公开(公告)号：CA2134013A1

公开(公告)日：1995-06-04

申请号：CA2134013

申请日：1994-10-21

Applicant: IBM

Inventor： KUTTEN SHAY ,  KRAWCZYK HUGO ,  HERZBERG AMIR ,  MANSOUR YISHAY ,  BAUCHOT FREDERIC ,  BANTZ DAVID ,  DAL BELLO ELIANE

IPC: G09C1/00 ,  H04J13/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/16 ,  H04L9/30 ,  H04L9/32 ,  H04L9/28

Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements : the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.

公开(公告)号：AT403297T

公开(公告)日：2008-08-15

申请号：AT06708184

申请日：2006-02-10

Applicant: IBM

Inventor： KRAWCZYK HUGO

IPC: H04L9/08

Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3. There exists a fourth predetermined function F4(x,Y,B) to calculate a value s′, F4 having at least three arguments: the value x, the value Y, and the public key B being three arguments of the at least three arguments of F4, but the value s is not an argument of F4. There exists no secret shared between the verifier and the signer that serves as a basis for any argument in any of the functions F1, F2, F3, and F4. The verifier can consider the values s and s′ as valid authenticators if value s′ is determined to be related in a predetermined manner to value s.

公开(公告)号：CA2596500C

公开(公告)日：2014-03-25

申请号：CA2596500

申请日：2006-02-10

Applicant: IBM

Inventor： KRAWCZYK HUGO

IPC: H04L9/08

Abstract: The application presents HMQV, a variant of the MQV authenticated Diffie-Hellman protocol . It provides the same performance and functionality of the original protocol but its security goals can be formally proved to hold. HMQV-A "hashed variant" of MQV - is designed on the basis of a new "challenge-response signature" scheme.

公开(公告)号：CA2596500A1

公开(公告)日：2006-08-17

申请号：CA2596500

申请日：2006-02-10

Applicant: IBM

Inventor： KRAWCZYK HUGO

IPC: H04L9/08

Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3. There exists a fourth predetermined function F4(x,Y,B) to calculate a value s′, F4 having at least three arguments: the value x, the value Y, and the public key B being three arguments of the at least three arguments of F4, but the value s is not an argument of F4. There exists no secret shared between the verifier and the signer that serves as a basis for any argument in any of the functions F1, F2, F3, and F4. The verifier can consider the values s and s′ as valid authenticators if value s′ is determined to be related in a predetermined manner to value s.

公开(公告)号：ES2308725T3

公开(公告)日：2008-12-01

申请号：ES06708184

申请日：2006-02-10

Applicant: IBM

Inventor： KRAWCZYK HUGO

IPC: H04L9/08

Abstract: Un método de intercambio entre dos partes interconectadas por un dispositivo o red, comprendiendo dicho método: una parte receptora, en adelante denominada verificador, que elige un valor secreto x para calcular un valor X = F1(x), donde F1 comprende una primera función predeterminada que tiene al menos un argumento, siendo dicho valor x uno de al menos un argumento de F1; una parte firmante, en adelante denominada firmante, elige un valor secreto y para calcular un valor Y = F2(y), donde F2 comprende una segunda función predeterminada que tiene al menos un argumento, siendo dicho valor y uno de dicho al menos un argumento de F2; obteniendo dicho firmante dicho valor X, teniendo dicho firmante una clave privada b y una clave pública B; y calculando el firmante un valor s = F3(y,b,X), donde F3 comprende una tercera función predeterminada que tiene al menos tres argumentos, siendo dicho valor y, dicha clave privada b y dicho valor X tres argumentos de dichos al menos tres argumentos de F3, donde existe una cuarta función predeterminada F4 para calcular un valor s'' = F4(x,Y,B), teniendo F4 al menos tres argumentos, siendo dicho valor x, dicho valor Y, y dicha clave pública B tres argumentos de los al menos dichos tres argumentos de F4, pero dicho valor s no es un argumento de F4, no existe ningún secreto compartido entre dicho verificador y dicho firmante que sirva como base para ningún argumento en ninguna de dichas F1, F2, F3 y F4, y dicho verificador puede considerar dichos valores s y s'' como autenticadores válidos si se determina que el valor s'' está relacionado de una manera predeterminada con el valor s.

公开(公告)号：DE602006002025D1

公开(公告)日：2008-09-11

申请号：DE602006002025

申请日：2006-02-10

Applicant: IBM

Inventor： KRAWCZYK HUGO

IPC: H04L9/08

Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3. There exists a fourth predetermined function F4(x,Y,B) to calculate a value s′, F4 having at least three arguments: the value x, the value Y, and the public key B being three arguments of the at least three arguments of F4, but the value s is not an argument of F4. There exists no secret shared between the verifier and the signer that serves as a basis for any argument in any of the functions F1, F2, F3, and F4. The verifier can consider the values s and s′ as valid authenticators if value s′ is determined to be related in a predetermined manner to value s.