公开(公告)号：US20010016908A1

公开(公告)日：2001-08-23

申请号：US09070794

申请日：1998-05-01

Applicant: CERTICOM CORP.

Inventor： SIMON BLAKE-WILSON ,  DONALD JOHNSON ,  ALFRED MENEZES

IPC: H04L009/30

CPC classification number: H04L9/0841

Abstract: A key agreement method between a pair of entities i and j in a digital data communication system, wherein each the entity has a private and corresponding public key pair Si,Pi and Sj,Pj respectively and the system, having global parameters for generating elements of a group, the method comprising the steps of: (a) entity i selecting a random private session value Ri; (b) forwarding a public session value corresponding to the private session value Ri to the entity j; (c) entity j computing a long term shared secret key knull derived from entity i's public key and j's private key utilizing a first function H1; (d) the entity j utilizing entity j utilizing the key knull and computing an authenticated message on entity identities i, j and entities public session keys and forwarding the authenticated message to entity i; (e) the entity i verifying the received authenticated message; (f) the entity i computing the long term shared secret key knull derived from the entity j's public key and i's private key in accordance with the first function H1; (g) the entity i utilizing the long term shared secret key knull and computing an authenticated message on the entities i and j identity information and the entities public session keys and forwarding the authenticated message to the entity j: (h) entity j verifying the received authenticated message; and (i) upon both the entities i and j verifying the authenticated message, computing a short term shared secret key utilizing a respective entity's session public and private keys.

Abstract translation: 在数字数据通信系统中的一对实体i和j之间的密钥协商方法，其中每个实体分别具有私有和对应的公共密钥对Si，Pi和Sj，Pj，并且该系统具有用于生成元素的全局参数 一种组，所述方法包括以下步骤：（a）实体i选择随机私人会话值Ri; （b）将与私有会话值Ri相对应的公共会话值转发给实体j; （c）实体j使用第一函数H1计算从实体i的公钥和j的私钥导出的长期共享秘密密钥k'; （d）实体j利用密钥k'并且在实体身份i，j和实体公共会话密钥上计算经认证的消息，并将认证消息转发到实体i; （e）验证接收到的认证消息的实体; （f）实体i根据第一函数H1计算从实体j的公开密钥导出的长期共享密钥k'和i的私钥; （g）使用长期共享秘密密钥k'的实体i并且在实体i和j身份信息和实体公共会话密钥上计算经认证的消息，并将认证消息转发到实体j：（h）实体j验证 收到的认证消息; 以及（i）在证实验证的消息的实体i和j两者之间，利用相应实体的会话公钥和私钥计算短期共享密钥。