System and method for secure transaction of data between wireless communication device and server
First Claim
1. A method of authenticating a wireless communication device for secure transaction of data between a communication device and a server, the method comprising the steps of:
- receiving, by the server, a first message transmitted by the communication device, the first message comprising challenge data to authenticate the server;
generating a random number by the server;
computing, by the server, a masking process of the random number using the random number, a mask, and other parameters;
generating, by the server, a first encrypted message using the masking process and a nonce value for security;
transmitting, by the server, the first encrypted message to the communication device;
decrypting, by the communication device, the first encrypted message in order to retrieve the random number;
generating, by the communication device, a second message by cubing the random number and performing a modulo operation therewith of a prime number and further using a private key of the communication device;
generating, by the communication device, a second encrypted message by adding a signature to the second message;
transmitting, by the communication device, the second encrypted message to the server;
verifying, by the server, the signature of the second message using a public key of the communication device;
retrieving the second message by cubing the random number and performing the modulo operation therewith of the prime number;
generating a response based on the verification and the retrieval; and
transmitting the response to the communication device by the server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present application provides a system and method for a set of Extensible Authentication Protocols (EAPs) based on ECC (Elliptic Curve Cryptography) and SKE (Symmetric Key Encryption) mechanisms (with a suitable permutation) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost. According to one embodiment, a method and system of ECC and SKE based EAPs (through a permutation technique) which can avoid replay attacks. The application also provides a light weight security with better performance in comparison to the lower layer chip level security provided by 2G, 3G or 4G Applications and no certificates exchanged during the communication.
20 Citations
15 Claims
-
1. A method of authenticating a wireless communication device for secure transaction of data between a communication device and a server, the method comprising the steps of:
-
receiving, by the server, a first message transmitted by the communication device, the first message comprising challenge data to authenticate the server; generating a random number by the server; computing, by the server, a masking process of the random number using the random number, a mask, and other parameters; generating, by the server, a first encrypted message using the masking process and a nonce value for security; transmitting, by the server, the first encrypted message to the communication device; decrypting, by the communication device, the first encrypted message in order to retrieve the random number; generating, by the communication device, a second message by cubing the random number and performing a modulo operation therewith of a prime number and further using a private key of the communication device; generating, by the communication device, a second encrypted message by adding a signature to the second message; transmitting, by the communication device, the second encrypted message to the server; verifying, by the server, the signature of the second message using a public key of the communication device; retrieving the second message by cubing the random number and performing the modulo operation therewith of the prime number; generating a response based on the verification and the retrieval; and
transmitting the response to the communication device by the server. - View Dependent Claims (2, 3)
-
-
4. A method of authenticating a wireless communication device for secure transaction of data between at least one communication device and a server, the method comprising the steps of:
-
receiving, by the server, a first message transmitted by the communication device, the first message comprises challenge data to authenticate the server; generating, by the server, a first random number and a prime number at the server; computing, by the server, masking process using the first random number, a mask, a nonce value for security, and other parameters; generating, by the server, a first encrypted message using the masking process, a masking value produced using a hash function, a nonce value for security, and the prime number; transmitting, by the server, the first encrypted message to the communication device; decrypting, by the communication device, the first encrypted message in order to retrieve the first random number and the mask; generating, by the communication device, a second encrypted message by using a hash function of a second random number (y2), a nonce value for security, and XoRing a cube of the first random number and y2, wherein cube of the first random number is equal to [(r mod p)3 mod p], and wherein p is a prime number;
transmitting, by the communication device, the second encrypted message to the server;computing, by the server, the second random number by XoRing the second encrypted message with a cube of the first random number; verifying, by the server, a hash value of the second random number and nonce value of the second encrypting message; generating, by the server, a response based on the verification; and transmitting, by the server, the response to the communication device by the server. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A system for secure transaction of data between at least one communication device and a server, the system authenticating a wireless communication device, comprising:
-
the communication device for generating a first message comprising challenge data to authenticate the server; a random number generator at a server configured to generate a first random number, the random number is masked; a prime number generator at the server configured to generate a prime number; a first encryption module at the server configured to generate a first encrypted signal message by bundling a second message with at least one data signal from the first random number or the prime number; a communication device configured to receive the first encrypted signal message from the server; a first decryption module at the communication device configured to decrypt the first encrypted signal message and retrieve at least one of the first random number or prime number, the corresponding mask is removed; a random number generator at the communication device configured to generate a second random number; a signature signal generation module at the communication device configured to generate a signature signal; a second encryption module at the communication device configured to generate a second encrypted signal message (y3) by using a hash function of a second random number (y2), a nonce value for security, and XoRing a cube of the first random number and y2, wherein cube of the first random number is equal to [(r mod p)3 mod p], and wherein p is a prime number; bundling a third message with at least one data signal from the signature signal or the second random number; a transceiver at the communication device configured to transmit the second encrypted signal message from the communication device to the server; computing, by the server, the second random number by XoRing the second encrypted message with a cube of the first random number; a second decryption module at the server configured to decrypt the second encrypted signal; and a validation module at the server configured to validate the second encrypted signal message by comparing at least one of corresponding signature values, hash values and nonce values of the server and the communication device. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification