TH31747A - Protocols of exchanging signals in a secure computer system. - Google Patents

Abstract

DC60 Method for a protocol of secure signal exchange between A and B, which is connected by the input channel (Um). A will send the first message (21) representing a set of code numbers with Its variable and IDA identifier (IDA) automatically selects a set of code numbers, enabling it to get a certificate of identification (CA) from the fast connection. Verify A's Certificate (CA) and obtain A's Public Key (EA). Later, B will send a second (26) message containing the Certificate of B (CB), an indicator showing that B has been investigating. A Certificate of A (CA) and an identifier relating to a set of initial A code numbers that use a series of code numbers to verify the Certificate of C (CB) and obtain a key. B's Public Code (EB) Next A sends a third (28) message indicating that A has verified the BS Certificate (CB). Information that will be used can be sent from A to B. In the third (28) text, where two-way key exchange and mutual verification will be achieved. The success is with the effective expenditure of two messages (21,26) between A and B, a method for a protocol of secure signal exchange between A and B. A will send the first message (21) representing a set of ID numbers along with its variable and identifier (IDA). B will select a set of ID numbers. Make it get a certificate of A (CA) from the quick connection. Check the A's Certificate (CA) and get the A's Public Key (EA). B. will send a second message (26) containing the affidavit of B (CB), an indicator showing that B. has verified the certificate of A (CA). And an indicator associated with a set of code numbers. Beginners who use a set of code numbers to verify the BS Certificate (CB) and subsequently receive the Public Key Code (EB). A sends a third (28) message indicating that A has reviewed the B (CB) credentials.The information to be used can be sent from A to B in the third (28) message, where Two-way key exchange and mutual validation are achieved with the effective expenditure of the two messages (21,26) between A and B.

Claims (9)

1. A method for a protocol of exchanging signals in a secure computer system between the first and second groups. Which is connected via a communication channel Where each group supports a set of cipher numbers (Cipher suites), respectively. And for each group, the respective certifications will be established. Each copy of the supporting book contains a public key code (Public key) of the owner of the keys, respectively, the method will have unique characteristics which include Sending messages between the first group of messages from the first to the second. Where the text indicates the set of code numbers supported by the first group. The variable required by the set of code numbers. And indicators of the first group By responding to the first intergroup message The second group will - select one of the aforementioned code numbers, which can be used like the second group - use that identifier to get the credentials of the first group over the connection, which will be faster than the channel. The communication which connected the group significantly - examined the said credentials of the first group and thus received the first group's public key - sent messages between the second group containing the credentials of the second group. two An indication that the second group has checked the credentials of the first group. And an indication of the chosen set of numbers By responding to messages between the second group of messages, the first will - initiate the chosen number of codes - verify the credentials of the second group and thus receive the second group's public key - send messages between the third group of messages. That indicates that the first group has already reviewed the credentials of the second group. And whereby the unwanted data for the above step can be sent from the first to the second in the message between the third message. Therefore, a two-way key exchange was arranged. And both parties are examined about the cost of messages between the two groups of messages. 2. Procedure according to claim 1, whereby the procedure for obtaining the credentials of the first group consists of the recall of the credentials from external sources of the second group. 3. Method according to claim number 2, whereby such external sources will be the registration of long-distance communication networks. Or from services that collect data in ISO X.509 format. 4. Procedure according to Claim 1, whereby the process of obtaining the said first group credential consists of the recall of the credentials from the local memory. 5. Method according to claim 1, where the indicator of the first group is made up of a one-way function method. 6. Method according to claim 1, where the messages between the two such groups contain a primary control secret (Per-master secret), which the second group is obtained by generating a random number and encoding that random number into the public key of the first group. 7. Long-distance communication devices are adapted to act similar to the first group in the protocol of secure signal exchange between the device and the second group. Such equipment will consist of First group of units The first group of units has a feature that will be adjusted to - send the first message to the second group. The first message indicates a set of cipher suites, variables required by the set of numbers, the cipher and the device identifier - receives the second message from the second group. The second statement contains an indication of the number of codes selected by the second group. Identifier, where the second group uses the aforementioned device identifier to obtain and verify the device's credentials, and - use a series of code numbers identified by that second statement - check the credentials. Of the second group and thus receives the public key of the second group, and - sends the third message to the second group. The third statement indicates that the device has been reviewed for the second group's credentials. 8. Long-distance communication devices in accordance with claim 7, where the first group of units will also have a feature to be able to insert unwanted information for the above steps in. The third message 9. Long distance communication devices are also tuned to respond to the secure signal exchange protocol that was initiated by the first group. The device can then be connected to the first such group by a communication channel. Such equipment will consist of Second group unit Where the second group of units will have the characteristics that it will be adjusted to - receive the first message from the first group The first such pass indicates the set of variable code numbers required by the set of code numbers. And the indicator of the first group - select one of the aforementioned set of code numbers - use that indicator to get the credentials of the first group from the connection, which is much faster compared to the contact channel. Communicate - check the first group's aforementioned credentials and get the first group's public key - send the second to the first group. The second statement contains the device's credentials indicating that the device has been verified from the first group's credentials. And indicates the selected set of code numbers; and - receives the third message from the first group. The third message indicates that the first group has reviewed the device filter. 0. Long-distance communication devices in accordance with Claim 9, provided that the second group of units is also qualified in order to exclude unwanted data for the above steps from the said third.