Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2001080479 - SYSTEME DE VALIDATION RETARDEE POUR PREVENIR LES ATTAQUES BASEES SUR DES CERTIFICATS COMPROMIS

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

What is claimed is :

1. A method of conducting secure communications using both symmetric and public key cryptography between two entities, typically a client and a server, comprising the steps of:
transmitting a message from a first entity to a second entity, wherein said message comprises partial information concerning a randomly generated pre-master secret which is used for generating a symmetrical master secret under which the secure communications are to be encrypted, said partial information including therein an encryption under a public key of said second entity;
transmitting at least one intervening message from said second entity to said first entity, said intervening message comprising a random component generated by the second entity; and transmitting a further message from said first entity to said second entity, after receiving said intervening message from said second entity, said further message comprising the complete pre-master secret encrypted under said public key of said second entity,
wherein said pre-master secret cannot be learned from said partial information but said partial information can
unambiguously identify said pre-master secret, and wherein any alteration to said complete pre-master secret encrypted under said public key of said second entity can be revealed.

2. The method according to claim 1, wherein said partial information comprises a hash of said pre-master secret encrypted under the public key of said second entity.

3. The method according to claim 1, wherein said partial information comprises a bitwise half of said pre-master secret encrypted under the public key of said second entity.

4. The method according to claim 1, wherein said partial information comprises a predetermined bitwise portion of said pre-master secret encrypted under the public key of said second entity.

5. A method of conducting secure communications using both symmetric and public key cryptography between two entities, typically a client and a server, comprising the steps of:
transmitting a message from a first entity to a second entity, wherein said message comprises the public key of a private-public key pair generated by said first entity;
transmitting a message from said second entity to said first entity, said message comprising partial information concerning a nonce of the second entity encrypted under the public key of said first entity;
transmitting a further message from said first entity to said second entity, said further message comprising a complete pre-master secret encrypted under a public key of said second entity; and
transmitting a further message from said second entity to said first entity, said further message comprising complete information concerning said nonce of the second entity encrypted under said public key of said first entity,
wherein said nonce of the second entity cannot be learned from said partial information but said partial information can unambiguously identify said nonce of the second entity, and wherein any alteration to said nonce of the second entity
encrypted under said public key of said first entity can be revealed.

6. The method according to claim 5, wherein said partial information is a hash function of said nonce of said second entity encrypted under the public key of said first entity.

7. The method according to claim 5, wherein said partial information comprises a bitwise half of said nonce of said second entity encrypted under the public key of said first entity.

8. The method according to claim 5, wherein said partial information comprises a predetermined bitwise portion of said nonce of said second entity encrypted under the public key of said first entity.