CA2320221A1 - Secure one-way authentication communication system - Google Patents

Secure one-way authentication communication system Download PDF

Info

Publication number
CA2320221A1
CA2320221A1 CA002320221A CA2320221A CA2320221A1 CA 2320221 A1 CA2320221 A1 CA 2320221A1 CA 002320221 A CA002320221 A CA 002320221A CA 2320221 A CA2320221 A CA 2320221A CA 2320221 A1 CA2320221 A1 CA 2320221A1
Authority
CA
Canada
Prior art keywords
correspondent
public key
shared secret
response
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002320221A
Other languages
French (fr)
Other versions
CA2320221C (en
Inventor
Scott A. Vanstone
Ashok V. Vadekar
Robert J. Lambert
Robert P. Gallant
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Certicom Corp
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2320221A1 publication Critical patent/CA2320221A1/en
Application granted granted Critical
Publication of CA2320221C publication Critical patent/CA2320221C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A protocol for authenticating at least one of a pair of first and second correspondents C and T in a data communication system, the method comprising the steps of storing a public key in the first correspondent C; computing a shared secret by the second correspondent T incorporating the public key C; storing the shared secret in the first correspondent C; the second correspondent T generating a challenge value ; the first correspondent C transmitting to the second correspondent T information including the stored public key C; the second correspondent T computing a test shared secret from the received public key C; the first and second correspondents computing response signals using the challenge value and the shared secret in a one-way function f1; and the first correspondent C transmitting the computed response signal to the second correspondent T whereby the second correspondent verifies the first correspondent.

Claims (12)

  1. WE CLAIM:

    A method of authenticating at least one of a pair of first and second correspondents C and T in a data communication system, said method comprising the steps of storing a public key in said first correspondent C;

    computing a shared secret by said second correspondent T incorporating said public key C;

    storing said shared secret in said first correspondent C;

    said second correspondent T generating a challenge value X;

    said first correspondent C transmitting to the second correspondent T
    information including said stored public key C;

    said second corespondent T computing a test shared secret from said received public key C;

    said first and second correspondents computing response signals using said challenge value X and said shared secret in a one-way function f~; and said first correspondent C transmitting said computed response signal to said second correspondent T whereby said second correspondent verifies said second correspondent.
  2. 2. A method as defined in claim 1, including said first correspondent C
    transmitting a signed message m with said response.
  3. 3. A method as defined in claim 2, including signing said message with said one way function.
  4. 4. A method as defined in claim 3, said signed message being included with said computed response and concatenated with said message for transmission.
  5. 5. A method as defined in claim 1, including said first correspondent C
    encrypting a message m in accordance with a symmetric key scheme, wherein said symmetric key is derived from said computed response value and transmitting said encrypted message to said second corespondent T.
  6. 6. A method as defined in claim 5, said signature scheme is an RSA type signature scheme.
  7. 7. A method as defined in claim 1, said shared secret being computed by said second corespondent T by utilizing its secret key and the public key C.
  8. 8. A method as defined in claim 1, said second corespondent T having a plurality of private keys t i corresponding to respective first correspondents;

    receiving from said first correspondent C an identification index i; and using said corresponding private key t i and the public key C to compute a shared secret ss i.
  9. 9. A method as defined in claim 1, said public key scheme being an elliptic curve scheme.
  10. 10. A method as defined in claim 1, said public key scheme being an RSA type scheme.
  11. 11. A method of authenticating at least one of a pair of correspondents T and C in an information exchange session, and wherein one of the correspondents T includes a secret key t and the other correspondent C has a public key C and a shared secret value t c derived from said public key C and said secret key t, the method comprising the steps of:

    the first correspondent C transmitting to the second correspondent T
    information including said public key C;

    the second correspondent T generating a challenge signal X and transmitting said challenge signal X to said first correspondent C;

    said second correspondent T generating a session shared secret ss by combing said private key t with said public key C of said first correspondent C;

    said second correspondent T generating a response signal k t by combining said session shared secret ss with said challenge signal X, in a mathematical function f~;

    said first correspondent C generating a response value k c by combining said shared secret t c with said challenge value X in said mathematical function f~ and sending said response value k c to said second correspondent T; and said second correspondent T comparing said response test value k t to said challenge response value k c to verify said first correspondent C.
  12. 12. An article of manufacture comprising:

    a computer usable medium having computer readable program code embodied therein for authenticating at least one of a pair of correspondents T and C in an information exchange session, and wherein one of the correspondents T includes a secret key t and the other correspondent C has a public key C and a shared secret value t c derived from said public key C and said secret key t, the computer readable program code in said article of manufacture comprising;

    computer readable program code configured to cause a computer to generating a challenge signal X and transmitting said challenge signal X to said first correspondent C in response to a received public information from said first correspondent;

    computer readable program code configured to cause a computer to generating a session shared secret ss by combing said private key t with said public key C
    of said first correspondent C;

    computer readable program code configured to cause a computer to generate a test response signal k t by combining said session shared secret ss with said challenge signal X, in a mathematical function f~;

    computer readable program code configured to cause a computer to compare said response test signal k t to a received response value k c from said first correspondent to verify said first correspondent C.
CA002320221A 1998-01-30 1999-02-01 Secure one-way authentication communication system Expired - Lifetime CA2320221C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GB9802152.0 1998-01-30
GBGB9802152.0A GB9802152D0 (en) 1998-01-30 1998-01-30 Secure one way authentication communication system
PCT/CA1999/000053 WO1999039476A1 (en) 1998-01-30 1999-02-01 Secure one-way authentication communication system

Publications (2)

Publication Number Publication Date
CA2320221A1 true CA2320221A1 (en) 1999-08-05
CA2320221C CA2320221C (en) 2009-12-22

Family

ID=10826273

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002320221A Expired - Lifetime CA2320221C (en) 1998-01-30 1999-02-01 Secure one-way authentication communication system

Country Status (7)

Country Link
US (1) US6430690B1 (en)
EP (1) EP1050134B1 (en)
JP (1) JP4564167B2 (en)
AU (1) AU2145999A (en)
CA (1) CA2320221C (en)
GB (1) GB9802152D0 (en)
WO (1) WO1999039476A1 (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7107246B2 (en) * 1998-04-27 2006-09-12 Esignx Corporation Methods of exchanging secure messages
US6669385B1 (en) * 1999-05-25 2003-12-30 Silverbrook Research Pty Ltd Printer having a document transfer device
US6862583B1 (en) 1999-10-04 2005-03-01 Canon Kabushiki Kaisha Authenticated secure printing
US7003667B1 (en) 1999-10-04 2006-02-21 Canon Kabushiki Kaisha Targeted secure printing
FI111208B (en) 2000-06-30 2003-06-13 Nokia Corp Arrangement of data encryption in a wireless telecommunication system
GB2366938B (en) * 2000-08-03 2004-09-01 Orange Personal Comm Serv Ltd Authentication in a mobile communications network
US7454796B2 (en) * 2000-12-22 2008-11-18 Canon Kabushiki Kaisha Obtaining temporary exclusive control of a printing device
DE10108819A1 (en) * 2001-02-23 2002-09-12 Infineon Technologies Ag Process for the secure handling of a data communication concerning a money transaction
US7284061B2 (en) * 2001-11-13 2007-10-16 Canon Kabushiki Kaisha Obtaining temporary exclusive control of a device
US7305556B2 (en) * 2001-12-05 2007-12-04 Canon Kabushiki Kaisha Secure printing with authenticated printer key
US7581095B2 (en) * 2002-07-17 2009-08-25 Harris Corporation Mobile-ad-hoc network including node authentication features and related methods
US7334255B2 (en) * 2002-09-30 2008-02-19 Authenex, Inc. System and method for controlling access to multiple public networks and for controlling access to multiple private networks
US20040109567A1 (en) * 2002-12-05 2004-06-10 Canon Kabushiki Kaisha Encryption key generation in embedded devices
US7111322B2 (en) * 2002-12-05 2006-09-19 Canon Kabushiki Kaisha Automatic generation of a new encryption key
US7389530B2 (en) * 2003-09-12 2008-06-17 International Business Machines Corporation Portable electronic door opener device and method for secure door opening
US8132005B2 (en) * 2005-07-07 2012-03-06 Nokia Corporation Establishment of a trusted relationship between unknown communication parties
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
DE102010011022A1 (en) * 2010-03-11 2012-02-16 Siemens Aktiengesellschaft Method for secure unidirectional transmission of signals
DE102010055699A1 (en) * 2010-12-22 2012-06-28 Giesecke & Devrient Gmbh Cryptographic process
US8566922B2 (en) * 2011-05-25 2013-10-22 Barry W. Hargis System for isolating a secured data communication network
US8947200B2 (en) * 2011-11-17 2015-02-03 Utc Fire & Security Corporation Method of distributing stand-alone locks
US9864873B2 (en) 2013-03-15 2018-01-09 Trustarc Inc Managing data handling policies
US9565211B2 (en) 2013-03-15 2017-02-07 True Ultimate Standards Everywhere, Inc. Managing exchanges of sensitive data
CN106982214A (en) * 2017-03-31 2017-07-25 山东超越数控电子有限公司 A kind of cloud desktop security of use NFC technique logs in ID card and cloud desktop security login method
CN112154626B (en) 2018-05-14 2024-08-23 区块链控股有限公司 Computer-implemented systems and methods for performing atomic swaps using blockchain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
JP2786092B2 (en) * 1993-10-18 1998-08-13 日本電気株式会社 Mobile communication terminal authentication method
JP3331487B2 (en) * 1994-11-25 2002-10-07 日本電信電話株式会社 Document information and user validity authentication method and system
JPH08160857A (en) * 1994-11-30 1996-06-21 Hitachi Ltd Authentication method and authentication system based on elliptic curve
JPH09200198A (en) * 1996-01-17 1997-07-31 Nec Corp Message verfication system
JP3435472B2 (en) * 1996-05-01 2003-08-11 日本電信電話株式会社 Security authentication method and system
US5982898A (en) * 1997-03-07 1999-11-09 At&T Corp. Certification process

Also Published As

Publication number Publication date
US6430690B1 (en) 2002-08-06
CA2320221C (en) 2009-12-22
EP1050134A1 (en) 2000-11-08
EP1050134B1 (en) 2016-08-03
WO1999039476A1 (en) 1999-08-05
GB9802152D0 (en) 1998-04-01
AU2145999A (en) 1999-08-16
JP4564167B2 (en) 2010-10-20
JP2002502186A (en) 2002-01-22

Similar Documents

Publication Publication Date Title
CA2320221A1 (en) Secure one-way authentication communication system
US7840004B2 (en) Split-key key-agreement protocol
US6578144B1 (en) Secure hash-and-sign signatures
Huang et al. PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs
CA2698000C (en) Signatures with confidential message recovery
US6985583B1 (en) System and method for authentication seed distribution
US11223486B2 (en) Digital signature method, device, and system
EP2416524B1 (en) System and method for secure transaction of data between wireless communication device and server
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
US20070067629A1 (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks
CN1937496A (en) Extensible false name certificate system and method
US20150003615A1 (en) Key agreement protocol
CN113849831B (en) A two-party collaborative signature and decryption method and system based on SM2 algorithm
CA2830285C (en) Keyed pv signatures
CN103731270A (en) Communication data encryption and decryption method based on BBS, RSA and SHA-1 encryption algorithm
CA2819211C (en) Data encryption
Pu et al. Generic construction of conditional privacy-preserving certificateless signatures with efficient instantiations for VANETs
CA2259738C (en) A resilient cryptographic scheme
US6507656B1 (en) Non malleable encryption apparatus and method
CN118337392A (en) RSA multiple blind signature method and system based on identity verification
WO2016187690A1 (en) Key agreement protocol
CN117134904A (en) Method based on identity recognition and dynamic encryption and decryption communication
CN114448636B (en) Quantum-resistant computing digital currency system based on digital certificate and anonymous communication method
Hwang Scheme for secure digital mobile communications based on symmetric key cryptography
CN109787773B (en) Anti-quantum computation signcryption method and system based on private key pool and Elgamal

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20190201