News Column

Researchers Submit Patent Application, "Symmetric Dynamic Authentication and Key Exchange System and Method Thereof", for Approval

May 13, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Fan, Chun-I (KAOHSIUNG, TW); HSU, RUEI-HAU (KAOHSIUNG CITY, TW); LIN, YI-HUI (KAOHSIUNG CITY, TW), filed on June 25, 2013, was made available online on May 1, 2014.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: "The present invention relates to an information security authentication system, and more particularly to, a symmetric dynamic authentication and key exchange system and a method thereof.

"With popularization of computers, networks and various wireless handheld information devices, lots of information exchange procedures between one person and the other person are completed gradually through computers and networks. However, in order to ensure the mutual confidence level for the both parties and the transfer confidentiality of information in a network in an information exchange procedure, a 3rd party certification authority is provided. After the both parties are authorized to perform certification at the certification authority, and obtain a public key and a private key for encryption/decryption, information transferred between the both parties may be encrypted/decrypted. When the certification authority is invaded, certification data recorded at the certification authority will also be leaked, so that a great quantity of information flows out and is malignantly used. Also, the encryption/decryption keys obtained by the both parties at the certification authority are fixed, and when the transferred information is skimmed, and cracked through a brute force attack method or cracked through a symmetric key algorithm, the transferred information does not have any confidentiality anymore.

"Also, a conventional information transfer system is provided with an automatic repeat request fault-tolerant mechanism. Namely, when receiving erroneous transferred information, a receiving end sends repeat request information to a sending end, until the receiving end receives correct transferred information. This manner will place a burden on a network, and may also waste lots of time at the same time."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "The present invention provides a symmetric dynamic authentication and key exchange system and a method thereof, and more particularly a symmetric dynamic authentication and key exchange system and a method thereof which can trace back to previous authentication and generate a next identity authentication code in advance.

"The present invention proposes a symmetric dynamic authentication and key exchange system, which comprises a client and a server. The client obtains initial authentication information to generate first one-time temporary authentication information, a conference key and a standby identity identifier. The server is connected to the client through a network after obtaining the initial authentication information at the same time as the client, and obtains the initial authentication information of the client, the conference key, the first one-time temporary authentication information and the standby identity identifier, so as to perform a dynamic authentication program, in which the server compares the initial authentication information of the client with the conference key to confirm an identity of the client, and then updates the initial authentication information of the server according to the first one-time temporary authentication information, the server is enabled to have the first one-time temporary authentication information the same as that of the client, and the server is enabled to generate second one-time temporary authentication information comprising the standby identity identifier according to the first one-time temporary authentication information and the initial authentication information.

"In an embodiment of the present invention, the client further comprises a client storage module, a client key generation module and a client communication module, the client storage module stores an initial identity identifier and an initial key contained in the initial authentication information, the client key generation module generates the first one-time temporary authentication information, the conference key and the standby identity identifier according to the initial identity identifier, and the client communication module transmits the first one-time temporary authentication information, the conference key and the standby identity identifier to the server through the network. The first one-time temporary authentication information is generated by the client key generation module through an authentication mechanism according to the initial authentication information, and the initial identity identifier and the initial key are stored in the client storage module in a temporary storage form.

"In an embodiment of the present invention, the standby identity identifier refers to an identity identifier at a next stage generated in advance by the client in each authentication, and is used as an identity identification basis at the next stage accordingly.

"In an embodiment of the present invention, the server further comprises a server storage module, a server authentication module and a server communication module, the server storage module stores an initial identity identifier and an initial key contained in the initial authentication information, and the server authentication module confirms the identity of the client according to the conference key and the initial authentication information stored in the server storage module, and generates second one-time temporary authentication information according to the first one-time temporary authentication information and the initial authentication information, so as to transmit the second one-time temporary authentication information to the client through the server communication module.

"In an embodiment of the present invention, the system further comprises a service end, in which the service end transmits the initial authentication information to the client and the server at the same time when the client proposes an authentication request.

"The present invention proposes a symmetric dynamic authentication and key exchange method, which comprises the following steps. First, a client and a server are enabled to obtain initial authentication information at the same time, and the client to is enabled generate first one-time temporary authentication information, a conference key and a standby identity identifier according to the initial authentication information. Then the client is enabled to be connected to the server through a network, and therefore the server is enabled to obtain the initial authentication information of the client, the conference key, the first one-time temporary authentication information and the standby identity identifier, so as to compare the initial authentication information of the client with the conference key to confirm the identity of the client, and to update the initial authentication information of the server according to the first one-time temporary authentication information. Finally, the server is enabled to generate second one-time temporary authentication information comprising the standby identity identifier according to the first one-time temporary authentication information and the initial authentication information.

"In an embodiment of the present invention, the method further comprises a step of obtaining initial authentication information, and this step is as follows: first, a communication channel between the server and a service end is established, then an authentication request is proposed to the service end by the client, and finally, the initial authentication information is transmitted to the client and the server at the same time.

BRIEF DESCRIPTION OF THE DRAWINGS

"The present invention will become more fully understood from the detailed description given herein below for illustration only, and thus are not limitative of the present invention, and in which:

"FIG. 1 is a block diagram of a symmetric dynamic authentication and key exchange system of the present invention;

"FIG. 2 is a perspective diagram of a connection relationship between a client and a server in FIG. 1;

"FIG. 3 is a perspective structural diagram of a service end, the client and the server of FIG. 1;

"FIG. 4 is a flow chart of a symmetric dynamic authentication and key exchange method of the present invention; and

"FIG. 5 is a flow chart of a method for obtaining initial authentication information of the present invention."

For additional information on this patent application, see: Fan, Chun-I; HSU, RUEI-HAU; LIN, YI-HUI. Symmetric Dynamic Authentication and Key Exchange System and Method Thereof. Filed June 25, 2013 and posted May 1, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=407&p=9&f=G&l=50&d=PG01&S1=20140424.PD.&OS=PD/20140424&RS=PD/20140424

Keywords for this news article include: Patents, Information Technology, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters