WO2018047132A1 - A system and method for authentication and secure communication - Google Patents

A system and method for authentication and secure communication Download PDF

Info

Publication number
WO2018047132A1
WO2018047132A1 PCT/IB2017/055469 IB2017055469W WO2018047132A1 WO 2018047132 A1 WO2018047132 A1 WO 2018047132A1 IB 2017055469 W IB2017055469 W IB 2017055469W WO 2018047132 A1 WO2018047132 A1 WO 2018047132A1
Authority
WO
WIPO (PCT)
Prior art keywords
keyset
transformed
computing terminal
string
transformation
Prior art date
Application number
PCT/IB2017/055469
Other languages
French (fr)
Inventor
Prahlad P. SINGANAMALA
Original Assignee
Singanamala Prahlad P
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Singanamala Prahlad P filed Critical Singanamala Prahlad P
Publication of WO2018047132A1 publication Critical patent/WO2018047132A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys

Definitions

  • the present invention relates to a system and method for authentication and secure communication, particularly using computational transformation process.
  • the ciphered text data always possess traces of the input data and the secret password or key, and could be broken with crypto analysis and sufficient computing resources.
  • the ciphered text should not have any trace or clue of the input data or the secret key, and brute-force will be the only way to break ciphered text.
  • the invention uses symmetric state transformations in authenticating and establishing secure communication channel.
  • the keyset used in the transformations is one-way transformed to another state at every transformation.
  • the pair values Y, Z are used in authentication and establishing secure communication channel.
  • pair of strings, pair of values, pair of non-linear complementary values and pair of complementary values are used interchangeably.
  • the method discloses transforming an identifier (I) with a current keyset (Ki) at a first computing terminal, and in the process the current keyset (Ki) is transformed to a first transformed keyset (K 2 ) after completely transforming the identifier.
  • the computing terminal transmits a string to a second computing terminal.
  • the string can be, for example, a random string or a transformed string. Since symmetric state transformations are used in the invention, the same keyset (Ki) is present in a second computing terminal.
  • the second computing terminal In response to the received string, the second computing terminal generates a random number and obtains a non-linear and dynamic complementary pair of values by performing a forward transformation and a reverse transformation of the random number using the first transformed keyset (K 2 ) at the second computing terminal.
  • the non-linear and dynamic complementary pair of values (Y, Z) are transmitted to the first computing terminal in a response to the first computing terminal receiving the string.
  • the first computing terminal performs reverse and forward transformations on the received pair of values (Y, Z).
  • the first computing terminal authenticates the second computing terminal based on a result of the transformations performed on the pair of values (Y, Z) using a second transformed keyset (K 3 ).
  • the second transformed keyset (K 3 ) is obtained at the first computing platform by transforming the string using the first transformed keyset (K 2 ).
  • the method of authenticating is as follows:
  • Ri ⁇ R 2 i.e., it can't be determined the order of reverse or forward
  • the method performs another set of transformations on the pair of values (Y, Z):
  • a session key is derived by providing at least the K4' keyset or the K4' ' keyset to a key derivation function.
  • the session key is used for secure communication between the first computing terminal and the second computing terminal.
  • the method comprising: performing a transformation of an identifier using a current keyset; transforming the current keyset to a first transformed keyset in process of completely transforming the identifier; transmitting a string to a second computing terminal; performing transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticating the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset.
  • the invention discloses a system for authentication and secure communication.
  • a transformation module in the system comprises instructions to: perform a transformation of an identifier using a current keyset; transform the current keyset to a first transformed keyset in process of completely transforming the identifier; transmit a string to a second computing terminal; perform transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticate the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset.
  • a non-transitory computer- readable storage medium having instructions that, when executed by a computing device, cause the computing device for authentication and secure communication.
  • the instructions relate to: performing a transformation of an identifier using a current keyset; transforming the current keyset to a first transformed keyset in process of completely transforming the identifier; transmitting a string to a second computing terminal; performing transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticating the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset.
  • FIG. 1 illustrates a keyset, in accordance to one or more embodiments of the invention.
  • FIG. 2 Illustrates a transformation process of a keyset when transforming 'n' bits of a data block, in accordance to one or more embodiments of the invention.
  • FIG. 3 illustrates a transformation process of a keyset when transforming 'n' bits in another transformation process, in accordance to one or more embodiments of the invention.
  • FIG. 4 illustrates a method for authentication and secure communication, in accordance to one or more embodiments of the invention.
  • FIG. 5 illustrates a block diagram of a system, in accordance to one or more embodiments of the invention.
  • FIG. 6 illustrates a block diagram of a stand-alone system, in accordance to one or more embodiments of the invention.
  • FIG. 7 illustrates a one-way authentication process between a computing terminal and a server, in accordance to one or more embodiments of the invention.
  • FIG. 8 illustrates a two-way authentication protocol between a first computing terminal, a second computing terminal and a server, in accordance to one or more embodiments of the invention.
  • FIG. 9 illustrates a one-way authentication and key confirmation process between a computer terminal and a server, in accordance to one or more embodiments of the invention.
  • FIG. 10 illustrates a mutual authentication and key confirmation process between a computing terminal and a server, in accordance to one or more embodiments of the invention.
  • FIG. 11 illustrates a mutual authentication, key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention.
  • FIG. 12 illustrates a mutual authentication, key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention.
  • FIG. 13 illustrates an authenticated key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention. DETAILED DESCRIPTION OF THE INVENTION
  • the present invention discloses a system and method for providing enhanced security when the data transmitted over a communication channel or at rest, i.e., storage.
  • the method or system of the invention uses a symmetric state based transformation process, i.e., forward transformation/encryption and reverse transformation/decryption using a keyset.
  • a symmetric state based transformation process i.e., forward transformation/encryption and reverse transformation/decryption using a keyset.
  • One such process of symmetric state based transformation is disclosed and described in US 8180048 B2 by the same inventor applicant, and the same is incorporated in this application by this reference.
  • the invention utilizes an 'n' bit block transformation method, where 'n' is number of bits that can be transformed at each stage and can be at least of a length, one bit.
  • the ideal size for 'n' for making eavesdropping difficult with current computing resources is at least 8 bits.
  • the keyset that is utilized in the symmetric state based transformation process is present both in the forward transformation/first computer terminal that transmits transformed data and in the reverse transformation/second computer terminal that receives transformed data for reverse transformation.
  • the system or method uses a function F for encryption/forward transformation and F "1 for decryption/reverse transformation in the following description. However, both F and F "1 can be used interchangeably for encryption/forward transformation or decryption/reverse transformation.
  • FIG. 1 illustrates a keyset (100) in accordance to one or more embodiment of the present invention.
  • the keyset is a two-dimensional array with two columns and the number of rows is equal to 2 n where 'n' represents number of bits selected for transforming an input-data/data block.
  • the design of the keyset is based on the size of 'n' bit block selected for transforming/encrypting the input-data.
  • the row numbers of the two-dimensional array start from 0 to (2 n - l). For example, as shown in FIG. 1, to encrypt input-data in a block of 3 bits wise, there would be 2 3 rows i.e. 8 rows.
  • the first column (101) of the two-dimensional array will comprise of unique 'n' bit numbers and is referred to as the Reference column 1.
  • the first column can be arranged to have numbers from zero to seven in any order.
  • the second column (102) of the two-dimensional array comprises random numbers and is referred to as the Energy-Value column ("E-Val").
  • the random numbers can be of any predetermined size of V bits, where V represents the size of the E-Val column in bits.
  • This structure represents one embodiment of the structure of the keyset.
  • FIG. 2 illustrates a transformation process (200) of a keyset when transforming 'n' bits in one transformation process, in accordance to one or more embodiments of the invention.
  • the first column represented as X is the row numbers of the keyset array structure.
  • the second column is the Reference column represented as Y and the third column (E-val column) is represented as E.
  • the transformation function is based on a principle such that given an input value 'x', it is easy to transform 'x' to 'y' using the function as below:
  • Ki is a keyset designed and present in the computer terminal used for encryption
  • 'x' is the input data to be encrypted
  • 'y' is the ciphered text.
  • Ki is known only to sender and receiver since the transformation is a symmetric state transformation process.
  • the transformation process illustrated in FIG. 2 is a forward transformation process, in accordance to one or more embodiment of the present invention, and is described as follows.
  • the transformation function upon receiving the input data 'x' to be encrypted, creates a binary equivalent of the input data 'x'.
  • a primary keyset is then designed based on the size of the 'n' bit blocks (for example, '3' bit keyset as shown in FIG. 1).
  • the first '3' bit block of input data i.e., 100
  • a decimal equivalent of it is determined, i.e., 4.
  • the row number, i.e., 4, equivalent to the decimal equivalent is then identified by traversing through the keyset.
  • the value present in the first column (Y) corresponding to the row number of the keyset is 001.
  • the 'n' bit of input data ' 100' is replaced with 'n' bit of output data ⁇ 0 .
  • the default keyset or the primary keyset (Ki) is transformed to a secondary keyset (K 2 ).
  • the generation of a secondary keyset in one embodiment, is based on the value of first 'n' bit of input data 'x' and first 'n' bit of output data y.
  • the process of generating the secondary keyset and shuffling is as follows.
  • the value of the first 'n' bit of input data 'x' is 4(100) and first 'n' bit of output data 'y' is 1(001).
  • the method traverses through the row no. 4 (binary equivalent of input data 'x' and changes the random value present in the second column (E) using '4' (100) and T (001).
  • the method may change the value present in the second column (E) using x and y (e.g. x+y or x XOR y).
  • new random value 'Ei' is calculated by using the below function:
  • the value 'zi' is calculated by using the value of first 'n' bit of input data 'x' i.e. '4' and the first 'm' bit of output data 'y' i.e. ⁇ ' .
  • the value of zi (x+y) i.e. 5.
  • Ei in the right-hand side of the equation represents the current random value i.e. '42'.
  • J represents the value ⁇ ' to '7' . Since, it is the start of new random number generation, the value J is assigned to ⁇ '.
  • n refers to the size of the random value column (E).
  • the value of ⁇ 4 ' is calculated as T.
  • the new random value for Es, Ee, E 7 , Eo, Ei, E 2 and E 3 are also calculated.
  • the values in the first column (Y) are arranged based on the order of the random values in the second column (E).
  • the second column (E) is then sorted in any predetermined order such as ascending or descending to form the secondary keyset (K 2 ).
  • the method uses the secondary keyset K 2 as the primary keyset for the next '3' bit of input data ⁇ 0 of 'x' to be encrypted. For this purpose, the corresponding decimal equivalent of ⁇ 0 ⁇ is calculated as 5.
  • the method then traverses through the row number '5' of the secondary keyset, and the value present in the corresponding first column (Y) of the secondary keyset is ⁇ 1 .
  • the 'n' bit of input data ⁇ 0 is replaced with 'n' bit of output data ⁇ 1 .
  • This process (forward transformation) is repeated until the last 'n' bits of input data are transformed to form the output data y (in this case, 100101 is transformed to 001011), and resultant keyset after complete transformation of input data is a first transformed keyset.
  • the transformed/encrypted data may be stored or transmitted over the communication channel.
  • FIG. 3 illustrates a transformation process (300) of a keyset when transforming 'n' bits in another transformation process, in accordance to one or more embodiments of the invention.
  • the transformation process used is a reverse transformation, represented as F 1 , with the same keyset.
  • F 1 the reverse transformation
  • the receiving computer upon receiving the value 'y' uses the following function for reverse transformation/decryption:
  • Ki is the same keyset that was used in the forward transformation from which y was obtained.
  • the reverse transformation function F 1 takes 'y' as input and replaces 'y' with 'x' using the default primary keyset 'Ki'.
  • the first '3' bits of input data to be transformed/decrypted are ⁇ 0 .
  • the method identifies the value ⁇ 0 in row 4 of the first column (Y) in the keyset (Ki).
  • the binary equivalent of 4, i.e., ⁇ ' is then replaced in the output data i.e. ⁇ ⁇ with ⁇ '.
  • the secondary keyset generation process is same as the keyset transformation process described in context of forward transformation.
  • the next '3' bits '01 ⁇ is then transformed to ⁇ 0 and is repeated till all 'n' bits are transformed using F 1 .
  • the resultant keyset after fully transforming the input data using F 1 is also a first transformed keyset.
  • F 1 function can be used for encryption/forward transformation and F can be used for decryption/reverse transformation process.
  • the transformation process of keyset 'Ki' to ' ⁇ 2 ' and any other intermediate keysets is always an irreversible process irrespective of the function F and F "1 used for transformation/encryption of the input data.
  • the steps of or logic for transforming a keyset to a first transformed keyset is same in encryption/forward transformation as well as decryption/reverse transformation processes.
  • FIG 4 illustrates a method for authentication and secure communication, in accordance to one or more embodiments of the invention.
  • step 401 performing a transformation of an identifier (I) with a current keyset (Ki).
  • Ki current keyset
  • a first transformed keyset (K 2 ) is obtained in the process of completely transforming the identifier.
  • the first computing terminal transmits a string to a second computing terminal.
  • the string can be, for example, a random string or a transformed string or a sequence of bits.
  • the size of the string is be user-defined. Since symmetric state transformations are used in the invention, the same keyset (Ki) is present in a second computing terminal.
  • the second computing terminal in response to the received string, the second computing terminal generates a random number/pseudo random number and obtains a nonlinear and dynamic complementary pair of values by performing a forward transformation and a reverse transformation of the random number using the first transformed keyset (K 2 ) at the second computing terminal.
  • the non-linear and dynamic complementary pair of values (Y, Z) are transmitted to the first computing terminal in a response to the first computing terminal.
  • the first computing terminal performs reverse and forward transformations on the received pair of values (Y, Z).
  • the first computing terminal authenticates the second computing terminal based on a result of the transformations performed on the pair of values (Y, Z) using a second transformed keyset (K3).
  • the second transformed keyset (K3) is obtained at the first computing platform by transforming the string using the first transformed keyset (K 2 ).
  • the first computing terminal authenticates is as follows:
  • Ri ⁇ R 2 i.e., it can't be determined an order of reverse or forward
  • the first computing terminal performs another set of transformations on the pair of values (Y, Z):
  • R 3 R 4 then the second computing terminal is authenticated. Else, the second computing terminal is not authenticated.
  • the ⁇ 4 ', K 4 " are a third and fourth transformed keysets in the process of completely transforming the first pair of non-linear and dynamic complementary pair of values.
  • a session key is derived by providing at least the K 4 ' keyset or the K 4 ' ' keyset to a key derivation function.
  • the session key is used for secure communication between the first computing terminal and the second computing terminal.
  • the key derivation function is at least one of publicly known key derivation functions such as Argon2, Catena, DF1, and HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
  • FIG 5 illustrates a block diagram of the system, in accordance to one or more embodiment of the present invention.
  • the system (500) of the present invention comprises a communication channel (502), a first computer terminal (501) and a second computer terminal (503) coupled to the communication channel (502).
  • the communication channel (502) may include, for example, a wide area network such as the internet, a local area network or a wireless network.
  • the computer terminals (501, 503) may comprise at least any one of a personal computer (PC), a laptop, a mobile device, tablet, a personal digital assistant (PDA) etc. known in the art or future-developed for transmitting data over the communication channel (502).
  • PC personal computer
  • PDA personal digital assistant
  • FIG 6 illustrates a block diagram of the architecture of the computer terminal, in accordance to one or more embodiments of the present invention.
  • the computer terminal of the present invention comprises at least a short-term memory such as a random access memory (RAM) (601a), a processor (601b), a long term memory, and a transceiver (601d).
  • the long-term memory (601e) is based on a dual memory model and may be used for storing data for a longer period of time.
  • the transceiver (601d) is used to transmit and receive data from one computer terminal to another using the communication channel (502).
  • the data created by any application such as MS Word or an excel sheet is stored in the form of bits in the computer terminal (501).
  • the long-term memory (601e) further comprises a transformation module (601c) for performing transformations.
  • the transformation module (601c) is responsible for converting input data into output data by forward transformation F() or a reverse transformation F _1 ()-
  • FIG 7 illustrates a one-way authentication process between a computer terminal and a server, in accordance to one embodiment of the present invention.
  • the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process.
  • ID identifier
  • the server (503) upon receiving the ID, checks for the received ID in its database. Upon successful identification of the ID, the server (503) retrieves the corresponding pre-shared key from the database.
  • the following are provided for convenience to understand the further description:
  • the server (503) upon retrieving the corresponding pre-shared key from the database, concatenates the pre-shared key with the identifier (ID) to derive an input data PskllD.
  • the input data PskllD is then transformed into P S k' and a secondary keyset K 2 , using the default (primary) keyset Ki as shown below:
  • the primary keyset 'Ki' is transformed to secondary keyset ' ⁇ 2 ' using the values of PskllD and P S k' .
  • the string is a first transformed string.
  • the first transformed string is obtained by a transformation of the string using the first transformed keyset.
  • the server (503) uses a newly generated random value such as Ri, and then transforms Ri into R 2 by using the forward transformation f ().as shown below:
  • the server (503) then transmits the newly generated output R 2 to the computer terminal (501).
  • a first intermediate transformed keyset is obtained in process of completely transforming the transformed string.
  • the first intermediate transformed keyset is used to perform transformations on a first string to obtain the first pair of non-linear and dynamic complementary pair of values.
  • the computer terminal (501) upon receiving the R 2 , uses a reverse transformation function F _1 () to transform R 2 into Ri using the secondary keyset K 2 .
  • the secondary keyset is then transformed to the next keyset K 3 (first intermediate transformed keyset).
  • the first pair of strings are obtained by performing transformations on a first string using the first intermediate transformed keyset.
  • the computer terminal (501) then generates a new random number R 3 , and then transforms R 3 into Y and Z, using K 3 as shown below:
  • the computer terminal (501) transmits the newly generated authentication code (MAC) Y and Z to the server (503) for authentication purpose.
  • the server (503) upon receiving the authentication code Y and Z performs a reverse transformation function F _1 () for Y and a forward transformation function F () for Z using the keyset K 3 , respectively.
  • the server (503) checks whether F _1 (Y, K 3 ) and F (Z K 3 ) are equal and then authenticates computer terminal (501).
  • a session key is generated for secure communication after authenticating the first pair of non- linear and dynamic complementary pair of values at the server (503). This is because the string does not have any trace of server (503) details, and the session key is only derived at the server (503).
  • a third transformed keyset and a fourth transformed keyset are obtained in process of transforming the pair Y, Z using K 3 .
  • a session key for secure communication with the computer terminal (501) is derived by providing at least the third transformed keyset or the fourth transformed keyset to a key derivation function.
  • the authentication protocol as shown in FIG 7 is a one-way authentication process i.e. only the server (503) authenticates the computer terminal (501).
  • the pre-shared key is not transmitted directly from the computer terminal (501) to the server (503), or from the server (503) to the computer terminal (501).
  • the transmitted values R 2 , Y and Z are not obtained directly from the pre-shared key. That is, pre-shared key is primarily used for irreversible shuffling of Ki (i.e. to change values in second column E of Ki) to generate K 2 and then K 2 is used along with R 3 to generate authentication code (Y and Z), therefore, the process may be considered as no-knowledge with no-trace of input data.
  • FIG 8 illustrates a two-way authentication protocol between a computer terminal/mobile device and a server, in accordance to one embodiment of the present invention.
  • this protocol aims to establish a session key between two computing devices (501) and (504) on a network, typically to protect further communication.
  • devices (501) initiates the communication to devices (503).
  • Device S (503) is a server trusted by both parties.
  • a and B are identities of Alice and Bob respectively
  • KAS is a symmetric key known only to A and S
  • KBS is a symmetric key known only to B and S
  • NA and NB are nonces generated by A and B respectively
  • a B is a symmetric, generated key, which will be the session key of the session between A (501) and B (504).
  • the protocol can be specified as follows:
  • a (501) computes as shown below:
  • Ki - default keyset public
  • the computer terminal (501) then generates a nonce say Ri.
  • the terminal (501) then transform Ri into Yi, and Ri into Zi as shown below:
  • Z 2 F X (R 2 10 2 ); [0061]
  • the Server S (503) transmits A, B, Y 2 & Z 2 to User B (504), then the user B (504) verifies the code Y 2 and Z 2 as shown below:
  • an intermediate session key for secure communication between the computer terminal (501) and the computer terminal (504) is derived by providing at least a third computing terminal identifier, a first computing terminal identifier to a key derivation function.
  • the computer terminal (504) then generates a nonce say R 2 and R3.
  • the computer terminal (504) then transform R3 into Y3, and R3 into Z3 as shown below:
  • both the User A device (501) and the User B device (504) communicate securely using session key (Sk).
  • Sesk This is a symmetric key based Authentication and Key Agreement using a Trusted Server S (503) (with key confirmation). It is applicable to DH and ECC key exchange.
  • FIG 9 illustrates a one-way authentication and key confirmation process between a computer terminal (501) and a server (503), in accordance to one embodiment of the present invention.
  • the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process.
  • ID identifier
  • the computer terminal (503) is a mobile station.
  • the protocol illustrated in FIG 9 can be used in SIM card authentication.
  • the main network parameters are network identity (International Mobile Subscriber Identity, IMSI; tied to the SIM), phone number (MSISDN, used for routing calls and changeable) and a shared network authentication key i.
  • IMSI International Mobile Subscriber Identity
  • MSISDN used for routing calls and changeable
  • a shared network authentication key i To connect to the network, the MS needs to authenticate itself and negotiate a session key. Both authentication and session key derivation make use of Ki, which is also known to the network and looked up by IMSI.
  • the server (503) upon receiving the ID, checks for the received ID in its database. Upon successful identification of the ID, the server (503) retrieves the corresponding pre-shared key from the database.
  • the following description is for convenience:
  • Ri, R 3 number (may be random number)
  • the server (503) upon retrieving the corresponding pre-shared key from the database, computes ID specific keyset (Ki) and then concatenates the pre- shared key with the identifier (ID) to derive an input data P S kHD.
  • the input data PskllD is then transformed into P S k' and a secondary keyset K 2 , using the keyset Ki as shown below:
  • the primary keyset 'Ki' is transformed to secondary keyset ' ⁇ 2 ' using the values of PskllD and P S k' .
  • the server (503) transmits a transformed string.
  • the transformed string is obtained by a transformation of the string using the first transformed keyset (K 2 ).
  • the server (503) uses a newly generated random value such as Ri, and then transforms Ri into R 2 by the forward transformation f () and also computes as shown below:
  • the server (503) then transmits the newly generated output R 2 to the computer terminal (501).
  • the computer terminal (501) upon receiving R 2 , uses a reverse transformation function F _1 () to transform R 2 into Ri using the secondary keyset 2 .
  • a session key for secure communication is derived at the computer terminal (501) when a first transformed string (R 2 ) is received. Since R 2 includes/comprises certain/partial information about the server (501) because of the transformation, the computer terminal (501) generates the session key only in cases where a transformed string is received.
  • the session key is generated by providing at least the first intermediate transformed keyset (K 3 ) to a key derivation function.
  • the secondary keyset K 2 is then transformed by the computer terminal (501) to the next keyset K 3 as follows.
  • the session key is transformed by a transformation using the first intermediate transformed keyset (K 3 ), and a second intermediate transformed keyset is obtained at the computer terminal (501) in process of completely transforming the session key.
  • a first pair of strings are obtained by performing transformations on a first string using the second intermediate transformed keyset (K 4 ). Accordingly, the computer terminal (501) generates a new random number R 3 , and then transforms R 3 into Y and Z, using K 3 as shown below:
  • the computer terminal (501) then transmits the newly generated authentication code (MAC) Y and Z to the server (503) for authentication purpose.
  • the server (503) upon receiving the authentication codes Y and Z, i.e., authentication and session key confirmation codes, performs a reverse transformation function F _1 () for Y and a forward transformation function F () for Z using the keyset K4 respectively.
  • the server (503) checks whether F _1 (Y, K4) and F (Z, K 4 ) are equal and then authenticates computer terminal (501). Since the Y and Z included/comprised the session key information because of the transformation, the session key is also confirmed in the process along with the authentication.
  • FIG 10 illustrates a mutual authentication and key confirmation process between a computer terminal (501) and a server (501), in accordance to one embodiment of the present invention.
  • the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process.
  • ID an identifier
  • the server (503) upon retrieving the corresponding pre-shared key from the database, computes ID specific keyset (Ki) and then concatenates the pre- shared key with the identifier (ID) to derive an input data PskHD.
  • the input data PskUD is then transformed into P S k' and a secondary keyset K 2 , using the keyset Ki as shown below:
  • Ri, P3, R 4 - may be random number
  • the primary keyset 'Ki' is transformed to secondary keyset ' ⁇ 2 ' using the values of PskUD and P s k'.
  • the server (503) uses a newly generated random value such as Ri, and then transforms Ri into R 2 by using the forward transformation f () and also computes as shown below:
  • the server (503) then transmits the newly generated output R 2 to the computer terminal (501).
  • the computer terminal (501) upon receiving R 2 , uses a reverse transformation function F _1 () to transform R 2 into Ri using the secondary keyset K 2 .
  • the secondary keyset is then transformed to the next keyset K 3 .
  • the computer terminal (501) then generates a new random number R 3 , and then transforms R 3 into Y and Z, using K 3 as shown below:
  • the computer terminal (501) transmits the newly generated authentication code (MAC) Yi and Zi to the server (503) for authentication purpose.
  • the server (504) upon receiving the authentication code Yi and Zi performs a reverse transformation function F _1 () for Yi and a forward transformation function F () for Zi using the keyset K 3 respectively.
  • the server (503) checks whether F _1 (Y, K 4 ) and F (Z K 4 ) are equal and then authenticates computer terminal (501).
  • a second session key for secure communication is derived by providing at least K 4 or K5 to a key derivation function.
  • the server (503) computes session key and authentication code (Y2 and Z2), and sends it to computing terminal (501), as shown below:
  • the session key is transformed by a transformation using 4 or 5 at the server (503).
  • K 7 or Ks are obtained by performing transformations on a second string using the ⁇ , in the process obtain a second non-linear and complementary pair of values.
  • the computer terminal (501) authenticates the server (503) by performing transformations on a second pair of strings, from the first computing terminal.
  • the computer terminal (501) upon receiving the code Y 2 and Z 2 , performs a reverse transformation function on Y 2 and a forward transformation function on Z 2 and then authenticates the server (503).
  • session key Sk
  • FIG 11 illustrates a mutual authentication, key agreement and key confirmation protocol between one computing terminal (501) (e.g. smartphone, tablet etc.) and another computing terminal (503) (e.g. bank authentication server) using a master keyset (KM), in accordance to one embodiment of the present invention.
  • KM master keyset
  • OS Android builds from major vendors provide Open Mobile API aims to provide a unified interface for accessing Secure Elements (SE) on Android to its apps, including the SIM SE- enabled Android applications.
  • SE Secure Element
  • SE can be SIM, embedded SE or a secure memory card (Secure Micro SD).
  • the authentication protocol of the present invention may also be used for authenticating data transmitted from mobile application also.
  • an SE can be used to store data and keys securely and perform cryptographic operations without keys having to leave the card.
  • One of the usual applications of smart cards is to store RSA authentication keys and certificates that are used from anything from desktop logon to VPN or SSL authentication.
  • the computing terminal (501) first concatenates the identifier IDse (identity of app or secure element SE) with the time-stamp T s and then the computer terminal (501) uses the forward transformation function F() to transform IDselTs with IDselTs' using a system state keyset Kse stored in SE or in app (mobile application).
  • the primary keyset 'Kse' is transformed to a next keyset ' ⁇ 2 ' using the values of ID se IT s and ID se IT s ' as shown below:
  • the computer terminal (501) also performs a forward transformation function on the user id or account number of the user who is initiating the transaction as shown below:
  • the computing device (501) generates random number Ri and generate a new process based MAC (Yi & Zi) using Rl and K4, man-in-the- middle can't tamper any of the parameters sent by computer terminal (501) to the server (503), as shown below:
  • the computing device (501) sends IDse, Ts, IDu' and MAC (YI & ZI) to the computing device (503) called server.
  • the server (503) upon receiving the IDse, Ts, IDu and (YI & ZI) checks the existence of IDse in its SE database.
  • the server (503) upon successful identification of IDse computes Kse using SslIDse and the master secret state (KM) (where as Ss is master secret key)
  • the server (503) then retrieves the corresponding pre-shared key (P) associated with the ID U , then concatenates the retrieved pre-shared key (P) with other details (O) to generate P 0 . as shown below: [0093]
  • a one-time identifier is received at the computer terminal (501) from the server (503).
  • the one-time identifier received from the first computing terminal is received in a communication channel other than the communication channel used by the first and second computing terminals.
  • the server (503) then uses the generated keyset K 4 and performs a reverse transformation function on Yi and a forward transformation function on Zi.
  • the server (503) then checks whether F _1 (Yi) and F(Zi) are equal and then sends a one-time password (OTP) to the computer terminal (501).
  • the computer terminal (501) upon receiving one-time password (OTP) through short message service (SMS) from the server (503) on registered mobile phone (i.e. out-of-band communication), computes session key (Sk) using key derivation function (KDF) and generates MAC (Y 2 & Z 2 ) of Sk using state K 6 , and sends MAC to server (503), as shown below:
  • OTP one-time password
  • SMS short message service
  • KDF key derivation function
  • a session key for secure communication is derived by providing at least the one-time identifier to a key derivation function. Since the one-time identifier (OTP) is sent directly from the server (503) to the computer terminal (501) in a different channel, the OTP comprises details of the server (503), i.e., presence of the same OTP, and complies partial authentication.
  • the session key is transformed by a transformation using K 7 , and a second intermediate transformed keyset is obtained at the second computing terminal in process of completely transforming the session keys.
  • a first pair of strings are obtained by performing
  • the computer terminal (503) generates a random number R 2 and performs transformations on R 2 to obtain a first pair of non-linear and complementary values Y 2 , Z 2 , and a third transformed keyset (Ks) and a fourth transformed keyset (K9) are obtained in process of completely transforming the first pair of strings (non-linear and complementary values Y 2 , Z 2 ).
  • the server (503) upon receiving Yi and Z 2 , computes session key Sk using the stored OTP.
  • the server (501) further performs a forward transformation function on Sk ,to generate Sk and K 7 .
  • the server (503) then performs a reverse transformation function f l Q on Y 2 , and a forward transformation function f () on Z 2 using the keyset K 7 .
  • the server (503) checks whether F _1 (Y 2 ) and F(Z 2 ) are equal and then authenticates the computer terminal (501).
  • the server (503) upon verification of MAC (Y 2 & Z 2 ) generates session key confirmation MAC (Y3 & Z3) .
  • the generated session key MAC (Y3 & Z3) is transmitted to the computer terminal (501).
  • the session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
  • the computer terminal (501) upon receiving MAC (Y 3 & Z3) performs a reverse transformation function on Y3 and a forward transformation function on Z3. The computer terminal (501) then checks whether f l (Y3) and f(Z3) are equal and then authenticates the server (503). Thus, both the computer terminal (501) and computer terminal (503) communicates securely using session key (Sk).
  • Sk session key
  • FIG 12 illustrates a mutual authentication, key agreement and key confirmation protocol between the computing device and another computing device, in accordance to one embodiment of the invention. It is based on using a RSA public key cryptosystem in conjunction with the mentioned innovative finite state based process of forward and reverse transformation methods and systems.
  • Encryption: C M e mod n;
  • the computing terminal (501) first concatenates the identifier
  • IDse identity of app or secure element 'SE'
  • T s time-stamp
  • the computer terminal (501) uses the forward transformation function F() to transform ID se IT s into ID se ITs' using a secret system state keyset Kse present in SE or in app (mobile application), stored during user registration stage.
  • keyset 'Kse' is transformed to a next keyset ' ⁇ 2 ' using the values of ID se IT s and IDseITs' as shown below:
  • the computing device (501) generates random number Ri and generate a new process based MAC (Yi & Zi) using Rl and K4, man-in-the- middle can't tamper any of the parameters sent by device (501) to device (503), as shown below:
  • the computing terminal (501) sends IDse, Ts, IDu', Rl ' and MAC (Yl & Zl) to the server (503).
  • the server (503) upon receiving the ID se , T s , ID U ⁇ Ri ⁇ Yi and Zi checks for the existence of ID se in its SE ids database. Upon successful identification of ID se , the server (503) computes K se using S s IID se and the master secret state (KM) (where as S S is master secret key)
  • the server (503) also computes K 2 and decrypts user identity ID U using ID se , T s and K se as shown below:
  • the server (503) after decrypting ID U , fetches its corresponding pre-shared key (P) from its database and computes K 4 as shown below:
  • the string is a one-time identifier received by the computer terminal (501) from the server (503).
  • the one-time identifier received from the server (503) is received in a communication channel other than the communication channel used by the server (503) and the computer terminal.
  • the server (503) then performs a reverse transformation function f _1 () on Yi and a forward transformation function f () on Zi.
  • the server (503) then checks whether f " l (Yi) and f(Zi) are equal and then generates a OTP to be transmitted to the client device i.e. the computer terminal (501).
  • the OTP (one-time password) is the onetime identifier sent, for example, as an SMS , to the computer terminal (501)
  • a session key for secure communication is derived by providing at least the one-time identifier, a user secret key and random number (R) generated at the computing terminal (501) to a key derivation function.
  • the computer terminal (501) upon receiving one-time password (OTP) through short message service (SMS) from the server (503) computes session key (Sk) using key derivation function (KDF) and generates MAC (Y 2 & Z 2 ) for Sk using state ⁇ , and sends MAC (Y 2 & Z 2 ) to server (503) for user authentication and session key confirmation, as shown below:
  • the session key is transformed using ⁇ , and in the process obtain K7 after completely transforming the session key.
  • a first pair of non-linear and complementary values are generated by performing transformations on a second random number generated at the computing terminal (501), and in the process obtaining Kg and K9.
  • the server (503) upon receiving MAC computes session key (Sk) and, verifies the integrity of the received MAC (Y 2 & Z 2 ) using the keyset derived from the transformation process of Sk as shown below:
  • MAC (Y 2 & Z 2 ) generates its own session key confirmation MAC (Y3 & Z 3 ) to be transmitted to the computer terminal (101) as shown below:
  • the session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
  • the computer terminal (501) upon receiving the session key confirmation MAC (Y 3 & Z 3 ), performs a reverse transformation function F _1 () on Y 3 , and a forward transformation function on Z 3 .
  • the computer terminal (501) checks whether F _1 (Y 3 ) and F(Z 3 ) are equal and then authenticates the server (503).
  • both the computing terminal (501) and the server (503) communicate securely using session key (Sk).
  • FIG 13 illustrates an authenticated key agreement and key confirmation protocol between one computing device and another computing device, in accordance to one embodiment of the invention. It is based on using a Diffie-Hellman Protocol (DH) in conjunction with the mentioned innovative finite state based process for forward and reverse transformation methods and systems.
  • DH Diffie-Hellman Protocol
  • Client (501) and Server (503) can now use their shared key K to exchange information without worrying about other users obtaining this information.
  • A, g and p finding 'a' is the discrete algorithm problem, which is computationally infeasible for large p.
  • the computing device (501) first concatenates the identifier IDse (identity of app or secure element 'SE') with the time-stamp T s generated and then the computing device (501) uses the forward transformation function F() to transform ID se IT s into ID se IT s ' using a secret system state keyset Kse present in SE or in app (mobile application), stored during user registration stage.
  • the keyset 'Kse' is transformed to a next keyset ' ⁇ 2 ' using the values of IDseITs and ID se ITs' as shown below:
  • the computer terminal (501) computes DH ephemeral public key (X) using mutually agreed parameters, base g and large prime number (p) and also computes a new state K 4 as shown below:
  • the computing device (501) generates a random number Ri and generate a new process based MAC (Yi & Zi) (a kind of symmetric signature) using Ri and K 4 , man-in-the-middle can't tamper any of the parameters sent by computer terminal (501) to server (503), as shown below:
  • the computing device (501) sends ID se , T s , ID U ', X and MAC (Yi & Zi) to the computing device (503).
  • the server (503) upon receiving the ID se , T s , ID U ' , X and (Yi & Zi) it checks the existence of ID se in its SE ids database, if present then it computes K se using S s IID S e and the master secret state (KM) (where as S s is master secret key) whether F(S s IID S e, KM)IS equal to S s IID S e', K se . The server (503) then computes K 2 and decrypts user identity ID U using TD se , T s and K se as shown below:
  • the server (503) after decrypting the ID U , fetches its corresponding pre- shared key (P) from its database and computes K 4 and then checks whether the received MAC (Yi & Zi) is true or false as shown below:
  • a session key for secure communication is derived by providing a Diffie-Hellman public key pertaining to the first computing terminal and a Diffie- Hellman private key pertaining to the second computing terminal to a key derivation function.
  • the computer terminal (501) verifies the MAC (Y 2 & Z 2 ) and computes session key (Sk) using server's (503) public key (Y), computer terminal (501) ephemeral private key (x) and h and finally uses key derivation function (KDF) on the result and also generates MAC (Y 3 & Z 3 ) for Sk using state Kio, and sends it (Y 3 & Z 3 ) to server (104) for user authentication and session key confirmation as shown below:
  • the session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
  • the server (503) upon receiving MAC (Y 3 , Z 3 ) from computer terminal (501), session key (Sk) and verifies the integrity of the received MAC (Y 3 & Z 3 ).
  • the server (503) upon successful authentication of MAC (Y 3 , Z 3 ), generates its own session key confirmation MAC (Y 4 & Z 4 ) and transmits it to the computer terminal (501) for its authentication, as shown below:
  • the computer terminal (501) upon receiving MAC (Y 4 , Z 4 ) checks whether F _1 (Y 4 ) and F(Z 4 ) are equal using keyset K 12 .
  • both the computer terminal (501) and server (503) communicate securely using session key (Sk).
  • Sk session key
  • the authentication protocols described in the present invention eliminates phishing and any active or passive man-in-the-middle observer will gain zero -knowledge of the input data (e.g. pre- shared key) or the initial keyset.
  • ECC Elliptic Curve Cryptography
  • the protocols as shown in FIG.'s 7 - 13 may be implemented as software or hardware.
  • the above described protocols may be implemented sometimes with Password (symmetric secret key) (P) and may or may not include one-time password (OTP) from server as out-of-band channel communication from server (503) to the computer terminal (501) such as SMS or email.
  • P symmetric secret key
  • OTP one-time password
  • the protocols depicted in FIG.'s 9-13 may be implemented between client device (501) and server (503) and also as peer to peer authentication protocols.
  • the computer terminal (501) and server (503) may be a mobile phone, tablet, laptop, PC, ATM or high end computer etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a computational transformation process, which has applications in cryptography, particularly in authentication and secure communications. The transformations used in the invention are symmetric state transformations. Further, a state of keyset used in the transformations is one-way transformed to another state. A forward and reverse transformation of a random string or bits (R) is performed using the keyset. A first random string Y and a second random string Z, i.e., non-linear and dynamic complementary pair of values (Y, Z) are generated after completely transforming the random string. A second computing terminal transmits the complementary pair of values upon receiving an indication from a first computing terminal. The first computing terminal authenticates the second computing terminal from a result of forward and reverse transformations performed on the complementary pair of values (Y, Z) using the keyset.

Description

A SYSTEM AND METHOD FOR AUTHENTICATION AND SECURE
COMMUNICATION TECHNICAL FIELD OF THE INVENTION
[0001] The present invention relates to a system and method for authentication and secure communication, particularly using computational transformation process.
BACKGROUND OF THE INVENTION
[0002] With the advent of computer technology and networking methods in information technology, information is made available over the globe within no time across the globe. Though the information flow across the globe is becoming faster by the day, the data is susceptible to be monitored by electronic eavesdroppers. Further, issues such as security of modification detection code (MDC aka cryptographic Hash code) method, message authentication code (MAC) method and authentication protocols (symmetric key based). [0003] Symmetric Key authentication is used to solve the problem of authenticating the keys of the person (say "person B") to whom some other person ("person A") is talking to or trying to talk to. In other words, it is the process of assuring that the key of "person A" held by "person B" does in fact belong to "person A" and vice versa. This is usually done after the keys have been shared among the two sides over some secure channel, although some of the algorithms share the keys at the time of authentication also.
[0004] However, for secret key authentication using the traditional symmetric key cryptography, there is a problem in assuring that there is no man-in-the-middle attack, who is trying to read or spoof the communication. There are various algorithms used to prevent such attacks. The most common among the algorithms is Diffie-Hellman key exchange. However, there still are problems such as phishing, man-in-the-middle, and malicious admin attacks. [0005] In most of the existing cryptographic systems, the ciphered text is obtained by performing some arithmetic or logical operations on the input 'n' bits of input data and the secret key (password or PIN). Therefore, the ciphered text data always possess traces of the input data and the secret password or key, and could be broken with crypto analysis and sufficient computing resources. To prevent electronic eavesdroppers and to have control over forgery of electronic signatures, the ciphered text should not have any trace or clue of the input data or the secret key, and brute-force will be the only way to break ciphered text. SUMMARY OF THE INVENTION
[0006] It is the object of this invention for authentication and secure communication that overcomes problems in the current art. The invention uses symmetric state transformations in authenticating and establishing secure communication channel. The keyset used in the transformations is one-way transformed to another state at every transformation. Any super symmetric transformation functions exhibit the property - F_1(F(X, K), K) = F (F_1(X, K), K) = X, and the invention disclosed herein exploits the same property to generate non-linear and dynamic complementary pair of values. The non-linear and dynamic complementary values Y = F (X, K) and Z = F_1(X, K) satisfies the property - F_1(Y, K) = F (Z, K) = X, where X is input data; K is a current keyset state; F is forward transformation of input data X using the current keyset state K; F"1 is reverse transformation of input data X using the current keyset state K; Y and Z are the non-linear and dynamic complementary pair of values for the given input data X and current keyset state K. The pair values Y, Z are used in authentication and establishing secure communication channel. In this specification, pair of strings, pair of values, pair of non-linear complementary values and pair of complementary values are used interchangeably.
[0007] The method discloses transforming an identifier (I) with a current keyset (Ki) at a first computing terminal, and in the process the current keyset (Ki) is transformed to a first transformed keyset (K2) after completely transforming the identifier.
F(I, Ki) -M', K2
The transformation of I starting with Ki and obtaining Γ and the first transformed keyset K2 is explained in more detail in later part of the specification.
[0008] The computing terminal transmits a string to a second computing terminal. The string can be, for example, a random string or a transformed string. Since symmetric state transformations are used in the invention, the same keyset (Ki) is present in a second computing terminal. In response to the received string, the second computing terminal generates a random number and obtains a non-linear and dynamic complementary pair of values by performing a forward transformation and a reverse transformation of the random number using the first transformed keyset (K2) at the second computing terminal.
F(R, K2) = Y, 2'
Figure imgf000004_0001
The forward or reverse transformations with a keyset is explained in more detail in later part of the specification.
[0009] The non-linear and dynamic complementary pair of values (Y, Z) are transmitted to the first computing terminal in a response to the first computing terminal receiving the string. The first computing terminal performs reverse and forward transformations on the received pair of values (Y, Z). The first computing terminal authenticates the second computing terminal based on a result of the transformations performed on the pair of values (Y, Z) using a second transformed keyset (K3). The second transformed keyset (K3) is obtained at the first computing platform by transforming the string using the first transformed keyset (K2). The method of authenticating is as follows:
F (Y, K3) = Ri, K3'
F(Z, K3) = R2, K3"
If Ri = R2 then the second computing terminal is authenticated.
If Ri≠ R2, i.e., it can't be determined the order of reverse or forward
transformation done at the second computing terminal, the method performs another set of transformations on the pair of values (Y, Z):
F(Y, K ) = R , IQ'
F-^Z, K3) = R4, K4"
If R3 = R4 then the second computing terminal is authenticated. Else, the second computing terminal is not authenticated.
[0010] Once the second computing terminal is authenticated, a session key is derived by providing at least the K4' keyset or the K4' ' keyset to a key derivation function. The session key is used for secure communication between the first computing terminal and the second computing terminal. [0011] Accordingly, in one embodiment, the invention discloses a method for authentication and secure communication. The method comprising: performing a transformation of an identifier using a current keyset; transforming the current keyset to a first transformed keyset in process of completely transforming the identifier; transmitting a string to a second computing terminal; performing transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticating the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset.
[0012] Accordingly, in another embodiment, the invention discloses a system for authentication and secure communication. A transformation module in the system comprises instructions to: perform a transformation of an identifier using a current keyset; transform the current keyset to a first transformed keyset in process of completely transforming the identifier; transmit a string to a second computing terminal; perform transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticate the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset.
[0013] Accordingly, in one more embodiment, a non-transitory computer- readable storage medium having instructions that, when executed by a computing device, cause the computing device for authentication and secure communication. The instructions relate to: performing a transformation of an identifier using a current keyset; transforming the current keyset to a first transformed keyset in process of completely transforming the identifier; transmitting a string to a second computing terminal; performing transformations of a first pair of strings received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and authenticating the second computing terminal from a result of the transformations on the first pair of strings using the second transformed keyset. BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The foregoing and other features of embodiments will become more apparent from the following detailed description of embodiments when read in conjunction with the accompanying drawings. In the drawings, like reference numerals refer to like elements.
[0015] FIG. 1 illustrates a keyset, in accordance to one or more embodiments of the invention.
[0016] FIG. 2 Illustrates a transformation process of a keyset when transforming 'n' bits of a data block, in accordance to one or more embodiments of the invention.
[0017] FIG. 3 illustrates a transformation process of a keyset when transforming 'n' bits in another transformation process, in accordance to one or more embodiments of the invention.
[0018] FIG. 4 illustrates a method for authentication and secure communication, in accordance to one or more embodiments of the invention. [0019] FIG. 5 illustrates a block diagram of a system, in accordance to one or more embodiments of the invention.
[0020] FIG. 6 illustrates a block diagram of a stand-alone system, in accordance to one or more embodiments of the invention.
[0021] FIG. 7 illustrates a one-way authentication process between a computing terminal and a server, in accordance to one or more embodiments of the invention. [0022] FIG. 8 illustrates a two-way authentication protocol between a first computing terminal, a second computing terminal and a server, in accordance to one or more embodiments of the invention. [0023] FIG. 9 illustrates a one-way authentication and key confirmation process between a computer terminal and a server, in accordance to one or more embodiments of the invention.
[0024] FIG. 10 illustrates a mutual authentication and key confirmation process between a computing terminal and a server, in accordance to one or more embodiments of the invention.
[0025] FIG. 11 illustrates a mutual authentication, key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention.
[0026] FIG. 12 illustrates a mutual authentication, key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention.
[0027] FIG. 13 illustrates an authenticated key agreement and key confirmation protocol between first computing terminal and second computing terminal, in accordance to one or more embodiments of the invention. DETAILED DESCRIPTION OF THE INVENTION
[0028] Reference will now be made in detail to the description of the present subject matter, one or more examples of which are shown in figures. Each example is provided to explain the subject matter and not a limitation. Various changes and modifications obvious to one skilled in the art to which the invention pertains are deemed to be within the spirit, scope and contemplation of the invention.
[0029] The present invention discloses a system and method for providing enhanced security when the data transmitted over a communication channel or at rest, i.e., storage. The method or system of the invention uses a symmetric state based transformation process, i.e., forward transformation/encryption and reverse transformation/decryption using a keyset. One such process of symmetric state based transformation is disclosed and described in US 8180048 B2 by the same inventor applicant, and the same is incorporated in this application by this reference. Further, the invention utilizes an 'n' bit block transformation method, where 'n' is number of bits that can be transformed at each stage and can be at least of a length, one bit. As the size 'n' increases, the computing resources such as memory and processor speed that would be required would be more slows down the transformation process. The ideal size for 'n' for making eavesdropping difficult with current computing resources is at least 8 bits. The keyset that is utilized in the symmetric state based transformation process is present both in the forward transformation/first computer terminal that transmits transformed data and in the reverse transformation/second computer terminal that receives transformed data for reverse transformation. The system or method uses a function F for encryption/forward transformation and F"1 for decryption/reverse transformation in the following description. However, both F and F"1 can be used interchangeably for encryption/forward transformation or decryption/reverse transformation.
[0030] FIG. 1 illustrates a keyset (100) in accordance to one or more embodiment of the present invention. In one embodiment, the keyset is a two-dimensional array with two columns and the number of rows is equal to 2n where 'n' represents number of bits selected for transforming an input-data/data block. The design of the keyset is based on the size of 'n' bit block selected for transforming/encrypting the input-data. As shown in the FIG. 1, the row numbers of the two-dimensional array start from 0 to (2n- l). For example, as shown in FIG. 1, to encrypt input-data in a block of 3 bits wise, there would be 23 rows i.e. 8 rows. The first column (101) of the two-dimensional array will comprise of unique 'n' bit numbers and is referred to as the Reference column 1. The first column can be arranged to have numbers from zero to seven in any order. The second column (102) of the two-dimensional array comprises random numbers and is referred to as the Energy-Value column ("E-Val"). The random numbers can be of any predetermined size of V bits, where V represents the size of the E-Val column in bits. For example, the size of the second column (102) of the keyset shown in the FIG. 1 can be 8 -bit size. In the default state (keyset), these random numbers contain numbers range from zero to 2y. That is, the largest number the E-Val column can contain is 2V i.e. 28 = 256, where v=8 bits. This structure represents one embodiment of the structure of the keyset.
[0031] FIG. 2 illustrates a transformation process (200) of a keyset when transforming 'n' bits in one transformation process, in accordance to one or more embodiments of the invention. The first column represented as X is the row numbers of the keyset array structure. The second column is the Reference column represented as Y and the third column (E-val column) is represented as E.
[0032] The transformation function is based on a principle such that given an input value 'x', it is easy to transform 'x' to 'y' using the function as below:
F(x, Ki) = y, K2.
Here, Ki is a keyset designed and present in the computer terminal used for encryption, 'x' is the input data to be encrypted and 'y' is the ciphered text. Ki is known only to sender and receiver since the transformation is a symmetric state transformation process.
[0033] The transformation process illustrated in FIG. 2 is a forward transformation process, in accordance to one or more embodiment of the present invention, and is described as follows. The transformation function upon receiving the input data 'x' to be encrypted, creates a binary equivalent of the input data 'x'. A primary keyset is then designed based on the size of the 'n' bit blocks (for example, '3' bit keyset as shown in FIG. 1). As an example, when input data such as 100101 is received for transformation/encryption, the first '3' bit block of input data, i.e., 100, is fetched and a decimal equivalent of it is determined, i.e., 4. The row number, i.e., 4, equivalent to the decimal equivalent is then identified by traversing through the keyset. The value present in the first column (Y) corresponding to the row number of the keyset is 001. The 'n' bit of input data ' 100' is replaced with 'n' bit of output data Ό0 . [0034] To encrypt the next 'n' bits of input data block, the default keyset or the primary keyset (Ki) is transformed to a secondary keyset (K2). The generation of a secondary keyset, in one embodiment, is based on the value of first 'n' bit of input data 'x' and first 'n' bit of output data y. The process of generating the secondary keyset and shuffling is as follows. For instance, the value of the first 'n' bit of input data 'x' is 4(100) and first 'n' bit of output data 'y' is 1(001). The method traverses through the row no. 4 (binary equivalent of input data 'x' and changes the random value present in the second column (E) using '4' (100) and T (001). The method may change the value present in the second column (E) using x and y (e.g. x+y or x XOR y). For illustrative purpose, consider that new random value 'Ei' is calculated by using the below function:
Ei = ((zi + Ei) + (zi * Ei) + J) mod 256
[0035] Here, the value 'zi' is calculated by using the value of first 'n' bit of input data 'x' i.e. '4' and the first 'm' bit of output data 'y' i.e. Ί ' . Thus, the value of zi = (x+y) i.e. 5. Similarly, Ei in the right-hand side of the equation represents the current random value i.e. '42'. Similarly, J represents the value Ό' to '7' . Since, it is the start of new random number generation, the value J is assigned to Ό'. Here, n refers to the size of the random value column (E). Thus, the new random value for the row number '4' is calculated as shown below:
E4 = ((5 + 42) + (5*42) + 0) mod 256
[0036] Using the above function, the value of Έ4' is calculated as T. Similarly, the new random value for Es, Ee, E7, Eo, Ei, E2 and E3 are also calculated. The values in the first column (Y) are arranged based on the order of the random values in the second column (E). The second column (E) is then sorted in any predetermined order such as ascending or descending to form the secondary keyset (K2). [0037] The method then uses the secondary keyset K2 as the primary keyset for the next '3' bit of input data Ί0 of 'x' to be encrypted. For this purpose, the corresponding decimal equivalent of Ί0Γ is calculated as 5. The method then traverses through the row number '5' of the secondary keyset, and the value present in the corresponding first column (Y) of the secondary keyset is Ό1 . The 'n' bit of input data Ί0 is replaced with 'n' bit of output data Ό1 . This process (forward transformation) is repeated until the last 'n' bits of input data are transformed to form the output data y (in this case, 100101 is transformed to 001011), and resultant keyset after complete transformation of input data is a first transformed keyset. The transformed/encrypted data may be stored or transmitted over the communication channel. Since the ciphered data y is only either stored or transmitted through the communication channel, it is difficult for the eavesdropper or any third party to obtain the input data without the keyset Ki. [0038] FIG. 3 illustrates a transformation process (300) of a keyset when transforming 'n' bits in another transformation process, in accordance to one or more embodiments of the invention. The transformation process used is a reverse transformation, represented as F1, with the same keyset. For example, the receiving computer upon receiving the value 'y', uses the following function for reverse transformation/decryption:
Fx(y, Ki) = x, K2
Here, Ki is the same keyset that was used in the forward transformation from which y was obtained. The reverse transformation function F1 takes 'y' as input and replaces 'y' with 'x' using the default primary keyset 'Ki'.
[0039] In accordance with the present invention, the first '3' bits of input data to be transformed/decrypted are Ό0 . The method identifies the value Ό0 in row 4 of the first column (Y) in the keyset (Ki). The binary equivalent of 4, i.e., ΊΟΟ', is then replaced in the output data i.e. ΌΟ Γ with ΊΟΟ'. The secondary keyset generation process is same as the keyset transformation process described in context of forward transformation. The next '3' bits '01 Γ is then transformed to Ί0 and is repeated till all 'n' bits are transformed using F1. The resultant keyset after fully transforming the input data using F1 is also a first transformed keyset. [0040] Alternatively, in one embodiment of the present invention, F1 function can be used for encryption/forward transformation and F can be used for decryption/reverse transformation process. Also, the transformation process of keyset 'Ki' to 'Κ2' and any other intermediate keysets is always an irreversible process irrespective of the function F and F"1 used for transformation/encryption of the input data. In addition, the steps of or logic for transforming a keyset to a first transformed keyset is same in encryption/forward transformation as well as decryption/reverse transformation processes. [0041] Since the transformation processes/functions F/F"1 exhibit super symmetric property - F_1(F(X, K), K) = F (F_1(X, K), K) = X, the invention disclosed herein exploits the same property to generate non-linear and dynamic complementary pair of values, which could function as modification detection or hash code and authentication codes for a data block. The non-linear and dynamic complementary values Y = F (X, K) and Z = F (X, K) satisfies the property - F (Y, K) = F (Z, K) = X and are obtained from an irreversible transformation process of keyset, where X is input data; K is a current keyset state; F is forward transformation of input data X using the current keyset state K; F 1 is reverse transformation of input data X using the current keyset state K; Y and Z are the non-linear and dynamic complementary pair of values for the given input data X and current keyset state . Because of the irreversibility in the keyset transformation process, the combination of values Y and Z can be used as message authentication code or hash or modification detection code. Further, because of the substitution process involved in the transformation process, the complementary pair of values does not contain any trace of input data.
[0042] FIG 4 illustrates a method for authentication and secure communication, in accordance to one or more embodiments of the invention. As shown in the figure, at step 401, performing a transformation of an identifier (I) with a current keyset (Ki). As explained in the foregoing, the following represents obtaining a transformation of the identifier:
F(I, Ki) - I\ K2
At step 402, as represented in the above, a first transformed keyset (K2) is obtained in the process of completely transforming the identifier.
[0043] At step 403, the first computing terminal transmits a string to a second computing terminal. The string can be, for example, a random string or a transformed string or a sequence of bits. The size of the string is be user-defined. Since symmetric state transformations are used in the invention, the same keyset (Ki) is present in a second computing terminal.
[0044] At step 404, in response to the received string, the second computing terminal generates a random number/pseudo random number and obtains a nonlinear and dynamic complementary pair of values by performing a forward transformation and a reverse transformation of the random number using the first transformed keyset (K2) at the second computing terminal.
F(R, K2) = Y, 2'
F !(R, K2) =Z, K2"
The non-linear and dynamic complementary pair of values (Y, Z) are transmitted to the first computing terminal in a response to the first computing terminal. [0045] At step 404, the first computing terminal performs reverse and forward transformations on the received pair of values (Y, Z). The first computing terminal authenticates the second computing terminal based on a result of the transformations performed on the pair of values (Y, Z) using a second transformed keyset (K3). The second transformed keyset (K3) is obtained at the first computing platform by transforming the string using the first transformed keyset (K2).
[0046] At step 405, the first computing terminal authenticates is as follows:
F-^Y, K3) = Ri, K3'
F(Z, K3) = R2, K3"
If Ri = R2 then the second computing terminal is authenticated.
If Ri≠ R2, i.e., it can't be determined an order of reverse or forward
transformation done at the second computing terminal, the first computing terminal performs another set of transformations on the pair of values (Y, Z):
F(Y, K3) = R3, K4'
F-^Z, K3) = R4, K4"
If R3 = R4 then the second computing terminal is authenticated. Else, the second computing terminal is not authenticated. The Κ4', K4" are a third and fourth transformed keysets in the process of completely transforming the first pair of non-linear and dynamic complementary pair of values.
[0047] Once the second computing terminal is authenticated, a session key is derived by providing at least the K4' keyset or the K4' ' keyset to a key derivation function. The session key is used for secure communication between the first computing terminal and the second computing terminal. In one embodiment, the key derivation function is at least one of publicly known key derivation functions such as Argon2, Catena, DF1, and HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
[0048] FIG 5 illustrates a block diagram of the system, in accordance to one or more embodiment of the present invention. The system (500) of the present invention comprises a communication channel (502), a first computer terminal (501) and a second computer terminal (503) coupled to the communication channel (502). The communication channel (502) may include, for example, a wide area network such as the internet, a local area network or a wireless network. The computer terminals (501, 503) may comprise at least any one of a personal computer (PC), a laptop, a mobile device, tablet, a personal digital assistant (PDA) etc. known in the art or future-developed for transmitting data over the communication channel (502).
[0049] FIG 6 illustrates a block diagram of the architecture of the computer terminal, in accordance to one or more embodiments of the present invention. The computer terminal of the present invention comprises at least a short-term memory such as a random access memory (RAM) (601a), a processor (601b), a long term memory, and a transceiver (601d). Here, the long-term memory (601e) is based on a dual memory model and may be used for storing data for a longer period of time. The transceiver (601d) is used to transmit and receive data from one computer terminal to another using the communication channel (502). Here, the data created by any application such as MS Word or an excel sheet is stored in the form of bits in the computer terminal (501). The long-term memory (601e) further comprises a transformation module (601c) for performing transformations. The transformation module (601c) is responsible for converting input data into output data by forward transformation F() or a reverse transformation F_1()-
[0050] FIG 7 illustrates a one-way authentication process between a computer terminal and a server, in accordance to one embodiment of the present invention. Here, the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process.
[0051] The server (503) upon receiving the ID, checks for the received ID in its database. Upon successful identification of the ID, the server (503) retrieves the corresponding pre-shared key from the database. The following are provided for convenience to understand the further description:
PskllD - The Pre-shared key and the ID of the computer terminal is concatenated together to generate the input data
Ki - Default (Primary) keyset
K2, K3, K4 and 5 - Next internal keysets
Ri, R3 -random number (nonce)
Pv4, R5 - Newly generated authentication codes using and K3 [0052] The server (503) upon retrieving the corresponding pre-shared key from the database, concatenates the pre-shared key with the identifier (ID) to derive an input data PskllD. The input data PskllD is then transformed into PSk' and a secondary keyset K2, using the default (primary) keyset Ki as shown below:
F((PskIID), Ki) = PSk', K2
[0053] Here, the primary keyset 'Ki' is transformed to secondary keyset 'Κ2' using the values of PskllD and PSk' . In one embodiment, the string is a first transformed string. The first transformed string is obtained by a transformation of the string using the first transformed keyset. The server (503) uses a newly generated random value such as Ri, and then transforms Ri into R2 by using the forward transformation f ().as shown below:
F(Ri, K2) = R2, K3; [0054] The server (503) then transmits the newly generated output R2 to the computer terminal (501). In one embodiment, a first intermediate transformed keyset is obtained in process of completely transforming the transformed string. The first intermediate transformed keyset is used to perform transformations on a first string to obtain the first pair of non-linear and dynamic complementary pair of values. The computer terminal (501) upon receiving the R2, uses a reverse transformation function F_1() to transform R2 into Ri using the secondary keyset K2. The secondary keyset is then transformed to the next keyset K3 (first intermediate transformed keyset). In one embodiment, the first pair of strings are obtained by performing transformations on a first string using the first intermediate transformed keyset. The computer terminal (501) then generates a new random number R3, and then transforms R3 into Y and Z, using K3 as shown below:
F(R3, K3) = Y, K4;
F ^Rs, K ) = Z, K5
[0055] The computer terminal (501) then transmits the newly generated authentication code (MAC) Y and Z to the server (503) for authentication purpose. The server (503) upon receiving the authentication code Y and Z performs a reverse transformation function F_1() for Y and a forward transformation function F () for Z using the keyset K3, respectively. The server (503) then checks whether F_1(Y, K3) and F (Z K3) are equal and then authenticates computer terminal (501). In one embodiment, a session key is generated for secure communication after authenticating the first pair of non- linear and dynamic complementary pair of values at the server (503). This is because the string does not have any trace of server (503) details, and the session key is only derived at the server (503). In one embodiment, a third transformed keyset and a fourth transformed keyset are obtained in process of transforming the pair Y, Z using K3. In that embodiment, a session key for secure communication with the computer terminal (501) is derived by providing at least the third transformed keyset or the fourth transformed keyset to a key derivation function.
[0056] Thus, the authentication protocol as shown in FIG 7 is a one-way authentication process i.e. only the server (503) authenticates the computer terminal (501). Here also, the pre-shared key is not transmitted directly from the computer terminal (501) to the server (503), or from the server (503) to the computer terminal (501). Also, the transmitted values R2, Y and Z are not obtained directly from the pre-shared key. That is, pre-shared key is primarily used for irreversible shuffling of Ki (i.e. to change values in second column E of Ki) to generate K2 and then K2 is used along with R3 to generate authentication code (Y and Z), therefore, the process may be considered as no-knowledge with no-trace of input data.
[0057] FIG 8 illustrates a two-way authentication protocol between a computer terminal/mobile device and a server, in accordance to one embodiment of the present invention.
[0058] As shown in FIG 8, this protocol aims to establish a session key between two computing devices (501) and (504) on a network, typically to protect further communication. Here, devices (501) initiates the communication to devices (503). Device S (503) is a server trusted by both parties. In the communication:
A and B are identities of Alice and Bob respectively
KAS is a symmetric key known only to A and S
KBS is a symmetric key known only to B and S
NA and NB are nonces generated by A and B respectively
AB is a symmetric, generated key, which will be the session key of the session between A (501) and B (504).
The protocol can be specified as follows:
A (501) computes as shown below:
Figure imgf000017_0001
Where Pa- User A secret from Database; Pas - concatenation of (PaIAIB)
Ki - default keyset (public);
[0059] The computer terminal (501) then generates a nonce say Ri. The terminal (501) then transform Ri into Yi, and Ri into Zi as shown below:
Yi = F (Ri, K2);
Zi = F^ i K2); User A (501) transmits A, B, Yi & Zi to Server S (503), then the Server S (603) verifies the code Yi and Zi as shown below:
F (Ρω, Ki) = P\ K2;
Where Pa- User A secret from Database; Pas - concatenation of (PaIAIB); If F-1(Yi, K2) = F(Zi, K2) = Ri then A is authentic and then Server S (503) initiates connection with User B (504) as shown below:
F (Pbs, Kl) = P" , Kl0;
Where Pb- User B secret from Database; Pbs - concatenation of (PblAIB); [0060] The computer terminal (504) then generates a nonce say R2. The computer terminal (504) then transform Ri into Y2, and Ri into Z2 as shown below:
Y2 = F (R2, Kio);
Z2 = F X(R2 102); [0061] The Server S (503) transmits A, B, Y2 & Z2 to User B (504), then the user B (504) verifies the code Y2 and Z2 as shown below:
F (Pbs, Κΐ) = Ρ", Κ10;
Where Pb- User B secret from Database; Pbs - concatenation of (PblAIB); If F"1(Y2, Kio) = F(Z2, Kio) = Ri, then S is authentic and then User B (504) initiates connection with User A (501) as shown below:
F (Pbs, Ki) = Pba\ K20;
Where Pbs - concatenation of (RilBIA)
[0062] In one embodiment, an intermediate session key for secure communication between the computer terminal (501) and the computer terminal (504) is derived by providing at least a third computing terminal identifier, a first computing terminal identifier to a key derivation function. The computer terminal (504) then generates a nonce say R2 and R3. The computer terminal (504) then transform R3 into Y3, and R3 into Z3 as shown below:
Figure imgf000018_0001
Sk = KDF (A, B, Ri, R2, K2i);
F(Sk, K21) = Sk', K22
Figure imgf000018_0002
F-1(R3, K22) = Z3, K24; Where Sk - session key; KDF () - Key derivation function;
[0063] Then User B (504) send B, A, R2\ Y3 & Z3 to user A (501) for its authentication. Now user A (501) verifies the User B (504) is authentic or not as shown below:
Figure imgf000019_0001
Where Pab - concatenation of (RilBIA)
F-1(R2', K20) = R2, K2i;
Sk = KDF (A, B, Ri, R2, K2i);
F(Sk, K21) - Sk', K22
[0064] User A verifies User B authenticity as below:
If F A(Y3, K22) = F(Z3, K22) then User B (504) is authentic; [0065] Now, User A (501) generates a nonce R4 and computes authentication code (Y4 & Z4), sends it to User B (504), as computed below:
F (R4, K24) = Y4. K25;
F-1(R4, K24) = Z4, K26; [0066] After receiving the code (Y4 & Z4) from User A (501), the User B (504) verifies the authenticity of it as shown below:
If F"1(Y4, K24) = F(Z4, K24) then User A (501) is authentic;
[0067] Now, both the User A device (501) and the User B device (504) communicate securely using session key (Sk). This is a symmetric key based Authentication and Key Agreement using a Trusted Server S (503) (with key confirmation). It is applicable to DH and ECC key exchange.
[0068] FIG 9 illustrates a one-way authentication and key confirmation process between a computer terminal (501) and a server (503), in accordance to one embodiment of the present invention. Here, the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process. For illustrative purpose, let us consider that the computer terminal (503) is a mobile station. [0069] The protocol illustrated in FIG 9 can be used in SIM card authentication. Let's take GSM/3G as an example and briefly review how a network application works. For GSM the main network parameters are network identity (International Mobile Subscriber Identity, IMSI; tied to the SIM), phone number (MSISDN, used for routing calls and changeable) and a shared network authentication key i. To connect to the network, the MS needs to authenticate itself and negotiate a session key. Both authentication and session key derivation make use of Ki, which is also known to the network and looked up by IMSI.
[0070] The server (503) upon receiving the ID, checks for the received ID in its database. Upon successful identification of the ID, the server (503) retrieves the corresponding pre-shared key from the database. The following description is for convenience:
PskllD - The Pre-shared key and the ID of the computer terminal is concatenated together to generate the input data;
KM - Master state (private-only known to the server) (503);
Ki - user specific keyset available with computer terminals (501)
K2, K3, K4, 5 and K6 - intermediate keysets
Ri, R3 number (may be random number)
Y & Z - Newly generated authentication codes.
[0071] The server (503) upon retrieving the corresponding pre-shared key from the database, computes ID specific keyset (Ki) and then concatenates the pre- shared key with the identifier (ID) to derive an input data PSkHD. The input data PskllD is then transformed into PSk' and a secondary keyset K2, using the keyset Ki as shown below:
F(ID, KM) -> ID', Ki;
F((PskIID), Ki) ^ Psk\ K2
[0072] Here, the primary keyset 'Ki' is transformed to secondary keyset 'Κ2' using the values of PskllD and PSk' . In one embodiment, the server (503), transmits a transformed string. The transformed string is obtained by a transformation of the string using the first transformed keyset (K2). Accordingly, the server (503) uses a newly generated random value such as Ri, and then transforms Ri into R2 by the forward transformation f () and also computes as shown below:
F(Ri, K2) = R2, K3;
Sk - KDF (Ri, K3);
F(Sk, 3) = Sk', K4;
[0073] The server (503) then transmits the newly generated output R2 to the computer terminal (501). The computer terminal (501) upon receiving R2, uses a reverse transformation function F_1() to transform R2 into Ri using the secondary keyset 2. In one embodiment, a session key for secure communication is derived at the computer terminal (501) when a first transformed string (R2) is received. Since R2 includes/comprises certain/partial information about the server (501) because of the transformation, the computer terminal (501) generates the session key only in cases where a transformed string is received. In one embodiment, the session key is generated by providing at least the first intermediate transformed keyset (K3) to a key derivation function. The secondary keyset K2 is then transformed by the computer terminal (501) to the next keyset K3 as follows.
F ^Ri, K2) = Ri, K3;
Sk = KDF (Ri, K3);
In one embodiment, the session key is transformed by a transformation using the first intermediate transformed keyset (K3), and a second intermediate transformed keyset is obtained at the computer terminal (501) in process of completely transforming the session key.
Figure imgf000021_0001
[0074] In one embodiment, a first pair of strings are obtained by performing transformations on a first string using the second intermediate transformed keyset (K4). Accordingly, the computer terminal (501) generates a new random number R3, and then transforms R3 into Y and Z, using K3 as shown below:
Generate R3;
F(R3, K4) = Y, K5;
F1(R3, K4) = Z, K6; [0075] The computer terminal (501) then transmits the newly generated authentication code (MAC) Y and Z to the server (503) for authentication purpose. The server (503) upon receiving the authentication codes Y and Z, i.e., authentication and session key confirmation codes, performs a reverse transformation function F_1() for Y and a forward transformation function F () for Z using the keyset K4 respectively. The server (503) then checks whether F_1(Y, K4) and F (Z, K4) are equal and then authenticates computer terminal (501). Since the Y and Z included/comprised the session key information because of the transformation, the session key is also confirmed in the process along with the authentication.
[0076] FIG 10 illustrates a mutual authentication and key confirmation process between a computer terminal (501) and a server (501), in accordance to one embodiment of the present invention. Here, the computer terminal (501) transmits an identifier (ID) to the server (503) to initiate the authentication process.
[0077] The server (503) upon retrieving the corresponding pre-shared key from the database, computes ID specific keyset (Ki) and then concatenates the pre- shared key with the identifier (ID) to derive an input data PskHD. The input data PskUD is then transformed into PSk' and a secondary keyset K2, using the keyset Ki as shown below:
F(ID, KM) -> ID', Ki;
F((PskIID), Ki) ^ Psk', K2 [0078] Before going to the forward and reverse transformation functions, let us have a look at the terms used here:
PskUD - The Pre-shared key and the ID of the computer terminal is concatenated together to generate the input data
KM - Master state (private-only known to the server) (503);
Ki - ID specific keyset available with the computer terminal (501)
K2, K3, K4, K5, K6, K7 and Kg - Next intermediate keysets
Ri, P3, R4 - may be random number;
Yi & Zi- Newly generated authentication codes by device (501).
Y2 & Z2- Newly generated authentication codes by device (503). [0079] Here, the primary keyset 'Ki' is transformed to secondary keyset 'Κ2' using the values of PskUD and Psk'. The server (503) uses a newly generated random value such as Ri, and then transforms Ri into R2 by using the forward transformation f () and also computes as shown below:
F(Ri, K2) = R2, K3;
[0080] The server (503) then transmits the newly generated output R2 to the computer terminal (501). The computer terminal (501) upon receiving R2, uses a reverse transformation function F_1() to transform R2 into Ri using the secondary keyset K2. The secondary keyset is then transformed to the next keyset K3. The computer terminal (501) then generates a new random number R3, and then transforms R3 into Y and Z, using K3 as shown below:
Generate R3;
F (R3, K3) = Yi, K4;
F1(R3, K ) = Zi, 5;
[0081] The computer terminal (501) then transmits the newly generated authentication code (MAC) Yi and Zi to the server (503) for authentication purpose. The server (504) upon receiving the authentication code Yi and Zi performs a reverse transformation function F_1() for Yi and a forward transformation function F () for Zi using the keyset K3 respectively. The server (503) then checks whether F_1(Y, K4) and F (Z K4) are equal and then authenticates computer terminal (501). In one embodiment, a second session key for secure communication is derived by providing at least K4 or K5 to a key derivation function. The server (503) computes session key and authentication code (Y2 and Z2), and sends it to computing terminal (501), as shown below:
Sk = KDF (Ri, K4);
[0082] In one embodiment, the session key is transformed by a transformation using 4 or 5 at the server (503).
F(Sk, K5) = Sk', K6; [0083] In one embodiment, K7 or Ks are obtained by performing transformations on a second string using the Κβ, in the process obtain a second non-linear and complementary pair of values.
Generate R4;
F(R4, Ke) = Y2, K7;
Figure imgf000024_0001
[0084] In one embodiment, the computer terminal (501) authenticates the server (503) by performing transformations on a second pair of strings, from the first computing terminal. The computer terminal (501) upon receiving the code Y2 and Z2, performs a reverse transformation function on Y2 and a forward transformation function on Z2 and then authenticates the server (503). Now, both the computer terminal (501) and the server (503) communicate securely using session key (Sk). This is a symmetric key based Authenticated Key Agreement Protocol (with key confirmation).
[0085] FIG 11 illustrates a mutual authentication, key agreement and key confirmation protocol between one computing terminal (501) (e.g. smartphone, tablet etc.) and another computing terminal (503) (e.g. bank authentication server) using a master keyset (KM), in accordance to one embodiment of the present invention. For example, some mobile phones OS Android builds from major vendors provide Open Mobile API aims to provide a unified interface for accessing Secure Elements (SE) on Android to its apps, including the SIM SE- enabled Android applications. The Secure Element (SE) can be SIM, embedded SE or a secure memory card (Secure Micro SD).
[0086] Thus, the authentication protocol of the present invention may also be used for authenticating data transmitted from mobile application also. Just as regular smart cards, an SE can be used to store data and keys securely and perform cryptographic operations without keys having to leave the card. One of the usual applications of smart cards is to store RSA authentication keys and certificates that are used from anything from desktop logon to VPN or SSL authentication. [0087] Here, the computing terminal (501) first concatenates the identifier IDse (identity of app or secure element SE) with the time-stamp Ts and then the computer terminal (501) uses the forward transformation function F() to transform IDselTs with IDselTs' using a system state keyset Kse stored in SE or in app (mobile application). Here the primary keyset 'Kse' is transformed to a next keyset 'Κ2' using the values of IDseITs and IDseITs' as shown below:
F((IDseITs), Kse) - (IDse ITS)\ K2;
[0088] The computer terminal (501) also performs a forward transformation function on the user id or account number of the user who is initiating the transaction as shown below:
F(IDU, K2) = IDU', K3 [0089] Further the computer terminal (501) upon generating then concatenates a secret (e.g. pas sword/pre- shared key/PIN) and other details like Name, mobile no. etc. (optional) of the user to generate P0. The computer terminal then performs a forward transformation function f () on P0 to generate a new state K4 as shown below:
F(Po, K3) = Po', K4; Where
[0090] Further the computing device (501) generates random number Ri and generate a new process based MAC (Yi & Zi) using Rl and K4, man-in-the- middle can't tamper any of the parameters sent by computer terminal (501) to the server (503), as shown below:
F (Ri, K4) = Yi, K5; and F^Ri K4) = Zi, K6
The computing device (501) sends IDse, Ts, IDu' and MAC (YI & ZI) to the computing device (503) called server. The server (503) upon receiving the IDse, Ts, IDu and (YI & ZI) checks the existence of IDse in its SE database. The server (503) upon successful identification of IDse computes Kse using SslIDse and the master secret state (KM) (where as Ss is master secret key)
F(SslIDse, KM) = Ss|IDse', Kse [0091] The server (503) then concatenates the received IDse with Ts to generate K2. The server then (503) decrypts user identity IDu' using K2 as shown below:
F((IDseITs), Kse) = (IDse ITs)\ K2;
Figure imgf000026_0001
[0092] The server (503) then retrieves the corresponding pre-shared key (P) associated with the IDU, then concatenates the retrieved pre-shared key (P) with other details (O) to generate P0. as shown below: [0093] In one embodiment, a one-time identifier is received at the computer terminal (501) from the server (503). The one-time identifier received from the first computing terminal is received in a communication channel other than the communication channel used by the first and second computing terminals. The server (503) then uses the generated keyset K4 and performs a reverse transformation function on Yi and a forward transformation function on Zi. The server (503) then checks whether F_1(Yi) and F(Zi) are equal and then sends a one-time password (OTP) to the computer terminal (501).
[0094] The computer terminal (501) upon receiving one-time password (OTP) through short message service (SMS) from the server (503) on registered mobile phone (i.e. out-of-band communication), computes session key (Sk) using key derivation function (KDF) and generates MAC (Y2 & Z2) of Sk using state K6, and sends MAC to server (503), as shown below:
Figure imgf000026_0002
F(Sk, K6) = Sk', K7;
In one embodiment, a session key for secure communication is derived by providing at least the one-time identifier to a key derivation function. Since the one-time identifier (OTP) is sent directly from the server (503) to the computer terminal (501) in a different channel, the OTP comprises details of the server (503), i.e., presence of the same OTP, and complies partial authentication. In one embodiment, the session key is transformed by a transformation using K7, and a second intermediate transformed keyset is obtained at the second computing terminal in process of completely transforming the session keys. In one embodiment, a first pair of strings are obtained by performing
transformations on a first string using K7. The computer terminal (503) generates a random number R2 and performs transformations on R2 to obtain a first pair of non-linear and complementary values Y2, Z2, and a third transformed keyset (Ks) and a fourth transformed keyset (K9) are obtained in process of completely transforming the first pair of strings (non-linear and complementary values Y2, Z2).
F (R2, K7) = Y2, Ks;
F-L(R2 K7) = Z2, K9;
[0095] The server (503) upon receiving Yi and Z2, computes session key Sk using the stored OTP. The server (501) further performs a forward transformation function on Sk ,to generate Sk and K7.
Sk = KDF (Ri. P, OTP);
F(Sk, K6) = Sk', K7;
[0096] The server (503) then performs a reverse transformation function f lQ on Y2, and a forward transformation function f () on Z2 using the keyset K7. The server (503) then checks whether F_1(Y2) and F(Z2) are equal and then authenticates the computer terminal (501). The server (503) upon verification of MAC (Y2 & Z2) generates session key confirmation MAC (Y3 & Z3) . The generated session key MAC (Y3 & Z3) is transmitted to the computer terminal (501). The session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
[0097] Here the computer terminal (501) upon receiving MAC (Y3 & Z3) performs a reverse transformation function on Y3 and a forward transformation function on Z3. The computer terminal (501) then checks whether f l(Y3) and f(Z3) are equal and then authenticates the server (503). Thus, both the computer terminal (501) and computer terminal (503) communicates securely using session key (Sk).
[0098] FIG 12 illustrates a mutual authentication, key agreement and key confirmation protocol between the computing device and another computing device, in accordance to one embodiment of the invention. It is based on using a RSA public key cryptosystem in conjunction with the mentioned innovative finite state based process of forward and reverse transformation methods and systems. [0099] Brief Overview or RSA Encryption and Decryption: A public-key cryptography algorithm which uses prime factorization as the trapdoor one-way function. The (e, n) is public key and (d, n) is the private key, where n = p.q; p and q are large primes. Encryption: C = Me mod n; Decryption: Cd = (Me)d mod n = M mod n;
[00100] Here, the computing terminal (501) first concatenates the identifier
IDse (identity of app or secure element 'SE') with the time-stamp Ts generated and then the computer terminal (501) uses the forward transformation function F() to transform IDseITs into IDseITs' using a secret system state keyset Kse present in SE or in app (mobile application), stored during user registration stage. Here the keyset 'Kse' is transformed to a next keyset 'Κ2' using the values of IDseITs and IDseITs' as shown below:
F((IDselTs), Kse) = (IDse ITS)\ K2;
F(IDU, K2) = IDu', K3; where IDU can be User ID or Account No. etc.
[00101] Further the computer terminal (501) then computes a new state K4 as shown below:
R' = E[R]; where E is RSA encryption of R using server (503) public key; F(Po, K3) = Po', K4; Where
P = Pre-Shared Key / Password / PIN;
O - Other details like Mobile no, User ID, Name etc.;
Po - Concatenation (RIPIO);
[00102] The computing device (501) generates random number Ri and generate a new process based MAC (Yi & Zi) using Rl and K4, man-in-the- middle can't tamper any of the parameters sent by device (501) to device (503), as shown below:
F (Ri, K4) = Yi, K5; and F ^Ri K4) = Zi, K6; The computing terminal (501) sends IDse, Ts, IDu', Rl ' and MAC (Yl & Zl) to the server (503). The server (503) upon receiving the IDse, Ts, IDU\ Ri \ Yi and Zi checks for the existence of IDse in its SE ids database. Upon successful identification of IDse, the server (503) computes Kse using SsIIDse and the master secret state (KM) (where as S S is master secret key)
F(SsIIDse, KM) = SsIIDse\ KSE;
The server (503) also computes K2 and decrypts user identity IDU using IDse, Ts and Kse as shown below:
F((IDseITs), Kse) - (IDse ITS)\ K2;
Figure imgf000029_0001
[00103] The server (503) after decrypting IDU, fetches its corresponding pre-shared key (P) from its database and computes K4 as shown below:
Figure imgf000029_0002
P = Pre-Shared Key / Password / ΡΓΝ from database;
O - Other details like Mobile no, Name etc. ;
Po - Concatenation (PIO);
In one embodiment, the string is a one-time identifier received by the computer terminal (501) from the server (503). The one-time identifier received from the server (503) is received in a communication channel other than the communication channel used by the server (503) and the computer terminal. The server (503) then performs a reverse transformation function f_1() on Yi and a forward transformation function f () on Zi. The server (503) then checks whether f" l(Yi) and f(Zi) are equal and then generates a OTP to be transmitted to the client device i.e. the computer terminal (501). The OTP (one-time password) is the onetime identifier sent, for example, as an SMS , to the computer terminal (501) [00104] In one embodiment, a session key for secure communication is derived by providing at least the one-time identifier, a user secret key and random number (R) generated at the computing terminal (501) to a key derivation function. The computer terminal (501) upon receiving one-time password (OTP) through short message service (SMS) from the server (503) computes session key (Sk) using key derivation function (KDF) and generates MAC (Y2 & Z2) for Sk using state Κβ, and sends MAC (Y2 & Z2) to server (503) for user authentication and session key confirmation, as shown below:
Sk - KDF (R, P, OTP);
In one embodiment, the session key is transformed using Κβ, and in the process obtain K7 after completely transforming the session key.
F(Sk, K6) - Sk', K7;
In one embodiment, a first pair of non-linear and complementary values are generated by performing transformations on a second random number generated at the computing terminal (501), and in the process obtaining Kg and K9.
F (R2, K7) = Y2, K8;
F^Ri K7) = Z2, K9;
[00105] The server (503) upon receiving MAC computes session key (Sk) and, verifies the integrity of the received MAC (Y2 & Z2) using the keyset derived from the transformation process of Sk as shown below:
Sk = KDF (R P, OTP);
F(Sk, K6) = Sk', K7; [00106] The sever (503) upon successful authentication of the received
MAC (Y2 & Z2) generates its own session key confirmation MAC (Y3 & Z3) to be transmitted to the computer terminal (101) as shown below:
F (R3, K9) = Y3, K10;
Figure imgf000030_0001
The session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
[00107] The computer terminal (501) upon receiving the session key confirmation MAC (Y3 & Z3), performs a reverse transformation function F_1() on Y3, and a forward transformation function on Z3. The computer terminal (501) then checks whether F_1(Y3) and F(Z3) are equal and then authenticates the server (503). Here, both the computing terminal (501) and the server (503) communicate securely using session key (Sk). [00108] FIG 13 illustrates an authenticated key agreement and key confirmation protocol between one computing device and another computing device, in accordance to one embodiment of the invention. It is based on using a Diffie-Hellman Protocol (DH) in conjunction with the mentioned innovative finite state based process for forward and reverse transformation methods and systems.
[00109] Brief Overview of Diffie-Hellman Protocol: The Diffie-Hellman protocol is a method for two computer users to generate a shared private key with which they can then exchange information across an insecure channel. Let the users be named Alice and Bob. First, they agree on two prime numbers g and p, where p is large (typically at least 1024 or 2048 bits) and g is a primitive root modulo p. (In practice, it may be a good idea to choose p such that (p-l)/2 is also prime.) The numbers g and p need not be kept secret from other users. Now Client chooses a large random number 'a' as her private key and server similarly chooses a large number 'b'. Computer terminal (501) then computes A= ga (mod p), which she sends to Server (503), and Server (503) computes B= gb (mod p), which he sends to Client.
[00110] Here, both computing device (501) and Server (503) compute their shared key K = gab (mod p), which Client (501) computes as K = Ba (mod p) = gba (mod p) and Server (503) computes as K = Ab (mod p) = gab (mod p). Client (501) and Server (503) can now use their shared key K to exchange information without worrying about other users obtaining this information. Given A, g and p, finding 'a' is the discrete algorithm problem, which is computationally infeasible for large p.
[00111] As shown in FIG 13, the computing device (501) first concatenates the identifier IDse (identity of app or secure element 'SE') with the time-stamp Ts generated and then the computing device (501) uses the forward transformation function F() to transform IDseITs into IDseITs' using a secret system state keyset Kse present in SE or in app (mobile application), stored during user registration stage. Here the keyset 'Kse' is transformed to a next keyset 'Κ2' using the values of IDseITs and IDseITs' as shown below:
F((IDseITs), Kse) = (IDse ITS)\ K2; F(IDU, K2) = IDu' , K3; where IDU can be User ID or Account No. etc.
[00112] Further, the computer terminal (501) computes DH ephemeral public key (X) using mutually agreed parameters, base g and large prime number (p) and also computes a new state K4 as shown below:
X = gx mod p; where x - private key (dynamically generated random number of required size)
F(Po, K3) =
Figure imgf000032_0001
K4; Where
P = Pre-Shared Key / Password / PIN;
O - Other details like Mobile no, User ID, Name etc;
Po - Concatenation (XIPIO);
[00113] The computing device (501) generates a random number Ri and generate a new process based MAC (Yi & Zi) (a kind of symmetric signature) using Ri and K4, man-in-the-middle can't tamper any of the parameters sent by computer terminal (501) to server (503), as shown below:
F (Ri, K4) = Yi, K5; and F^Ri K4) = Zi, K6 The computing device (501) sends IDse, Ts, IDU', X and MAC (Yi & Zi) to the computing device (503). The server (503) upon receiving the IDse, Ts, IDU' , X and (Yi & Zi) it checks the existence of IDse in its SE ids database, if present then it computes Kse using SsIIDSe and the master secret state (KM) (where as Ss is master secret key) whether F(SsIIDSe, KM)IS equal to SsIIDSe', Kse. The server (503) then computes K2 and decrypts user identity IDU using TDse, Ts and Kse as shown below:
F((IDseITs), Kse) = (IDse ITS)', K2;
Figure imgf000032_0002
[00114] The server (503) after decrypting the IDU, fetches its corresponding pre- shared key (P) from its database and computes K4 and then checks whether the received MAC (Yi & Zi) is true or false as shown below:
Figure imgf000032_0003
If F ^Yi, K4) = F(Zi, K4) Then
Partially authenticated and Sends OTP thro' SMS to device (501); F(YIOTP K6) = Y|OTP', K7; F (R, K7) = Y2, K8;
F- R, K7) = Z2, K9;
Also sends Y (pre-computed Y = gy mod p) and MAC (Y2 & Z2); Else Reject;
P = Pre-Shared Key / Password / PIN from database;
O - Other details like Mobile no, Name etc.;
Po - Concatenation (XIPIO);
[00115] The computer terminal (501) upon receiving one-time password (OTP) through short message service (SMS) from server (503) on IDU associated mobile device (i.e. out-of-band communication), Y and MAC (Y2 & Z2). In one embodiment, a session key for secure communication is derived by providing a Diffie-Hellman public key pertaining to the first computing terminal and a Diffie- Hellman private key pertaining to the second computing terminal to a key derivation function. The computer terminal (501) verifies the MAC (Y2 & Z2) and computes session key (Sk) using server's (503) public key (Y), computer terminal (501) ephemeral private key (x) and h and finally uses key derivation function (KDF) on the result and also generates MAC (Y3 & Z3) for Sk using state Kio, and sends it (Y3 & Z3) to server (104) for user authentication and session key confirmation as shown below:
F(YIOTP K6) = Y|OTP\ K7;
Figure imgf000033_0001
Sk = KDF[(Y)x h mod p]; where h - SHA256 (P, OTP, X, Y, Ri, K9);
Figure imgf000033_0002
F (R2, Kio) = Y3, Kn;
F (R2 Kio) = Z3, Ki2;
Else Reject;
The session key confirmation and authentication of the computer terminal (501) is performed at server (503) based on the above transformations.
[00116] The server (503) upon receiving MAC (Y3, Z3) from computer terminal (501), session key (Sk) and verifies the integrity of the received MAC (Y3 & Z3). The server (503) upon successful authentication of MAC (Y3, Z3), generates its own session key confirmation MAC (Y4 & Z4) and transmits it to the computer terminal (501) for its authentication, as shown below:
Sk = KDF[(Y)x h mod p]; where h - SHA256 (P, OTP, X, Y, Ri, 9);
F(Sk, 9) - Sk', Kio;
If F ^Ys, Kio) = F(Z3, Kio) Then
Authenticated & compute
F(R3, 12) - Y4, Ki3;
F^Ra. Ki2) = Z4, KM;
Else Reject;
[00117] The computer terminal (501) upon receiving MAC (Y4, Z4) checks whether F_1(Y4) and F(Z4) are equal using keyset K12. Thus, both the computer terminal (501) and server (503) communicate securely using session key (Sk). [00118] From the protocols as shown in FIG.'s 7-13, it is evident that the pre-shared key or session key does not travel in any form over the communication channel. Further the protocols are highly secure in wireless communication channels like mobile internet, Wi-Fi, VPN etc. The authentication protocols described in the present invention eliminates phishing and any active or passive man-in-the-middle observer will gain zero -knowledge of the input data (e.g. pre- shared key) or the initial keyset. This is primarily because of the transformation process (F or F"1) as there is zero trace of the input data (e.g. pre-shared key) or the initial keyset from the transformed output data. [00119] Also, Elliptic Curve Cryptography (ECC) may be applicable as a variant of Diffie-Hellman Protocol as illustrated in FIG 13.
[00120] The protocols as shown in FIG.'s 7 - 13 may be implemented as software or hardware.
[00121] The protocols as shown in FIG.'s 9 - 13 are also applicable to the
IDse and Kse that is stored in the secure element (SE) or may be in mobile app, with or without SMS OTP. Thus, the above described protocols may be implemented sometimes with Password (symmetric secret key) (P) and may or may not include one-time password (OTP) from server as out-of-band channel communication from server (503) to the computer terminal (501) such as SMS or email. Further, the protocols depicted in FIG.'s 9-13 may be implemented between client device (501) and server (503) and also as peer to peer authentication protocols. Here, the computer terminal (501) and server (503) may be a mobile phone, tablet, laptop, PC, ATM or high end computer etc.
[00122] While at least one exemplary embodiment has been presented in the foregoing detailed description, it should be appreciated that a vast number of variations exist. It should also be appreciated that the exemplary embodiment or exemplary embodiments are only examples, and are not intended to limit the scope, applicability, or configuration in any way.

Claims

WE/I CLAIM:
1. A method (400) for authentication and secure communication, the method comprising:
performing a transformation (401), by a processor, of an identifier using a current keyset (100);
transforming (402), by the processor, the current keyset to a first transformed keyset (201, 301) in process of completely transforming the identifier;
transmitting (403), by the processor of a first computing terminal (503), a string to a second computing terminal (501);
performing transformations (404), by the processor of the first computing terminal (503), of a first pair of complementary values received from the second computing terminal (501) using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal (503); and
authenticating (405), by the processor of the first computing terminal (503), the second computing terminal from a result of the transformations on the first pair of complementary values using the second transformed keyset.
2. The method of claim 1, wherein a third transformed keyset and a fourth transformed keyset are obtained in process of completely transforming the first pair of complementary values.
3. The method of claim 2, wherein a first session key for secure
communication is derived by providing at least the third transformed keyset or the fourth transformed keyset to a key derivation function.
4. The method of claim 3, the key derivation function is at least one of
publicly known key derivation functions such as Argon2, Catena, KDF1, and HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
5. The method of claim 3, wherein the first computing terminal initiates a process to establish a communication link with the second computing terminal based on the first session key, and wherein an intermediate session key for secure communication between the first computing terminal and the third computing terminal is derived by providing at least a third computing terminal identifier, a first computing terminal identifier to a key derivation function.
6. The method of claim 1, the string is a first transformed string, and wherein the first transformed string is obtained by a transformation of the string using the first transformed keyset, and wherein a first intermediate transformed keyset is obtained in process of completely transforming the transformed string.
7. The method of claim 6, wherein the first pair of complementary values are obtained by performing transformations on a first string using the first intermediate transformed keyset.
8. The method of claim 7, wherein a third transformed keyset and a fourth transformed keyset are obtained in process of transformations on the first string.
9. The method of claim 8, wherein a second session key for secure
communication is derived by providing at least the third transformed keyset or the fourth transformed keyset to a key derivation function.
10. The method of claim 9, wherein the second session key is transformed by a transformation using the third transformed keyset or the fourth transformed keyset at the first computing terminal, and wherein a fifth transformed keyset is obtained in the process of performing the transformation, and wherein a second pair of complementary values are obtained by performing transformations on a second string using the fifth transformed keyset.
11. The method of claim 10, wherein the second computing terminal authenticates the first computing terminal by performing transformations on the second pair of complementary values, from the first computing terminal.
12. The method of claim 6, wherein a third session key for secure
communication is derived by providing at least the first intermediate transformed keyset to a key derivation function.
13. The method of claim 12, wherein the third session key is transformed by a transformation using the first intermediate transformed keyset, and wherein a second intermediate transformed keyset is obtained at the second computing terminal in process of completely transforming the session key.
14. The method of claim 13, wherein the first pair of complementary values are obtained by performing transformations on a first string using the second intermediate transformed keyset.
15. The method of claim 14, wherein a third transformed keyset and a fourth transformed keyset are obtained in process of completely transforming the first pair of complementary values.
16. The method of claim 15, wherein the second computing terminal
authenticates by performing transformations on a second pair of complementary values, from the first computing terminal, using the third transformed keyset or the fourth transformed keyset.
17. The method of claim 1, wherein the string is a one-time identifier received from the first computing terminal, and wherein a fourth session key for secure communication is derived by providing at least the one-time identifier to a key derivation function, and wherein the one-time identifier received from the first computing terminal is received in a communication channel other than the communication channel used by the first and second computing terminals.
18. The method of claim 17, wherein the fourth session key is transformed by a transformation using the first intermediate transformed keyset, and wherein a second intermediate transformed keyset is obtained at the second computing terminal in process of completely transforming the session key.
19. The method of claim 18, wherein the first pair of complementary values are obtained by performing transformations on a first string using the second intermediate transformed keyset.
20. The method of claim 19, wherein a third transformed keyset and a fourth transformed keyset are obtained in process of completely transforming the first pair of complementary values.
21. The method of claim 20, wherein the second computing terminal
authenticates by performing transformations on a second pair of complementary values, from the first computing terminal, using the third transformed keyset or the fourth transformed keyset.
22. The method of claim 1, wherein the string is a one-time identifier received from the first computing terminal, and wherein a fifth session key for secure communication is derived by providing at least the one-time identifier, a user secret key, and a random number generated at the second computing terminal to a key derivation function, and wherein the one-time identifier received from the first computing terminal is received in a communication channel other than the communication channel used by the first and second computing terminals.
23. The method of claim 1, wherein the string is a one-time identifier received from the first computing terminal, and wherein a sixth session key for secure communication is derived by providing a Diffie-Hellman public key pertaining to the first computing terminal and a Diffie-Hellman private key pertaining to the second computing terminal to a key derivation function, and wherein the one-time identifier received from the first computing terminal is received in a communication channel other than the communication channel used by the first and second computing terminals.
24. The method of claim 1, wherein the identifier is transmitted to the first computing terminal by the second computing terminal, wherein the current keyset is obtained in process of completely transforming the identifier using a master keyset.
25. The method of claim 1, wherein the identifier comprises at least a unique user ID and a public or private pre-shared key.
26. The method of claim 1, wherein the identifier comprises at least a user device identifier.
27. The method of claim 1, wherein the identifier comprises at least an
application identifier the user is using.
28. The method of claim 1, wherein the identifier comprises at least a public key pertaining to the first and second computing terminals from Diffie- Hellman process.
29. The method of claim 1, wherein the string comprises a public key
pertaining to the first computing terminal from Diffie-Hellman process and a third pair of complementary values.
30. The method of claim 1, wherein a size of the string is user defined.
31. The method of claim 1, wherein the string is a random string, and wherein the random string comprises at least one of transformed pre-determined number of bits from the first transformed keyset, a constant or a string of bytes from a predetermined file.
32. The method of claim 31, wherein, in case the random string comprises the transformed pre-determined number of bits, detecting presence of the pre- determined number of bits at predetermined locations in the first transformed keyset at the second computing terminal after performing a transformation of the transformed pre-determined number of bits.
33. The method of claim 1, wherein the current keyset comprises a two- dimensional array type data structure having 2n rows and at least two columns, wherein n is the number of bits in the 'n' bits, and wherein a first column of the two-dimensional array comprises unique combination of the 'n' bits in each of the rows, and wherein a second column comprises random numbers in each of the rows.
34. The method of claim 33, wherein the process of transforming current keyset to the next keyset comprises:
performing a first predetermined operation for changing each random number in the second column of keyset, and
performing a second predetermined operation for arranging the second column in a predefined order and in the process, arranging the first column corresponding to the arrangement performed on the second column.
35. The method of claim 33, wherein performing a forward transformation of 'n' bits comprises:
a. traversing the first column of the keyset to a row number equal to a decimal equivalent of first 'n' bits of the random string,
b. reading the 'n' bits stored at the row of the first column, and c. replacing the 'n' bits with the 'n' bits read at the row, and wherein performing a reverse transformation of 'n' bits of the data block comprises:
a. searching the first column of the keyset for the 'n' bits;
b. locating the 'n' bits at a row in the first column of the first transformed keyset;
c. reading the row number and representing the row number in 'n' bits; and
d. replacing the 'n' bits with the 'n' bits representing the row number.
36. The method of claim 35, wherein the steps performed for forward transformation and reverse transformation can be worked interchangeably.
37. The method of claim 1, wherein performing a transformation comprises performing a forward transformation or a reverse transformation using the current keyset, and wherein performing transformations comprises performing both the forward and the reverse transformations using the current keyset.
38. The method of claim 1, wherein the first computing terminal generates a session key for secure communication.
39. The method of claim 1, wherein the string is a transformed string, the second computing terminal generates a session key for secure
communication.
40. The method of claim 39, the first computing terminal confirms the session key.
41. A system for authentication and secure communication, the system
comprising a first computing terminal, the first computing terminal comprising:
memory (60 le) for storing instructions associated with a transformation module (601c); and
a processor (601b) for executing the instructions associated with transformation module (601c) to:
perform a transformation of a user identifier using a current keyset
(100);
transform the current keyset to a first transformed keyset (201 , 301) in process of completely transforming the user identifier; transmit a string to a second computing terminal;
performing transformations of a first pair of complementary values received from the second computing terminal using a second transformed keyset, wherein the second transformed keyset is obtained in process of completely transforming the string at the first computing terminal; and
authenticating the second computing terminal for secure communication from a result of the transformations on the first pair of complementary values using the second transformed keyset.
42. A non-transitory computer-readable storage medium having instructions that, when executed by a computing device, cause the computing device for a hash or a modification detection code for a data block as in claim 1.
PCT/IB2017/055469 2016-09-10 2017-09-11 A system and method for authentication and secure communication WO2018047132A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201641030958 2016-09-10
IN201641030958 2016-09-10

Publications (1)

Publication Number Publication Date
WO2018047132A1 true WO2018047132A1 (en) 2018-03-15

Family

ID=61561362

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/IB2017/055444 WO2018047120A1 (en) 2016-09-10 2017-09-09 A system and method for data block modification detection and authentication codes
PCT/IB2017/055469 WO2018047132A1 (en) 2016-09-10 2017-09-11 A system and method for authentication and secure communication

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/055444 WO2018047120A1 (en) 2016-09-10 2017-09-09 A system and method for data block modification detection and authentication codes

Country Status (1)

Country Link
WO (2) WO2018047120A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616350B (en) * 2018-03-20 2021-08-10 如般量子科技有限公司 HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
CN108599926B (en) * 2018-03-20 2021-07-27 如般量子科技有限公司 HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
CN110351077B (en) * 2019-05-30 2023-05-02 平安科技(深圳)有限公司 Method, device, computer equipment and storage medium for encrypting data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020071552A1 (en) * 2000-10-12 2002-06-13 Rogaway Phillip W. Method and apparatus for facilitating efficient authenticated encryption
EP1790115A1 (en) * 2004-09-14 2007-05-30 P. Prahlad Singanamala A method and system for computational transformation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020071552A1 (en) * 2000-10-12 2002-06-13 Rogaway Phillip W. Method and apparatus for facilitating efficient authenticated encryption
EP1790115A1 (en) * 2004-09-14 2007-05-30 P. Prahlad Singanamala A method and system for computational transformation

Also Published As

Publication number Publication date
WO2018047120A1 (en) 2018-03-15

Similar Documents

Publication Publication Date Title
US10693848B2 (en) Installation of a terminal in a secure system
CA2694500C (en) Method and system for secure communication
US10348498B2 (en) Generating a symmetric encryption key
EP2073430B1 (en) Methods and systems for secure channel initialization transaction security based on a low entropy shared secret
US9705683B2 (en) Verifiable implicit certificates
US10356090B2 (en) Method and system for establishing a secure communication channel
CN104023013A (en) Data transmission method, server side and client
US8422670B2 (en) Password authentication method
US10511596B2 (en) Mutual authentication
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
US10733309B2 (en) Security through authentication tokens
CN114008967A (en) Authenticated lattice-based key agreement or key encapsulation
Niu et al. A novel user authentication scheme with anonymity for wireless communications
WO2018047132A1 (en) A system and method for authentication and secure communication
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
Li et al. A secure three-party authenticated key exchange protocol based on extended chaotic maps in cloud storage service
US12003502B2 (en) Method, apparatus, and computer program product for secure two-factor authentication
Duits The post-quantum Signal protocol: Secure chat in a quantum world
CN113014376A (en) Method for safety authentication between user and server
Berchtold et al. Secure communication protocol for a low-bandwidth audio channel
Zhang Authenticated Key Exchange Protocols with Unbalanced Computational Requirements
JP5392741B2 (en) Password authentication method based on RSA and its application
ISLAM Reduced Side Channel Timing Attack in Dragonfly Handshake of WPA3 for MODP Group

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17848259

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17848259

Country of ref document: EP

Kind code of ref document: A1