CA2081258C - System for authenticating communication participants - Google Patents
System for authenticating communication participantsInfo
- Publication number
- CA2081258C CA2081258C CA002081258A CA2081258A CA2081258C CA 2081258 C CA2081258 C CA 2081258C CA 002081258 A CA002081258 A CA 002081258A CA 2081258 A CA2081258 A CA 2081258A CA 2081258 C CA2081258 C CA 2081258C
- Authority
- CA
- Canada
- Prior art keywords
- key value
- generating
- subsequent
- signal
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/042—Public Land Mobile systems, e.g. cellular systems
- H04W84/045—Public Land Mobile systems, e.g. cellular systems using private Base Stations, e.g. femto Base Stations, home Node B
Abstract
A method for authenticating communication participants, use a system for application of the method and first communication participant and second communication participant for application in the system. Known methods for authenticating communication participants add a code word to a command signal, which code word is a cryptographic function of the command signal and a key value which in its turn is a function of a mater key value and a change code word. The master key value has a permanently fixed value, in contrast to the change code word which serves to change the key value.
The method according to the invention makes use of a key value which is a function of at least one previous key value, the master key value with the permanently fixed value, which, once it has been discovered or leaked, substantially weakens the encryption, no longer being required.
The method according to the invention makes use of a key value which is a function of at least one previous key value, the master key value with the permanently fixed value, which, once it has been discovered or leaked, substantially weakens the encryption, no longer being required.
Description
~0~ ~ 2S8 System for Authenticatlng Communication Participants A. BACKGROUND OF THE INVENTION
The invention relates to a method for authenticating communication participants, comprising the steps of generating a command signal and a flrst code slgnal at the lnstance of a first communicatlon partlclpant, sald flrst code slgnal being a functlon of at least the command slgnal and a flrst key value identifylng sald first communication participant, and generating, at the instance of a second communication participant, a second code signal which is a function of at least sald command signal and a second key value identifylng said second communication participant; comparing sald flrst and second code slgnals wlth each other; generating at the lnstance of the flrst communlcatlon partlclpant, ln response to a flrst control slgnal, a subsequent first key value;
generating at the instance of the second communication participant, in response to a second control signal, a subsequent second key value.
A method of this type is disclosed in US 4,688,250.
This describes how a ground station (the first communication participant) and a satellite (the second communication participant, also called secondary communication particlpant) communlcate with each other, the satellite only belng allowed to execute commands orlglnatlng from this one ground station and not belng allowed to react to commands orlginating from other (hostile) ground stations. For this purpose, the ground 2 0 ~ ~ 2 5 ~
statlon transmlts, together with some command data (the command signal), a code word (the first code signal) which is a cryptographlc function of the command data and a secret key (the first key value) which is stored ln the ground station.
The satellite subsequently generates, on the basls of the same command data and a secret key (the - la -- ~s~
second key value) which is stored in the satellite, a code word (the second code signal), and compares this with the code word trqncmitted by the ground station. The two code words will be equal if and only if the two secret keys are identical. In the case of identical code words, the ground station has been 5 authenticated sufficiently, and the command is executed by the satellite. In all other cases the command is ignored.
This does require chqnging the secret keys from time to time. In the abovementioned US patent specification this is implemented by having the ground station transmit a key change command (the first and second control 10 signal), in response to which both the ground station and the satellite generate new secret keys (the subsequent first key value and the subsequent second key value) which are a function of a change code word and a master key, both of which are stored in the ground station as well as in the satellite. Moreover,this change code word is changed regularly.
This known method has the drawback that the new secret keys to be generated are a function of the master key which is stored in the ground station as well as in the satellite and which has a fixed value during the entire satellite mission. As soon as the value of this master key has become known to outsiders, it becomes much easier for them to find out during the remainder 20 of the satellite mission the new secret keys to be generated. Furthermore, this method, when applied in larger systems with considerably more secondary commllni--qtion participants (such as ISDN networks with many NT's, and smart card systems), has the drawback that each secondary commllni~tion participant must have his own unique master key, and the method, when 25 applied in many closely adjacent systems (each system comprising a first and a second communication participant, such as cordless telephone systems), has the dlaw~ack that each system should have its own unique master key, which 5 ~
makes addltlonal demands on the productlon process.
B. SUMMARY OF THE INVENTION
The ob~ect of the lnventlon, lnter alla, is to provlde a method in whlch the above mentloned drawback of the master key havlng the flxed value no longer occurs, ln whlch, ln the case of appllcatlon in a large system wlth more [slc]
secondary communication partlcipants, all secondary communication particlpants are ln prlnciple identical, and in whlch, in the case of applicatlon in many closely ad~acent systems, all systems are in princlple ldentical, so that no addltlonal demands need be made on the productlon process.
To thls end, the method accordlng to the lnventlon ls characterlsed ln that of each two successlve subsequent flrst key values conslstlng of a latter flrst key value and a former flrst key value, sald latter flrst key value ls a functlon of at least sald former flrst key value, and of each two successlve subsequent second key values conslstlng of a latter second key value and a former second key value, said latter second key value is a functlon of at least sald former second key value.
The lnventlon ls based on the insight that by having the (first or second) communlcatlon particlpant generate the subsequent (flrst or second) key value ln response to the (flrst or second) control slgnal, the result is achleved that the subsequent key value ls no longer determlned on the basls of a master key havlng a flxed value, that all in prlnclple ldentlcal secondary communlcatlon partlclpants can each be ~ t~
made unique by varying the number of control signals per secondary communication particlpant immediately after installation of said participant, each secondary communication partlcipant being provlded a dlfferent number of times wlth a subsequent key value and thus belng made unique with regard to the other secondary communication participants, and that all the closely ad~acent systems, which are in principle ldentical, can each be made unique by varying the number of control signals per system immediately after installation of said system, each system being provided a different number of times with a subsequent key value and thus being made unlque with regard to the other closely ad~acent systems.
A particular embodiment of the method according to the invention is characterised in that each sald subsequent first key value is also a function of at least the flrst control signal and each said subsequent second key value is also a function of at least said second control signal. This embodiment achleves the result that the number of posslble subsequent key values is substantlally lncreased and that the number of control slgnals required for maklng the communication particlpants unlque after they have been lnstalled is substantlally reduced. For example, if the control signal is a randomly generated number (which, together with the instantaneous key value, therefore determines the subsequent key value) very many communication particlpants who are, in prlnclple, identlcal to each other can be made almost completely unique wlth respect to one another, by generating only one or a few control signals.
~ .
The lnvention furthermore relates to a system of communlcatlon particlpant statlons, wherein a first communication participant station is equlpped with command signal generation means for generating a command signal, flrst code signal generatlon means for generating a first code signal as a function of at least the command signal and a first key value identifying the flrst communicatlon partlclpant statlon, means for comparison for comparing wlth one another the first code signal and a second code signal, generated in a second communlcatlon partlclpant statlon, flrst key value generation means for generatlng a subsequent flrst key value ln response to the first control signal, and wherein sald second communlcatlon partlclpant statlon ls equlpped wlth second code slgnal generation means for generatlng said second code signal as a functlon of at least sald command slgnal and a second key value ldentifying said second communication participant station, second key value generation means for generating a subsequent second key value in response to said second control signal.
It is furthermore an ob~ect of the invention, inter alla, to provlde a system for applylng the method of the type described in the preamble, in which the above mentioned drawback of the master key havlng the fixed value no longer occurs and in whlch, in the case of uslng a large system wlth more [sic] secondary communicatlon particlpants, all the secondary communication participants are ln prlnciple identical and, in the case of using many closely adiacent systems, all the systems are ln prlnclple ldentical, so that no addltlonal demands are made on the productlon process.
To thls end, the system accordlng to the lnvention ls characterlsed ln that the flrst key value generatlon means comprlse means for generating, as a function of at least said flrst key value, a further subsequent flrst key value for each successive two of sald subsequent flrst key values and the second key value generation means comprlse means for generatlng, as a function of at least second key value, a further subsequent second key value for each successlve two of sald subsequent second key values, and so on.
A partlcular embodlment of the system accordlng to the lnvention ls characterlzed ln that the flrst key value generatlon means comprlse means for generatlng the subsequent flrst key value also as a function of the first control slgnal, and the second key value generatlon means comprlse means for generatlng the subsequent second key value also as a functlon of the second control slgnal.
The lnventlon furthermore also provldes first communication partlclpant statlon for a communlcatlon system, whlch ls equlpped with: command slgnal generatlon means for generatlng a command slgnal, first code slgnal generatlon means for generatlng a flrst code slgnal as a functlon of at least the command slgnal and a flrst key value ldentlfylng the flrst communlcatlon particlpant statlon, means for comparlng, wlth one another, the flrst code slgnal and a second code slgnal, and first key value generatlon means for generatlng a subsequent flrst key value ln response to the flrst control slgnal, characterised in that the first key value generation means comprise means for generating, as a functlon of at least said first key value, a further subsequent first key value for each successive two of said subsequent first key values.
In a particular embodiment, the first communlcation participant ls characterized in that the first key value generation means comprise means for generating said further subsequent first key value also as a functlon of the flrst control signal.
According to another broad aspect, the invention provides second communication participant station for a communication system, which is equipped with second code signal generation means for generating a second code signal as a function of at least a command signal and a second key value identifying the second communication participant station, and second key value generatlon means for generating a subsequent second key value in response to the second control signal, characterised in that the second key value generation means comprise means for generating, as a function of at least the second key value, a further subsequent key value for each successive two of sald subsequent second key values.
In a partlcular embodiment, the second communication participant is characterlsed in that the second key value generatlon means comprise means for generating sald further subsequent second key value also as a functlon of the second control signal.
Naturally in the case of the method according to the invention lt ls also posslble to authenticate from both sides.
If the system, for example, comprises two first communication ,'*; :
~- ~ 25890-56 5 ~
partlcipants, the one may authenticate the other and vice versa, because both communication participants are provided with the command slgnal generation means and the means of comparison.
C. REFERENCE
U.S. 4,688,250 D. EXEMPLARY EMBODIMENTS
The invention will be explained in more detail by reference to an exemplary embodiment shown in the figures, in which:
Figure 1 shows diagrammatic illustration of the method accordlng to the invention and Figure 2 shows a block diagram of the system according to the invention, provided with the first and second communication participant according to the invention.
In the diagrammatic illustration of the method according to the invention shown in Figure 1, the boxes have the following significance - 7a -CMMNCTN PRTCPNT the first communication participant 2 CMMNCTN PRTCPNT the second communication participant 3 CMMNDSGNL generating the c~mm~nd signal 4 CODESGNL generating the first code signal CODESGNL generating the second code signal 6 KEYVL generating the first key value 7 KEYVL generating the second key value 8 CNTRLSGNL generating the first control signal 9 CNTRLSGNL generating the second control signal CMPR comparing the code signals 11 EQL ? if code signals are equal:
exit yes if code signals are not equal:
exit no 2~ 58 12 CMMNCTN STRTD the start of the communication COUNTR: =0 after the equality of the two code signals has been found in box 11; the output of the counter (see box 14) is set to 0 s 13 AFTR CMMNCTN generating the next first and GNRT NXT second control signals after the CNTRL SGNLS communication has termin~terl) in re.,~,o,lsc to which the subsequent first and second key values are generated 14 INCRMNT COUNTR incrementing the counter by 1 after the inequality of the two code signals has been found in box 11 COUNTR = 10 ? if the value of the output of the counter is 10: output yes if the value of the output of the counter is not 10: exit no 16 COUNTR: = 0 the output of the counter is set GNRT ALRM to 0 SGNL generating the alarm signal 17 RPT CMMNDSGNL repeating the command signal NO CMMNCTN communication is not yet taking place ~8~
The method according to the invention as illustrated diagr~mm~tic~lly in Figure 1 takes place as follows. If the first commllnication participant (box1) wishes to comm~lnicate with the second comm-lniçation participant (box 2), the first communication participant transmits a command signal (box 3). In 5 response thereto, the first communication participant generates a first code signal (box 4) which is a function of both the command signal and a first key value (box 6), and the second communication participant generates a second code signal (box 5) which is a function of both the command signal and a second key value (box 7). Subsequently the two code signals are mutually 10 compared (box 10, equal yes or no, box 11). If they are equal (which is only possible if the two key values are also equal to one another), the two communication participants may communicate with one another, an output of a counter to be used subsequently being set to 0 (communication started, counter: = 0, box 12). After the communication, subsequent first and second 15 control signals are generated (after communication, generate subsequent control sign~l~, box 13), a subsequenr first key value (box 6) being generated as a function of the subsequent first control signal (box 8) and of an instantaneous first key value (box 6), and a subsequent second key value (box 7) being generated as a function of the subsequent second control signal (box 20 9) and of an instantaneous second key value (box 7).
If the two code signals are not equal to one another (which is only possible if the two key values are also not equal to one another), the output ofthe counter is incremented by 1 (increment counter, box 14). Whether the output of this counter has the value 10 (counter = 10 ?, box 15) is then tested.25 So long as this is not the case, the command signal is repeated, and no communication takes place (repeat command signal, no comm~lnir~tion, box 17). As soon as the output of the counter has the value 10, this output is set to ll the value 0 and the alarm signal is generated (counter := 0, generate alarm signal, box 16).
For the method according to the invention to function correctly, it is n~cess~ y that the first and second code signal are each the same function of 5 the command signal and of the first and second key value, respectively (in other words that box 4 and 5 are identical), that the subsequent first and second key value are each the same function of the in~ntalleous first and second key value, respectively, and of the first and second control signal, respectively (in other words that box 6 and 7 are identical), and that the first10 and second control signal are identical to one another (in other words that box 8 and 9 are identical), which could, for example, be effected by taking both of them from the output of a random generator. The output value 10 of the counter, at which the alarm signal is generated, is of course chosen completely arbitrarily from the set of natural numbers.
The first and second control signals in response to which the subsequent first and second key signals may be generated, may be tran~mitte~i either after the communication (Figure 1) or before the commllnic~tion or during the commllnication, in which connection the term communication should be interpreted as widely as possible. For example, it may be a 20 telephone conversation between different (cordless) subscribers or merely a command origin~ting from a ground station and intended for a satellite. It could also be a complete data file, or a data word, of which, for example, a number of bytes are intended for authentication.
The block diagram shown in Figure 2 of the system 20 accordi.lg to 25 the invention comprises a first communication participant 21 and a second commllnication participant 22. For the sake of simplicity, only two mutually coupled communication participants are shown, in practice (such as, for z~
example, in the case of a telephone network) many second communication participants may be coupled to a first commllnic~tion participant, and 2 first commllnication participants may also be mutually coupled. Communication participant 21 and commllnication participant 22 are mutually coupled via link 5 23, which may be implemented in either completely physical form or partly in wireless form.
Communication participant 21 CGlnpliSeS a monitoring unit 30 having an input 30-1 and an output 30-2 which are both connected to link 23 for the purpose of continuously monitoring the state of the link. Monitoring unit 30 also has an output 30-3 which is connected to an input 31-1 of a control signal generator 31 which, via an output 31-3, generates a first control signal in response to a monitoring signal present at input 31-1. Output 31-3 is connected to an input 32-1 of first key value generation means 32 which, in response to the first control signal, generate a (subsequent) first key value which may be a function of the first control signal and which, in any case, is a function of an (instantaneous) first key value. To this end, an output 32-3 of key value 'generation means 32 is connected to an input 32-2. Output 32-3 is also connected to an input 33-1 of first code signal generation means 33, which furthermore have an input 33-2 and an output 33-3. Input 33-2 is connected to an output 34-3 of command signal generation means 34, which furthermore have an input 34-1, which is connected to link 23, and an input 34-2 which is connected to output 30-3. In response to the monitoring signal present at input 34-2 and/or the signal present at input 34-1, command signal generation means 34 generate a command signal which, via output 34-3 and input 33-2, is supplied to code signal generation means 33. Code signal generation means 33 generate a first code signal which is a function of the command signal present at input 33-2 and of the first key value present at input 33-1. The first ;~8~ 8 code signal is supplied, via output 33-3, to an input 35-1 of means of compalison 35, which also have an input 35-2, which is connected to link 23 for the purpose of receiving a second code signal, and an output 35-3. Output 35-3 is connected to link 23 and to an input 36-1 of counter means 36, which furthermore have an output 36-3 which is connected to an input 37-1 of comparator 37 and an input 36-2 which is connected to an output 37-3 of coml,alatol 37. In addition, comparator 37 has an input 37-2, to which a signal having the value 10 is supplied, and the output 37-3 is connected to link 23. Ifthe first code signal at input 35-1 and a second signal at input 35-2 do not co,lesl)ond, means of comparison 35 generate a counter signal to counting means 36 which in response thereto increment their output value by 1. As soon as this output value has the value 10, comparator 37 generates an alarm signal to alarm unit 38 and a reset signal which is supplied to counting means 36, which, in response thereto, set their output value to zero.
Communication participant 22 comprises a monitoring unit 40 having an input 40-1 and an output 40-2 which are both connected to link 23 for the purpose of continuously monitoring the state of the link. Monitoring unit 40 also has an output 40-3 which is connected to an input 41-1 of a control signal generator 41 which, via an output 41-3, generates a second control signal in response to a monitoring signal present at input 41-1. Output 41-3 is connected to an input 42-1 of second key value generation means 42 which, in response to the second control signal, generate a (subsequent) second key value which may be a function of the second control signal and which, in any case, is a function of an (instantaneous) second key value. To this end, an output 42-3 of key value generation means 42 is connected to an input 42-2. Output 42-3 is also connected to an input 43-1 of second code signal generation means 43, which furthermore have an input 43-2 and an output 43-3. Input 43-2 is ~8~
connected to link 23. Code signal generation means 43 generate a second code signal which is a function of the command signal present at input 43-2, which is supplied via link 23, and of the second key value present at input 43-1. The second code signal is supplied, via output 43-3 and link 23, to input 35-2 of S means of compalisoll 35.
The system 20 shown in Figure 2 works as follows. If comm~lnic~tion is required, command signal generation means 34 generate the command signal which is supplied to code signal generation means 33 and, via link 23, to code signal generation means 43. Code signal generation means 33 generate 10 the first code signal which is a function of the command signal and of the first key value origin~ting from key value generation means 32. Code signal generation means 43 generate the second code signal which is a function of the command signal and of the second key value oriEin~ting from key value generation means 42. The first code signal is supplied directly, and the 15 second code signal is supplied via link 23, to means of comparison 35.
Normally, the two code signals will be identical because the two key values are identical, and means of compa~ison 35 generate a signal which, via link 23, is supplied to monitoring unit 30 and monitoring unit 40, in response whereto the communication can start. The means by which this 20 commnnic~tion is implemented are not shown in Figure 2, and they may, in principle, be embodied in many ways. Thus, it is, for example, possible to arrange for subsequent command siEn~l~, which are provided with data, to be generated by the command signal generation means 34, which command signals, either encrypted or not encrypted via code signal generation means 33 25 and 43, are then transmitted back and forth via link 23. It would also be possible to transmit long data words back and forth via link 23, a number of bytes of each data word serving for authentication and thus a check being carried out for each data word whether the two key values agree.
After the communication has ended, which is monitored by monitoring units 30 and 40, monitoring unit 30 generates a signal to control signal generator 31, in re~ se whereto said generator generates the first 5 control signal which is supplied to key value generation means 32, and monitoring unit 40 generates a signal to control signal generator 41, in response whereto said generator generates the second control signal which is supplied to key value generation means 42. Key value generation means 32 and 42, respectively, then generate the subsequent first and second key value, 10 respectively, which is a function of the instantaneous first and second key value, respectively, and which may be a function of also the first and the second control signal, respectively. Subsequently, the next comm-lnic~tion can take place on the basis of the new key values. It is expedient in this context that all the secondary communication participants (in Figure 2, only 1 15 secondary commnni~tion participant 22 is shown) can be produced in the same way, without each communication participant having to be supplied with a unique key. Or, in the case of, for example, a cordless telephone system having a primary and a secondary communication participant, that of all the cordless telephone systems to be produced, all the primary communication 20 participants on the one hand and all the secondary communication participants on the other hand can be produced in an identical manner. After authentication has taken place only a few times, each secondary communication participant, or each set of primary and secondary communication participants, will have become completely unique with respect 25 to all the other communication participants or with respect to all the other sets of comml~ni-~~tion participants.
If the two code signals are not identical (because the two key values are not equal), means of compalison 35 generate the counter signal, in rejponse whereto counting means 36 increment their output value by 1 and in response whereto command signal generation means 34 generate the comm~nd signal again. As a result, the two code signals are generated again by S code signal generation means 33 and 43 on the basis of the instantaneous, unaltered key values of key value generation means 32 and 42, and the two code signals are compared again, etc. If the two code signals are indeed identical this time, for example because there was a fault during the previous generation, communication may start. In this case, the output value of the 10 counting means should be set to zero. If the two code signals have been foundto be unequal on ten successive occasions, the output value of counting means 36 has the value ten and the compalatol 37 generates the alarm signal to alarm unit 38.
The generation of the command signal by command signal generation 15 means 34 when commllnication is required is generally carried out under the control of monitoring unit 30, or else under control of commllnication participant 21. If communication participant 22 is also required to be able to initiate a communication, this can be effected by making monitoring unit 40 as well as monitoring unit 30 suitable for controlling command signal 20 generation means 34 (via link 23). Alternatively, this could be achieved by likewise providing communication participant 22 with command signal generation means. In both cases"~liorily rules then have to be established in order to prevent the two comm~lni~ation participants 21, 22 getting out of synchronisation as a consequence of simultaneous notification of the desire to 25 commllnicate Moreover, communication participant 22 could be provided with further means of compalison, further counting means and/or a further com~ar~tor, co,respollding to communication participant 21, which then B
makes it possible to have each communication participant 21, 22 check the identity of the other himself.
Having each communication participant 21, 22 check the identity of the other himself provides, with a small extension, the possibility of enabling communication even after the counting means present in both commllniration participants have or should have generated the reset signal and the alarm signal. By, for example, having a fixed reset key value generated in the a~a~&lus of each comm~lnication participant 21, 22 in response to the reset signal of the counting means, it is achieved that the two communication participants will subsequently generate equal code sign~ls, which enables communication. This "~es~lling" should take place internally and in such a way that each communication participant 21, 22 is only able to do this with regard to,him~elf, it not being possible for any outsider to be able to do the same with regard to the communication participant in question. The reset signal in this case must under no circumstances be transmitted via link 23 or reach link 23, this being prevented by providing each communication participant 21, 22 with his own counting means.
The design of commnnication participants 21, 22 as shown in the block diagram of Figure 2 could be considerably simplified by omitting the two control signal generators 31, 41, in which case the two key value generation means 32, 42 may, for example, be controlled by command signal generation means 34. In practice this means that the first and second control signal then coincide with the command signal and that the subsequent key value is a function of the instantaneous key value and of the command signal.
In the case of different secondary communication participants 22, all of which must be able to commllni~t~ with primary commllnication participant 21, it would be possible to have an identification code tran~mitt~
~ $
prior to the communication, which identification code indicates which secondary comm~nic~tion participant 22 should be involved in the commnnic~ti-n Such an identification code could for example be added to the command signal. It is, however, also conceivable that the code signal by itself 5 serves per se for identification, for example by each secondary communication participant 22 having codes signal generation means 43 which are based on a unique function, or by having key value generation means which are based on a unique function. In this case it is disadvantageous that each secondary communication participant 22 then has to be provided with a unique function, 10 which puts additional demands on the production process. Furthermore, all the unique functions must be known at the first communication participant 21, which increases the latter's extent and complexity.
Having the command signal generation means 34 generate the command signal once more if the two code signals are not identical is, of 15 course, only one embodiment. It is, for example, also conceivable for this command signal to remain present at output 34-3 as long as no equality of code signals is found, i.e. until the reset signal is generated or has been generated by comparator 37.
The invention relates to a method for authenticating communication participants, comprising the steps of generating a command signal and a flrst code slgnal at the lnstance of a first communicatlon partlclpant, sald flrst code slgnal being a functlon of at least the command slgnal and a flrst key value identifylng sald first communication participant, and generating, at the instance of a second communication participant, a second code signal which is a function of at least sald command signal and a second key value identifylng said second communication participant; comparing sald flrst and second code slgnals wlth each other; generating at the lnstance of the flrst communlcatlon partlclpant, ln response to a flrst control slgnal, a subsequent first key value;
generating at the instance of the second communication participant, in response to a second control signal, a subsequent second key value.
A method of this type is disclosed in US 4,688,250.
This describes how a ground station (the first communication participant) and a satellite (the second communication participant, also called secondary communication particlpant) communlcate with each other, the satellite only belng allowed to execute commands orlglnatlng from this one ground station and not belng allowed to react to commands orlginating from other (hostile) ground stations. For this purpose, the ground 2 0 ~ ~ 2 5 ~
statlon transmlts, together with some command data (the command signal), a code word (the first code signal) which is a cryptographlc function of the command data and a secret key (the first key value) which is stored ln the ground station.
The satellite subsequently generates, on the basls of the same command data and a secret key (the - la -- ~s~
second key value) which is stored in the satellite, a code word (the second code signal), and compares this with the code word trqncmitted by the ground station. The two code words will be equal if and only if the two secret keys are identical. In the case of identical code words, the ground station has been 5 authenticated sufficiently, and the command is executed by the satellite. In all other cases the command is ignored.
This does require chqnging the secret keys from time to time. In the abovementioned US patent specification this is implemented by having the ground station transmit a key change command (the first and second control 10 signal), in response to which both the ground station and the satellite generate new secret keys (the subsequent first key value and the subsequent second key value) which are a function of a change code word and a master key, both of which are stored in the ground station as well as in the satellite. Moreover,this change code word is changed regularly.
This known method has the drawback that the new secret keys to be generated are a function of the master key which is stored in the ground station as well as in the satellite and which has a fixed value during the entire satellite mission. As soon as the value of this master key has become known to outsiders, it becomes much easier for them to find out during the remainder 20 of the satellite mission the new secret keys to be generated. Furthermore, this method, when applied in larger systems with considerably more secondary commllni--qtion participants (such as ISDN networks with many NT's, and smart card systems), has the drawback that each secondary commllni~tion participant must have his own unique master key, and the method, when 25 applied in many closely adjacent systems (each system comprising a first and a second communication participant, such as cordless telephone systems), has the dlaw~ack that each system should have its own unique master key, which 5 ~
makes addltlonal demands on the productlon process.
B. SUMMARY OF THE INVENTION
The ob~ect of the lnventlon, lnter alla, is to provlde a method in whlch the above mentloned drawback of the master key havlng the flxed value no longer occurs, ln whlch, ln the case of appllcatlon in a large system wlth more [slc]
secondary communication partlcipants, all secondary communication particlpants are ln prlnciple identical, and in whlch, in the case of applicatlon in many closely ad~acent systems, all systems are in princlple ldentical, so that no addltlonal demands need be made on the productlon process.
To thls end, the method accordlng to the lnventlon ls characterlsed ln that of each two successlve subsequent flrst key values conslstlng of a latter flrst key value and a former flrst key value, sald latter flrst key value ls a functlon of at least sald former flrst key value, and of each two successlve subsequent second key values conslstlng of a latter second key value and a former second key value, said latter second key value is a functlon of at least sald former second key value.
The lnventlon ls based on the insight that by having the (first or second) communlcatlon particlpant generate the subsequent (flrst or second) key value ln response to the (flrst or second) control slgnal, the result is achleved that the subsequent key value ls no longer determlned on the basls of a master key havlng a flxed value, that all in prlnclple ldentlcal secondary communlcatlon partlclpants can each be ~ t~
made unique by varying the number of control signals per secondary communication particlpant immediately after installation of said participant, each secondary communication partlcipant being provlded a dlfferent number of times wlth a subsequent key value and thus belng made unique with regard to the other secondary communication participants, and that all the closely ad~acent systems, which are in principle ldentical, can each be made unique by varying the number of control signals per system immediately after installation of said system, each system being provided a different number of times with a subsequent key value and thus being made unlque with regard to the other closely ad~acent systems.
A particular embodiment of the method according to the invention is characterised in that each sald subsequent first key value is also a function of at least the flrst control signal and each said subsequent second key value is also a function of at least said second control signal. This embodiment achleves the result that the number of posslble subsequent key values is substantlally lncreased and that the number of control slgnals required for maklng the communication particlpants unlque after they have been lnstalled is substantlally reduced. For example, if the control signal is a randomly generated number (which, together with the instantaneous key value, therefore determines the subsequent key value) very many communication particlpants who are, in prlnclple, identlcal to each other can be made almost completely unique wlth respect to one another, by generating only one or a few control signals.
~ .
The lnvention furthermore relates to a system of communlcatlon particlpant statlons, wherein a first communication participant station is equlpped with command signal generation means for generating a command signal, flrst code signal generatlon means for generating a first code signal as a function of at least the command signal and a first key value identifying the flrst communicatlon partlclpant statlon, means for comparison for comparing wlth one another the first code signal and a second code signal, generated in a second communlcatlon partlclpant statlon, flrst key value generation means for generatlng a subsequent flrst key value ln response to the first control signal, and wherein sald second communlcatlon partlclpant statlon ls equlpped wlth second code slgnal generation means for generatlng said second code signal as a functlon of at least sald command slgnal and a second key value ldentifying said second communication participant station, second key value generation means for generating a subsequent second key value in response to said second control signal.
It is furthermore an ob~ect of the invention, inter alla, to provlde a system for applylng the method of the type described in the preamble, in which the above mentioned drawback of the master key havlng the fixed value no longer occurs and in whlch, in the case of uslng a large system wlth more [sic] secondary communicatlon particlpants, all the secondary communication participants are ln prlnciple identical and, in the case of using many closely adiacent systems, all the systems are ln prlnclple ldentical, so that no addltlonal demands are made on the productlon process.
To thls end, the system accordlng to the lnvention ls characterlsed ln that the flrst key value generatlon means comprlse means for generating, as a function of at least said flrst key value, a further subsequent flrst key value for each successive two of sald subsequent flrst key values and the second key value generation means comprlse means for generatlng, as a function of at least second key value, a further subsequent second key value for each successlve two of sald subsequent second key values, and so on.
A partlcular embodlment of the system accordlng to the lnvention ls characterlzed ln that the flrst key value generatlon means comprlse means for generatlng the subsequent flrst key value also as a function of the first control slgnal, and the second key value generatlon means comprlse means for generatlng the subsequent second key value also as a functlon of the second control slgnal.
The lnventlon furthermore also provldes first communication partlclpant statlon for a communlcatlon system, whlch ls equlpped with: command slgnal generatlon means for generatlng a command slgnal, first code slgnal generatlon means for generatlng a flrst code slgnal as a functlon of at least the command slgnal and a flrst key value ldentlfylng the flrst communlcatlon particlpant statlon, means for comparlng, wlth one another, the flrst code slgnal and a second code slgnal, and first key value generatlon means for generatlng a subsequent flrst key value ln response to the flrst control slgnal, characterised in that the first key value generation means comprise means for generating, as a functlon of at least said first key value, a further subsequent first key value for each successive two of said subsequent first key values.
In a particular embodiment, the first communlcation participant ls characterized in that the first key value generation means comprise means for generating said further subsequent first key value also as a functlon of the flrst control signal.
According to another broad aspect, the invention provides second communication participant station for a communication system, which is equipped with second code signal generation means for generating a second code signal as a function of at least a command signal and a second key value identifying the second communication participant station, and second key value generatlon means for generating a subsequent second key value in response to the second control signal, characterised in that the second key value generation means comprise means for generating, as a function of at least the second key value, a further subsequent key value for each successive two of sald subsequent second key values.
In a partlcular embodiment, the second communication participant is characterlsed in that the second key value generatlon means comprise means for generating sald further subsequent second key value also as a functlon of the second control signal.
Naturally in the case of the method according to the invention lt ls also posslble to authenticate from both sides.
If the system, for example, comprises two first communication ,'*; :
~- ~ 25890-56 5 ~
partlcipants, the one may authenticate the other and vice versa, because both communication participants are provided with the command slgnal generation means and the means of comparison.
C. REFERENCE
U.S. 4,688,250 D. EXEMPLARY EMBODIMENTS
The invention will be explained in more detail by reference to an exemplary embodiment shown in the figures, in which:
Figure 1 shows diagrammatic illustration of the method accordlng to the invention and Figure 2 shows a block diagram of the system according to the invention, provided with the first and second communication participant according to the invention.
In the diagrammatic illustration of the method according to the invention shown in Figure 1, the boxes have the following significance - 7a -CMMNCTN PRTCPNT the first communication participant 2 CMMNCTN PRTCPNT the second communication participant 3 CMMNDSGNL generating the c~mm~nd signal 4 CODESGNL generating the first code signal CODESGNL generating the second code signal 6 KEYVL generating the first key value 7 KEYVL generating the second key value 8 CNTRLSGNL generating the first control signal 9 CNTRLSGNL generating the second control signal CMPR comparing the code signals 11 EQL ? if code signals are equal:
exit yes if code signals are not equal:
exit no 2~ 58 12 CMMNCTN STRTD the start of the communication COUNTR: =0 after the equality of the two code signals has been found in box 11; the output of the counter (see box 14) is set to 0 s 13 AFTR CMMNCTN generating the next first and GNRT NXT second control signals after the CNTRL SGNLS communication has termin~terl) in re.,~,o,lsc to which the subsequent first and second key values are generated 14 INCRMNT COUNTR incrementing the counter by 1 after the inequality of the two code signals has been found in box 11 COUNTR = 10 ? if the value of the output of the counter is 10: output yes if the value of the output of the counter is not 10: exit no 16 COUNTR: = 0 the output of the counter is set GNRT ALRM to 0 SGNL generating the alarm signal 17 RPT CMMNDSGNL repeating the command signal NO CMMNCTN communication is not yet taking place ~8~
The method according to the invention as illustrated diagr~mm~tic~lly in Figure 1 takes place as follows. If the first commllnication participant (box1) wishes to comm~lnicate with the second comm-lniçation participant (box 2), the first communication participant transmits a command signal (box 3). In 5 response thereto, the first communication participant generates a first code signal (box 4) which is a function of both the command signal and a first key value (box 6), and the second communication participant generates a second code signal (box 5) which is a function of both the command signal and a second key value (box 7). Subsequently the two code signals are mutually 10 compared (box 10, equal yes or no, box 11). If they are equal (which is only possible if the two key values are also equal to one another), the two communication participants may communicate with one another, an output of a counter to be used subsequently being set to 0 (communication started, counter: = 0, box 12). After the communication, subsequent first and second 15 control signals are generated (after communication, generate subsequent control sign~l~, box 13), a subsequenr first key value (box 6) being generated as a function of the subsequent first control signal (box 8) and of an instantaneous first key value (box 6), and a subsequent second key value (box 7) being generated as a function of the subsequent second control signal (box 20 9) and of an instantaneous second key value (box 7).
If the two code signals are not equal to one another (which is only possible if the two key values are also not equal to one another), the output ofthe counter is incremented by 1 (increment counter, box 14). Whether the output of this counter has the value 10 (counter = 10 ?, box 15) is then tested.25 So long as this is not the case, the command signal is repeated, and no communication takes place (repeat command signal, no comm~lnir~tion, box 17). As soon as the output of the counter has the value 10, this output is set to ll the value 0 and the alarm signal is generated (counter := 0, generate alarm signal, box 16).
For the method according to the invention to function correctly, it is n~cess~ y that the first and second code signal are each the same function of 5 the command signal and of the first and second key value, respectively (in other words that box 4 and 5 are identical), that the subsequent first and second key value are each the same function of the in~ntalleous first and second key value, respectively, and of the first and second control signal, respectively (in other words that box 6 and 7 are identical), and that the first10 and second control signal are identical to one another (in other words that box 8 and 9 are identical), which could, for example, be effected by taking both of them from the output of a random generator. The output value 10 of the counter, at which the alarm signal is generated, is of course chosen completely arbitrarily from the set of natural numbers.
The first and second control signals in response to which the subsequent first and second key signals may be generated, may be tran~mitte~i either after the communication (Figure 1) or before the commllnic~tion or during the commllnication, in which connection the term communication should be interpreted as widely as possible. For example, it may be a 20 telephone conversation between different (cordless) subscribers or merely a command origin~ting from a ground station and intended for a satellite. It could also be a complete data file, or a data word, of which, for example, a number of bytes are intended for authentication.
The block diagram shown in Figure 2 of the system 20 accordi.lg to 25 the invention comprises a first communication participant 21 and a second commllnication participant 22. For the sake of simplicity, only two mutually coupled communication participants are shown, in practice (such as, for z~
example, in the case of a telephone network) many second communication participants may be coupled to a first commllnic~tion participant, and 2 first commllnication participants may also be mutually coupled. Communication participant 21 and commllnication participant 22 are mutually coupled via link 5 23, which may be implemented in either completely physical form or partly in wireless form.
Communication participant 21 CGlnpliSeS a monitoring unit 30 having an input 30-1 and an output 30-2 which are both connected to link 23 for the purpose of continuously monitoring the state of the link. Monitoring unit 30 also has an output 30-3 which is connected to an input 31-1 of a control signal generator 31 which, via an output 31-3, generates a first control signal in response to a monitoring signal present at input 31-1. Output 31-3 is connected to an input 32-1 of first key value generation means 32 which, in response to the first control signal, generate a (subsequent) first key value which may be a function of the first control signal and which, in any case, is a function of an (instantaneous) first key value. To this end, an output 32-3 of key value 'generation means 32 is connected to an input 32-2. Output 32-3 is also connected to an input 33-1 of first code signal generation means 33, which furthermore have an input 33-2 and an output 33-3. Input 33-2 is connected to an output 34-3 of command signal generation means 34, which furthermore have an input 34-1, which is connected to link 23, and an input 34-2 which is connected to output 30-3. In response to the monitoring signal present at input 34-2 and/or the signal present at input 34-1, command signal generation means 34 generate a command signal which, via output 34-3 and input 33-2, is supplied to code signal generation means 33. Code signal generation means 33 generate a first code signal which is a function of the command signal present at input 33-2 and of the first key value present at input 33-1. The first ;~8~ 8 code signal is supplied, via output 33-3, to an input 35-1 of means of compalison 35, which also have an input 35-2, which is connected to link 23 for the purpose of receiving a second code signal, and an output 35-3. Output 35-3 is connected to link 23 and to an input 36-1 of counter means 36, which furthermore have an output 36-3 which is connected to an input 37-1 of comparator 37 and an input 36-2 which is connected to an output 37-3 of coml,alatol 37. In addition, comparator 37 has an input 37-2, to which a signal having the value 10 is supplied, and the output 37-3 is connected to link 23. Ifthe first code signal at input 35-1 and a second signal at input 35-2 do not co,lesl)ond, means of comparison 35 generate a counter signal to counting means 36 which in response thereto increment their output value by 1. As soon as this output value has the value 10, comparator 37 generates an alarm signal to alarm unit 38 and a reset signal which is supplied to counting means 36, which, in response thereto, set their output value to zero.
Communication participant 22 comprises a monitoring unit 40 having an input 40-1 and an output 40-2 which are both connected to link 23 for the purpose of continuously monitoring the state of the link. Monitoring unit 40 also has an output 40-3 which is connected to an input 41-1 of a control signal generator 41 which, via an output 41-3, generates a second control signal in response to a monitoring signal present at input 41-1. Output 41-3 is connected to an input 42-1 of second key value generation means 42 which, in response to the second control signal, generate a (subsequent) second key value which may be a function of the second control signal and which, in any case, is a function of an (instantaneous) second key value. To this end, an output 42-3 of key value generation means 42 is connected to an input 42-2. Output 42-3 is also connected to an input 43-1 of second code signal generation means 43, which furthermore have an input 43-2 and an output 43-3. Input 43-2 is ~8~
connected to link 23. Code signal generation means 43 generate a second code signal which is a function of the command signal present at input 43-2, which is supplied via link 23, and of the second key value present at input 43-1. The second code signal is supplied, via output 43-3 and link 23, to input 35-2 of S means of compalisoll 35.
The system 20 shown in Figure 2 works as follows. If comm~lnic~tion is required, command signal generation means 34 generate the command signal which is supplied to code signal generation means 33 and, via link 23, to code signal generation means 43. Code signal generation means 33 generate 10 the first code signal which is a function of the command signal and of the first key value origin~ting from key value generation means 32. Code signal generation means 43 generate the second code signal which is a function of the command signal and of the second key value oriEin~ting from key value generation means 42. The first code signal is supplied directly, and the 15 second code signal is supplied via link 23, to means of comparison 35.
Normally, the two code signals will be identical because the two key values are identical, and means of compa~ison 35 generate a signal which, via link 23, is supplied to monitoring unit 30 and monitoring unit 40, in response whereto the communication can start. The means by which this 20 commnnic~tion is implemented are not shown in Figure 2, and they may, in principle, be embodied in many ways. Thus, it is, for example, possible to arrange for subsequent command siEn~l~, which are provided with data, to be generated by the command signal generation means 34, which command signals, either encrypted or not encrypted via code signal generation means 33 25 and 43, are then transmitted back and forth via link 23. It would also be possible to transmit long data words back and forth via link 23, a number of bytes of each data word serving for authentication and thus a check being carried out for each data word whether the two key values agree.
After the communication has ended, which is monitored by monitoring units 30 and 40, monitoring unit 30 generates a signal to control signal generator 31, in re~ se whereto said generator generates the first 5 control signal which is supplied to key value generation means 32, and monitoring unit 40 generates a signal to control signal generator 41, in response whereto said generator generates the second control signal which is supplied to key value generation means 42. Key value generation means 32 and 42, respectively, then generate the subsequent first and second key value, 10 respectively, which is a function of the instantaneous first and second key value, respectively, and which may be a function of also the first and the second control signal, respectively. Subsequently, the next comm-lnic~tion can take place on the basis of the new key values. It is expedient in this context that all the secondary communication participants (in Figure 2, only 1 15 secondary commnni~tion participant 22 is shown) can be produced in the same way, without each communication participant having to be supplied with a unique key. Or, in the case of, for example, a cordless telephone system having a primary and a secondary communication participant, that of all the cordless telephone systems to be produced, all the primary communication 20 participants on the one hand and all the secondary communication participants on the other hand can be produced in an identical manner. After authentication has taken place only a few times, each secondary communication participant, or each set of primary and secondary communication participants, will have become completely unique with respect 25 to all the other communication participants or with respect to all the other sets of comml~ni-~~tion participants.
If the two code signals are not identical (because the two key values are not equal), means of compalison 35 generate the counter signal, in rejponse whereto counting means 36 increment their output value by 1 and in response whereto command signal generation means 34 generate the comm~nd signal again. As a result, the two code signals are generated again by S code signal generation means 33 and 43 on the basis of the instantaneous, unaltered key values of key value generation means 32 and 42, and the two code signals are compared again, etc. If the two code signals are indeed identical this time, for example because there was a fault during the previous generation, communication may start. In this case, the output value of the 10 counting means should be set to zero. If the two code signals have been foundto be unequal on ten successive occasions, the output value of counting means 36 has the value ten and the compalatol 37 generates the alarm signal to alarm unit 38.
The generation of the command signal by command signal generation 15 means 34 when commllnication is required is generally carried out under the control of monitoring unit 30, or else under control of commllnication participant 21. If communication participant 22 is also required to be able to initiate a communication, this can be effected by making monitoring unit 40 as well as monitoring unit 30 suitable for controlling command signal 20 generation means 34 (via link 23). Alternatively, this could be achieved by likewise providing communication participant 22 with command signal generation means. In both cases"~liorily rules then have to be established in order to prevent the two comm~lni~ation participants 21, 22 getting out of synchronisation as a consequence of simultaneous notification of the desire to 25 commllnicate Moreover, communication participant 22 could be provided with further means of compalison, further counting means and/or a further com~ar~tor, co,respollding to communication participant 21, which then B
makes it possible to have each communication participant 21, 22 check the identity of the other himself.
Having each communication participant 21, 22 check the identity of the other himself provides, with a small extension, the possibility of enabling communication even after the counting means present in both commllniration participants have or should have generated the reset signal and the alarm signal. By, for example, having a fixed reset key value generated in the a~a~&lus of each comm~lnication participant 21, 22 in response to the reset signal of the counting means, it is achieved that the two communication participants will subsequently generate equal code sign~ls, which enables communication. This "~es~lling" should take place internally and in such a way that each communication participant 21, 22 is only able to do this with regard to,him~elf, it not being possible for any outsider to be able to do the same with regard to the communication participant in question. The reset signal in this case must under no circumstances be transmitted via link 23 or reach link 23, this being prevented by providing each communication participant 21, 22 with his own counting means.
The design of commnnication participants 21, 22 as shown in the block diagram of Figure 2 could be considerably simplified by omitting the two control signal generators 31, 41, in which case the two key value generation means 32, 42 may, for example, be controlled by command signal generation means 34. In practice this means that the first and second control signal then coincide with the command signal and that the subsequent key value is a function of the instantaneous key value and of the command signal.
In the case of different secondary communication participants 22, all of which must be able to commllni~t~ with primary commllnication participant 21, it would be possible to have an identification code tran~mitt~
~ $
prior to the communication, which identification code indicates which secondary comm~nic~tion participant 22 should be involved in the commnnic~ti-n Such an identification code could for example be added to the command signal. It is, however, also conceivable that the code signal by itself 5 serves per se for identification, for example by each secondary communication participant 22 having codes signal generation means 43 which are based on a unique function, or by having key value generation means which are based on a unique function. In this case it is disadvantageous that each secondary communication participant 22 then has to be provided with a unique function, 10 which puts additional demands on the production process. Furthermore, all the unique functions must be known at the first communication participant 21, which increases the latter's extent and complexity.
Having the command signal generation means 34 generate the command signal once more if the two code signals are not identical is, of 15 course, only one embodiment. It is, for example, also conceivable for this command signal to remain present at output 34-3 as long as no equality of code signals is found, i.e. until the reset signal is generated or has been generated by comparator 37.
Claims (8)
1. Method for authenticating communication participants, a first communication participant generating a command signal and generating a first code signal which is a function of at least the command signal and an instantaneous first key value associated with the first communication participant, and a second communication participant generating a second code signal which is a function of at least the command signal and an instantaneous second key value associated with the second communication participant, which first and second code signals are compared with each other in order to authenticate the communication participants if both code signals are identical, in which case communication therebetween is enabled, the first communication participant generating, in response to a first control signal, a subsequent first key value replacing the instantaneous first key value, and upon further occurrences of the first control signal, the first communication participant generating further subsequent first key values, replacing the respective preceding instantaneous first key values, and the second communication participant generating, in response to a second control signal, a subsequent second key value replacing the instantaneous second key value, and upon further occurrences of the second control signal, the second communication participant generating further subsequent second key values, replacing the respective preceding instantaneous second key values, characterised in that each subsequent first key value is a function of at least the preceding instantaneous first key value and each subsequent second key value is a function of at least the preceding instantaneous second key value.
2. Method according to Claim 1, characterised in that each subsequent first key value is also a function of at least the first control signal and each subsequent second key value is also a function of at least the second control signal.
3. System for authenticating communication participants, a first communication participant being provided with - command signal generation means for generating a command signal, - first code signal generation means for generating a first code signal as a function of at least the command signal and an instantaneous first key value associated with the first communication participant, - means of comparison for comparing the first code signal and a second code signal with one another and, if they are identical, generating an authenticating signal to enable communication between the first communication participant and a second communication participant and - first key value generation means for generating a subsequent first key value replacing the instantaneous first key value in response to a first control signal and for generating further subsequent first key values, replacing the respective preceding instantaneous first key values upon further occurrences of the first control signal, and the second communication participant being provided with - second code signal generation means for generating the second code signal as a function of at least the command signal and an instantaneous second key value associated with the second communication participant, - second key value generation means for generating a subsequent second key value replacing the instantaneous second key value in response to a second control signal and for generating further subsequent second key values, replacing the respective preceding instantaneous second key values upon further occurrences of the second control signal, characterised in that the first key value generation means comprise means for generating, each subsequent first key value as a function of at least the preceding instantaneous first key value and the second key value generation means comprise means for generating each subsequent second key value as a function of at least the preceding instantaneous second key value.
4. System for authenticating communication participants according to Claim 3, characterised in that the first key value generation means comprise means for generating each subsequent first key value also as a function of the first control signal and each second key value generation means comprise means for generating each subsequent second key value also as a function of the second control signal.
5. First communication participant which first communication participant is provided with - command signal generation means for generating a command signal, - first code signal generation means for generating a first code signal as a function of at least the command signal, and an instantaneous first key value associated with the first communication participant, - means for comparing to one another the first code signal and a second code signal generated by second code signal generation means included in a second communication participant and, if they are identical, generating an authenticating signal to enable communication between the first communication participant and the second communication participant, and - first key value generation means for generating a subsequent first key value replacing the instantaneous first key value in response to a first control signal and for generating further subsequent first key values, replacing the respective preceding instantaneous first key values upon further occurrences of the first control signal, characterised in that the first key value generation means comprise means for generating each subsequent first key value as a function of at least the preceding instantaneous first key value .
6. First communication participant according to Claim 5, characterised in that the first key value generation means comprise means for generating each subsequent first key value also as a function of the first control signal.
7. Second communication participant which second communication participant is provided with - second code signal generation means for generating a second code signal as a function of at least a command signal and an instantaneous second key value associated with the second communication participant, - second key value generation means for generating a subsequent second key value replacing the instantaneous second key value in response to a second control signal and for generating further subsequent second key values, replacing the respective preceding instantaneous second key values upon further occurrences of the second control signal, characterised in that the second key value generation means comprise means for generating each subsequent second key value as a function of at least the preceding instantaneous second key value.
8. Second communication participant according to Claim 7, characterised in that the second key value generation means comprise means for generating each subsequent second key value also as a function of the second control signal.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| NL9101796A NL9101796A (en) | 1991-10-25 | 1991-10-25 | METHOD FOR AUTHENTICATING COMMUNICATION PARTICIPANTS, METHOD FOR USING THE METHOD AND FIRST COMMUNICATION PARTICIPANT AND SECOND COMMUNICATION PARTICIPANT FOR USE IN THE SYSTEM. |
| NL9101796 | 1991-10-25 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2081258A1 CA2081258A1 (en) | 1993-04-26 |
| CA2081258C true CA2081258C (en) | 1998-06-30 |
Family
ID=19859853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002081258A Expired - Fee Related CA2081258C (en) | 1991-10-25 | 1992-10-23 | System for authenticating communication participants |
Country Status (11)
| Country | Link |
|---|---|
| US (1) | US5325434A (en) |
| EP (1) | EP0538946B1 (en) |
| JP (1) | JP2687072B2 (en) |
| AT (1) | ATE163337T1 (en) |
| AU (1) | AU660194B2 (en) |
| CA (1) | CA2081258C (en) |
| DE (1) | DE69224455T2 (en) |
| ES (1) | ES2113406T3 (en) |
| FI (1) | FI924830A (en) |
| NL (1) | NL9101796A (en) |
| NO (1) | NO305530B1 (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0523944A3 (en) * | 1991-07-16 | 1994-02-16 | Canon Kk | Magneto optical recording medium and method |
| US5644710A (en) * | 1995-02-13 | 1997-07-01 | Eta Technologies Corporation | Personal access management system |
| US5737418A (en) * | 1995-05-30 | 1998-04-07 | International Game Technology | Encryption of bill validation data |
| US5787175A (en) * | 1995-10-23 | 1998-07-28 | Novell, Inc. | Method and apparatus for collaborative document control |
| US5761306A (en) * | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
| JPH10229392A (en) * | 1997-02-13 | 1998-08-25 | Rohm Co Ltd | Authentication system and authentication method |
| TW338865B (en) * | 1997-06-03 | 1998-08-21 | Philips Eloctronics N V | Authentication system |
| KR100492968B1 (en) * | 1999-05-29 | 2005-06-07 | 삼성전자주식회사 | Apparatus and method for transmitting a channel signal gated in the control only substate of cdma communications system |
| US7804961B2 (en) * | 2000-12-19 | 2010-09-28 | Qualcomm Incorporated | Method and apparatus for fast crytographic key generation |
| US20040236939A1 (en) * | 2003-02-20 | 2004-11-25 | Docomo Communications Laboratories Usa, Inc. | Wireless network handoff key |
| FR2886027A1 (en) * | 2005-05-20 | 2006-11-24 | Proton World Internatinal Nv | SEQUENCING ERROR DETECTION IN THE EXECUTION OF A PROGRAM |
| US20070248232A1 (en) * | 2006-04-10 | 2007-10-25 | Honeywell International Inc. | Cryptographic key sharing method |
| US7936878B2 (en) * | 2006-04-10 | 2011-05-03 | Honeywell International Inc. | Secure wireless instrumentation network system |
| JP5178163B2 (en) * | 2007-11-27 | 2013-04-10 | 三菱電機株式会社 | Security support device |
| TWI631507B (en) * | 2016-03-04 | 2018-08-01 | 德凡特未來股份有限公司 | Motion recognition apparatus and control method |
| GB2600538B (en) * | 2020-09-09 | 2023-04-05 | Tymphany Worldwide Enterprises Ltd | Method of providing audio in a vehicle, and an audio apparatus for a vehicle |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4074066A (en) * | 1976-04-26 | 1978-02-14 | International Business Machines Corporation | Message verification and transmission error detection by block chaining |
| US4193131A (en) * | 1977-12-05 | 1980-03-11 | International Business Machines Corporation | Cryptographic verification of operational keys used in communication networks |
| US4218738A (en) * | 1978-05-05 | 1980-08-19 | International Business Machines Corporation | Method for authenticating the identity of a user of an information system |
| SE426128B (en) * | 1981-04-08 | 1982-12-06 | Philips Svenska Ab | METHOD FOR TRANSFER OF DATA MESSAGES BETWEEN TWO STATIONS, AND TRANSFER PLANT FOR EXECUTING THE METHOD |
| GB8322176D0 (en) * | 1983-08-17 | 1983-09-21 | Manchester City Council | Vehicle docking system |
| US4599489A (en) * | 1984-02-22 | 1986-07-08 | Gordian Systems, Inc. | Solid state key for controlling access to computer software |
| US4799061A (en) * | 1985-11-18 | 1989-01-17 | International Business Machines Corporation | Secure component authentication system |
| US4688250A (en) * | 1986-01-29 | 1987-08-18 | Rca Corporation | Apparatus and method for effecting a key change via a cryptographically protected link |
| US4805216A (en) * | 1987-01-08 | 1989-02-14 | Compfax Corporation | Method and apparatus for continuously acknowledged link encrypting |
| JPH01284037A (en) * | 1988-05-10 | 1989-11-15 | Nec Corp | Line ciphering device |
| US4864615A (en) * | 1988-05-27 | 1989-09-05 | General Instrument Corporation | Reproduction of secure keys by using distributed key generation data |
| ATE99819T1 (en) * | 1989-03-08 | 1994-01-15 | Siemens Nixdorf Inf Syst | METHOD OF GENERATION OF A RANDOM NUMBER FOR THE ENCRYPTED TRANSMISSION OF DATA, USING A VARIABLE SEED VALUE. |
| US4933971A (en) * | 1989-03-14 | 1990-06-12 | Tandem Computers Incorporated | Method for encrypting transmitted data using a unique key |
| JP2791587B2 (en) * | 1989-11-27 | 1998-08-27 | 株式会社ユーシン | Remote control device |
| US5148479A (en) * | 1991-03-20 | 1992-09-15 | International Business Machines Corp. | Authentication protocols in communication networks |
| US5177791A (en) * | 1991-08-30 | 1993-01-05 | International Business Machines Corp. | Secure translation of usage-control values for cryptographic keys |
-
1991
- 1991-10-25 NL NL9101796A patent/NL9101796A/en not_active Application Discontinuation
-
1992
- 1992-10-19 ES ES92203197T patent/ES2113406T3/en not_active Expired - Lifetime
- 1992-10-19 AT AT92203197T patent/ATE163337T1/en not_active IP Right Cessation
- 1992-10-19 DE DE69224455T patent/DE69224455T2/en not_active Expired - Fee Related
- 1992-10-19 EP EP92203197A patent/EP0538946B1/en not_active Expired - Lifetime
- 1992-10-21 NO NO924077A patent/NO305530B1/en not_active IP Right Cessation
- 1992-10-23 CA CA002081258A patent/CA2081258C/en not_active Expired - Fee Related
- 1992-10-23 US US07/965,882 patent/US5325434A/en not_active Expired - Fee Related
- 1992-10-23 FI FI924830A patent/FI924830A/en unknown
- 1992-10-23 AU AU27290/92A patent/AU660194B2/en not_active Ceased
- 1992-10-26 JP JP4327145A patent/JP2687072B2/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| JP2687072B2 (en) | 1997-12-08 |
| DE69224455D1 (en) | 1998-03-26 |
| DE69224455T2 (en) | 1998-07-16 |
| NO305530B1 (en) | 1999-06-14 |
| AU660194B2 (en) | 1995-06-15 |
| JPH07202879A (en) | 1995-08-04 |
| FI924830A0 (en) | 1992-10-23 |
| FI924830A (en) | 1993-04-26 |
| EP0538946A1 (en) | 1993-04-28 |
| NL9101796A (en) | 1993-05-17 |
| US5325434A (en) | 1994-06-28 |
| NO924077L (en) | 1993-04-26 |
| ATE163337T1 (en) | 1998-03-15 |
| NO924077D0 (en) | 1992-10-21 |
| AU2729092A (en) | 1993-04-29 |
| ES2113406T3 (en) | 1998-05-01 |
| CA2081258A1 (en) | 1993-04-26 |
| EP0538946B1 (en) | 1998-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2081258C (en) | System for authenticating communication participants | |
| DE60312568T2 (en) | SECURE SYNCHRONIZATION USING TWO NOTIFICATIONS IN WIRELESS NETWORKS | |
| EP0093549B1 (en) | Catv communication system | |
| DE69823834T2 (en) | SAFETY PROCESS AND SYSTEM FOR TRANSMISSIONS IN REMOTE DETECTIVES | |
| DE69534012T2 (en) | Authentication method for mobile communication | |
| US5218638A (en) | Encipher method and decipher method | |
| US4783798A (en) | Encrypting transponder | |
| EP0915630B1 (en) | Strengthening the authentification protocol | |
| US4890324A (en) | Enciphering/deciphering method and arrangement for performing the method | |
| KR100289795B1 (en) | Key Deformation Method and Apparatus for Differentiating Different Networks | |
| HK1007367A1 (en) | Method for algorithm independent cryptographic key management | |
| DE19651518A1 (en) | Communication method and apparatus | |
| JPH07115413A (en) | Mobile communication terminal authentication system | |
| EP1610489B1 (en) | Method for negotiating weakened keys in encryption systems | |
| DE4236778A1 (en) | Method for connecting transmitters / receivers of a cordless communication system to form a communication-capable unit | |
| DE102005054685A1 (en) | A method for agreeing a key between communication parties of a wireless communication system | |
| AU736988B2 (en) | Process and device for mutual authentication of components in a network using the challenge-response method | |
| EA001631B1 (en) | Method and apparatus for providing authentication security in a wireless communication system | |
| CN109754503A (en) | Intelligent door lock method for unlocking | |
| EP1025739A2 (en) | Generation of a seed number | |
| CZ2001810A3 (en) | Method for improving the security of authentication procedures in digital mobile radio telephone systems | |
| DE69836185T2 (en) | DEVICE AND METHOD FOR SUITABLE MULTI-ITERATION CMEA DECOMPOSITION AND ENCRYPTION TO IMPROVE THE SECURITY OF WIRELESS TELEPHONE CHANNELS | |
| CA2123199A1 (en) | Cryptographic apparatus and method for a data communication network | |
| EP0935860A1 (en) | Signal transmission process | |
| EP0019756B1 (en) | Process for verifying the synchronism between two cryptographic devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |