Claims
- 1. A method of authenticating at least one of a pair of first and second correspondents C and T in a data communication system, said method comprising the steps of:storing a public key in said first correspondent C; computing a shared secret by said second correspondent T incorporating said public key C; storing said shared secret in said first correspondent C; said second correspondent T generating a challenge value χ and transmitting said challenge signal χ to said first correspondent C; said first correspondent C transmitting to the second correspondent T information including said stored public key C; said second correspondent T computing a test shared secret from said received public key C; said first and second correspondents computing response signals using said challenge value χ and said shared secret in a one-way function ƒ1; and said first correspondent C transmitting said computed response signal to said second correspondent T whereby said second correspondent may verify said first correspondent.
- 2. A method as defined in claim 1, including said first correspondent C transmitting a signed message m with said response.
- 3. A method as defined in claim 2, including signing said message with said one way function.
- 4. A method as defined in claim 3, said signed message being included with said computed response and concatenated with said message for transmission.
- 5. A method as defined in claim 1, including said first correspondent C encrypting a message m in accordance with a symmetric key scheme, wherein said symmetric key is derived from said computed response value and transmitting said encrypted message to said second correspondent T.
- 6. A method as defined in claim 5, said signature scheme is an RSA type signature scheme.
- 7. A method as defined in claim 1, said shared secret being computed by said second correspondent T by utilizing its secret key and the public key C.
- 8. A method as defined in claim 1, said second correspondent T having a plurality ofprivate keys ti corresponding to respective first correspondents; receiving from said first correspondent C an identification index i; and using said corresponding private key ti and the public key C to compute a shared secret ssi.
- 9. A method as defined in claim 1, said public key scheme being an elliptic curve scheme.
- 10. A method as defined in claim 1, said public key scheme being an RSA type scheme.
- 11. A method of authenticating at least one of a pair of correspondents T and C in an information exchange session, and wherein one of the correspondents T includes a secret key t and the other correspondent C has a public key C and a shared secret value tC derived from said public key C and said secret key t, the method comprising the steps of:the first correspondent C transmitting to the second correspondent T information including said public key C; the second correspondent T generating a challenge signal χ and transmitting said challenge signal χ to said first correspondent C; said second correspondent T generating a session shared secret ss by combining said private key t with said public key C of said first correspondent C; said second correspondent T generating a response signal kt by combining said session shared secret ss with said challenge signal χ, in a mathematical function ƒ1; said first correspondent C generating a response value kc by combining said shared secret tC with said challenge value χ in said mathematical function ƒ1 and sending said response value kc to said second correspondent T; and said second correspondent T comparing said response test value k1 to said challenge response value kc to verify said first correspondent C.
- 12. An article of manufacture comprising:a computer usable medium having computer readable program code embodied therein for authenticating at least one of a pair of correspondents T and C in an information exchange session, and wherein one of the correspondents T includes a secret key t and the other correspondent C has a public key C and a shared secret value tC derived from said public key C and said secret key t, the computer readable program code in said article of manufacture comprising; computer readable program code configured to cause a computer to generate a challenge signal χ and transmit said challenge signal χ to said first correspondent C in response to a received public information from said first correspondent; computer readable program code configured to cause a computer to generate a session shared secret ss by combining said private key t with said public key C of said first correspondent C; computer readable program code configured to cause a computer to generate a test response signal kt by combining said session shared secret ss with said challenge signal χ, in a mathematical function ƒ1; computer readable program code configured to cause a computer to compare said response test signal kt to a received response value kc from said first correspondent to verify said first correspondent C.
Priority Claims (1)
Number |
Date |
Country |
Kind |
9802152 |
Jan 1998 |
GB |
|
Parent Case Info
This application is a continuation of International Application No. PCT/CA99/00053, filed Feb. 1, 1999, the content of which is incorporated herein by reference.
Foreign Referenced Citations (1)
Number |
Date |
Country |
0535863 |
Apr 1993 |
EP |
Non-Patent Literature Citations (1)
Entry |
“Limitations of Challenge—Response Entity Authentication” Electronics Letters (Stevenage GB), vol. 25, No. 17, Aug. 17, 1989 p. 1195/1196 XP000054010. |
Continuations (1)
|
Number |
Date |
Country |
Parent |
PCT/CA99/00053 |
Feb 1999 |
US |
Child |
09/628045 |
|
US |