Establishing trust between two devices
First Claim
1. A device comprising:
- a processing system comprising;
one or more processors; and
memory coupled to the one or more processors, the processing system configured to;
maintain a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity;
issue a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions;
receive, from a second device included in the list of devices, a request to connect to the first device;
determine a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and
send, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device using the MAC address without the MAC address being broadcast.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.
-
Citations
20 Claims
-
1. A device comprising:
a processing system comprising; one or more processors; and memory coupled to the one or more processors, the processing system configured to; maintain a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity; issue a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions; receive, from a second device included in the list of devices, a request to connect to the first device; determine a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and send, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device using the MAC address without the MAC address being broadcast. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method comprising:
-
maintaining a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity; issuing a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions; receiving, from a second device included in the list of devices, a request to connect to the first device; determining a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and sending, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device via the MAC address without the MAC address being broadcast. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer storage media comprising instructions that, when executed by one or more processors, cause a device to perform operations comprising:
-
maintaining a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are registered for automatic pairing by the entity; issuing a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions; receiving, from a second device included in the list of devices, a request to connect to the first device; determining a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and sending, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device via the MAC address without the MAC address being broadcast. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification