Method for establishing a secure communication channel
First Claim
1. A method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (skc,pkc), the method comprising:
- said remote server generating an ephemeral key (sks,pks), a mutual authentication step wherein the client (C) sends a public key (pkc) of said long-term key pair (skc, pkc) and the proof that said public key (pkc) is valid to the server (S), and wherein the remote server (S) sends the public key (pks) of said ephemeral key pair (sks, pks) to the client (C), the client (C) generates an ephemeral key pair (skcc,pkcc) and sends the public key (pkcc) of said ephemeral key pair (skcc,pkcc) to the server (S) so as to enable the independent determination of a secret common to the client (C) and to the remote server (S) for opening the secure communication channel, said common secret being calculated by the client using the long-term key pair of the client (skc,pkc), the ephemeral secret key (skcc) of said ephemeral key pair (skcc,pkcc) of the client (C) and the ephemeral public key (pks) of the server, and being calculated by the server using the long-term public key (pkc) of the client, the ephemeral secret key (sks) of the server (S) and the ephemeral key (pkcc) of the client (C) wherein the common secret is calculated by both the client and the server without using a long-term key pair of the server.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (skc,pkc), said remote server generating an ephemeral key (sks,pks), the method comprising a mutual authentication step wherein the client (C) sends a public key (pkc) of said long-term key pair (skc, pkc) and the proof that said public key (pkc) is valid to the server (S), and wherein the remote server (S) sends the public key (pks) of said ephemeral key pair (sks,pks) to the client (C). The client (C) generates an ephemeral key pair (skCc,pkCc) and sends the public key (pKcc) of said ephemeral key pair (skcc,pkcc) to the server (S) so as to generate a secret common to the client (C) and to the remote server (S) for opening the secure communication channel.
4 Citations
10 Claims
-
1. A method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (skc,pkc), the method comprising:
- said remote server generating an ephemeral key (sks,pks), a mutual authentication step wherein the client (C) sends a public key (pkc) of said long-term key pair (skc, pkc) and the proof that said public key (pkc) is valid to the server (S), and wherein the remote server (S) sends the public key (pks) of said ephemeral key pair (sks, pks) to the client (C), the client (C) generates an ephemeral key pair (skcc,pkcc) and sends the public key (pkcc) of said ephemeral key pair (skcc,pkcc) to the server (S) so as to enable the independent determination of a secret common to the client (C) and to the remote server (S) for opening the secure communication channel, said common secret being calculated by the client using the long-term key pair of the client (skc,pkc), the ephemeral secret key (skcc) of said ephemeral key pair (skcc,pkcc) of the client (C) and the ephemeral public key (pks) of the server, and being calculated by the server using the long-term public key (pkc) of the client, the ephemeral secret key (sks) of the server (S) and the ephemeral key (pkcc) of the client (C) wherein the common secret is calculated by both the client and the server without using a long-term key pair of the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
Specification