Method and apparatus for establishing an authenticated shared secret value between a pair of users

Assignee

• International Business Machines Corporation · US

Inventors

• Stephen M. Matyas · Manassas, US
• Donald B. Johnson · Manassas, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0844
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and apparatus for generating authenticated Diffie-Hellman keys. Each user first generates an authenticated first shared secret value from a first nonshared persistent secret value generated by that user and an authenticated first transformed value received from the other user over a trusted communications channel. Each user then dynamically generates a second shared secret value from a second nonshared secret value dynamically generated by that user and a dynamically generated second transformed value received from the other user. Each user thereafter generates one or more keys by concatenating the first and second shared secret values together with a count to form a concatenated value and passing the concatenated value through a one-way hash function to generate a hash value from which the keys are extracted. Since only the legitimate users possess the information necessary to construct the first shared secret value, a spoofer interacting with a user to generate a second shared secret value cannot generate the same key. Incrementing the count for successive hashes allows a multiplicity of keys to be generated from a given pair of shared secret values.