Browse Prior Art Database

The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E.I.S.S.-Report 1995/4) (RFC1824)

IP.com Disclosure Number: IPCOM000004082D
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 18 page(s) / 39K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Danisch: AUTHOR

Abstract

This informational RFC describes the basic mechanisms and functions of an identity based system for the secure authenticated exchange of cryptographic keys, the generation of signatures, and the authentic distribution of public keys.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group H. Danisch

Request for Comments: 1824 E.I.S.S./IAKS

Category: Informational August 1995

The Exponential Security System TESS:

An Identity-Based Cryptographic Protocol

for Authenticated Key-Exchange

(E.I.S.S.-Report 1995/4)

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

This informational RFC describes the basic mechanisms and functions

of an identity based system for the secure authenticated exchange of

cryptographic keys, the generation of signatures, and the authentic

distribution of public keys.

Table of Contents

1. Introduction and preliminary remarks . . . . . . . . . . . . . 2

1.1. Definition of terms/Terminology . . . . . . . . . . . . 2

1.2. Required mechanisms . . . . . . . . . . . . . . . . . . 4

2. Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1. SKIA Setup . . . . . . . . . . . . . . . . . . . . . . . 5

2.2. User Setup . . . . . . . . . . . . . . . . . . . . . . . 5

3. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 7

3.1. Zero Knowledge Authentication . . . . . . . . . . . . . 7

3.2. Unilateral Authentication . . . . . . . . . . . . . . . 8

3.3. Mutual Authentication . . . . . . . . . . . . . . . . . 9

3.4. Message Signing . . . . . . . . . . . . . . . . . . . . 10

4. Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.1. Non-Escrowed Key Generation . . . . . . . . . . . . . . 11

4.2. Hardware Protected Key . . . . . . . . . . . . . . . . . 11

4.3. Key Regeneration . . . . . . . . . . . . . . . . . . . . 12

4.4. r ^ r . . . . . . . . . . . . . . . . . . . . . . . . . 13

4.5. Implicit Key Exchange . . . . . . . . . . . . . . . . . 13

4.6. Law Enforcement . . . . . . . . . . . . . . . . . . . . 13

4.7. Usage of other Algebraic Groups . . . . . . . . . . . . 14

4.7.1 DSA subgroup SKIA Setup . . . . . . . . . . . . . 14

4.7.2 Escrowed DSA subgroup User Setup . . . . . . . . 14

4.7.3 Non-Escrowed DSA subgroup User Setup . . . . . . 15

4.7.4 DSA subgroup Authentication . . . . . . . . . . . 15

5. Multiple SKIAs . . . . . . . . . . . . . . . . . . . . . . . . 15

5.1. Unstructured SKIAs . . . . . . . . . . . . . . . . . . . 15

5.2. Hierarchical SKIAs . . . . . . . . . . . . . . . . . . . 16

5.3. Example: A DNS-based public key structure . . . . . . . 18

Security Considerations . . . . . . . . . . . . . . . . . . . . . 19

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Author's Address . . . . ...