD to the first device using the third device, the third device retaining a copy of the product RB and the challenge value eD;
the first device calculating a value yD defined by a first expression with a value equivalent to the product hP using the random value rD and the challenge value eD, and communicating the value yD and a challenge value eB to the second device using the third device, the third device retaining a copy of the value yD and a challenge value eB;
the second device calculating a value yB defined by a second expression with a value equivalent to the product hP using the challenge value eB and the random value rB and communicating the value yB to the third device; and
the third device authenticating the first device and the second device by comparing values of the first expression, the random value rD, the challenge value eD and the value yD, with values of the second expression, the random value rB, the challenge value eB and the value yB.
4 Assignments
0 Petitions
Accused Products
Abstract
Authentication of two devices in communication with a third device is achieved where the first and second devices each possess a shared secret value. The authentication includes communication of authentication values from the first device to the second device using the third device. Similarly, there is communication of values from the second device to the first device using the third device. The third device retains the communicated values. The values are calculated to permit the third device to authenticate the first and second devices without the third device receiving the shared secret value. The authentication may be used to establish a communications channel between the first and the second devices.
25 Citations
26 Claims
-
1. A method for the authentication of a first and a second device by a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the method comprising the steps of:
-
the first device communicating a product RD of a random value rD and P to the second device using the third device, the third device retaining a copy of the product RD; the second device communicating a product RB of a random value rB and P, and a challenge value eD to the first device using the third device, the third device retaining a copy of the product RB and the challenge value eD; the first device calculating a value yD defined by a first expression with a value equivalent to the product hP using the random value rD and the challenge value eD, and communicating the value yD and a challenge value eB to the second device using the third device, the third device retaining a copy of the value yD and a challenge value eB; the second device calculating a value yB defined by a second expression with a value equivalent to the product hP using the challenge value eB and the random value rB and communicating the value yB to the third device; and the third device authenticating the first device and the second device by comparing values of the first expression, the random value rD, the challenge value eD and the value yD, with values of the second expression, the random value rB, the challenge value eB and the value yB. - View Dependent Claims (2, 3, 20)
-
-
4. A method for the authentication of a first device and a second device by a third device, the first and second devices each possessing a shared secret key value h, each of the devices being operative to carry out mathematical operations on defined groups E(Fq) and Zp, where Fq is a finite field of prime order q, including scalar multiplication defined with reference to the group, the method comprising the steps of:
-
a) obtaining a public key P, such that P generates a prime subgroup of the group E(Fq) of order p, and making available to each of the devices the public key P, b) the first device obtaining a random value rD such that 1<
rD<
p−
1, and calculating a product RD=rDP,c) the first device communicating the product RD to the third device, d) the third device retaining a copy of the product RD and forwarding the product RD to the second device, e) the second device obtaining a random value rB such that 1<
rB<
p−
1, and calculating a product RB=rBP, where RB is determined such that it is not equal to RD, the second device obtaining a random value eD such that 1<
eD<
p−
1, the second device communicating eD and RB to the third device,f) the third device retaining copies of RB and eD forwarding RB and eD to the first device, g) the first device calculating a value yD=h−
eDrD mod p, the first device obtaining a random value eB such that 1<
eB<
p−
1, the first device communicating values yD and eB to the third device,h) the third device retaining copies of the values yD and eB forwarding the said values to the second device, i) the second device calculating a value yB=h−
eBrB mod p, the second device communicating the value yB to the third device, andj) the third device authenticating the first and second devices when the condition yBP+eBRB=yDP+eDRD is satisfied. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21)
-
-
22. A system comprising a first device, a second device, and a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P, selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the first device, the second device and the third device each comprising memory units and processors for storing and executing program code, the program code being operative to:
-
the first device to communicate a product RD of a random value rD and P to the second device using the third device; cause the second device to communicate a product RB of a random value rB and P, and a challenge value eD, to the first device using the third device; cause the first device to calculate a value yD defined by a first expression with a value equivalent to the product hP using the random value rD and the challenge value eD, and to communicate the value yD and a challenge value eB to the second device using the third device; cause the second device to calculate a value yB defined by a second expression with a value equivalent to the product hP using the challenge value eB and the random value rB and to communicate the value yB to the third device; cause the third device to retain copies of the values being communicated between the first and the second device using the third device; and cause the third device to authenticate the first device and the second device by comparing values of the first expression, the random value rD, the challenge value eD and the value yD, with values of the second expression, the random value rB, the challenge value eB and the value yB. - View Dependent Claims (23, 24)
-
-
25. A system comprising a first device, a second device, and a third device, the first and second devices each possessing a shared secret key value h, each of the devices being operative to carry out mathematical operations on defined groups E(Fq) and Zp, where Fq is a finite field of prime order q, including scalar multiplication defined with reference to the group, the first device, the second device and the third device each comprising memory units and processors for storing and executing program code, the program code being operative to:
-
a) obtain a public key P, such that P generates a prime subgroup of the group E(Fq) of order p, and to make available to each of the devices the public key P, b) cause the first device to obtain a random value rD such that 1<
rD<
p−
1, and to calculate a product RD=rDP,c) cause the first device to communicate the product RD to the third device, d) cause the third device to retain a copy of the product RD and to forward the product RD to the second device, e) cause the second device to obtain a random value rB such that 1<
rB<
p−
1, and to calculate a product RB=rBP, where RB is determined such that it is not equal to RD, and to cause the second device to obtain a random value eD such that 1<
eD<
p−
1, and to communicate eD and RB to the third device,f) cause the third device to retain copies of the RB and eD and to forward RB and eD to the first device, g) cause the first device to calculate a value yD=h−
eDrD mod p, to cause the first device to obtain a random value eB such that 1<
eB<
p−
1, and to cause the first device to communicate values yD and eB to the third device,h) cause the third device to retain copies of the values yD and eB and to forward the said values to the second device, i) cause the second device to calculate a value yB=h−
eBrB, mod p, and to cause the second device to communicate the value yB to the third device, andj) cause the third device to authenticate the first and second devices when the condition yBP+eBRB=yDP+eDRD is satisfied. - View Dependent Claims (26)
-
Specification