Method and System for Establishing a Secure Communication Channel

摘要

A method and system for establishing a secure communication channel is disclosed. A remotely accessible server updates a used counter value to yield an updated counter value. The used counter value was used to generate a previously used symmetric key for encrypting communications between the server and a mobile handset. The updated counter value is used to generate a symmetric key, which is included in a key transfer message. The key transfer message is asymmetrically encrypted using a handset public key and transmitted to the handset such that it is capable of using a handset private key to decrypt the key transfer message and obtain the symmetric key. Further data received from the handset is decrypted asymmetrically using a server private key and symmetrically using the symmetric key, and further data communicated to the handset is encrypted symmetrically using the symmetric key and asymmetrically using the handset public key.

主权项

1. A method of establishing a secure communication channel between a mobile handset and a remotely accessible server, the method being carried out at the remotely accessible server and comprising the steps of:
deterministically updating a used counter value to yield an updated counter value, the used counter value having been used to generate a previously used symmetric key for encrypting communications between the remotely accessible server and the mobile handset; storing the updated counter value; using the updated counter value to generate a symmetric key; generating a key transfer message including the symmetric key generated using the updated counter value; asymmetrically encrypting the key transfer message using a handset public key associated with the mobile handset; transmitting the key transfer message to the mobile handset such that the mobile handset is capable of using a handset private key corresponding to the handset public key to decrypt the key transfer message and obtain the symmetric key; decrypting further data received from the mobile handset asymmetrically using a server private key associated with the remotely accessible server and symmetrically using the symmetric key; and encrypting further data communicated to the mobile handset symmetrically using the symmetric key and asymmetrically using the handset public key.