Communication session encryption and authentication system

US 7,506,161 B2
Filed: 09/02/2003
Issued: 03/17/2009
Est. Priority Date: 09/02/2003
Status: Active Grant

First Claim

Patent Images

1. A method for creating and securely distributing ephemeral random symmetric keys for use in a plurality of concurrent or spaced in time communication sessions on a communication medium between a first data processing station and a plurality of second data processing stations having access to the communication medium, in which the first station and each second station in the plurality of second stations have respective identifiers and first and second shared secrets, and for mutual authentication of the first and second stations without exchanging messages carrying said shared secrets via the communication medium, comprising:

receiving at the first station requests from the plurality of second stations for initiation of a communication session;

producing an array of session random symmetric encryption keys and plurality of sub-arrays of data random symmetric keys at the first station, where each sub-array is subordinated only to a respective session random symmetric encryption key to service a plurality of communication sessions by continuously generating, storing and obliterating the keys in the array and in the sub-arrays according to a logic at the first station; and

after receiving a request from a particular second station, selecting a session random symmetric encryption key from said array, and executing a plurality of exchanges of encrypted messages across said communication medium during an authentication stage of the communication session, the exchanges in the plurality of exchanges including at least one message carrying respective data random symmetric keys from the sub-array which is subordinated to the selected session random symmetric encryption key from the first station to the second station and messages respectively returning the data random symmetric keys, or their hashed equivalents, in an encrypted form from the second station to the first station, to mutually authenticate the first station and the second station without exchanging the first and second shared secrets over the communication medium, and to provide one of the data random symmetric keys from the sub-array to the second station as a final symmetric encryption key for use in subsequent communications during said communication session;

wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is encrypted using an intermediate data random symmetric encryption key, where the intermediate data random symmetric encryption key is one of the data random symmetric keys from said sub-array, exchanged in a previous one of the plurality of exchanges; and

wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the first shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange, andin at least one other of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the second shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol, so that key management becomes an essential part of the authentication protocol itself. The system provides a secure distribution of a secret session random key used in symmetric cryptography. Successful exchange of this encryption key allows for secure transit of the protocol data over communication lines in encrypted form, permitting explicit mutual authentication of the connected parties. The post-authentication stage of the communication session can use secure encryption for the data exchange, since each party has already obtained the secret session random key.

58 Citations

View as Search Results

36 Claims

1. A method for creating and securely distributing ephemeral random symmetric keys for use in a plurality of concurrent or spaced in time communication sessions on a communication medium between a first data processing station and a plurality of second data processing stations having access to the communication medium, in which the first station and each second station in the plurality of second stations have respective identifiers and first and second shared secrets, and for mutual authentication of the first and second stations without exchanging messages carrying said shared secrets via the communication medium, comprising:
- receiving at the first station requests from the plurality of second stations for initiation of a communication session;
  
  producing an array of session random symmetric encryption keys and plurality of sub-arrays of data random symmetric keys at the first station, where each sub-array is subordinated only to a respective session random symmetric encryption key to service a plurality of communication sessions by continuously generating, storing and obliterating the keys in the array and in the sub-arrays according to a logic at the first station; and
  
  after receiving a request from a particular second station, selecting a session random symmetric encryption key from said array, and executing a plurality of exchanges of encrypted messages across said communication medium during an authentication stage of the communication session, the exchanges in the plurality of exchanges including at least one message carrying respective data random symmetric keys from the sub-array which is subordinated to the selected session random symmetric encryption key from the first station to the second station and messages respectively returning the data random symmetric keys, or their hashed equivalents, in an encrypted form from the second station to the first station, to mutually authenticate the first station and the second station without exchanging the first and second shared secrets over the communication medium, and to provide one of the data random symmetric keys from the sub-array to the second station as a final symmetric encryption key for use in subsequent communications during said communication session;
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is encrypted using an intermediate data random symmetric encryption key, where the intermediate data random symmetric encryption key is one of the data random symmetric keys from said sub-array, exchanged in a previous one of the plurality of exchanges; and
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the first shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange, andin at least one other of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the second shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein producing an array of session random encryption keys at the first station includes:
    - providing a buffer at the first station;
      
      generating said keys and storing said keys in the buffer;
      
      associating respective session random key initiation intervals with said keys stored in said buffer;
      
      selecting keys from said buffer as said selected session random symmetric encryption key in response to corresponding requests received by said first station during said respective session random key initiation intervals;
      
      removing keys from said buffer after expiry of respective session random key lifetimes, where the session random key lifetimes expire after the session random symmetric encryption key initiation intervals.
  - 3. The method of claim 2, wherein said buffer is managed as a circular buffer.
  - 4. The method of claim 2, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value of session random key lifetime to engage into establishing a communication session, where M is less than or equal to 10.
  - 5. The method of claim 2, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value, and the session random key lifetime to engage into establishing a communication session is less than about 90 seconds.
  - 6. The method of claim 1, wherein said plurality of exchanges includesa first exchange including sending a first message from the first station carrying said selected session random symmetric encryption key to the second station, where the second station returns a second message carrying the identifier of the second station encrypted using said selected session random symmetric encryption key, and decrypting the identifier of the second station at the first station to validate the second station, or a user at the second station;
    - anda second exchange including sending a farther message from the first station to the second station, the further message carrying a particular data random symmetric encryption key from said sub-array encrypted using said selected session random symmetric encryption key, where the second station returns another message carrying a hashed version of said particular data random symmetric key encrypted using said particular data random symmetric key to the first station, and decrypting said hashed version of said particular data random symmetric key at the first station using said particular data random symmetric key.
  - 7. The method of claim 1, includingafter said request for initiation of a communication session, presenting to the second station a user interface along with said selected session random symmetric encryption key, said user interface including a prompt for entry of said identifier of the second station and at least one of said first and second shared secrets.
  - 8. The method of claim 1, includingafter said request for initiation of a communication session, presenting to the second station a user interface along with the session random key, said user interface including a prompt for entry of said identifier of the second station and said first and second shared secrets.
  - 9. The method of claim 6, includingexecuting at least one additional exchange in said plurality of exchanges, wheresaid at least one additional exchange includes sending an additional message from the first station to the second station carrying a next data random symmetric key from said sub-array encrypted using a data random symmetric key from said sub-array exchanged during a previously completed exchange in said plurality of exchanges, where the second station decrypts said next data random symmetric key and returns a responsive message carrying a hashed version of said next data random symmetric key encrypted using said next data random symmetric key, and decrypting at the first station said hashed version of said next data random symmetric key using said next data random symmetric key.
  - 10. The method of claim 9, including executing more than one of said additional exchanges.
  - 11. The method of claim 1, including upon request for initiation of a communication session, presenting to the second station a user interface for initiation of an authentication session including a compiled version of said selected session random symmetric encryption key and parameters for one or more conversion arrays, said user interface including a prompt for entry of the said identifier of the second station and at least one of said first and second shared secrets.
  - 12. The method of claim 1, includingsending a message from the first station to the second station carrying an authentication signal indicating success or failure of mutual authentication and establishment of the final symmetric encryption key, said authentication signal being encrypted using one of said data random symmetric keys from a previous exchange in the plurality of exchanges.

13. A data processing apparatus for creating and securely distributing ephemeral random symmetric keys for use in a plurality of concurrent or spaced in time communication sessions on a communication medium between the data processing apparatus as a first station and a plurality of second data processing stations having access to the communication medium, in which the first station and each second station in the plurality of second stations have respective identifiers and first and second shared secrets, and for mutual authentication of the first and second stations without exchanging messages carrying said shared secrets via the communication medium, comprising:
- a processor at the first station, a communication interface adapted for connection to a communication medium, and memory storing instructions for execution by the data processor, the instructions includinglogic to receive requests via the communication interface from the plurality of second stations for initiation of a communication session;
  
  logic to produce an array of session random symmetric encryption keys and plurality of sub-arrays of data random symmetric keys at the first station, where each sub-array is subordinated only to a respective session random symmetric encryption key to service a plurality of communication sessions by continuously generating, storing and obliterating the keys in the array and in the sub-arrays; and
  
  logic to select, after receiving a request from a particular second station, a session random symmetric encryption key from said array, and to execute a plurality of exchanges of encrypted messages across said communication medium during an authentication stage of the communication session, the exchanges in the plurality of exchanges including at least one message carrying respective data random symmetric keys from the sub-array which is subordinated to the selected session random symmetric encryption key from the first station to the second station and messages respectively returning the data random symmetric keys, or their hashed equivalents, in an encrypted form from the second station to the first station, to mutually authenticate the first station and the second station without exchanging the first and second shared secrets over the communication medium, and to provide one of the data random symmetric keys from the sub-array to the second station as a final symmetric encryption key for use in subsequent communications during said communication session;
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is encrypted using an intermediate data random symmetric encryption key, where the intermediate data random symmetric encryption key is one of the data random symmetric keys from said sub-array, exchanged in a previous one of the plurality of exchanges; and
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the first shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange, andin at least one other of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the second shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The apparatus of claim 13,wherein said logic to produce an array of session random symmetric encryption keys at the first station includes instructions:
    - providing a buffer at the first station;
      
      generating said keys and storing said keys in the buffer;
      
      associating respective session random key initiation intervals with said keys stored in said buffer;
      
      selecting keys from said buffer as said selected session random symmetric encryption keys in response to requests received by said first station during said respective session random key initiation intervals;
      
      removing keys from said buffer after expiry of the respective session random key lifetimes, where the session random key lifetimes expire after the session random key initiation intervals.
  - 15. The apparatus of claim 14, wherein said buffer is managed as a circular buffer.
  - 16. The apparatus of claim 14, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value to engage into establishing a communication session, where M is less than or equal to 10.
  - 17. The apparatus of claim 14, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value to engage into establishing a communication session, and the session random key lifetime to engage into establishing a communication session is less than about 90 seconds.
  - 18. The apparatus of claim 13, wherein said plurality of exchanges includesa first exchange including sending a first message from the first station carrying said selected session random symmetric encryption key to the second station, where the second station returns a second message carrying said identifier of the second station encrypted using said selected session random symmetric encryption key, and decrypting said identifier of the second station at the first station to validate the second station;
    - anda second exchange including sending a further message from the first station to the second station, the further message carrying a particular data random symmetric key from said sub-array encrypted using said selected session random key, where the second station returns another message carrying a hashed version of said particular data random symmetric key encrypted using said particular data random symmetric key to the first station, and decrypting said hashed version of said particular data random symmetric key at the first station using said particular data random symmetric key.
  - 19. The apparatus of claim 13,logic to present, after said request for initiation of a communication session, to the second station a user interface along with the selected session random symmetric encryption key, said user interface including a prompt for entry of said identifier of the second station and at least one of said first and second shared secrets.
  - 20. The apparatus of claim 13,logic to present, after said request for initiation of a communication session, to the second station a user interface along with the selected session random symmetric encryption key, said user interface including a prompt for entry of said identifier of the second station and said first and second shared secrets.
  - 21. The apparatus of claim 18,wherein said plurality of exchanges includesat least one additional exchange in said plurality of exchanges, wheresaid at least one additional exchange includes sending an additional message from the first station to the second station carrying a next data random symmetric key from said sub-array encrypted using a data random symmetric key from said sub-array exchanged during a previously completed exchange in said plurality of exchanges, where the second station decrypts said next data random symmetric key and returns a responsive message carrying a hashed version of said next data random symmetric key encrypted using said next data random symmetric key, and decrypting at the first station said hashed version of said next data random symmetric key using said next data random symmetric key.
  - 22. The apparatus of claim 21, including logic executing more than one of said additional exchanges.
  - 23. The apparatus of claim 13, including upon request for initiation of a communication session, logic to present to the second station a user interface for initiation of an authentication session including a compiled version of the session random symmetric encryption key and parameters for one or more conversion arrays, said user interface including a prompt for entry of said identifier of the second station, and at least one of said first and second shared secrets.
  - 24. The apparatus of claim 13 including logic executing a further exchange including instructionssending a message from the first station to the second station carrying an authentication signal indicating success or failure of mutual authentication and establishment of the final symmetric encryption key, said authentication signal being encrypted using one of said data random symmetric keys from a previous exchange in the plurality of exchanges.

25. An article of manufacture, comprising:
- a machine readable data storage medium having computer program instructions stored therein, for creating and securely distributing ephemeral random symmetric keys for use in a plurality of concurrent or spaced in time communication sessions on a communication medium between a first data processing station and a plurality of second data processing stations having access to the communication medium, in which the first station and each second station in the plurality of second stations have respective identifiers and first and second shared secrets, and for mutual authentication of the first and second stations without exchanging messages carrying said shared secrets via the communication medium, said instructions comprising;
  
  logic to receive at the first station requests from the plurality of second stations for initiation of a communication session;
  
  logic to produce an array of session random symmetric encryption keys and plurality of sub-arrays of data random symmetric keys at the first station, where each sub-array is subordinated only to a respective session random symmetric encryption key to service a plurality of communication sessions by continuously generating, storing and obliterating the keys in the array and in the sub-arrays; and
  
  logic to select, after receiving a request from a particular second station, a session random symmetric encryption key from said array, and to execute a plurality of exchanges of encrypted messages across said communication medium during an authentication stage of the communication session, the exchanges in the plurality of exchanges including at least one message carrying respective data random symmetric keys from the sub-array which is subordinated to the selected session random symmetric encryption key from the first station to the second station and messages respectively returning the data random symmetric keys, or their hashed equivalents, in an encrypted form from the second station to the first station, to mutually authenticate the first station and the second station without exchanging the first and second shared secrets over the communication medium, and to provide one of the data random symmetric keys from the sub-array to the second station as a final symmetric encryption key for use in subsequent communications during said communication session;
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is encrypted using an intermediate data random symmetric encryption key, where the intermediate data random symmetric encryption key is one of the data random symmetric keys from said sub-array, exchanged in a previous one of the plurality of exchanges; and
  
  wherein in at least one of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the first shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange, andin at least one other of the plurality of exchanges, the respective data random symmetric key, or its hashed equivalent, is veiled in a conversion array using the second shared secret and then, encrypted using one of the data random symmetric keys from said sub-array exchanged in a previous exchange.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The article of claim 25, wherein said logic to produce an array of session random symmetric encryption keys at the first station includes instructions:
    - providing a buffer at the first station;
      
      generating said keys and storing said keys in the buffer;
      
      associating respective session random key initiation intervals with said keys stored in said buffer;
      
      selecting keys from said buffer as said selected session random symmetric encryption keys in response to requests received by said first station during said respective session random key initiation intervals;
      
      removing keys from said buffer after expiry of the respective session random key lifetimes, where the session random key lifetimes expire after the session random key initiation intervals.
  - 27. The article of claim 26, wherein said buffer is managed as a circular buffer.
  - 28. The article of claim 26, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value to engage into establishing a communication session, where M is less than or equal to 10.
  - 29. The article of claim 26, wherein a session random key lifetime in the buffer for said plurality of exchanges has a value within which the plurality of exchanges can be completed in expected circumstances, and said keys are removed from said buffer after a multiple M times said value, and the session random key lifetime to engage into establishing a communication session is less than about 90 seconds.
  - 30. The article of claim 25, wherein said plurality of exchanges includesa first exchange including sending a first message from the first station carrying said selected session random symmetric encryption key to the second station, where the second station returns a second message carrying said identifier of the second station encrypted using said selected session random symmetric encryption key, and decrypting said identifier of the second station at the first station to validate the second station;
    - anda second exchange including sending a further message from the first station to the second station, the further message carrying a particular data random symmetric key from said sub-array encrypted using said selected session random key, where the second station returns another message carrying a hashed version of said particular data random symmetric key encrypted using said particular data random symmetric key to the first station, and decrypting said hashed version of said particular data random symmetric key at the first station using said particular data random symmetric key.
  - 31. The article of claim 25, logic to present, after said request for initiation of a communication session, to the second station a user interface along with the selected session random symmetric encryption key, said user interface including a prompt for entry of said identifier of the second station and at least one of said first and second shared secrets.
  - 32. The article of claim 25, logic to present, after said request for initiation of a communication session, to the second station a user interface along with the selected session random symmetric encryption key, said user interface including a prompt for entry of said identifier of the second station and said first and second shared secrets.
  - 33. The article of claim 30, wherein said plurality of exchanges includesat least one additional exchange in said plurality of exchanges, wheresaid at least one additional exchange includes sending an additional message from the first station to the second station carrying a next data random symmetric key from said sub-array encrypted using a data random symmetric key from said sub-array exchanged during a previously completed exchange in said plurality of exchanges, where the second station decrypts said next data random symmetric key and returns a responsive message carrying a hashed version of said next data random symmetric key encrypted using said next data random symmetric key, and decrypting at the first station said hashed version of said next data random symmetric key using said next data random symmetric key.
  - 34. The article of claim 33, including logic executing more than one of said additional exchanges.
  - 35. The article of claim 25, including upon request for initiation of a communication session, logic to present to the second station a user interface for initiation of an authentication session including a compiled version of the session random symmetric encryption key and parameters for one or more conversion arrays, said user interface including a prompt for entry of said identifier of the second station, and at least one of said first and second shared secrets.
  - 36. The article of claim 25, including logic executing a further exchange including instructions sending a message from the first station to the second station carrying an authentication signal indicating success or failure of mutual authentication and establishment of the final symmetric encryption key, said authentication signal being encrypted using one of said data random symmetric keys from a previous exchange in the plurality of exchanges.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative
Inventors
Mizrah, Len L.
Primary Examiner(s)
Abrishamkar; Kaveh

Application Number

US10/653,506
Publication Number

US 20050050323A1
Time in Patent Office

2,023 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

H04L 9/0844 with user authentication or...

H04L 9/3273 for mutual authentication n...

Communication session encryption and authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Communication session encryption and authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links