WO1999025093A3 - Secure handshake protocol - Google Patents

Secure handshake protocol Download PDF

Info

Publication number
WO1999025093A3
WO1999025093A3 PCT/FI1998/000869 FI9800869W WO9925093A3 WO 1999025093 A3 WO1999025093 A3 WO 1999025093A3 FI 9800869 W FI9800869 W FI 9800869W WO 9925093 A3 WO9925093 A3 WO 9925093A3
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
message
sends
obtains
handshake protocol
Prior art date
Application number
PCT/FI1998/000869
Other languages
French (fr)
Other versions
WO1999025093A2 (en
Inventor
Olli Immonen
Original Assignee
Nokia Telecommunications Oy
Olli Immonen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Telecommunications Oy, Olli Immonen filed Critical Nokia Telecommunications Oy
Priority to AU10359/99A priority Critical patent/AU1035999A/en
Priority to US09/554,112 priority patent/US6931528B1/en
Publication of WO1999025093A2 publication Critical patent/WO1999025093A2/en
Publication of WO1999025093A3 publication Critical patent/WO1999025093A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Abstract

Method for a secure handshake protocol between A and B, connected by a slow channel (Um). A sends a first message (21) indicating a set of cipher suites with parameters, and its identifier (IDA). B selects a cipher suite, obtains A's certificate (CA) over a fast connection, verifies A's certificate (CA) and obtains A's public key (EA). Next B sends a second message (26) comprising B's certificate (CB), and indication that B has verified A's certificate (CA), and an indication about the selected cipher suite. A begins to use the selected cipher suite, verifies B's certificate (CB) and obtains B's public key (EB). Next A sends a third message (28) indicating that A has verified B's certificate (CB). Application data can be sent from A to B in the third message (28), whereby a two-way key-exchange and mutual verification is achieved with an effective overhead of two messages (21, 26) between A and B.
PCT/FI1998/000869 1997-11-10 1998-11-10 Secure handshake protocol WO1999025093A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU10359/99A AU1035999A (en) 1997-11-10 1998-11-10 Secure handshake protocol
US09/554,112 US6931528B1 (en) 1997-11-10 1998-11-10 Secure handshake protocol

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI974186A FI104666B (en) 1997-11-10 1997-11-10 Secure handshake protocol
FI974186 1997-11-10

Publications (2)

Publication Number Publication Date
WO1999025093A2 WO1999025093A2 (en) 1999-05-20
WO1999025093A3 true WO1999025093A3 (en) 1999-07-29

Family

ID=8549905

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI1998/000869 WO1999025093A2 (en) 1997-11-10 1998-11-10 Secure handshake protocol

Country Status (5)

Country Link
US (1) US6931528B1 (en)
AU (1) AU1035999A (en)
FI (1) FI104666B (en)
TW (1) TW380346B (en)
WO (1) WO1999025093A2 (en)

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1408669A1 (en) 1998-07-03 2004-04-14 Nokia Corporation Secure session set up based on the wireless application protocol
SE522260C2 (en) * 1999-10-01 2004-01-27 Ericsson Telefon Ab L M Method, system and security adapter for executing secure data transmission in a wireless network
US7131006B1 (en) * 1999-11-15 2006-10-31 Verizon Laboratories Inc. Cryptographic techniques for a communications network
DE10025271A1 (en) * 2000-05-22 2001-11-29 Siemens Ag Method for establishing a connection between a terminal and a serving cellular network, cellular network and terminal therefor
FI110558B (en) 2000-05-24 2003-02-14 Nokia Corp Method for processing location information of a terminal connected to a packet data network via a cellular network
US7519737B2 (en) * 2000-07-07 2009-04-14 Schneider Automation Inc. Input/output (I/O) scanner for a control system with peer determination
FI110736B (en) * 2000-08-01 2003-03-14 Nokia Corp Data Transfer Method, Subscriber Terminal and GPRS / EDGE Radio Access Network
US7327846B1 (en) * 2000-09-05 2008-02-05 Chung Nan Chang Secure cryptographic key exchange and verifiable digital signature
GB0309182D0 (en) 2003-04-23 2003-05-28 Hewlett Packard Development Co Security method and apparatus using biometric data
US20050005136A1 (en) * 2003-04-23 2005-01-06 Liqun Chen Security method and apparatus using biometric data
US20040117626A1 (en) * 2003-09-12 2004-06-17 Pioneer Research Center Usa, Inc. Key exchange based on dsa type certificates
US20050141706A1 (en) * 2003-12-31 2005-06-30 Regli William C. System and method for secure ad hoc mobile communications and applications
JP2006155045A (en) 2004-11-26 2006-06-15 Sony Corp Electronic value information transmission system, and electronic value information transmission method
KR101346734B1 (en) 2006-05-12 2014-01-03 삼성전자주식회사 Multi certificate revocation list support method and apparatus for digital rights management
US8099459B2 (en) * 2006-06-23 2012-01-17 Microsoft Corporation Content feedback for authors of web syndications
US8145532B2 (en) 2006-06-27 2012-03-27 Microsoft Corporation Connecting devices to a media sharing service
US7882356B2 (en) 2006-10-13 2011-02-01 Microsoft Corporation UPnP authentication and authorization
US9055107B2 (en) * 2006-12-01 2015-06-09 Microsoft Technology Licensing, Llc Authentication delegation based on re-verification of cryptographic evidence
TW200922256A (en) * 2007-11-06 2009-05-16 Nat Univ Tsing Hua Method for reconfiguring security mechanism of a wireless network and the mobile node and network node thereof
CN101459506B (en) * 2007-12-14 2011-09-14 华为技术有限公司 Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
US8321662B2 (en) 2008-05-08 2012-11-27 International Business Machines Corporation Certificate renewal using secure handshake
US8862874B2 (en) * 2008-05-09 2014-10-14 International Business Machines Corporation Certificate distribution using secure handshake
US8239670B1 (en) * 2008-05-13 2012-08-07 Adobe Systems Incorporated Multi-aspect identifier in network protocol handshake
CN101346001A (en) * 2008-08-29 2009-01-14 华为技术有限公司 Clock synchronization process, equipment and system
US8645695B2 (en) * 2009-10-07 2014-02-04 Blackberry Limited System and method for managing security key architecture in multiple security contexts of a network environment
EP2987123B1 (en) * 2013-10-22 2023-09-13 Accenture Global Services Limited Facilitating secure transactions using a contactless interface
US9705859B2 (en) * 2015-12-11 2017-07-11 Amazon Technologies, Inc. Key exchange through partially trusted third party
US10412098B2 (en) 2015-12-11 2019-09-10 Amazon Technologies, Inc. Signed envelope encryption
US9699655B1 (en) * 2016-02-23 2017-07-04 T-Mobile Usa, Inc. Cellular device authentication
US10545940B2 (en) * 2017-02-22 2020-01-28 Red Hat, Inc. Supporting secure layer extensions for communication protocols
WO2022072595A1 (en) * 2020-10-01 2022-04-07 Oboren Systems, Inc. Exclusive self-escrow method and apparatus
US11669887B1 (en) * 2022-05-27 2023-06-06 InstaProtek Inc. Learning engine-based navigation system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0532231A2 (en) * 1991-09-13 1993-03-17 AT&T Corp. Service provision authentication protocol
US5371794A (en) * 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5638446A (en) * 1995-08-28 1997-06-10 Bell Communications Research, Inc. Method for the secure distribution of electronic files in a distributed environment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5196840A (en) * 1990-11-05 1993-03-23 International Business Machines Corporation Secure communications system for remotely located computers
US5588060A (en) * 1994-06-10 1996-12-24 Sun Microsystems, Inc. Method and apparatus for a key-management scheme for internet protocols
US5657390A (en) * 1995-08-25 1997-08-12 Netscape Communications Corporation Secure socket layer application program apparatus and method
US5949882A (en) * 1996-12-13 1999-09-07 Compaq Computer Corporation Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US6081900A (en) * 1999-03-16 2000-06-27 Novell, Inc. Secure intranet access
US6826690B1 (en) * 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
US8015600B2 (en) * 2000-12-22 2011-09-06 Oracle International Corporation Employing electronic certificate workflows
US7415607B2 (en) * 2000-12-22 2008-08-19 Oracle International Corporation Obtaining and maintaining real time certificate status
GB0311621D0 (en) * 2003-05-20 2003-06-25 Nokia Corp A system for crytographical authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0532231A2 (en) * 1991-09-13 1993-03-17 AT&T Corp. Service provision authentication protocol
US5371794A (en) * 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5638446A (en) * 1995-08-28 1997-06-10 Bell Communications Research, Inc. Method for the secure distribution of electronic files in a distributed environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
IEEE NETWORK, Sept. 1997, CHANG-SEOP PARK, "On Certificate-Based Security Protocols for Wireless Mobile Communication Systems", pages 50-55. *

Also Published As

Publication number Publication date
FI974186A (en) 1999-05-11
FI104666B (en) 2000-04-14
WO1999025093A2 (en) 1999-05-20
FI974186A0 (en) 1997-11-10
US6931528B1 (en) 2005-08-16
TW380346B (en) 2000-01-21
AU1035999A (en) 1999-05-31

Similar Documents

Publication Publication Date Title
WO1999025093A3 (en) Secure handshake protocol
MacKenzie The PAK suite: Protocols for password-authenticated key exchange
WO1999027678A3 (en) Security of data connections
CA2224695A1 (en) System and method for mutual authentication and secure communications between a postage security device and a meter server
CA2278670A1 (en) Encryption and decryption method and apparatus
TW431108B (en) Method for establishing a key using over-the-air communication and password protocol and password protocol
TW429721B (en) Method for two party authentication and key agreement
HK1000845A1 (en) Secure network protocol system and method
EP0807911A3 (en) Client/server protocol for proving authenticity
CA2173176A1 (en) Data security scheme for point-to-point communication sessions
WO2002091662A8 (en) Use and generation of a session key in a secure socket layer connection
EP0858186A3 (en) Method for secure communication in a telecommunication system
WO2004046844A3 (en) Faster authentication with parallel message processing
CA2463286A1 (en) Multi-factor authentication system
CA2276874A1 (en) Method for establishing session key agreement
FI974665A (en) A method for verifying the origin of packets despite modifications to web addresses and protocols
EP1316177A4 (en) Multiservice use of network connection capability under user-to-network interface signaling
AU8068498A (en) An apparatus for implementing virtual private networks
WO2002068418A3 (en) Authentication and distribution of keys in mobile ip network
CA2427699A1 (en) A system and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
WO2002025962A3 (en) Secured map messages for telecommunications networks
WO2001097443A3 (en) Method and apparatus for enhancing network security protection server performance
CA2313557A1 (en) Secure mutual network authentication protocol
DE60043053D1 (en) SELF-GENERATION OF CERTIFICATES USING A SAFE MICROPROCESSOR IN A DIGITAL DATA TRANSMISSION DEVICE
JP2003008565A5 (en)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

WWE Wipo information: entry into national phase

Ref document number: 09554112

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA