System and method for secure transaction of data between wireless communication device and server

US 8,842,833 B2
Filed: 05/26/2011
Issued: 09/23/2014
Est. Priority Date: 07/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a wireless communication device for secure transaction of data between a communication device and a server, the method comprising the steps of:

receiving, by the server, a first message transmitted by the communication device, the first message comprising challenge data to authenticate the server;

generating a random number by the server;

computing, by the server, a masking process of the random number using the random number, a mask, and other parameters;

generating, by the server, a first encrypted message using the masking process and a nonce value for security;

transmitting, by the server, the first encrypted message to the communication device;

decrypting, by the communication device, the first encrypted message in order to retrieve the random number;

generating, by the communication device, a second message by cubing the random number and performing a modulo operation therewith of a prime number and further using a private key of the communication device;

generating, by the communication device, a second encrypted message by adding a signature to the second message;

transmitting, by the communication device, the second encrypted message to the server;

verifying, by the server, the signature of the second message using a public key of the communication device;

retrieving the second message by cubing the random number and performing the modulo operation therewith of the prime number;

generating a response based on the verification and the retrieval; and

transmitting the response to the communication device by the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application provides a system and method for a set of Extensible Authentication Protocols (EAPs) based on ECC (Elliptic Curve Cryptography) and SKE (Symmetric Key Encryption) mechanisms (with a suitable permutation) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost. According to one embodiment, a method and system of ECC and SKE based EAPs (through a permutation technique) which can avoid replay attacks. The application also provides a light weight security with better performance in comparison to the lower layer chip level security provided by 2G, 3G or 4G Applications and no certificates exchanged during the communication.

20 Citations

View as Search Results

15 Claims

1. A method of authenticating a wireless communication device for secure transaction of data between a communication device and a server, the method comprising the steps of:
- receiving, by the server, a first message transmitted by the communication device, the first message comprising challenge data to authenticate the server;
  
  generating a random number by the server;
  
  computing, by the server, a masking process of the random number using the random number, a mask, and other parameters;
  
  generating, by the server, a first encrypted message using the masking process and a nonce value for security;
  
  transmitting, by the server, the first encrypted message to the communication device;
  
  decrypting, by the communication device, the first encrypted message in order to retrieve the random number;
  
  generating, by the communication device, a second message by cubing the random number and performing a modulo operation therewith of a prime number and further using a private key of the communication device;
  
  generating, by the communication device, a second encrypted message by adding a signature to the second message;
  
  transmitting, by the communication device, the second encrypted message to the server;
  
  verifying, by the server, the signature of the second message using a public key of the communication device;
  
  retrieving the second message by cubing the random number and performing the modulo operation therewith of the prime number;
  
  generating a response based on the verification and the retrieval; and
  
  transmitting the response to the communication device by the server.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein generating the first encrypted message comprises using a public key and a hash function of the masking process.
  - 3. The method of claim 1, wherein encrypting the second signal by bundling a third message with a signature signal generating the second encrypting message is associated with a private key of the communication device.

4. A method of authenticating a wireless communication device for secure transaction of data between at least one communication device and a server, the method comprising the steps of:
- receiving, by the server, a first message transmitted by the communication device, the first message comprises challenge data to authenticate the server;
  
  generating, by the server, a first random number and a prime number at the server;
  
  computing, by the server, masking process using the first random number, a mask, a nonce value for security, and other parameters;
  
  generating, by the server, a first encrypted message using the masking process, a masking value produced using a hash function, a nonce value for security, and the prime number;
  
  transmitting, by the server, the first encrypted message to the communication device;
  
  decrypting, by the communication device, the first encrypted message in order to retrieve the first random number and the mask;
  
  generating, by the communication device, a second encrypted message by usinga hash function of a second random number (y2),a nonce value for security, andXoRing a cube of the first random number and y2, wherein cube of the first random number is equal to [(r mod p)³mod p], and wherein p is a prime number;
  
  transmitting, by the communication device, the second encrypted message to the server;
  
  computing, by the server, the second random number by XoRing the second encrypted message with a cube of the first random number;
  
  verifying, by the server, a hash value of the second random number and nonce value of the second encrypting message;
  
  generating, by the server, a response based on the verification; and
  
  transmitting, by the server, the response to the communication device by the server.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4, further comprising transmitting a 192-bit pre-shared private (encryption) key from the server to the communication device using an AES-CTR algorithm.
  - 6. The method of claim 4 , wherein the second random number is generated using a Pseudo Random Number Generator (PRNG) method.
  - 7. The method of claim 4 , wherein the second encrypted message is generating by bundling a third message with at least one of the hash value associated with the second random number and nonce value associated with a private key, the said private key is generated using a Deterministic Random Sequence Generation (DRSG) process.
  - 8. The method of claim 4 , wherein decrypting the second encrypted signal message includes retrieving a private key.
  - 9. The method of claim 4 , wherein validating the second encrypted signal message by comparing either one of the corresponding value of hash value associated with the second random number or nonce values associated with the private key of the communication device.

10. A system for secure transaction of data between at least one communication device and a server, the system authenticating a wireless communication device, comprising:
- the communication device for generating a first message comprising challenge data to authenticate the server;
  
  a random number generator at a server configured to generate a first random number, the random number is masked;
  
  a prime number generator at the server configured to generate a prime number;
  
  a first encryption module at the server configured to generate a first encrypted signal message by bundling a second message with at least one data signal from the first random number or the prime number;
  
  a communication device configured to receive the first encrypted signal message from the server;
  
  a first decryption module at the communication device configured to decrypt the first encrypted signal message and retrieve at least one of the first random number or prime number, the corresponding mask is removed;
  
  a random number generator at the communication device configured to generate a second random number;
  
  a signature signal generation module at the communication device configured to generate a signature signal;
  
  a second encryption module at the communication device configured to generate a second encrypted signal message (y3) by usinga hash function of a second random number (y2),a nonce value for security, andXoRing a cube of the first random number and y2, wherein cube of the first random number is equal to [(r mod p)³mod p], and wherein p is a prime number;
  
  bundling a third message with at least one data signal from the signature signal or the second random number;
  
  a transceiver at the communication device configured to transmit the second encrypted signal message from the communication device to the server;
  
  computing, by the server, the second random number by XoRing the second encrypted message with a cube of the first random number;
  
  a second decryption module at the server configured to decrypt the second encrypted signal; and
  
  a validation module at the server configured to validate the second encrypted signal message by comparing at least one of corresponding signature values, hash values and nonce values of the server and the communication device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the first encryption module is configured to generate the first encrypted signal message by bundling the second message with at least one of the hash value associated with the masked random number, hash value associated with the random number, a public key and the nonce value associated with the random number.
  - 12. The system of claim 10, wherein the second encryption module is configured to generate the second encrypted signal message by bundling the third message with at least one of the a private key, the corresponding signature signals associated therewith the private key and hash value of the second random number.
  - 13. The system of claim 10, wherein the second decryption module is configured to retrieve the private key from the second encrypted signal message.
  - 14. The system of claim 10, wherein validation module is configured to validate the second encrypted signal message by comparing either one of the corresponding value of a public key of the communication device, hash values or nonce values of the server and the communication device.
  - 15. The system of claim 10, wherein the communication device is a wireless communication device enabled to operate using a 2G, 3G, or 4G communication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Original Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Inventors
Natarajan, Vijayarangan
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
BUCKNOR, OLANREWAJU J

Application Number

US13/117,009
Publication Number

US 20120008775A1
Time in Patent Office

1,216 Days
Field of Search

None
US Class Current

380/274
CPC Class Codes

G06F 2207/7242   Exponent masking, i.e. key ...

H04L 2209/04   Masking or blinding

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/162   at the data link layer

H04L 9/3066   involving algebraic varieti...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

System and method for secure transaction of data between wireless communication device and server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure transaction of data between wireless communication device and server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links