The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key bas
The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key based mutual authentication and key exchange followed by symmetric-key secure data exchange.
대표청구항▼
What is claimed is: 1. A method of a first correspondent authenticating a second correspondent in a communication system, said method comprising: said first correspondent exchanging cryptographic keys with said second correspondent based on a public key mutual authentication scheme, said mutual aut
What is claimed is: 1. A method of a first correspondent authenticating a second correspondent in a communication system, said method comprising: said first correspondent exchanging cryptographic keys with said second correspondent based on a public key mutual authentication scheme, said mutual authentication comprising: said first correspondent transmitting a short term public key along with an identifier to said second correspondent to enable said second correspondent to combine its private key with said short term public key and generate a pair of shared secret keys therefrom wherein a first of said shared secret keys is used for said mutual authentication and a second of said shared secret keys is used for establishing a secret session key, said first correspondent using a short term private key and a public key of said second correspondent to generate said pair of shared secret keys, and said first correspondent using said second of said shared secret keys to establish said session key; and said first correspondent using said session key for encrypting data in a symmetric-key data exchange. 2. The method according to claim 1, said first correspondent being a base station and said second correspondent being a mobile station. 3. The method according to claim 1, including said first correspondent receiving a registration request from said second correspondent, said registration request being generated by computing an authentication string using the first of said shared secret keys. 4. The method according to claim 1, including comparing said first of said shared secret keys received from said second correspondent with said first of said shared secret keys generated by said first correspondent; and computing a pair of session keys for said data exchange. 5. A communication system comprising a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said system being configured for establishing communication between said first and second correspondent by: a) said second correspondent obtaining said public key of said first correspondent; b) said second correspondent sending a short-lived public key and said second correspondent's identity to said first correspondent; c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent's identity, a random challenge, and said short-lived public key; e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration; f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent's public key to generate said pair of secret keys; g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent's identity, said random challenge, and said short-lived public key; h) said second correspondent verifying said first MAC using said first of said pair of secret keys; i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent; j) said first correspondent verifying said second MAC using said first of said pair of secret keys; k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and l) said correspondents using at least one of said session keys in a secure communication. 6. The system according to claim 5, said first correspondent being a mobile station and said second correspondent being a base station. 7. The system according to claim 5, said secure communication being a data exchange between said first and second correspondents, said data exchange being used for any one or both of internet browsing and financial transactions. 8. The system according to claim 5, said second correspondent obtaining said public key from a service provider of said first correspondent. 9. The system according to claim 8, said service provider obtaining said public key by a manual exchange at a distributor outlet. 10. The method according to claim 8, said service provider obtaining said public key by an exchange at manufacture time. 11. The system according to claim 8, said service provider obtaining said public key by an over-the-air exchange. 12. The system according to claim 11, said over-the-air exchange being secured using a password established between a user of said mobile station and said service provider. 13. The system according to claim 11, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 14. The system according to claim 5, said private keys, said public keys, and said MACs computed using elliptic curve cryptography. 15. A method of establishing communications between a mobile station and a base station, said mobile station and said base station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said method comprising said mobile station; a) providing its public key to be obtained by said base station; b) receiving from said base station, a short-lived public key computed by said base station from a short-lived private key, and said second correspondent's identity; c) combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent's identity, a random challenge, and said short-lived public key; e) sending its identity, said random challenge, and said first MAC to said base station, thereby requesting registration; f) receiving from said base station, a second MAC registering said mobile station, said second MAC having been computed by said base station on its identity, said mobile station's identity, said random challenge and said short-lived public key using a first of said pair of secret keys, said pair of secret keys having been generated by said base station using said short-lived private key and said mobile station's public key; said first MAC enabling said base station to verify said mobile station; g) verifying said second MAC using said first of said pair of secret keys; and h) computing a pair of session keys from a second of said pair of secret keys, said short-lived public key and said random challenge to enable said mobile station to use at least one of said session keys in a secure communication. 16. The method according to claim 15, said base station being a service provider of said mobile station. 17. The method according to claim 16, said base station having obtained said public key by an over-the-air exchange, said over-the-air exchange being secured using a password established between a user of said mobile station and said base station. 18. The method according to claim 17, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 19. The method according to claim 15, said private keys, said public keys, and said MACs computed using elliptic curve cryptography. 20. A mobile station for use in a communication system having a base station, said mobile station and said base station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said mobile station being configured for communicating with said base station by: a) providing its public key to be obtained by said base station; b) receiving from said base station, a short-lived public key computed by said base station from a short-lived private key, and said second correspondent's identity; c) combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent's identity, a random challenge, and said short-lived public key; e) sending its identity, said random challenge, and said first MAC to said base station, thereby requesting registration; f) receiving from said base station, a second MAC registering said mobile station, said second MAC having been computed by said base station on its identity, said mobile station's identity, said random challenge and said short-lived public key using a first of said pair of secret keys, said pair of secret keys having been generated by said base station using said short-lived private key and said mobile station's public key; said first MAC enabling said base station to verify said mobile station; g) verifying said second MAC using said first of said pair of secret keys; and h) computing a pair of session keys from a second of said pair of secret keys, said short-lived public key and said random challenge to enable said mobile station to use at least one of said session keys in a secure communication. 21. The mobile station according to claim 20, said base station being a service provider of said mobile station. 22. The mobile station according to claim 21, said base station having obtained said public key by an over-the-air exchange, said over-the-air exchange being secured using a password established between a user of said mobile station and said base station. 23. The mobile station according to claim 22, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time. 24. The mobile station according to claim 20, said private keys, said public keys, and said MACs computed using elliptic curve cryptography.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (14)
Simon Blake-Wilson GB; Donald Johnson ; Alfred Menezes CA, Authenticated key agreement protocol.
Menzel,Christian; Haferbeck,Ralf, Method and communications system for ciphering information for a radio transmission and for authenticating subscribers.
Dent Paul W. (Stehag SEX) Raith Alex K. (Kista SEX) Dahlin Jan E. Å. S. (Jarfalla SEX), Method of carrying out an authentication check between a base station and a mobile station in a mobile radio system.
Maruyama Minoru,JPX ; Kanno Hiroshi,JPX ; Fujiwara Shuuji,JPX ; Watanabe Kunio,JPX, Method of mobile unit registration and method of IC card registration for mobile communications system, and mobile unit.
Venkatesan Ramarathnam R. ; Montgomery Peter L., Technique for producing a privately authenticatable product copy indicia and for authenticating such an indicia.
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.