Cryptographic methods for remote authentication
US6792533B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 1, 2002 |
| Grant date | Sep 14, 2004 |
| Priority date | — |
| Expiry date | Mar 1, 2022 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods are described for two parties to use a small shared secret (S) to mutually authenticate one another other over an insecure network. The methods are secure against off-line dictionary attack and incorporate an otherwise unauthenticated public key distribution system. One embodiment uses two computers Alice and Bob, and a Diffie-Hellman exponential key exchange in a large prime-order finite group. Both parties choose the same generator of the group (g) as a function of S. Alice chooses a random number RA, and sends gRA to Bob. Bob chooses a random RB, sends gRB to Alice. Both compute a shared key K=g(RARB). Each party insures that K is a generator of the group, verifies that the other knows K, and then uses K as an authenticated key. Constraints are described to prevent passive and active attacks. An extension is described where Alice proves knowledge of S to Bob who knows only a one-way transformation of S. These methods establish a secure, authenticated network session using only an easily memorized password.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.