[특허]Enhanced subscriber authentication protocol

Enhanced subscriber authentication protocol 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04K-001/00 H04L-009/00 H04M-001/66
출원번호	US-0871672 (2001-06-04)
우선권정보	CA-2255285(1998-12-04)
발명자 / 주소	Panjwani,Prakash Blake Wilson,Simon
출원인 / 주소	Certicom Corp.
대리인 / 주소	Dowell &
인용정보	피인용 횟수 : 22 인용 특허 : 16

초록 ▼

The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key bas

대표청구항 ▼

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows: 1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of: a) said second correspondent obtaining said public key of said first correspondent; b) said second correspondent sending a short-lived public key and said second correspondent's identity to said first correspondent; c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent's identity, a random challenge, and said short-lived public key; e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration; f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent's public key to generate said pair of secret keys; g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent's identity, said random challenge, and said short-lived public key; h) said second correspondent verifying said first MAC using said first of said pair of secret keys; i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent; j) said first correspondent verifying said second MAC using said first of said pair of secret keys; k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and l) said correspondents using at least one of said session keys in a secure communication. 2. A method according to claim 1, said first correspondent being a mobile station and said second correspondent being a base station. 3. A method according to claim 2, said secure communication being a call originated by said mobile station. 4. A method according to claim 2, said secure communication being a call terminating at said mobile station. 5. A method according to claim 2, wherein the value used in said mobile station MAC is 2 and said base station MAC is 3. 6. A method according to claim 2, said elliptic curve having a cofactor t, said short-lived public key being bP, said mobile station private key being m, and said pair of secret keys being generated from a shared secret tmbP. 7. A method according to claim 2, said secure communication being a data exchange between said stations. 8. A method according to claim 7, said data exchange being used for internet browsing. 9. A method according to claim 7, said data exchange being used for financial transactions. 10. A method according to claim 1, said second correspondent obtaining said public key from a service provider of said first correspondent. 11. A method according to claim 10, said service provider obtaining said public key by a manual exchange at a distributor outlet. 12. A method according to claim 11, said public key being transmitted to said service provider using a dial-up connection. 13. A method according to claim 10, said service provider obtaining said public key by an exchange at manufacture time. 14. A method according to claim 13, said exchange comprising the steps of a manufacturer retrieving said public key, and transmitting said public key to said service provider. 15. A method according to claim 10, said service provider obtaining said public key by an over-the-air exchange. 16. A method according to claim 15, said over-the-air exchange being secured using a password established between a user of said mobile station and said service provider. 17. A method according to claim 15, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 18. A method according to claim 1, said second correspondent being a service provider of said first correspondent. 19. A method according to claim 1, the MACs computed in steps (d) and (h) each incorporating a value, said values being distinct from each other. 20. A method according to claim 1, said private keys, said public keys, and said MACs computed using elliptic curve cryptography. 21. A base station for use in a communication system having at least one mobile station, said base station and each said at least one mobile station having a respective identity, each said at least one mobile station having a private key and a public key derived from said private key, said base station initiating communications with a respective one of said mobile stations by: a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station's identity, a random challenge and a first MAC, said first MAC computed on said base station's identity, said mobile station's identity, said random challenge and said short-lived public key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station's public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station's identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; and g) computing a session key to secure communication with said mobile station by using a second of said pair of secret keys, said short-lived public key and said random challenge. 22. A base station according to claim 21, wherein said base station obtains access to said public key from a service provider. 23. A base station according to claim 21, wherein said base station is a service provider of said mobile station. 24. A base station according to claim 23, wherein said base station obtains said public key by a manual exchange at a distributor outlet. 25. A base station according to claim 23, wherein said base station receives said public key using a dial-up connection. 26. A base station according to claim 23, wherein said base station obtains said public key by an exchange at manufacture time. 27. A base station according to claim 26, wherein said exchange comprises the manufacturer retrieving said public key, and transmitting said public key to said base station. 28. A base station according to claim 26, wherein said base station obtains said public key by an over-the-air exchange. 29. A base station according to claim 28, wherein said over-the-air exchange is secured using a password established between a user of said mobile station and said base station. 30. A base station according to claim 28, wherein said over-the-air-exchange is secured using a password embedded in said mobile station at manufacture time. 31. A base station according to claim 21, wherein said public key, said private key, said short lived public key, and said short lived private key use elliptic curve cryptography. 32. A method according to claim 31, said base station being a service provider of said mobile station. 33. A method according to claim 31, said base station accessing said public key by receiving said public key from a service provider. 34. A method according to claim 33, said base station obtaining said public key by a manual exchange at a distributor outlet. 35. A method according to claim 33, said base station obtaining said public key by an exchange at manufacture time. 36. A method according to claim 33, said base station receiving said public key using a dial-up connection. 37. A method according to claim 36, said base station obtaining said public key by an over-the-air exchange. 38. A method according to claim 36, said exchange comprising the manufacturer retrieving said public key, and transmitting said public key to said base station. 39. A method according to claim 38, said over-the-air exchange being secured using a password established between a user of said mobile station and said base station. 40. A method according to claim 38, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 41. A method of establishing communications between a base station and a mobile station, said base station and said mobile station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said method comprising the base station performing the steps of: a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station's identity, a random challenge and a first MAC, said first MAC computed on said base station's identity, said mobile station's identity, said random challenge and said short-lived cubic key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station's public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station's identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; g) computing a session key using a second of said pair of secret keys, said short-lived public key and said random challenge; and h) using said session key to secure communication with said mobile station. 42. A method for authenticating a first correspondent and a second correspondent in a communication system, wherein the first correspondent has a private key and public key pair, said method comprising the steps of: a) said second correspondent transmitting a short term public key along with an identifier to said first correspondent; b) said first correspondent combining its private key with the second correspondent's short term public key and generating a pair of shared secret keys; c) the correspondents using the first of said pair of shared secret keys for mutual authentication between said first and second correspondent; d) the correspondents using the second shared secret key of said pair of shared secret keys for establishing a secret session key; e) the correspondents using said secret session key to provide confidentiality for authenticated communications in the communication system; said mutual authentication characterised in that the first correspondent authenticates itself to the second correspondent using its private key, and the second correspondent authenticates itself to the first correspondent using the first correspondent's public key obtained by said second correspondent from a trusted correspondent.

이 특허에 인용된 특허 (16)

Simon Blake-Wilson GB; Donald Johnson ; Alfred Menezes CA, Authenticated key agreement protocol.
상세보기
Diffie Whitfield ; Aziz Ashar,PKX, Method and apparatus for privacy and authentication in wireless networks.
상세보기
Lamb James A., Method and apparatus for providing fraud protection mediation in a mobile telephone system.
상세보기
Bjorklund Ronald E. (Gattieres FRX) Bauchot Frederic (Saint Jeannet FRX) Wetterwald Michele M. (Cagnes Sur Mer FRX) Kutten Shay (Rockaway NJ) Herzberg Amir (Bronx NY), Method and system for key distribution and authentication in a data communication network.
상세보기
Leslie D. Owens ; Mark S. Plecity ; Alvah B. Davis ; David T. Kiswani ; I-Hsiang Yu, Method and system for validating subscriber identities in a communications network.
상세보기
Dent Paul W. (Stehag SEX) Raith Alex K. (Kista SEX) Dahlin Jan E. Å. S. (Jarfalla SEX), Method of carrying out an authentication check between a base station and a mobile station in a mobile radio system.
상세보기
Maruyama Minoru,JPX ; Kanno Hiroshi,JPX ; Fujiwara Shuuji,JPX ; Watanabe Kunio,JPX, Method of mobile unit registration and method of IC card registration for mobile communications system, and mobile unit.
상세보기
Miyaji Atsuko (Kawachinagano JPX) Tatebayashi Makoto (Takarazuka JPX), Method of privacy communication using elliptic curves.
상세보기
Tsubakiyama Hideki (Ohmiya JPX), Mutual authentication/cipher key delivery system.
상세보기
Shah Bharat, Network-initiated change of mobile phone parameters.
상세보기
Dent Paul Wilkinson,SEX ; Haartsen Jacobus Cornelius,SEX, Secure radio personal communications system and method.
상세보기
Reeds ; III James A. (New Providence NJ) Treventi Philip A. (Murray Hill NJ), Service provision authentication protocol.
상세보기
Corriveau Michel,CAX ; Houde Michel,CAX, System and method for over the air activation in a wireless telecommunications network.
상세보기
Venkatesan Ramarathnam R. ; Montgomery Peter L., Technique for producing a privately authenticatable product copy indicia and for authenticating such an indicia.
상세보기
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
상세보기
Quick ; Jr. Roy Franklin, Wireless subscription portability.
상세보기

이 특허를 인용한 특허 (22)

Springer, James J.; Salgado, Stephanie, Authentication by use of symmetric and asymmetric cryptography.
상세보기
Leu, Muh-Chyi; Sun, Hung-Min, Authentication method employing elliptic curve cryptography.
상세보기
Paddon, Michael; Rose, Gregory Gordon; Semple, James; Hawkes, Philip Michael, Context limited shared secret.
상세보기
Sherkin, Alexander; Karmakar, Srimantee; Doktorova, Laura; Fritsch, Brindusa Laura; Vitanov, Kamen; Little, Herbert; Hung, Michael, Destroying a secure session maintained by a server on behalf of a connection owner.
상세보기
Kakii, Hiroshi, Examination apparatus, communication system, examination method, computer-executable program product, and computer-readable recording medium.
상세보기
Nguyen, Nam; Zhang, Donggen; Tomalenas, Paul, Method and apparatus for end-to-end mobile user security.
상세보기
Balfanz,Dirk; Smetters,Diana K.; Stewart,Paul Joseph; Durfee,Glenn E.; Grinter,Rebecca E.; Wong,Hao Chi, Method and apparatus for establishing and using a secure credential infrastructure.
상세보기
Suh, Kyung-Joo; Choi, Sung-Ho, Method and system for managing mobility of an access terminal in a mobile communication system using mobile IP.
상세보기
Kiiveri, Antti; Asokan, Nadarajah; Niemi, Valtteri, Method for protecting electronic device, and electronic device.
상세보기
Hori, Yoshihiro, Method for transmission/reception of contents usage right information in encrypted form, and device thereof.
상세보기
Hori, Yoshihiro; Sato, Yoshizo; Horiuchi, Keiji, Method for transmission/reception of contents usage right information in encrypted form, and device thereof.
상세보기
Youn, Ae Ran; Ryu, Ki Seon; Cho, Hee Jeong; Kong, Tae Gon, Method of allocating CID for fast handover.
상세보기
Ryu, Ki Seon, Method of handover.
상세보기
Guo, Yi C, Networked computer environment assurance system and method.
상세보기
Brown, Daniel R. L.; Vanstone, Scott A., Privacy-enhanced E-passport authentication protocol.
상세보기
Brandwine, Eric Jason; Wilson, Matthew Shawn, Secure interface for invoking privileged operations.
상세보기
Brandwine, Eric Jason; Wilson, Matthew Shawn, Securing results of privileged computing operations.
상세보기
Natarajan, Vijayarangan, System and method for designing secure client-server communication protocols based on certificateless public key infrastructure.
상세보기
Lambert, Robert John, System and method for performing device authentication using key agreement.
상세보기
Sharma,Mukesh; Skiscim,Christopher; Roberts,Philip; Sanchez,Luis, System and method for secure network roaming.
상세보기
Vialen, Jukka; Niemi, Valtteri, System for ensuring encrypted communication after handover.
상세보기
Alrabady, Ansaf I., User transparent registration process for secure communication.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Enhanced subscriber authentication protocol 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (16)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Enhanced subscriber authentication protocol 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (16)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트