Password based protocol for secure communications

US 6,718,467 B1
Filed: 10/28/1999
Issued: 04/06/2004
Est. Priority Date: 10/28/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:

sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;

receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;

sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and

receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for a first participant to establish a shared secret with a second participant, where the first participant and the second participant share a password-based first master key and a hash function includes sending a first message including a first private value for the second participant and a first authenticator for the second participant encrypted with the first master key. The first message also includes a first hashed authenticator for the first participant encrypted with a first shared secret key. The first message also includes a first public value for the first participant. The first participant receives a second message, the second message including the first authenticator for the second participant and a first public value for the second participant encrypted with the first shared secret key. The first participant sends a third message, the third message including the first authenticator for the first participant, a second hashed authenticator for the first participant, a second authenticator for the second participant and a second master key encrypted with a second shared secret key. The third message also includes a second public value for the first participant. A fourth message is received by the first participant, the fourth message including a second authenticator for the second participant and a second public value for the second participant encrypted with the second shared secret key.

110 Citations

View as Search Results

93 Claims

1. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
- sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
3. The method of claim 2 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
4. The method of claim 3 wherein said cryptographic hash function is SHA-1.
5. The method of claim 2 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
6. The method of claim 5 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
7. The method of claim 1 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
8. The method of claim 1 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
9. The method of claim 7, further comprising:
- authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
10. The method of claim 2, further comprising:
- decrypting said second message by using said first shared secret key;
  
  decrypting said fourth message by using said second shared secret key; and
  
  decrypting said sixth message by using said third shared secret key.

11. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
- receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising:
13. The method of claim 12 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
14. The method of claim 13 wherein said cryptographic hash function is SHA-1.
15. The method of claim 12 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
16. The method of claim 15 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
17. The method of claim 11 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
18. The method of claim 11 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
19. The method of claim 12, further comprising:
- decrypting said first message by using said first shared secret key;
  
  decrypting said third message by using said second shared secret key; and
  
  decrypting said fifth message by using said third shared secret key.

20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
- sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The program storage device of claim 20, said method further comprising:
22. The program storage device of claim 21 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
23. The program storage device of claim 22 wherein said cryptographic hash function is SHA-1.
24. The program storage device of claim 22 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
25. The program storage device of claim 24 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
26. The program storage device of claim 20 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
27. The program storage device of claim 20 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
28. The program storage device of claim 26, said method further comprising:
- authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
29. The program storage device of claim 28, said method further comprising:
- decrypting said second message by using said first shared secret key;
  
  decrypting said fourth message by using said second shared secret key; and
  
  decrypting said sixth message by using said third shared secret key.

30. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising:
- at least one memory having program instructions; and
  
  at least one processor operatively coupled to said first participant and configured to use the program instructions to;
  
  send a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  receive a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  send a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  receive a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (31, 47, 48, 49, 50, 51, 52, 53, 54)
- - 31. The apparatus of claim 30, wherein said at least one processor is further configured to use said program instructions to:
47. The apparatus of claim 31 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
48. The apparatus of claim 47 wherein said cryptographic hash function is SHA-1.
49. The apparatus of claim 31 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
50. The apparatus of claim 49 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
51. The apparatus of claim 30 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
52. The apparatus of claim 30 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
53. The apparatus of claim 31 wherein said apparatus is further configured to:
- authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
54. The apparatus of claim 31 wherein said apparatus is further configured to:
- decrypting said second message by using said first shared secret key;
  
  decrypting said fourth message by using said second shared secret key; and
  
  decrypting said sixth message by using said third shared secret key.

32. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising:
- at least one memory having program instructions; and
  
  at least one processor operatively coupled to said second participant and configured to use the program instructions to;
  
  receive a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  send a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  receive a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  send a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (33, 55, 56, 57, 58, 59, 60, 61)
- - 33. The apparatus of claim 32, wherein said at least one processor is further configured to use said program instructions to:
55. The apparatus of claim 33 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
56. The apparatus of claim 55 wherein said cryptographic hash function is SHA-1.
57. The apparatus of claim 33 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
58. The apparatus of claim 57 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
59. The apparatus of claim 32 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
60. The apparatus of claim 32 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
61. The apparatus of claim 33 wherein said apparatus is further configured to:
- decrypting said first message by using said first shared secret key;
  
  decrypting said third message by using said second shared secret key; and
  
  decrypting said fifth message by using said third shared secret key.

34. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said first participant and comprising:
- means for sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  means for receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  means for sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  means for receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (35, 62, 63, 64, 65, 66, 67, 68, 69)
- - 35. The apparatus of claim 34, further comprising:
62. The apparatus of claim 35 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
63. The apparatus of claim 62 wherein said cryptographic hash function is SHA-1.
64. The apparatus of claim 35 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
65. The apparatus of claim 64 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
66. The apparatus of claim 34 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
67. The apparatus of claim 34 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
68. The apparatus of claim 35, further comprising:
- means for authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  means for authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  means for authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
69. The apparatus of claim 35, further comprising:
- means for decrypting said second message by using said first shared secret key;
  
  means for decrypting said fourth message by using said second shared secret key; and
  
  means for decrypting said sixth message by using said third shared secret key.

36. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said second participant and comprising:
- means for receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  means for sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  means for receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  means for sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (37, 70, 71, 72, 73, 74, 75, 76)
- - 37. The apparatus of claim 36, further comprising:
70. The apparatus of claim 37 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third said authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
71. The apparatus of claim 70 wherein said cryptographic hash function is SHA-1.
72. The apparatus of claim 37 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
73. The apparatus of claim 72 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
74. The apparatus of claim 36 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
75. The apparatus of claim 36 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
76. The apparatus of claim 37, further comprising:
- means for decrypting said first message by using said first shared secret key;
  
  means for decrypting said third message by using said second shared secret key; and
  
  means for decrypting said fifth message by using said third shared secret key.

38. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
- receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and
  
  sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
- - 39. The program storage device of claim 38, said method further comprising:
40. The program storage device of claim 39 whereineach of said authenticators is a random number;
- each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and
  
  each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
41. The program storage device of claim 40 wherein said cryptographic hash function is SHA-1.
42. The program storage device of claim 39 whereinsaid first message, said third message and said fifth message include an identifier for said first participant;
- and said second message, said fourth message and said sixth message include an identifier for said second participant.
43. The program storage device of claim 42 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
44. The program storage device of claim 38 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
45. The program storage device of claim 38 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
46. The program storage device of claim 39, said program storage device further comprising:
- decrypting said first message by using said first shared secret key;
  
  decrypting said third message by using said second shared secret key; and
  
  decrypting said fifth message by using said third shared secret key.

77. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
- sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
  
  receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
  
  sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
  
  receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
- View Dependent Claims (78, 79, 80, 81)
- - 78. The method of claim 77 wherein said cryptographic hash function is SHA-1.
  - 79. The method of claim 77 wherein
80. The method of claim 79 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
81. The method of claim 77 whereinsaid first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters;
- and said method further comprises;
  
  authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.

82. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising:
- receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
  
  sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
  
  receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
  
  sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
- View Dependent Claims (83, 84, 85)
- - 83. The method of claim 82 wherein said cryptographic hash function is SHA-1.
  - 84. The method of claim 82 wherein
85. The method of claim 84 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.

86. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising:
- sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;
  
  receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;
  
  sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;
  
  receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;
  
  sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and
  
  receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.
- View Dependent Claims (87, 88, 89, 90, 91, 92, 93)
- - 87. The program storage device of claim 86 wherein said cryptographic hash function is SHA-1.
  - 88. The program storage device of claim 86 wherein
89. The program storage device of claim 88 whereinsaid identifier for said first participant comprises an IP address;
- and said identifier for said second participant comprises an IP address.
90. The program storage device of claim 86 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters.
91. The program storage device of claim 86 wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters.
92. The program storage device of claim 90, said method further comprising:
- authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;
  
  authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and
  
  authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.
93. The program storage device of claim 91, said method further comprising:
- decrypting said second message by using said first shared secret key;
  
  decrypting said fourth message by using said second shared secret key; and
  
  decrypting said sixth message by using said third shared secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Trostle, Jonathan T.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Zand, Kambiz

Application Number

US09/429,526
Time in Patent Office

1,622 Days
Field of Search

713/168, 713/169, 713/170, 713/171, 713/184, 713/201, 380/30, 380/45, 380/278, 380/281, 380/282-285
US Class Current

713/171
CPC Class Codes

H04L 2209/56 Financial cryptography, e.g...

H04L 9/0844 with user authentication or...

Password based protocol for secure communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

93 Claims

Specification

Solutions

Use Cases

Quick Links

Password based protocol for secure communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

93 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links