WO1998051032A3 - Two way authentication protocol - Google Patents

Two way authentication protocol Download PDF

Info

Publication number
WO1998051032A3
WO1998051032A3 PCT/CA1998/000418 CA9800418W WO9851032A3 WO 1998051032 A3 WO1998051032 A3 WO 1998051032A3 CA 9800418 W CA9800418 W CA 9800418W WO 9851032 A3 WO9851032 A3 WO 9851032A3
Authority
WO
WIPO (PCT)
Prior art keywords
value
correspondent
private
correspondents
public
Prior art date
Application number
PCT/CA1998/000418
Other languages
French (fr)
Other versions
WO1998051032A2 (en
Inventor
Scott A Vanstone
Donald Johnson
Robert J Lambert
Ashok V Vadekar
Original Assignee
Certicom Corp
Scott A Vanstone
Donald Johnson
Robert J Lambert
Ashok V Vadekar
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Certicom Corp, Scott A Vanstone, Donald Johnson, Robert J Lambert, Ashok V Vadekar filed Critical Certicom Corp
Priority to CA002288192A priority Critical patent/CA2288192C/en
Priority to DE69830902T priority patent/DE69830902T2/en
Priority to EP98919004A priority patent/EP0979496B1/en
Priority to AU72018/98A priority patent/AU7201898A/en
Publication of WO1998051032A2 publication Critical patent/WO1998051032A2/en
Publication of WO1998051032A3 publication Critical patent/WO1998051032A3/en
Priority to US09/432,166 priority patent/US6487660B1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Abstract

A method of authenticating a pair of correspondents C, S to permit the exchange of information therebetween, each of the correspondents having a respective private key, e, d and a public key, Qu and Qs derived from a generator element of a group and a respective ones of the private keys, e, d, the method comprising the steps of: a first of the correspondents C generating a session value x; the first correspondent generating a private value t, a public value derived from the private value t and the generator and a shared secret value derived from the private value t and the public key Qs of the second correspondent; the second correspondent generating a challenge value y and transmitting the challenge value y to the first correspondent; the first correspondent in response thereto computing a value h by applying a function H to the challenge value y, the session value x, the public value an of the first correspondent; the first correspondent signing the value h utilizing the private key e; the first correspondent transmitting to the second correspondent the signature including the session value x, and the private value t; and the second correspondent verifying the signature utilizing the public key Qu of the first correspondent and whereby verification of the signature authenticates the first correspondent to the second correspondent.
PCT/CA1998/000418 1997-05-02 1998-05-04 Two way authentication protocol WO1998051032A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CA002288192A CA2288192C (en) 1997-05-02 1998-05-04 Two way authentication protocol
DE69830902T DE69830902T2 (en) 1997-05-02 1998-05-04 ZWEIWEG AUTHENTICATION PROTOCOL
EP98919004A EP0979496B1 (en) 1997-05-02 1998-05-04 Two way authentication protocol
AU72018/98A AU7201898A (en) 1997-05-02 1998-05-04 Two way authentication protocol
US09/432,166 US6487660B1 (en) 1997-05-02 1999-11-02 Two way authentication protocol

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9709135.9 1997-05-02
GBGB9709135.9A GB9709135D0 (en) 1997-05-02 1997-05-02 Two way authentication protocol

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US09/432,166 Continuation US6487660B1 (en) 1997-05-02 1999-11-02 Two way authentication protocol

Publications (2)

Publication Number Publication Date
WO1998051032A2 WO1998051032A2 (en) 1998-11-12
WO1998051032A3 true WO1998051032A3 (en) 1999-02-04

Family

ID=10811856

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1998/000418 WO1998051032A2 (en) 1997-05-02 1998-05-04 Two way authentication protocol

Country Status (7)

Country Link
US (1) US6487660B1 (en)
EP (1) EP0979496B1 (en)
AU (1) AU7201898A (en)
CA (1) CA2288192C (en)
DE (1) DE69830902T2 (en)
GB (1) GB9709135D0 (en)
WO (1) WO1998051032A2 (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6816968B1 (en) * 1998-07-10 2004-11-09 Silverbrook Research Pty Ltd Consumable authentication protocol and system
CA2255285C (en) * 1998-12-04 2009-10-13 Certicom Corp. Enhanced subscriber authentication protocol
US7343351B1 (en) 1999-08-31 2008-03-11 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
EP1260053B1 (en) * 2000-02-15 2006-05-31 Silverbrook Research Pty. Limited Consumable authentication protocol and system
FR2810139B1 (en) * 2000-06-08 2002-08-23 Bull Cp8 METHOD FOR SECURING THE PRE-INITIALIZATION PHASE OF AN ON-BOARD ELECTRONIC CHIP SYSTEM, ESPECIALLY A CHIP CARD, AND ON-BOARD SYSTEM IMPLEMENTING THE METHOD
US7373507B2 (en) * 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication
FR2827976B1 (en) * 2001-07-25 2004-01-23 Gemplus Card Int PROTECTION OF PERSONAL DATA READ IN A TERMINAL STATION BY A SERVER
US20040050929A1 (en) * 2002-09-16 2004-03-18 Fayfield Robert W. Extranet security system and method
US8494910B2 (en) * 2002-12-02 2013-07-23 International Business Machines Corporation Method, system and program product for supporting a transaction between electronic device users
US7480384B2 (en) * 2003-02-10 2009-01-20 International Business Machines Corporation Method for distributing and authenticating public keys using random numbers and Diffie-Hellman public keys
MY142175A (en) * 2003-08-01 2010-10-15 Multimedia Glory Sdn Bhd Process of storage of biometric features
US7937759B2 (en) * 2003-10-02 2011-05-03 Auburn University System and method for protecting communication devices from denial of service attacks
US7774841B2 (en) * 2003-10-02 2010-08-10 Aubum University System and method for protecting network resources from denial of service attacks
KR100677152B1 (en) * 2004-11-17 2007-02-02 삼성전자주식회사 Method for transmitting content in home network using user-binding
US20070192602A1 (en) * 2004-12-17 2007-08-16 Telefonaktiebolaget Lm Ericsson (Publ) Clone resistant mutual authentication in a radio communication network
WO2008091768A2 (en) * 2007-01-22 2008-07-31 Global Crypto Systems Methods and systems for digital authentication using digitally signed images
US20080235513A1 (en) * 2007-03-19 2008-09-25 Microsoft Corporation Three Party Authentication
US20090025066A1 (en) * 2007-07-17 2009-01-22 Protectia Corporation Systems and methods for first and second party authentication
CN101179380A (en) * 2007-11-19 2008-05-14 上海交通大学 Bidirectional authentication method, system and network terminal
US8769612B2 (en) * 2008-08-14 2014-07-01 Microsoft Corporation Portable device association
US8099761B2 (en) * 2008-08-14 2012-01-17 Microsoft Corporation Protocol for device to station association
US8943551B2 (en) 2008-08-14 2015-01-27 Microsoft Corporation Cloud-based device information storage
EP2154814A1 (en) * 2008-08-14 2010-02-17 Koninklijke Philips Electronics N.V. Scalable key distribution
US8370920B2 (en) 2009-10-28 2013-02-05 Aunigma Network Security Corp. System and method for providing unified transport and security protocols
US9252941B2 (en) * 2009-11-06 2016-02-02 Nikolajs VOLKOVS Enhanced digital signatures algorithm method and system utilitzing a secret generator
US20120144197A1 (en) * 2010-12-02 2012-06-07 Jong-Moon Chung Point-to-point communication method in a wireless sensor network and methods of driving coordinators and communication devices in the wireless sensor network
US20120189122A1 (en) * 2011-01-20 2012-07-26 Yi-Li Huang Method with dynamic keys for mutual authentication in wireless communication environments without prior authentication connection
US9032106B2 (en) 2013-05-29 2015-05-12 Microsoft Technology Licensing, Llc Synchronizing device association data among computing devices
US9819488B2 (en) 2014-07-10 2017-11-14 Ohio State Innovation Foundation Generation of encryption keys based on location
US10021069B1 (en) 2015-04-02 2018-07-10 Aunigma Network Security Corp. Real time dynamic client access control
US11303632B1 (en) * 2018-06-08 2022-04-12 Wells Fargo Bank, N.A. Two-way authentication system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0225010A1 (en) * 1985-09-30 1987-06-10 BRITISH TELECOMMUNICATIONS public limited company A terminal for a system requiring secure access
WO1989011706A1 (en) * 1988-05-19 1989-11-30 Ncr Corporation Method and device for authentication
EP0440800A1 (en) * 1989-06-05 1991-08-14 Ntt Data Communications Systems Corporation Ic card for security attestation and ic card service system using said ic card
EP0461983A1 (en) * 1990-06-11 1991-12-18 France Telecom Secrets transfer method, by exchange of two certifiers between two microcomputers, authenticating one another
WO1993020538A1 (en) * 1992-03-30 1993-10-14 Telstra Corporation Limited A cryptographic communications method and system
US5272755A (en) * 1991-06-28 1993-12-21 Matsushita Electric Industrial Co., Ltd. Public key cryptosystem with an elliptic curve

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4949380A (en) * 1988-10-20 1990-08-14 David Chaum Returned-value blind signature systems
EP0697687A4 (en) * 1994-03-07 2000-09-20 Nippon Telegraph & Telephone Method and system for transmitting information utilizing zero-knowledge certifying protocol
US5504817A (en) * 1994-05-09 1996-04-02 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for memory efficient variants of public key encryption and identification schemes for smart card applications

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0225010A1 (en) * 1985-09-30 1987-06-10 BRITISH TELECOMMUNICATIONS public limited company A terminal for a system requiring secure access
WO1989011706A1 (en) * 1988-05-19 1989-11-30 Ncr Corporation Method and device for authentication
EP0440800A1 (en) * 1989-06-05 1991-08-14 Ntt Data Communications Systems Corporation Ic card for security attestation and ic card service system using said ic card
EP0461983A1 (en) * 1990-06-11 1991-12-18 France Telecom Secrets transfer method, by exchange of two certifiers between two microcomputers, authenticating one another
US5272755A (en) * 1991-06-28 1993-12-21 Matsushita Electric Industrial Co., Ltd. Public key cryptosystem with an elliptic curve
WO1993020538A1 (en) * 1992-03-30 1993-10-14 Telstra Corporation Limited A cryptographic communications method and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BELLARE M ET AL: "KEYING HASH FUNCTIONS FOR MESSAGE AUTHENTICATION", ADVANCES IN CRYPTOLOGY - CRYPTO '96, 16TH. ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE SANTA BARBARA, AUG. 18 - 22, 1996. PROCEEDINGS, no. CONF. 16, 18 August 1996 (1996-08-18), KOBLITZ N (ED ), pages 1 - 15, XP000626584 *
KENJI KOYAMA ET AL: "ELLIPTIC CURVE CRYPTOSYSTEMS AND THEIR APPLICATIONS", IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, vol. E75 - D, no. 1, 1 January 1992 (1992-01-01), pages 50 - 57, XP000301174 *
SCHNORR C P: "EFFICIENT SIGNATURE GENERATION BY SMART CARDS", JOURNAL OF CRYPTOLOGY, vol. 4, no. 3, 1 January 1991 (1991-01-01), pages 161 - 174, XP000574352 *

Also Published As

Publication number Publication date
DE69830902D1 (en) 2005-08-25
DE69830902T2 (en) 2006-04-06
EP0979496B1 (en) 2005-07-20
AU7201898A (en) 1998-11-27
CA2288192A1 (en) 1998-11-12
EP0979496A2 (en) 2000-02-16
US6487660B1 (en) 2002-11-26
GB9709135D0 (en) 1997-06-25
WO1998051032A2 (en) 1998-11-12
CA2288192C (en) 2008-09-23

Similar Documents

Publication Publication Date Title
WO1998051032A3 (en) Two way authentication protocol
Shen et al. Security enhancement for the timestamp-based password authentication scheme using smart cards
Nicolosi et al. Proactive Two-Party Signatures for User Authentication.
EP0393806A3 (en) Cryptographic method and apparatus for public key exchange with authentication
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
JP4620248B2 (en) Method for authenticating a smart card in a message exchange network
WO2002091662A8 (en) Use and generation of a session key in a secure socket layer connection
WO2002073876A3 (en) Cryptographic authentication with ephemeral modules
RU2006101287A (en) ADVANCED PROTECTED AUTHENTICATED CHANNEL
EP1816616A3 (en) Mutual authentication protocol
CA2335172A1 (en) Secure mutual network authentication and key exchange protocol
CA2288268A1 (en) A log-on verification protocol
WO1998034202A3 (en) Data card verification system
WO2004001656A3 (en) Systems and methods for secure biometric authentication
CA2313557A1 (en) Secure mutual network authentication protocol
CA2357792A1 (en) Method and device for performing secure transactions
TW431108B (en) Method for establishing a key using over-the-air communication and password protocol and password protocol
RU97118596A (en) METHOD FOR USING A COMPUTER EXCHANGE OF CRYPTOGRAPHIC KEYS BETWEEN THE USER'S COMPUTER UNIT AND THE NETWORK COMPUTER UNIT N
WO2004034213A3 (en) Localized network authentication and security using tamper-resistant keys
DK1364508T3 (en) Data certification method and apparatus
WO2002009348A3 (en) Ring-based digital signature and authentication method and apparatus
CA2320221A1 (en) Secure one-way authentication communication system
CN113055394A (en) Multi-service double-factor authentication method and system suitable for V2G network
GB8524020D0 (en) Electronic funds transfer
CA2388906A1 (en) Method of designing password-based authentication and key exchange protocol using zero-knowledge interactive proof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Kind code of ref document: A

Ref document number: 2288192

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 1998919004

Country of ref document: EP

Ref document number: 09432166

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1998919004

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref document number: 1998547563

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: CA

WWG Wipo information: grant in national office

Ref document number: 1998919004

Country of ref document: EP