Administration and utilization of secret fresh random numbers in a

Abstract

In a public key cryptosystem employing the El-Gamal algorithm, secret fresh random numbers are generated at a server and private keys of users, as encrypted with a symmetric algorithm by using individual user identifying keys determined by hashing the users' respective passphrases or biometric information (fingerprint, voiceprint, retina scan, or face scan) are maintained in a store accessible to the server, and the fresh random numbers and encrypted private keys are transmitted to the user equipment when needed via a network which is not secure. In order to prevent an attacker from discovering the random numbers or employing formerly used random numbers in a block replay attack, an interchange in the nature of a challenge response protocol is employed which passes at least one secret fresh random number from the server to the user equipment while also authenticating the user to the server. In this interchange, a first random number to be distributed to the user for use in signing a document and a second random number which is to be used by the user in forming a signature of a hashing together of the first and second random numbers as part of the challenge response protocol, are supplied to the user equipment in encrypted form together with a freshness value, and a signature by the server of a hashing together of the first and second random numbers and the freshness value.