Session protocol for backward security between paired devices
First Claim
1. A non-transitory machine readable medium storing a program which when executed by a set of processing units of a first device establishes a secured session with a second device, the program comprising sets of instructions for:
- establishing a communication session between the first and second devices using first and second shared keys stored at the first and second devices, respectively, the establishing comprising applying a one-way function to the first shared key to update the first shared key to match the second shared key when a local value corresponding to the first shared key differs from a received remote value corresponding to the second shared key;
exchanging encrypted data between the first and second devices as a part of the communication session;
upon completion of the communication session, deriving, using the one-way function, a modified first shared key from the first shared key at the first device, wherein a modified second shared key is derived from the second shared key at the second device using the one-way function; and
storing the modified first shared key at the first device, wherein the encrypted data of the completed communication session and previous communication sessions are undecryptable using the first shared key.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.
-
Citations
33 Claims
-
1. A non-transitory machine readable medium storing a program which when executed by a set of processing units of a first device establishes a secured session with a second device, the program comprising sets of instructions for:
-
establishing a communication session between the first and second devices using first and second shared keys stored at the first and second devices, respectively, the establishing comprising applying a one-way function to the first shared key to update the first shared key to match the second shared key when a local value corresponding to the first shared key differs from a received remote value corresponding to the second shared key; exchanging encrypted data between the first and second devices as a part of the communication session; upon completion of the communication session, deriving, using the one-way function, a modified first shared key from the first shared key at the first device, wherein a modified second shared key is derived from the second shared key at the second device using the one-way function; and storing the modified first shared key at the first device, wherein the encrypted data of the completed communication session and previous communication sessions are undecryptable using the first shared key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of a first device for establishing a secured session with a second device, the method comprising:
-
establishing a communication session between the first and second devices using first and second shared keys stored at the first and second devices, the establishing comprising applying a one-way function to the first shared key to update the first shared key to match the second shared key when a local value corresponding to the first shared key differs from a received remote value corresponding to the second shared key; exchanging encrypted data between the first and second devices as a part of the communication session; upon completion of the communication session, modifying, using the one-way function, the shared key at the first device, wherein the shared key is modified at the second device using the one-way function independent of the first device; and storing the modified shared key at the first device, wherein the modified shared key cannot be used to decrypt any portion of the encrypted data of the completed communication session and previous communication sessions. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A device comprising:
-
a memory; and at least one processor configured to; establish a communication session between first and second devices using first and second shared keys stored at the first and second devices, the establishing comprising applying a one-way function to the first shared key to update the first shared key to match the second shared key when a local value corresponding to the first shared key differs from a received remote value corresponding to the second shared key; exchanging encrypted data between the first and second devices as a part of the communication session; upon completion of the communication session, modify, using the one-way function, the shared key at the first device, wherein the shared key is modified at the second device using the one-way function; and store the modified shared key at the first device, wherein the modified shared key cannot be used to decrypt any portion of the encrypted data of the completed communication session and previous communication sessions. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification