Sign In to Follow Application
View All Documents & Correspondence
View All Documents & Correspondence
A System And Method For Designing Extensible Authentication Protocols Based On Random Sequences For Mobile And Wireless Communications
Abstract: SYSTEM AND METHOD FOR SECURE TRANSACTION OF DATA BETWEEN WIRELESS COMMUNICATION DEVICE AND SERVER The present invention provides a system and method for a set of Extensible Authentication Protocols (EAPs) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost. According to one embodiment of the invention, a system and method generate random sequences (through prime numbers) which can be used in the authentication process of certificateless extensible authentication protocols (EAPs) for mobile and wireless communications. The invention also provides a light weight security with better performance in comparison to the lower layer chip level security provided by 2G, 3G or 4G applications.
Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence
Notices, Deadlines & Correspondence
Patent Information
Application #
Filing Date
04 January 2010
Publication Number
45/2012
Publication Type
INA
Invention Field
COMMUNICATION
Status
Email
Parent Application
Patent Number
Legal Status
Grant Date
2020-03-18
Renewal Date
Applicants
TATA CONSULTANCY SERVICES LIMITED
NIRMAL BUILDING, 9TH FLOOR,
NARIMAN POINT,
MUMBAI 400 021,
MAHARASHTRA,
INDIA.
Inventors
1. VIJAYARANGAN NATARAJAN
TATA CONSULTANCY SERVICES
CORPORATE TECHNOLOGY INNOVATION OFFERINGS
IIND FLOOR, CATHEDRAL ROAD,
CHENNAI-600 086
Specification
FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
SYSTEM AND METHOD FOR SECURE TRANSACTION OF DATA BETWEEN WIRELESS
COMMUNICATION DEVICE AND SERVER
Applicant
TATA Consultancy Services Limited A company Incorporated in India under The Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India
The following specification particularly describes the invention and the manner in which it is to be performed.
FIELD OF THE INVENTION
The present invention relates to the field of mobile and wireless communications. More particularly, the invention relates to a system and method for secure transaction of data between at least one wireless communication device and a server by using lightweight Extensible Authentication Protocols (EAPs) based on the random sequences.
BACKGROUND OF THE INVENTION
In the mobile and wireless communication, Authentication methods are generally used to gain network access. The communication server (either for mobile or wireless) which provides accessibility must have a set of processes and protocols to verify user's identity. There is a need of a standard way for verifying user's logon, monitoring user's network usage and customer billing. Currently there are standards and protocols that can fulfill the above criteria for Authentication, Authorization and Accounting (AAA) purposes. But some of them are not secured and their performance will not meet 3G mobile communication requirements.
However, the current mobile and wireless authentication mechanisms employ the usage of Certificates. The Authorization protocols must support some notion of a "charging certificate". These Certificates being heavy weight in size affect the performance of the Mobile Application. With the conservative standards set by many Institutions chiefly in the mobile banking sector there is a requirement for light weight protocols which help in ensuring optimum performance of mobile applications through wireless media.
Moreover, mobile and wireless devices, like smart phones, PDAs, cellular phones and remote control systems, play an increasingly important role in the digital environment The pervasive use of mobile and -wireless devices brings new security and privacy risks and with the extensive use of mobile devices consumers continuously leave traces of their identities and transactions, sometimes even by just carrying the devices around in their pockets. Since providing true privacy is hard as hiding identity information is irrelevant as long as some other linkable information is associated with the messages, the usage of a light weight protocol will help provide effective solutions to a majority of mobile and wireless applications.
Some of the inventions which deal with providing systems and methods for secure transaction of data between at least one wireless communication device and a server are:
US patent application 20090193247 by Kiester et al teaches that methods and apparatus which provide tunneling one authentication framework over a more widely accepted framework (e.g., EAP). In this manner, pluralities of strong authentication protocols are wirelessly enabled between a supplicant and server that are not otherwise wirelessly enabled. During use, packets are wirelessly transmitted and received between the supplicant and server according to EAP's prescribed message format, including a wireless access point. In a tunnel, various authentication protocols form the payload component of the message format which yields execution capability of more than one protocol, instead of the typical single protocol authentication. Certain tunneled frameworks include NMAS, LDAP/SASL, Open LDAP/SLAPD, or IPSEC. Computer program products, computing systems and various interactions between the supplicant and server are also disclosed.
United States Patent 7626963 by Patel et al teaches that methods and apparatus for dynamically generating a set of Mobile IP keys. The set of Mobile IP keys is dynamically generated using an existing HLR/AuC authentication infrastructure. This is accomplished, in part, by obtaining an International Mobile Subscriber Identity (IMSI) that uniquely identifies a particular Mobile Node. Once a set of Mobile IP keys is generated from authentication information associated with the IMSI, the Mobile Mode may register with its Home Agent using the set of Mobile IP keys.
US patent 7398550 by Zick et a! teaches that Enhanced Secret Shared Provisioning Protocol (ESSPP) which provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.
US Patent 7448068 by Sun et al describes automatic client authentication for a wireless network protected by PEAP, EAP-TLS or other extensible authentication protocols. The user doesn't have to understand the difference between the protocols in order to connect to the network. A default authentication protocol is automatically attempted. If not successful, then the authentication switches over to another authentication method if the network requests it.
Network Working Group, Request for Comments: 3748 {RFC 3748}, Extensible Authentication Protocol (EAP), http://www.ietf.org/rfc/rfc3748.txt by Aboba et al teaches that EAP is authentication framework for wireless networks and point-to-point connections.
Network Working Group, Request for Comments: 4764 {RFC 4764}, the EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method, http://www.rfc-editor.org/rfc/rfc4764.txt by Bersani et al teaches that it provides a protected communication channel when mutual authentication is successful for both parties to communicate over.
Cisco systems developed Lightweight Extensible Authentication protocol (LEAP). It is a proprietary EAP method. There is no native support for LEAP in any Windows operating system but is supported by third party supplicants. The protocol is known to be vulnerable to dictionary attacks. However, Cisco still maintains that LEAP can be secure if sufficiently complex passwords are used. The product details are available at
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod qas0900aecd801764f 1. pdf.
None of the above mentioned prior arts provide a system and method for a lightweight and high speed certificateless extensible authentication protocols (EAPs), which occupy less memory space for storage, for mobile and wireless communications and also provide EAPs which are suitable for wireless communication devices enabled with 2G, 3G or 4G networks.
Thus, in the light of the above mentioned prior art, it is evident that, there is a need to system and method which:
• Solves Confidentiality, Authentication, Authorization and Accounting (CAAA) issues for mobile phones and wireless devices at an affordable cost;
• Provides a certificateless extensible authentication protocols (EAPs) for mobile and wireless communications;
• Provides two way authentication in comparison to the current one way authentication standards; and
• Provides extensible authentication protocols (EAPs) based on the random sequences which are easy to deploy on existing wireless communication devices.
OBJECTIVES OF THE INVENTION
The primary object of the invention is to provide a system and method for a set of Extensible Authentication Protocols (EAPs) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost.
It is another object of the invention to provide a system and method for generating random sequences (through prime numbers) which can be used in the authentication process of extensible authentication protocols (EAPs) for mobile and wireless communications.
It is another object of the invention to provide a system and method for generating random sequences which can avoid replay attacks.
It is another object of the invention to provide a certificateless extensible authentication protocols (EAPs) for mobile and wireless communications.
It is another object of the invention to provide a securely transfer of registry and provision of consumer details over the communication network.
It is another object of the invention to provide a light weight security with better performance in comparison to the lower layer chip level security provided by 2G, 3G or 4G applications.
it is another object of the invention to provide a provision of two way authentication in comparison to the current one way authentication standards.
SUMMARY OF THE INVENTION
Before the present methods, and systems enablement are described, it is to be understood that this invention in not limited to the particular systems, and methodologies described, as there can be multiple possible embodiments of the present invention and which are not expressly illustrated in the present disclosures. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present invention which will be limited only by the appended claims.
The present invention provides a system and method for a set of Extensible Authentication Protocols (EAPs) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost. According to one embodiment of the invention, a system and method generate random sequences (through prime numbers) which can be used in the authentication process of certificateless extensible authentication protocols (EAPs) for mobile and wireless communications.
A method comprising receiving, from a wireless communication device, a connection attempt to access a server; performing an authentication process using lightweight Extensible Authentication
Protocols(EAPs) based on the random sequences to facilitate the wireless communication device prior to being allowed access to the server, wherein the said authentication process comprising the steps of: Sending client hello message by the wireless communication device to initiate the communication to the Server; generating a random number after receiving client hello message by the server and subsequently encrypting a message with the generated random number using hash function through a pre-shared private key of the wireless communication device and sending an encrypted message to the wireless communication device by the server; Decrypting the encrypted message by matching hash function through the pre-shared private key of the wireless communication device and subsequently retrieving the random number by the wireless communication device; generating two new random numbers as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently generating two new sequences from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm by the wireless communication device, encrypting a message with above said generated two sequences by matching hash function through a new session key of the wireless communication device, and sending encrypted message to the Server by the wireless communication device; computing the above said two sequences and the new sequence from the above said two new random numbers and the retrieved- random number using DRSG algorithm, subsequently decrypting the above said two new random numbers using a new computed session key of the wireless communication device, checking the hash value of above said two new sequences and the resultant sequence and validating the protocol by the server, wherein the computed value of the session key is generated from DRSG algorithm; and Sending the response after validating the protocol to the wireless communication device by the server.
The invention also provides a light weight security with better performance in comparison to the lower layer chip level security provided by 2G, 3G or 4G applications..
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing summary, as well as the following detailed description of preferred embodiments, are better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there is shown in the drawings example constructions of the invention; however, the invention is not limited to the specific methods and system disclosed. In the drawings:
Figure 1 illustrates the concept diagram on different types of authentication protocols which are used in mobile and wireless communications according to various embodiments of the invention.
Figure 2 illustrates the pre-shared key mechanism according to one embodiment of the invention.
Figure 3 illustrates the secure transaction of data using EAP Protocol based on Random sequence-1 between server and wireless communication device according to one embodiment of the invention.
Figure 4 illustrates the secure transaction of data using EAP Protocol based on Random sequence-2 between server and wireless communication device according to one embodiment of the invention.
Figure 5 illustrates the secure transaction of data using EAP Protocol based on Random sequence-3 between server and wireless communication device according to one embodiment of the invention.
Figure 6 illustrates the secure transaction of data using EAP Protocol based on Random sequence-4 between server and wireless communication device according to one embodiment of the invention.
Figure 7 illustrates flow diagram with perforrnance by using lightweight EAP Protocols for secure transaction of data between wireless communication device and server.
DETAILED DESCRIPTION OF THE INVENTION
Some embodiments of this invention, illustrating all its features, will now be discussed in detail.
The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.
It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred, systems and methods are now described.
The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.
The " Extensible Authentication Protocol (EAP) is an Internet standard that provides an infrastructure for network access clients and authentication servers (RFC 3748). It has applications in wireless networks and PPP connections. EAP does not specify the authentication mechanism itself but the way it is negotiated by the communicating parties. There are attacks due to no proper authentication protocols in EAP.
Accordingly, the present invention provides a system and method for a set of Extensible Authentication Protocols (EAPs) that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost.
A method comprising receiving, from a wireless communication device, a connection attempt to access a server; performing an authentication process using lightweight Extensible Authentication Protocols(EAPs) based on the random sequences to facilitate the wireless communication device prior to being allowed access to the server, wherein the said authentication process comprising the steps of:
a) Sending client hello message by the wireless communication device to initiate the communication to the Server;
b) generating a random number after receiving client hello message by the server and subsequently encrypting a message with the generated random number using hash function through a pre-shared private key of the wireless communication device and sending an encrypted message to the wireless communication device by the server;
c) Decrypting the encrypted message by matching hash function through the pre-shared private key of the wireless communication device and subsequently retrieving the random number by the wireless communication device;
d) generating two new random numbers as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently generating two new sequences from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm by the wireless communication device, encrypting a message with above said generated two sequences by matching hash function through a new session key of the wireless communication device, and sending encrypted message to the Server by the wireless communication device;
e) computing the above said two sequences and the new sequence from the above said two new random numbers and the retrieved random number using DRSG algorithm, subsequently decrypting the above said two new random numbers using a new
computed session key of the wireless communication device, checking the hash value of above said two new sequences and the resultant sequence and validating the protocol by the server, wherein the computed value of the session key is generated from DRSG algorithm; and f) Sending the response after validating the protocol to the wireless communication device by the server.
Figure 1 illustrates the concept diagram on different types of authentication protocols which are used in mobile and wireless communications according to various embodiments of the invention. The method 100 comprises a pre-shared key mechanism 110, Deterministic Random Sequence Generation (DRSG) algorithm with seeds 120 and Extensible Authentication Protocols (EAPs) based on Random sequences (1/2/3/4) 130. In the first step, the pre-shared key mechanism 110 is as shown in figure 2, the said pre-shared key mechanism takes place between a server 112 and at least one wireless communication device 114. The said server 112 and wireless communication device 114 are communicatively coupled with each other via communication network; the communication network can be selected from the group of Wide area network (WAN), Local Area Network (LAN) or Metropolitan Area Networks (MAN), internet, intranet, etc and the wireless communication device 114 can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks.
According to one exemplary embodiment of the invention, the wireless communication device 114 can be mobile phone. The simple, secure and speedy pre-shared key mechanism/process 110 is as described below:
Before pre-shared key mechanism/process 110, the server 112 initially distributes customer identity (CustJD) and transaction identity (Tr ID) to each wireless communication device 114 whose phone and IMEI numbers are used in the transmission. Wherein
1. P= SHA_384 (CustJD, Phone_no)
2. Q= SHA_384{Tr_ID, IMEI no)
3. R= a 192-bit AES key
4. M= a 192-bit = Mask_value || Node_address || server_address |l Nonce(R)
Initially the server 112 computes and sends computed value {(P XoR Q XoR (R || M)), Nonce(R) XoR Nonce(M)} 116 to a wireless communication device 114 who can use P and Q to get back R.
In next step, the DSRG algorithm/process/method 120 uses seed in the EAPs to generate random number for authentication purpose. It uses forward difference operator/linear operator applied on a collection of random numbers (chosen by system and method of the invention) to generate a random sequence.
In the final step, there are four Extensible Authentication Protocols based on the random sequences 130 described below that will fulfill CAAA issues for mobile and wireless communications. All the above said protocols 130 are based on certificate less concept. The above described method can also be extended to key exchange mechanism between wireless communication device 114 and server 112. Then the server sends different keys to users at every time.
Figure 3 illustrates the secure transaction of data using EAP Protocol based on Random sequence-1 between server and wireless communication device according to one embodiment of the invention. A system 200 comprises a server 212 and a wireless communication device 214 are communicatively coupled with each other via communication network; the communication network can be selected from the group of Wide area network (WAN), Local Area Network (LAN) or Metropolitan Area Networks (MAN), internet, intranet, etc and the wireless communication device 214 can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks. According to one exemplary embodiment of the invention, the wireless communication device 214 can be mobile phone.
A method of communication used in the above said system 200 comprising receiving, from at least one wireless communication device 214, a connection attempt to access a server 212; performing an authentication process using lightweight Extensible Authentication Protocol (EAP) based on the random sequences to facilitate the wireless communication device 214 prior to being allowed access to the server 212, wherein the said authentication process comprising the following steps:
In the first step, the wireless communication device 214 initiating the communication by sending client hello message to the server 212, wherein the client hello message includes a list of encryption algorithms that the wireless communication device 214 is prepared to use and some challenge data to be used to authenticate the server 212. The message contains the following fields:
CLIENT HELLO MESSAGE
Field Length
The message type (client hello) 8 bits
The SSL version number (currently 2) 16 bits
The length of the cipher list 16 bits
The length of the session identifier 16 bits
The length of the challenge data 16 bits
The cipher list variable
The session identifier 16< data < 32 bytes
The challenge data variable
The session identifier is used to match the current request with a previous one, avoiding the need for repeated authenticate and key exchange if two systems have frequent communication. When keys are selected the server 212 will cache these and, if the wireless communication device 214 provides a session identifier in the client hello message the server 212 will search the cache for this session identifier. According to one exemplary embodiment of the invention, the message contains the above mentioned fields as well as additionally 'buffer memory' field having the length of 32 bits. The field and length of the client hello message can be varied based on the requirements.
In the second step, the server 212 generating a random number V after receiving client hello message, according to one exemplary embodiment of the invention, the size of the random number 'r' can be 256-bit and subsequently the server 212 encrypting a message with the generated random number Y (preferably 256-bit random number) using hash function through a pre-shared private key 'k' of the wireless communication device 214 and the server 212 sending the encrypted message {y = Enck (r XoR Hash(TrJD))} to the wireless communication device 214.
In the third step, the wireless communication device 214 decrypting the encrypted message by matching hash function [Hash (TrJD) XoR Deck(y)] through the pre-shared private key 'k' of the wireless communication device 214 and subsequently the wireless communication device 214 retrieving the random number 'r' (preferably 256-bit random number) after receiving the encrypted message from the sever 212.
In the fourth step, the wireless communication device 214 generating two new random numbers t1 and t2 respectively, (according to one exemplary embodiment of the invention, preferably the range 7 bits), as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently the wireless communication device 214 generating two new sequences S1 & S2 from the above said two new random numbers t1 and t2, and the'above said retrieved random number V using DRSG algorithm { DRSG (r, t1 , t2 )}, then the wireless communication device 214 encrypting a message {Encks ( S, t1 , t2 ), Hash(S1 XoR S2 XoR S), Nonce ( S, XoR S2), date, time} with above said generated two sequences S1 & S2 by matching hash function through a new session key "K" of the wireless communication device 214 and then the wireless communication device 214 sending encrypted message {Encks ( S, 11 , t2 ), Hash(S1 XoR S2 XoR S), Nonce ( S1 XoR S2), date, time} to the Server 212.
In the fifth step, the server 212 computing the above said two sequences S1 & S2 and the new sequence S from the above said two new random numbers t1 & t2 and the retrieved random number 'r' using DRSG algorithm {DRSG (r,t1 , t2)} with date and time, subsequently the server 212 decrypting the above said two new random numbers t1 & t2 using a new computed value of session key 'Ks' value, checking the hash value of above said two new sequences S1 & S2 and the resultant sequence S { S1 XoR S2 XoR S } and validating the protocol, wherein the computed value of the session key 'Ks' is generated from DRSG algorithm {DRSG (r,t1 , t2)} and
In the final step, the server 212 sending the response after validating the protocol to the wireless communication device 214. If the response is 'true" then the secure transaction of data process starts between the wireless communication device 214 and the server 212, otherwise, the response is 'false", the communication ends between them.
According to one embodiment of the invention, the wireless communication device 214 computing the above said value of the session key 'Ks" using DRSG algorithm and the value of one of the random number t1 is less than the value of the second random number t2, said DRSG algorithm/process/method comprising the steps of:
In the first step, DSRG process generating 128 distinct random 64-bit numbers which are used as seed values along with the value of the retrieved random number 'r' optionally the personnel information used as seeds, according to one exemplary embodiment of the invention, the wireless communication device can be mobile, then the personnel information can be CustJD, Mobile no, SIM card no, etc.
In the second step, DSRG process applying forward difference operator the value of order (t1 times) of the first random number t1 on a set of seeds and finding a new first sequence S1, In third step, DSRG process repeating the second step for second random number t2 and finding a second new sequence S2.
In the fourth step, DRSG process finding a new resultant 192 bit number {S = sum of first 32 distinct random 40-bit numbers || sum of second 32 distinct random 40-bit numbers [| sum of third 32 distinct random 40-bit numbers || sum of fourth 32 distinct random 40-bit numbers= a 45-bit number I| a 45-bit number j[ a 45-bit number [| a 45-bit number = a 192-bit number}; and in the final step, DSRG process computing a new computed session key 'Ks' { ks = k XoR (S ]\ Tr_ID) = a 192-bit number} using the generated new resultant 192 bit number S and a session key K.
Before initiating the communication in the above said system 200, initially, the server 212 registers the device and IMEI numbers of the wireless communication device 214 and then distributing customer identity and transaction identity (Cust_ID and TrJD) to each wireless communication devices 214 prior to being allowed access to the server 212. According to one exemplary embodiment of the invention, the wireless communication device 214 can be mobile phone, so the server 214 registers mobile and IMEI numbers and distributes customer identity and transaction identity (CustJD and TrJD) to each mobiles 214 prior to being allowed access to the server 212 and subsequently the server 212 sends 192-bit pre-shared encryption key 'k' using AES-CTR or AES-CBC algorithm to the wireless communication device 214 prior to being allowed access to the server 212 and a known Pseudo Random Number Generator (PRNG) which accepts a seed for generating the random numbers.
According to one embodiment of the invention, the hash function is matched, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and replay attacks and according to another embodiment of the invention, the nonce value is added, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and replay attacks. Further, hashing and nonce methods are used to avoid initial Counter Prediction and Time Memory Trade Off attacks.
Advantages of EAP Protocol based on Random sequence-1
1. Reply attack is avoided due to random integers generated by the server
2. It is computationally difficult for an attacker to find the value (S1 XoR S2 XoR S) with the knowledge of t1 and t2 if a client key 'ks' is compromised
3. Client generates ks (a 192-bit key) every time with the help of DRSG process
4. |t is computationally difficult to find the values k and S from the key ks.
5. Using linear operators in this protocol, it is difficult to determine the original sequence having 128 distinct random numbers of each size 40-bits with some personnel information. Therefore, it is difficult for an attacker to tamper the message during transmission. The attacker must settle for a 2-8 chance of success.
6. the proposed protocols are compatible with 2G, 3G or 4G mobile networks.
7. This protocol is lightweight when compared to PKI approach.
i
Figure 4 illustrates the secure transaction of data using EAP Protocol based on Random sequence-2 between server and wireless communication device according to one embodiment of the invention. A system 300 comprises a server 312 and a wireless communication device 314 are communicatively coupled with each other via communication network; the communication network ''can be selected from the group of Wide area network (WAN), Local Area Network (LAN) or Metropolitan Area Networks (MAN), internet, intranet, etc and the wireless communication device 314 can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks. According to one exemplary embodiment of the invention, the wireless communication device 314 can be mobile phone.
A method of communication used in the above said system 300 comprising receiving, from at least on!e wireless communication device 314, a connection attempt to access a server 312; performing an authentication process using lightweight Extensible Authentication Protocol (EAP) based on the random sequences to facilitate the wireless communication device 314 prior to being allowed access to the server 312, wherein the said authentication process comprising the following steps:
In the first step, the wireless communication device 314 initiating the communication by sending client hello message to the server 312, wherein the client hello message includes a list of encryption algorithms that the wireless communication device 314 is prepared to use and some
:l
challenge data to be used to authenticate the server 312. The message contains the following fields:
CLIENT HELLO MESSAGE
Field Length
The message type (client hello) 8 bits
The SSL version number (currently 2) 16 bits
The length of the cipher list 16 bits
The length of the session identifier 16 bits
The length of the challenge data 16 bits
The cipher list variable
The session identifier 165 data s32 bytes
The challenge data variable
The session identifier is used to match the current request with a previous one, avoiding the need for repeated authenticate and key exchange if two systems have frequent communication. When keys are selected the server 312 will cache these and, if the wireless communication device 314 provides a session identifier in the client hello message the server 312 will search the cache for this session identifier. According to one exemplary embodiment of the invention, the message contains the above mentioned fields as well as additionally 'buffer memory' field having the length of 32 bits. The field and length of the client hello message can be varied based on the requirements.
In the second step, the server 312 generating a random number 'r' after receiving client hello message, according to one exemplary embodiment of the invention, the size of the random number V can be 256-bit and subsequently the server 312 encrypting a message with the generated random number Y' (preferably 256-bit random number) using hash function through a pre-shared private key 'k' of the wireless communication device 314 and the server 312 sending the encrypted message {y = Enck {r XoR Hash(Tr_ID))} to the wireless communication device 314.
In the third step, the wireless communication device 314 decrypting the encrypted message by matching hash function [Hash (TrJD) XoR Deck(y)] through the pre-shared private key 'k' of the wireless Communication device 314 and subsequently the wireless communication device 314 retrieving the random number 'r' (preferably 256-bit random number) after receiving the encrypted message from the sever 312;
In the fourth step, (he wireless communication device 314 generating two new random numbers t1 and t2 respectively, (according to one exemplary embodiment of the invention, preferably the range 7 bits), as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently the wireless communication device 314 generating two new sequences S1 & S2 from the above said two new random numbers t1 and t2, and the above said retrieved random number "r" using DRSG algorithm { DRSG (r, t1 , t2 )}, then the wireless communication device
314 while encrypting a message with said two new random numbers t1 & t2 using hash function through a pre-shared key 'k' of the wireless communication device 314, further adding a nonce value for security and then the wireless communication device 314 sending encrypted message {EncK( t1, t2, date, time), Hash( S1 XoR S2), Nonce( S1 XoR S2)} to the Server 312.
In the fifth step, the server 312 decrypting the above said two new random numbers t1 & t2 using the pre-shared key 'k' of the wireless communication device 314, subsequently the server 312 computing a XOR operator of first 384-bit sequence S1 with second 384-bit sequence S2 {S1 XoR S2 }using DSRG algorithm {{DRSG (r.t1 , t2)} and the server 312 validating the protocol and
In the final step, the server 312 sending the response after validating the protocol to the wireless communication device 314. If the response is 'true" then the secure transaction of data process starts between the wireless communication device 314 and the server 312, otherwise, the response is 'false", the communication ends between them.
According to one embodiment of the invention, the wireless communication device 214 generating two new sequences S1 & S2 using DRSG algorithm and the value of above said one random number t1 is tess than the value of the second random number t2 which are generated by wireless communication device, further comprising the steps of:
In the first step, DSRG process generating 128 distinct random 64-bit numbers which are used as seed values along with the value of the retrieved random number 'r', optionally the personnel information used as seeds, according to one exemplary embodiment of the invention, the wireless communication device can be mobile, then the personnel information can be Cust_ID, Mobile no, SIM card no, etc.
In the second step, DSRG process applying forward difference operator the value of order (t1 times) of the first random number t1 on a set of seeds and finding a new first sequence S1, In final step, DSRG process repeating the second step for second random number t2 and finding a second new sequence S2.
Before initiating the communication in the above said system 300, initially, the server 312 registers the device and IMEI numbers of the wireless communication device 314 and then distributing customer identity and transaction identity (CustJD and Tr_ID) to each wireless communication devices 314 prior to being allowed access to the server 312. According to one exemplary embodiment of the invention, the wireless communication device 314 can be mobile phone, so the server 314 registers mobile and IMEI numbers and distributes customer identity
and transaction identity (CustJD and TrJD) to each mobiles 314 prior to being allowed access to the server 312 and subsequently the server 312 sends 192-bit pre-shared encryption key 'k' using AES-CTR algorithm to the wireless communication device 314 prior to being allowed access to the server 312 and a known Pseudo Random Number Generator (PRNG) which accepts a seed for generating the random numbers,
According to one embodiment of the invention, the hash function is matched, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and.replay attacks and according to another embodiment of the invention, the nonce value is added, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and replay attacks. Further, hashing and nonce methods are used to avoid Initial Counter Prediction and Time Memory Trade Off attacks.
Advantages of EAP Protocol based on Random sequence-2
1. Reply attack is avoided due to random integers generated by the server
2. It is computationally difficult for an attacker to find S1 XoR S2 with the knowledge of t1 and t2 if a client key 'k' is compromised.
3. Using linear operators in this protocol, it is difficult to determine the original sequence having 128 distinct random numbers of each size 64-bits with some personnef information. Therefore, it is difficult for an attacker to tamper the message during transmission. The attacker must settle for a 2-8 chance of success.
4. The proposed protocols are compatible with 2G, 3Gor 4G mobile networks.
5. This protocol is lightweight when compared to PKI approach.
Figure 5 illustrates the secure transaction of data using EAP Protocol based on Random sequence-3 between server and wireless communication device according to one embodiment of the invention. A system 400 comprises a server 412 and a wireless communication device 414 are communicatively coupled with each other via communication network; the communication network can be selected from the group of Wide area network (WAN), Local Area Network (LAN) or Metropolitan Area Networks (MAN), internet, intranet, etc and the wireless communication device 414 can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks. According to one exemplary embodiment of the invention, the wireless communication device 414 can be mobile phone.
A method of communication used in the above said system 400 comprising receiving, from at least one wireless communication device 414, a connection attempt to access a server 412;
performing an authentication process using lightweight Extensible Authentication Protocol (EAP) based on the random sequences to facilitate the wireless communication device 414 prior to being allowed access to the server 412, wherein the said authentication process comprising the following steps:
In the first step, the wireless communication device 414 initiating the communication by sending client hello message to the server 412, wherein the client hello message includes a list of encryption algorithms that the wireless communication device 414 is prepared to use and some challenge data to be used to authenticate the server 412. The message contains the following fields:
CLIENT HELLO MESSAGE
Field Length
The message type {client hello) 8 bits
The SSL version number (currently 2) 16 bits
The length of the cipher list 16 bits
The length of the session
identifier 16 bits
The length of the challenge data 16 bits
The cipher list variable bytes
The session identifier 16< data < 32
The challenge data variable
The session identifier is used to match the current request with a previous one, avoiding the need for repeated authenticate and key exchange if two systems have frequent communication. When keys are selected the server 412 will cache these and, if the wireless communication device 414 provides a session identifier in the client hello message the server 412 will search the cache for this session identifier. According to one exemplary embodiment of the invention, the message contains the above mentioned fields as well as additionally 'buffer memory' field having the length of 32 bits. The field and length of the client hello message can be varied based on the requirements.
In the second step, the server 412 generating a random number V after receiving client hello message, according to one exemplary embodiment of the invention, the size of the random number 'r' can be 256-bit and subsequently the server 412 encrypting a message with the generated random number Y (preferably 256-bit random number) using hash function through a
pre-shared private key 'k' of the wireless communication device 414 and the server 412 sending the encrypted message {y = Enck (r XoR Hash(Tr_ID))} to the wireless communication device 414.
In the third step, the wireless communication device 414 decrypting the encrypted message by matching hash function [Hash (TrJD) XoR Deck(y)] through the pre-shared private key 'k' of the wireless communication device 414 and subsequently the wireless communication device 414 retrieving the random number Y (preferably 256-bit random number) after receiving the encrypted message from the sever 412.
In the fourth step, the wireless communication device 414 generating two new random numbers t1 and t2 respectively, {according to one exemplary embodiment of the invention, preferably the range 7 bits), as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently the wireless communication device 414 generating two new sequences S1 & S2 from the above said two new random numbers t1 and t2, and the above said retrieved random number "r" using DRSG algorithm { DRSG (r, t1 , t2 )}, then the wireless communication device 414 computing a new resultant sequence S { S = S1 XoR S2 with Nonce(S)} using a XOR operator of first sequence S1 with second sequence S2 further adding nonce vafue for security, generating a new session key 'k1' (preferably 192-bits) from the generated new resultant sequence S, encrypting a message with the above said two new random numbers t1 & t2 through a pre-shared key 'k' of the wire/ess communication device 414 and Device Name, Network address through generated new session key 'k1, nonce value for security, date, and/or time of the message and then the wireless communication device 414 sending encrypted message {Enck (Client's name |[ Network address [| SIM card no) |[ Enck( t1, t2. date, time) |[ Nonce(S)}to the Server 412.
In the fifth step, the server 412 decryption above said two new random numbers t1 & t2 using pre-shared key 'k' of the wireless communication device 414, subsequently the server 412 computing the new resultant sequence S from the above said two new random numbers t1 & t2, and the above said retrieved random number 'r' using DRSG algorithm {DRSG (r.t1, t2)}, the server 412 finding the new session key 'k1: which helps to decrypt client's personnel information and tehn the server 412 validating the protocol.
In the final step, the server 412 sending the response after validating the protocol to the wireless communication device 414. If the response is 'true" then the secure transaction of data process starts between the wireless communication device 414 and the server 412, otherwise, the response is 'false", the communication ends between them.
According to one embodiment of the invention, the wireless communication device 414 generating two new sequences S1 & S2 using DRSG algorithm and the value of above said one random number t1 is less than the value of the second random number t2, the said DSRG algorithm/process/method comprising the steps of:
In the first step, DSRG process generating 128 distinct random 64-bit numbers which are used as seed values along with the value of the retrieved random number 'r' optionally the personnel information used as seeds, according to one exemplary embodiment of the invention, the wireless communication device can be mobile, then the personnel information can be CustJD, Mobile no, SIM card no, etc.
In the second step, DSRG process applying forward difference operator the value of order (t1 times) of the first random number t1 on a set of seeds and finding a new first sequence S1, In final step, DSRG process repeating the second step for second random number t2 and finding a second new sequence S2.
Before initiating the communication in the above said system 400, initially, the server 412 registers the device and IMEI numbers of the wireless communication device 414 and then distributing customer identity and transaction identity (CustJD and TrJD) to each wireless communication devices 414 prior to being allowed access to the server 412. According to one exemplary embodiment of the invention, the wireless communication device 414 can be mobile phone, so the server 414 registers mobile and IMEl numbers and distributes customer identity and transaction identity (CustJD and TrJD) to each mobiles 414 prior to being allowed access to the server 412 and subsequently the server 412 sends 192-bit pre-shared encryption key 'k' using AES-CTR algorithm to the wireless communication device 414 prior to being allowed access to the server 412 and a known Pseudo Random Number Generator (PRNG) which accepts a seed for generating the random numbers.
According to one embodiment of the invention, the hash function is matched, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and replay attacks and according to another embodiment of the invention, the nonce value is added, in the above mentioned system and method, in order to maintain a secure communication to avoid phishing and replay attacks. Further, hashing and nonce methods are used to avoid initial Counter Prediction and Time Memory Trade Off attacks.
Advantages of EAP Protocol based on Random sequence-3
1. Reply attack is avoided due to random integers generated by the server
2. it is computationally difficult for an attacker to find k1 with the knowledge of t1 and t2 if a client key 'k' is compromised.
3. No hash algorithm is used when client communicates to server.
4. Two cipher texts are transmitted at a cost of one encryption time.
Figure 6 illustrates the secure transaction of data using EAP Protocol based on Random sequence-4 between server and wireless communication device according to one embodiment of the invention. A system 500 comprises a server 512 and a wireless communication device 514 are communicatively coupled with each other via communication network; the communication network can be selected from the group of Wide area network (WAN), Local Area Network (LAN) or Metropolitan Area Networks (MAN), internet, intranet, etc and the wireless communication device 514 can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks. According to one exemplary embodiment of the invention, the wireless communication device 514 can be mobile phone.
A method of communication used in the above said system 500 comprising receiving, from at least one wireless communication device 514, a connection attempt to access a server 512; performing an authentication process using lightweight Extensible Authentication Protocol (EAP) based on the random sequences to facilitate the wireless communication device 514 prior to being allowed access to the server 512, wherein the said authentication process comprising the following steps:
In the first step, the wireless communication device 514 initiating the communication by sending client hello message to the server 512, wherein the client hello message includes a list of encryption algorithms that the wireless communication device 514 is prepared to use and some challenge data to be used to authenticate the server 512. The message contains the following fields:
CLIENT HELLO MESSAGE
Field Length
The message type (client hello) 8 bits
The SSL version number (currently 2) 16 bits
The length of the cipher list 16 bits
The length of the session
identifier 16 bits
The length of the challenge data 16 bits
The cipher list variable . _
The session identifier 16 Clientlnitiate() - request}, in the second step, the server 612 sending hexadecimal sequence as a response after receiving the client hello message from the client 614 {2 —► Hexa decimal sequence(response) }, in the third step, the client 614 sending request message using the EAP protocol to server 612 for initiating secure transaction of data between them {3 —> EAP ProtocolQ-request} and in the fourth step, the server 612 sending the response after validating the protocol to the client 614 {4 —> true/fa!se(response)} and in the final step, If the response is 'true" then the secure transaction of data process starts between the client and the server, otherwise, the response is "false", the communication ends between them.
Test Results;
The invention has been tested in Nokia handset series N79, E75, 5800 and 6210 support EAP Client module. As per the performance, Nokia has done 'EAP flow' and the server checks the authentication response in < 0.5 ms. This is a remarkable performance compared to certificate based transactions where the authentication response from server end takes > 1 sec.
Example 1:
The below table shows the comparison analysis of SSL with EAP Protocols:
1 s- SSL versions EAP Protocols
No
SSL 2.0 unnecessarily weakens the 192 bit keys are used for authentication
authentication keys to 40 bits purpose
2
Mostly suitable for wired applications Suitable to wired and wireless applications
3 SSL produces a weak MAC construction No MAC is used
4 It is noticed that examination of ciphertext lengths can reveal information about URL requests in SSL or SSL-encrypted Web Strong encryption algorithms are used
traffic due to weak encryption algorithms.
5 SSL uses CBC mode. So, Cut-and-paste ; attack is possible. CTR mode avoids this attack
6
SSL includes padding data but not the length of the padding in the MAC input, so an active attacker could manipulate the cleartext padding length field to compromise message No padding is done
integrity.
:The SSL 3.0 handshake protocol contains a No certificate concept is used
design flaw. A server can send short-lived
public key parameters, signed under its long-,
i term certified signing key, in the server key
exchange message. Several key-exchange
algorithms are supported, including
ephemeral RSA and Diffie-Hellman public
keys. Unfortunately, the signature on the
short-lived parameters does not protect the
field which specifies which type of key- l
exchange algorithm is in use.
8
Version rollback attacks are possible Not yet raised.
9 'SSL has a design flaw in the server key No separate key-exchange algorithm is
exchange message. The standard key-used.
exchange algorithms bind the signature on |
J the short-lived cryptographic parameters to
the connection by hashing with server and
client nonces, but due to some oversight,
anonymous key-exchanges do not perform
this binding. Therefore, if one can convince a
server to perform on anonymous key- I
. exchange, then one will be able to spoof the
server in all future sessions that use
anonymous key exchanges.
* i
10 SSL uses timestamp to avoid replay attack, EAP uses scrambled timestamp to avoid
[spoofing and transmission errors. these attacks.
Security details of EAP Protocols of the invention
1) The default session will be canceled if any communication link is lost between client and
server. In this case, the application closes automatically upon connection loss or non
availability in both ends and then one need to restart a new connection. The application removes the generated values of previous session from memory.
2) The default session will be canceled due to power failure in client's mobile. Then there is no communication signal from client side. Hence, the application deletes the generated values of the present session in both ends when the power goes down from a mobile.
3) The default session will be canceled due to communication signal failure in client's mobile. Hence the application deletes the generated values of the present session in both ends.
4) EAP is suitable to 2G, 3G or 4G mobiles which have minimum configurations: GPS(JSR 179)(Optional), GPRS, Security API (JSR 177) and Http connection.
The preceding description has been presented with reference to various embodiments of the invention. Persons skilled in the art and technology to which this invention pertains will appreciate that alterations and changes in the described structures and methods of operation can be practiced without meaningfully departing from the principle, spirit and scope of this invention.
ADVANTAGES OF THE INVENTION
A system and method for a set of Extensible Authentication Protocols (EAPs) based on the Random sequences that can serve Confidentiality, Authentication, Authorization and Accounting (CAAA) issues at an affordable cost in accordance with this invention described above finds a number of applications in Information Security and mobile communication. Some specific areas where the invention can be applied are as follows:
1. Smart phones
2. Personnel Digital Assistant (PDA)
3. Mobile banking
4. Wireless devices
5. Set-Top Box
6. Remote control systems
7. Alarm systems
WE CLAIM
1. A method comprising receiving, from a wireless communication device, a connection attempt to access a server; performing an authentication process using lightweight Extensible Authentication Protocols(EAPs) based on the random sequences to facilitate the wireless communication device prior to being allowed access to the server, wherein the said authentication process comprising the steps of;
a} Sending client hello message by the wireless communication device to initiate the communication to the Server;
b) generating a random number after receiving client hello message by the server and subsequently encrypting a message with the generated ran dom number using hash function through a pre-shared private key of the wireless communication device and sending an encrypted message to the wireless communication device by the server;
c) Decrypting the encrypted message by matching hash function through the pre-shared private key of the wireless communication device and subsequently retrieving the random number by the wireless communication device;
d) generating two new random numbers as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently generating two new sequences from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm by the wireless communication device, encrypting a message with above said generated two sequences by matching hash function through a new session key of the wireless communication device, and sending encrypted message to the Server by the wireless communication device;
e) computing the above said two sequences and the new sequence from the above said two new random numbers and the retrieved random number using DRSG algorithm, subsequently decrypting the above said two new random numbers using a new computed session key of the wireless communication device, checking the hash value of above said two new sequences and the resultant sequence and validating the protocol by the server, wherein the computed value of the session key is generated from DRSG algorithm; and
f) Sending the response after validating the protocol to the wireless communication device by the server.
2. The method of claim 1, wherein value of the session key is computed using DRSG algorithm by the wireless communication device and the value of one random number is less than the value of the second random number, said method comprising the steps of:
a) Generating 128 distinct random 64-bit numbers which are used as seed values along with the value of the retrieved random number, optionally having personnel information used as seeds;
b) Applying forward difference operator the value of order of the first random number on a set of seeds and finding a new first sequence;
c) Repeating step b) for second random number and finding a second new sequence;
d) Finding a new resultant 192 bit number; and
e) Computing a new computed session key using the generated new resultant 192 bit number and a pre-shared encryption key.
3. The method of claim 1, wherein the step (d) further comprising while encrypting a message with said two new random numbers using hash function through a pre-shared key of the wireless communication device, further adding a nonce value for security and step (e) further comprising decrypting the said two new random numbers using the pre-shared key and computing a XOR operator of first 384-bit sequence with second 384-bit sequence using DSRG algorithm and then validating the protocol by the server.
4. The method of claim 1, wherein the step (d) further comprising while computing a new resultant sequence using a XOR operator of first sequence with second sequence further adding nonce value for security, generating a new session key from the generated new resultant sequence, encrypting a message with the above said two new random numbers through a pre-shared key of the wireless communication device and Device Name, Network address through generated new session key, nonce value for security, date, and/or time of the message and step e) further comprising decryption of above said two new random numbers using a pre-shared key of the wireless communication device by the server, computing the new resultant sequence from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm, finding the new session key which helps to decrypt Client's personnel information and then validating the protocol by the server.
5. The method of claim 1, wherein the step (d) further comprising computing a new resultant sequence using a XOR operator of first sequence with second sequence with nonce value for security using DSRG algorithm, computing a new resultant sequence using a XOR operator of first sequence with second sequence further adding nonce value for security using DSRG algorithm, generating a new session key from the generated new resultant sequence, encrypting a message with the above said two new random numbers through the pre-shared key of the wireless communication device and customer ID through generated new session
key, nonce value for security, date, and/or time of the message and step e) further comprising the decryption of the above said two new random numbers using a pre-shared key of the wireless communication device by the server, computing the new resultant sequence from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm, finding the new session key which helps to decrypt Customer ID by matching hash function and then validating the protocol by the server.
6. The method of claim 1, further comprising registering the device number and IMEI numbers of the wireless communication device by the server and distributing customer identity and transaction identity to each wireless communication devices by the server prior to being allowed access to the server.
7. The method of claim 1, further comprising sending 192-bit pre-shared encryption key using AES-CTR or AES-CBC algorithm the wireless communication device by the server prior to being allowed access to the server.
8. The method of claim 1, wherein the wireless communication device can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks.
9. The method of claim 1, wherein the hash function is matched in order to maintain a secure communication to avoid phishing attacks, replay attacks, Initial Counter Prediction attacks or Time Memory Trade Off attacks.
10. The method of claim 1, wherein the nonce value is added in order to maintain a secure communication to avoid phishing attacks, replay attacks, Initial Counter Prediction attacks or Time Memory Trade Off attacks.
11. A system comprising at least one wireless communication device and a server communicatively coupled with each other via communication network, wherein the wireless communication device attempt to access a server via the communication network, prior to being allowed access to the server, the wireless communication device performing an authentication process using lightweight Extensible Authentication Protocols(EAPs) based on the random sequences, the said authentication process comprising the steps of:
a) the wireless communication device initiating the communication by sending client hello message to the server;
b) the server generating a random number after receiving client hello message and subsequently encrypting a message with the generated random number using hash function through a pre-shared private key of the wireless communication device and sending an encrypted message to the wireless communication device;
c) the wireless communication device decrypting the encrypted message by matching hash function through the pre-shared private key of the wireless communication device and subsequently retrieving the random number after receiving the encrypted message from the sever;
d) the wireless communication device generating two new random numbers as catalysts to Deterministic Random Sequence Generation (DRSG) process and subsequently generating two new sequences from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm, subsequently encrypting a message with above said generated two sequences by matching hash function through a new session key of the wireless communication device and then sending encrypted message to the Server;
e) the server computing the above said two sequences and the new sequence from the above said two new random numbers and the retrieved random number using DRSG algorithm, subsequently decrypting the above said two new random numbers using a new computed session key of the wireless communication device, checking the hash value of above said two new sequences and the resultant sequence and validating the protocol, wherein the computed value of the session key is generated from DRSG algorithm; and
f) the server sending the response after validating the protocol to the wireless communication device.
12. The system of claim 11, wherein the wireless communication device computing value of the session key using DRSG algorithm and the value of one random number is less than the value of the second random number, said method comprising the steps of:
a) Generating 128 distinct random 64-bit numbers which are used as seed values along with the value of the retrieved random number, optionally having personnel information used as seeds;
b) Applying forward difference operator the value of order of the first random number on a set of seeds and finding a new first sequence;
c) Repeating step b) for second random number and finding a second new sequence;
d) Finding a new resultant 192 bit number; and
e) Computing a new computed session key using the generated new resultant 192 bit number and a pre-shared encryption key.
13. The system of claim 11, wherein the step (d) further comprising the wireless communication device while encrypting a message with said two new random numbers using hash function through a pre-shared key of the wireless communication device, further adding a nonce value for security and step (e) further comprising the server decrypting the said two new random numbers using the pre-shared key and computing a XOR operator of first 384-bit sequence with second 384-bit sequence using DSRG algorithm and then validating the protocol.
14. The system of claim 11, wherein the step (d) further comprising the wireless communication device while computing a new resultant sequence using a XOR operator of first sequence with second sequence further adding nonce value for security, generating a new session key from the generated new resultant sequence, encrypting a message with the above said two new random numbers through a pre-shared key of the wireless communication device and Device Name, Network address through generated new session key, nonce value for security, date, and/or time of the message and step e) further comprising the server decryption of above said two new random numbers using a pre-shared key of the wireless communication device, computing the new resultant sequence from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm, finding the new session key which helps to decrypt client's personnel information and then validating the protocol.
15. The system of claim 11, wherein the step (d) further comprising the wireless communication device computing a new resultant sequence using a XOR operator of first sequence with second sequence with nonce value for security using DSRG algorithm, computing a new resultant sequence using a XOR operator of first sequence with second sequence further adding nonce value for security using DSRG algorithm, generating a new session key from the generated new resultant sequence, encrypting a message with the above said two new random numbers through the pre-shared key of the wireless communication device and customer ID through generated new session key, nonce value for security, date, and/or time of the message and step e) further comprising the server the decryption of the above said two new random numbers using a pre-shared key of the wireless communication device, computing the new resultant sequence from the above said two new random numbers, and the above said retrieved random number using DRSG algorithm, finding the new session key which helps to decrypt Customer ID by matching hash function and then validating the protocol.
16. The system of claim 11, further comprising the server registers the device number and IMEI numbers of the wireless communication device and then distributing customer identity and transaction identity to each wireless communication devices prior to being allowed access to the server,
17. The system of claim 11, further comprising the server sends 192-bit pre-shared encryption key using AES-CTR or AES-CBC algorithm the wireless communication device prior to being allowed access to the server.
18. The system of claim 11, wherein the wireless communication device can be selected from one of the group of mobile handsets, smart phones, PDAs, cellular phones, or tiny devices and the wireless communication device enabled with 2G, 3G, or 4G networks.
19. The system of claim 11, wherein the hash function is matched in order to maintain a secure communication to avoid phishing attacks, replay attacks, Initial Counter Prediction attacks or Time Memory Trade Off attacks.
20. The system of claim 11, wherein the nonce value is added in order to maintain a secure communication to avoid phishing attacks, replay attacks, Initial Counter Prediction attacks or Time Memory Trade Off attacks.
21. A method and system substantially as herein described with reference to and as illustrated by the accompanying drawings.
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 10-MUM-2010-FORM 3(23-10-2012).pdf | 2012-10-23 |
| 1 | 10-MUM-2010-RELEVANT DOCUMENTS [28-09-2023(online)].pdf | 2023-09-28 |
| 2 | 10-MUM-2010-CORRESPONDENCE(23-10-2012).pdf | 2012-10-23 |
| 2 | 10-MUM-2010-RELEVANT DOCUMENTS [30-09-2022(online)].pdf | 2022-09-30 |
| 3 | Other Document [06-08-2016(online)].pdf_180.pdf | 2016-08-06 |
| 3 | 10-MUM-2010-RELEVANT DOCUMENTS [25-09-2021(online)].pdf | 2021-09-25 |
| 4 | Other Document [06-08-2016(online)].pdf | 2016-08-06 |
| 4 | 10-MUM-2010-IntimationOfGrant18-03-2020.pdf | 2020-03-18 |
| 5 | Form 13 [06-08-2016(online)].pdf | 2016-08-06 |
| 5 | 10-MUM-2010-PatentCertificate18-03-2020.pdf | 2020-03-18 |
| 6 | Other Document [12-08-2016(online)].pdf | 2016-08-12 |
| 6 | 10-MUM-2010-Written submissions and relevant documents (MANDATORY) [23-11-2019(online)].pdf | 2019-11-23 |
| 7 | Examination Report Reply Recieved [12-08-2016(online)].pdf | 2016-08-12 |
| 7 | 10-MUM-2010-FORM-26 [07-11-2019(online)].pdf | 2019-11-07 |
| 8 | Description(Complete) [12-08-2016(online)].pdf | 2016-08-12 |
| 8 | 10-MUM-2010-Correspondence to notify the Controller (Mandatory) [06-11-2019(online)].pdf | 2019-11-06 |
| 9 | 10-MUM-2010-HearingNoticeLetter-(DateOfHearing-08-11-2019).pdf | 2019-10-01 |
| 9 | Correspondence [12-08-2016(online)].pdf | 2016-08-12 |
| 10 | 10-MUM-2010-ABSTRACT(9-7-2010).pdf | 2018-08-10 |
| 10 | Claims [12-08-2016(online)].pdf | 2016-08-12 |
| 11 | 10-mum-2010-abstrct.pdf | 2018-08-10 |
| 11 | Abstract [12-08-2016(online)].pdf | 2016-08-12 |
| 12 | 10-MUM-2010-CLAIMS(9-7-2010).pdf | 2018-08-10 |
| 12 | 10-MUM-2010-FER_SER_REPLY [10-11-2017(online)].pdf | 2017-11-10 |
| 13 | 10-MUM-2010-CORRESPONDENCE(10-1-2011).pdf | 2018-08-10 |
| 13 | 10-MUM-2010-DRAWING [10-11-2017(online)].pdf | 2017-11-10 |
| 14 | 10-MUM-2010-CORRESPONDENCE [10-11-2017(online)].pdf | 2017-11-10 |
| 14 | 10-MUM-2010-CORRESPONDENCE(12-3-2012).pdf | 2018-08-10 |
| 15 | 10-MUM-2010-COMPLETE SPECIFICATION [10-11-2017(online)].pdf | 2017-11-10 |
| 15 | 10-MUM-2010-CORRESPONDENCE(8-2-2010).pdf | 2018-08-10 |
| 16 | 10-MUM-2010-CLAIMS [10-11-2017(online)].pdf | 2017-11-10 |
| 16 | 10-MUM-2010-CORRESPONDENCE(8-8-2011).pdf | 2018-08-10 |
| 17 | 10-MUM-2010-CORRESPONDENCE(9-7-2010).pdf | 2018-08-10 |
| 17 | 10-MUM-2010-ABSTRACT [10-11-2017(online)].pdf | 2017-11-10 |
| 18 | 10-MUM-2010-CORRESPONDENCE(IPO)-(FER)-(18-8-2015).pdf | 2018-08-10 |
| 18 | Response to FER_10-MUM-2010.pdf | 2018-08-10 |
| 19 | 10-mum-2010-correspondence.pdf | 2018-08-10 |
| 19 | Form 3 - Complete.pdf | 2018-08-10 |
| 20 | 10-MUM-2010-DESCRIPTION(COMPLETE)-(9-7-2010).pdf | 2018-08-10 |
| 20 | Final response to be uploaded.pdf | 2018-08-10 |
| 21 | 10-mum-2010-description(provisional).pdf | 2018-08-10 |
| 21 | Complete specification.pdf | 2018-08-10 |
| 22 | 10-MUM-2010-DRAWING(9-7-2010).pdf | 2018-08-10 |
| 22 | Amended claims_Clean Copy.pdf | 2018-08-10 |
| 23 | 10-mum-2010-drawing.pdf | 2018-08-10 |
| 23 | Amended abstract_Clean Copy.pdf | 2018-08-10 |
| 24 | abstract1.jpg | 2018-08-10 |
| 24 | 10-MUM-2010-FORM 1(8-2-2010).pdf | 2018-08-10 |
| 25 | 10-MUM-2010-FORM 1(9-7-2010).pdf | 2018-08-10 |
| 25 | 10-MUM-2010_EXAMREPORT.pdf | 2018-08-10 |
| 26 | 10-mum-2010-form 1.pdf | 2018-08-10 |
| 26 | 10-MUM-2010-FORM 5(9-7-2010).pdf | 2018-08-10 |
| 27 | 10-MUM-2010-FORM 18(9-7-2010).pdf | 2018-08-10 |
| 27 | 10-MUM-2010-FORM 3(9-7-2010).pdf | 2018-08-10 |
| 28 | 10-mum-2010-form 2(9-7-2010).pdf | 2018-08-10 |
| 28 | 10-MUM-2010-FORM 3(8-8-2011).pdf | 2018-08-10 |
| 29 | 10-MUM-2010-FORM 2(TITLE PAGE)-(9-7-2010).pdf | 2018-08-10 |
| 29 | 10-MUM-2010-FORM 3(12-3-2012).pdf | 2018-08-10 |
| 30 | 10-mum-2010-form 2(title page).pdf | 2018-08-10 |
| 30 | 10-MUM-2010-FORM 3(10-1-2011).pdf | 2018-08-10 |
| 31 | 10-mum-2010-form 2.pdf | 2018-08-10 |
| 31 | 10-MUM-2010-FORM 26(8-2-2010).pdf | 2018-08-10 |
| 32 | 10-mum-2010-form 2.pdf | 2018-08-10 |
| 32 | 10-MUM-2010-FORM 26(8-2-2010).pdf | 2018-08-10 |
| 33 | 10-mum-2010-form 2(title page).pdf | 2018-08-10 |
| 33 | 10-MUM-2010-FORM 3(10-1-2011).pdf | 2018-08-10 |
| 34 | 10-MUM-2010-FORM 2(TITLE PAGE)-(9-7-2010).pdf | 2018-08-10 |
| 34 | 10-MUM-2010-FORM 3(12-3-2012).pdf | 2018-08-10 |
| 35 | 10-mum-2010-form 2(9-7-2010).pdf | 2018-08-10 |
| 35 | 10-MUM-2010-FORM 3(8-8-2011).pdf | 2018-08-10 |
| 36 | 10-MUM-2010-FORM 3(9-7-2010).pdf | 2018-08-10 |
| 36 | 10-MUM-2010-FORM 18(9-7-2010).pdf | 2018-08-10 |
| 37 | 10-mum-2010-form 1.pdf | 2018-08-10 |
| 37 | 10-MUM-2010-FORM 5(9-7-2010).pdf | 2018-08-10 |
| 38 | 10-MUM-2010-FORM 1(9-7-2010).pdf | 2018-08-10 |
| 38 | 10-MUM-2010_EXAMREPORT.pdf | 2018-08-10 |
| 39 | 10-MUM-2010-FORM 1(8-2-2010).pdf | 2018-08-10 |
| 39 | abstract1.jpg | 2018-08-10 |
| 40 | 10-mum-2010-drawing.pdf | 2018-08-10 |
| 40 | Amended abstract_Clean Copy.pdf | 2018-08-10 |
| 41 | 10-MUM-2010-DRAWING(9-7-2010).pdf | 2018-08-10 |
| 41 | Amended claims_Clean Copy.pdf | 2018-08-10 |
| 42 | 10-mum-2010-description(provisional).pdf | 2018-08-10 |
| 42 | Complete specification.pdf | 2018-08-10 |
| 43 | 10-MUM-2010-DESCRIPTION(COMPLETE)-(9-7-2010).pdf | 2018-08-10 |
| 43 | Final response to be uploaded.pdf | 2018-08-10 |
| 44 | 10-mum-2010-correspondence.pdf | 2018-08-10 |
| 44 | Form 3 - Complete.pdf | 2018-08-10 |
| 45 | 10-MUM-2010-CORRESPONDENCE(IPO)-(FER)-(18-8-2015).pdf | 2018-08-10 |
| 45 | Response to FER_10-MUM-2010.pdf | 2018-08-10 |
| 46 | 10-MUM-2010-CORRESPONDENCE(9-7-2010).pdf | 2018-08-10 |
| 46 | 10-MUM-2010-ABSTRACT [10-11-2017(online)].pdf | 2017-11-10 |
| 47 | 10-MUM-2010-CLAIMS [10-11-2017(online)].pdf | 2017-11-10 |
| 47 | 10-MUM-2010-CORRESPONDENCE(8-8-2011).pdf | 2018-08-10 |
| 48 | 10-MUM-2010-COMPLETE SPECIFICATION [10-11-2017(online)].pdf | 2017-11-10 |
| 48 | 10-MUM-2010-CORRESPONDENCE(8-2-2010).pdf | 2018-08-10 |
| 49 | 10-MUM-2010-CORRESPONDENCE [10-11-2017(online)].pdf | 2017-11-10 |
| 49 | 10-MUM-2010-CORRESPONDENCE(12-3-2012).pdf | 2018-08-10 |
| 50 | 10-MUM-2010-CORRESPONDENCE(10-1-2011).pdf | 2018-08-10 |
| 50 | 10-MUM-2010-DRAWING [10-11-2017(online)].pdf | 2017-11-10 |
| 51 | 10-MUM-2010-CLAIMS(9-7-2010).pdf | 2018-08-10 |
| 51 | 10-MUM-2010-FER_SER_REPLY [10-11-2017(online)].pdf | 2017-11-10 |
| 52 | 10-mum-2010-abstrct.pdf | 2018-08-10 |
| 52 | Abstract [12-08-2016(online)].pdf | 2016-08-12 |
| 53 | 10-MUM-2010-ABSTRACT(9-7-2010).pdf | 2018-08-10 |
| 53 | Claims [12-08-2016(online)].pdf | 2016-08-12 |
| 54 | 10-MUM-2010-HearingNoticeLetter-(DateOfHearing-08-11-2019).pdf | 2019-10-01 |
| 54 | Correspondence [12-08-2016(online)].pdf | 2016-08-12 |
| 55 | Description(Complete) [12-08-2016(online)].pdf | 2016-08-12 |
| 55 | 10-MUM-2010-Correspondence to notify the Controller (Mandatory) [06-11-2019(online)].pdf | 2019-11-06 |
| 56 | Examination Report Reply Recieved [12-08-2016(online)].pdf | 2016-08-12 |
| 56 | 10-MUM-2010-FORM-26 [07-11-2019(online)].pdf | 2019-11-07 |
| 57 | Other Document [12-08-2016(online)].pdf | 2016-08-12 |
| 57 | 10-MUM-2010-Written submissions and relevant documents (MANDATORY) [23-11-2019(online)].pdf | 2019-11-23 |
| 58 | Form 13 [06-08-2016(online)].pdf | 2016-08-06 |
| 58 | 10-MUM-2010-PatentCertificate18-03-2020.pdf | 2020-03-18 |
| 59 | 10-MUM-2010-IntimationOfGrant18-03-2020.pdf | 2020-03-18 |
| 59 | Other Document [06-08-2016(online)].pdf | 2016-08-06 |
| 60 | 10-MUM-2010-RELEVANT DOCUMENTS [25-09-2021(online)].pdf | 2021-09-25 |
| 60 | Other Document [06-08-2016(online)].pdf_180.pdf | 2016-08-06 |
| 61 | 10-MUM-2010-CORRESPONDENCE(23-10-2012).pdf | 2012-10-23 |
| 61 | 10-MUM-2010-RELEVANT DOCUMENTS [30-09-2022(online)].pdf | 2022-09-30 |
| 62 | 10-MUM-2010-FORM 3(23-10-2012).pdf | 2012-10-23 |
| 62 | 10-MUM-2010-RELEVANT DOCUMENTS [28-09-2023(online)].pdf | 2023-09-28 |