The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key bas
The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key based mutual authentication and key exchange followed by symmetric-key secure data exchange.
대표청구항▼
The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows: 1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent havi
The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows: 1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of: a) said second correspondent obtaining said public key of said first correspondent; b) said second correspondent sending a short-lived public key and said second correspondent's identity to said first correspondent; c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent's identity, a random challenge, and said short-lived public key; e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration; f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent's public key to generate said pair of secret keys; g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent's identity, said random challenge, and said short-lived public key; h) said second correspondent verifying said first MAC using said first of said pair of secret keys; i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent; j) said first correspondent verifying said second MAC using said first of said pair of secret keys; k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and l) said correspondents using at least one of said session keys in a secure communication. 2. A method according to claim 1, said first correspondent being a mobile station and said second correspondent being a base station. 3. A method according to claim 2, said secure communication being a call originated by said mobile station. 4. A method according to claim 2, said secure communication being a call terminating at said mobile station. 5. A method according to claim 2, wherein the value used in said mobile station MAC is 2 and said base station MAC is 3. 6. A method according to claim 2, said elliptic curve having a cofactor t, said short-lived public key being bP, said mobile station private key being m, and said pair of secret keys being generated from a shared secret tmbP. 7. A method according to claim 2, said secure communication being a data exchange between said stations. 8. A method according to claim 7, said data exchange being used for internet browsing. 9. A method according to claim 7, said data exchange being used for financial transactions. 10. A method according to claim 1, said second correspondent obtaining said public key from a service provider of said first correspondent. 11. A method according to claim 10, said service provider obtaining said public key by a manual exchange at a distributor outlet. 12. A method according to claim 11, said public key being transmitted to said service provider using a dial-up connection. 13. A method according to claim 10, said service provider obtaining said public key by an exchange at manufacture time. 14. A method according to claim 13, said exchange comprising the steps of a manufacturer retrieving said public key, and transmitting said public key to said service provider. 15. A method according to claim 10, said service provider obtaining said public key by an over-the-air exchange. 16. A method according to claim 15, said over-the-air exchange being secured using a password established between a user of said mobile station and said service provider. 17. A method according to claim 15, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 18. A method according to claim 1, said second correspondent being a service provider of said first correspondent. 19. A method according to claim 1, the MACs computed in steps (d) and (h) each incorporating a value, said values being distinct from each other. 20. A method according to claim 1, said private keys, said public keys, and said MACs computed using elliptic curve cryptography. 21. A base station for use in a communication system having at least one mobile station, said base station and each said at least one mobile station having a respective identity, each said at least one mobile station having a private key and a public key derived from said private key, said base station initiating communications with a respective one of said mobile stations by: a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station's identity, a random challenge and a first MAC, said first MAC computed on said base station's identity, said mobile station's identity, said random challenge and said short-lived public key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station's public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station's identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; and g) computing a session key to secure communication with said mobile station by using a second of said pair of secret keys, said short-lived public key and said random challenge. 22. A base station according to claim 21, wherein said base station obtains access to said public key from a service provider. 23. A base station according to claim 21, wherein said base station is a service provider of said mobile station. 24. A base station according to claim 23, wherein said base station obtains said public key by a manual exchange at a distributor outlet. 25. A base station according to claim 23, wherein said base station receives said public key using a dial-up connection. 26. A base station according to claim 23, wherein said base station obtains said public key by an exchange at manufacture time. 27. A base station according to claim 26, wherein said exchange comprises the manufacturer retrieving said public key, and transmitting said public key to said base station. 28. A base station according to claim 26, wherein said base station obtains said public key by an over-the-air exchange. 29. A base station according to claim 28, wherein said over-the-air exchange is secured using a password established between a user of said mobile station and said base station. 30. A base station according to claim 28, wherein said over-the-air-exchange is secured using a password embedded in said mobile station at manufacture time. 31. A base station according to claim 21, wherein said public key, said private key, said short lived public key, and said short lived private key use elliptic curve cryptography. 32. A method according to claim 31, said base station being a service provider of said mobile station. 33. A method according to claim 31, said base station accessing said public key by receiving said public key from a service provider. 34. A method according to claim 33, said base station obtaining said public key by a manual exchange at a distributor outlet. 35. A method according to claim 33, said base station obtaining said public key by an exchange at manufacture time. 36. A method according to claim 33, said base station receiving said public key using a dial-up connection. 37. A method according to claim 36, said base station obtaining said public key by an over-the-air exchange. 38. A method according to claim 36, said exchange comprising the manufacturer retrieving said public key, and transmitting said public key to said base station. 39. A method according to claim 38, said over-the-air exchange being secured using a password established between a user of said mobile station and said base station. 40. A method according to claim 38, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 41. A method of establishing communications between a base station and a mobile station, said base station and said mobile station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said method comprising the base station performing the steps of: a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station's identity, a random challenge and a first MAC, said first MAC computed on said base station's identity, said mobile station's identity, said random challenge and said short-lived cubic key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station's public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station's identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; g) computing a session key using a second of said pair of secret keys, said short-lived public key and said random challenge; and h) using said session key to secure communication with said mobile station. 42. A method for authenticating a first correspondent and a second correspondent in a communication system, wherein the first correspondent has a private key and public key pair, said method comprising the steps of: a) said second correspondent transmitting a short term public key along with an identifier to said first correspondent; b) said first correspondent combining its private key with the second correspondent's short term public key and generating a pair of shared secret keys; c) the correspondents using the first of said pair of shared secret keys for mutual authentication between said first and second correspondent; d) the correspondents using the second shared secret key of said pair of shared secret keys for establishing a secret session key; e) the correspondents using said secret session key to provide confidentiality for authenticated communications in the communication system; said mutual authentication characterised in that the first correspondent authenticates itself to the second correspondent using its private key, and the second correspondent authenticates itself to the first correspondent using the first correspondent's public key obtained by said second correspondent from a trusted correspondent.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (16)
Simon Blake-Wilson GB; Donald Johnson ; Alfred Menezes CA, Authenticated key agreement protocol.
Bjorklund Ronald E. (Gattieres FRX) Bauchot Frederic (Saint Jeannet FRX) Wetterwald Michele M. (Cagnes Sur Mer FRX) Kutten Shay (Rockaway NJ) Herzberg Amir (Bronx NY), Method and system for key distribution and authentication in a data communication network.
Leslie D. Owens ; Mark S. Plecity ; Alvah B. Davis ; David T. Kiswani ; I-Hsiang Yu, Method and system for validating subscriber identities in a communications network.
Dent Paul W. (Stehag SEX) Raith Alex K. (Kista SEX) Dahlin Jan E. Å. S. (Jarfalla SEX), Method of carrying out an authentication check between a base station and a mobile station in a mobile radio system.
Maruyama Minoru,JPX ; Kanno Hiroshi,JPX ; Fujiwara Shuuji,JPX ; Watanabe Kunio,JPX, Method of mobile unit registration and method of IC card registration for mobile communications system, and mobile unit.
Venkatesan Ramarathnam R. ; Montgomery Peter L., Technique for producing a privately authenticatable product copy indicia and for authenticating such an indicia.
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
Sherkin, Alexander; Karmakar, Srimantee; Doktorova, Laura; Fritsch, Brindusa Laura; Vitanov, Kamen; Little, Herbert; Hung, Michael, Destroying a secure session maintained by a server on behalf of a connection owner.
Kakii, Hiroshi, Examination apparatus, communication system, examination method, computer-executable program product, and computer-readable recording medium.
Balfanz,Dirk; Smetters,Diana K.; Stewart,Paul Joseph; Durfee,Glenn E.; Grinter,Rebecca E.; Wong,Hao Chi, Method and apparatus for establishing and using a secure credential infrastructure.
Hori, Yoshihiro; Sato, Yoshizo; Horiuchi, Keiji, Method for transmission/reception of contents usage right information in encrypted form, and device thereof.
Natarajan, Vijayarangan, System and method for designing secure client-server communication protocols based on certificateless public key infrastructure.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.