Method for ensuring data transmission security, communication system and communication device

US 20020186846A1
Filed: 06/05/2002
Published: 12/12/2002
Est. Priority Date: 06/08/2001
Status: Active Grant

First Claim

Patent Images

1. A method for ensuring data transmission security between a first and a second communication device in short-range wireless communication in which, to set up a data transmission connection, the communication devices conduct a key exchange stage to exchange at least two keys between the communication devices, and on the basis of said exchanged keys at least one encryption key is derived in the communication devices, wherein at said key exchange stage at least a first and a second check string are formed, said strings being based on the keys derived at least at said key exchange stage, and that the security of the established connection is ensured by comparing the correspondence of said check strings.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for ensuring data transmission security between a first and a second communication device in short-range wireless communication. To set up a secure data transmission connection, the communication devices conduct a key exchange stage to generate at least one shared key between the communication devices. After said key exchange stage at least a first and a second check string is formed, said strings being based at least on a unique short random string and on the keys generated in each communication device at said key exchange stage. Thus, the security of the connection that is set up is ensured by comparing the correspondence of said check strings. The invention also relates to a communication system and a communication device, in which the method will be applied.

79 Citations

View as Search Results

32 Claims

1. A method for ensuring data transmission security between a first and a second communication device in short-range wireless communication in which, to set up a data transmission connection, the communication devices conduct a key exchange stage to exchange at least two keys between the communication devices, and on the basis of said exchanged keys at least one encryption key is derived in the communication devices, wherein at said key exchange stage at least a first and a second check string are formed, said strings being based on the keys derived at least at said key exchange stage, and that the security of the established connection is ensured by comparing the correspondence of said check strings.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 30, 31)
- - 2. The method according to claim 1, wherein the first communication device determines a first encryption key, the second communication device determines a second encryption key, a third encryption key is determined for encryption of information to be transmitted in the data transmission connection, a random check string is also selected, the first communication device generates a first check string on the basis of at least said first encryption key and said random string, and the second communication device generates a second check string on the basis of at least said second encryption key and said random string, and that said first check string and second check string are compared, wherein, if said check strings correspond to each other, the third encryption key generated at said key exchange stage is accepted to be used in the data transmission connection.
  - 3. The method according to claim 2, wherein to conduct the comparison, the first communication device presents at least said first check string and that at least said first check string is input to the second communication device in which the first and the second check strings are compared.
  - 4. The method according to claim 3, wherein said random string is selected in the first communication device and that the random string is transmitted to the second communication device to form a second check string.
  - 5. The method according to claim 4, wherein to transmit said random string to the second communication device the random string is presented in the first communication device, wherein the random string is input in the second communication device.
  - 6. The method according to claim 3, wherein the second communication device indicates the result of the comparison at least in such a situation where the check strings do not correspond to each other.
  - 7. The method according to claim 3, in which a first user uses the first communication device and a second user uses the second communication device, wherein the first user transmits the information presented by the first communication device with a non-electronic method to the second user, wherein the second user inputs the information transmitted by the first user to the second communication device.
  - 8. The method according to claim 3, in which the user uses both the first communication device and the second communication device, wherein the user inputs the information presented by the first communication device to the second communication device.
  - 9. The method according to claim 1, wherein to conduct the comparison, the first communication device presents at least said first check string and the second communication device presents at least said second check string.
  - 10. The method according to claim 9, wherein the result of the comparison is reported to at least one of said first and second communication devices.
  - 11. The method according to claim 10, in which the first user uses the first communication device and the second user uses the second communication device, wherein the first user transmits the information presented by the first communication device with a non-electronic method to the second user, wherein the second user reports the result of the comparison to the second communication device.
  - 12. The method according to claim 10, in which the user uses both the first communication device and the second communication device, wherein the user reports the result of the comparison to the second communication device.
  - 13. The method according to the claim 1, wherein said check strings comprise fewer than 32 characters.
  - 14. The method according to the claim 13, wherein said check strings comprise advantageously 4 to 20 characters, preferably 4 to 10 characters.
  - 15. The method according to claim 2, wherein said random string comprises fewer than 32 characters.
  - 16. The method according to claim 15, wherein said random string comprises advantageously 4 to 20 characters, preferably 4 to 10 characters.
  - 17. The method according to claim 14, wherein said random string is formed of numerals contained in a numeric system known as such.
  - 18. The method according to claim 1, wherein said at least a first and a second check string are formed based on said exchanged keys.
  - 20. The communication system according to claim 19 comprising means for determining a first encryption key in the first communication device, means for determining a second encryption key in the second communication device, means for determining a link encryption key for encryption of information to be transmitted in the data transmission connection, means for selecting a random check string, means for forming a first check string in the first communication device at least on the basis of said first encryption key and said random string, means for forming a second check string in the second communication device at least on the basis of said second encryption key and said random string, and means for comparing said first check string and second check string, wherein, if said check strings correspond to each other, the link encryption key selected at said key exchange stage is arranged to be used in the data transmission connection.
  - 21. The communication system according to claim 20, wherein to conduct the comparison, the first communication device comprises means for presenting at least said first check string and that the second communication device comprises means for inputting at least said first check string and means for comparing the first and the second check strings.
  - 22. The communication system according to claim 21, wherein said random string is selected in the first communication device and that the system comprises means for transmitting the random string to the second communication device to form a second check string.
  - 23. The communication system according to claim 21, wherein the means for transmitting the encryption string to the second communication device comprise means for presenting said random string in the first communication device and means for inputting the random string presented in the first communication device to the second communication device.
  - 24. The communication system according to claim 21, wherein the second communication device comprises means for reporting the result of the comparison at least in such a situation where the check strings did not correspond to each other.
  - 25. The communication system according to claim 19, wherein the first communication device comprises means for presenting at least said first check string, and the second communication device comprises means for presenting at least said second check string.
  - 26. The communication system according to claim 25, wherein at least one of said first and second communication devices comprises means for inputting the result of the comparison.
  - 27. The communication system according to claim 19, wherein said at least a first and a second check string are formed based on said exchanged keys.
  - 30. The communication device according to claim 29 also comprising means for determining an encryption key, means for determining a link encryption key for encryption of information to be transmitted in the data transmission connection, means for selecting a random check string, means for forming at least one check string at least on the basis of said encryption key and said random string, and means for presenting at least said one check string.
  - 31. The communication device according to claim 29, wherein said at least a first and a second check string are formed based on said exchanged keys.

19. A communication system that comprises at least a first and a second communication device, means for setting up a short-range wireless data transmission connection between said first and second communication device, and means for ensuring data transmission security in the data transmission connection, comprising means for conducting a key exchange stage to exchange at least two keys between the communication devices, and means for deriving at least one encryption key on the basis of the exchanged keys in the communication devices, wherein the means for ensuring data transmission security comprise means for forming at least a first and a second check string, said strings being based on the keys exchanged at least at said key exchange stage, and means for comparing the correspondence of said check strings.

28. A communication system that comprises at least a first and a second communication device, means for setting up a short-range wireless data transmission connection between said first and second communication device, and means for ensuring data transmission security in the data transmission connection, comprising means for conducting a key exchange stage to exchange at least two keys between the communication devices, and means for deriving at least one encryption key on the basis of the exchanged keys in the communication devices, wherein the communication system comprises means for determining a first encryption key in the first communication device, means for determining a second encryption key in the second communication device, means for determining a link encryption key for encryption of information to be transmitted in the data transmission connection, means for selecting a random check string, the means for ensuring data transmission security comprise means for forming a first check string in the first communication device at least on the basis of said first encryption key and said random string and means for forming a second check string in the second communication device at least on the basis of said second encryption key and said random string, and the communication system further comprising means for comparing said first check string and said second check string, wherein, if said check strings correspond to each other, the link encryption key selected at said key exchange stage is arranged to be used in the data transmission connection.

29. A communication device that comprises at least means for setting up a short-range wireless data transmission connection between a communication device and another communication device, and means for ensuring data transmission security in the data transmission connection, comprising means for conducting a key exchange stage with another communication device to exchange at least two keys between the communication devices, and means for deriving at least one encryption key on the basis of the exchanged keys, wherein the means for ensuring data transmission security comprise means for forming at least one check string, said string being based at least on the keys exchanged at said key exchange stage, and means for comparing the correspondence of said check strings.

32. A wireless communication device that comprises at least means for setting up a short-range wireless data transmission connection between the wireless communication device and another communication device, and means for ensuring data transmission security in the data transmission connection, comprising means for conducting a key exchange stage with another communication device to exchange at least two keys between said wireless communication device and said another communication device, and means for deriving at least one encryption key on the basis of the exchanged keys, wherein the means for ensuring data transmission security comprise means for forming at least one check string, said string being based at least on the keys exchanged at said key exchange stage, and means for comparing the correspondence of said check strings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Niemi, Valtteri, Nyberg, Kaisa

Granted Patent

US 7,995,760 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/273
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0841   involving Diffie-Hellman or...

H04W 12/50   Secure pairing of devices

H04W 84/18   Self-organising networks, e...

Method for ensuring data transmission security, communication system and communication device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method for ensuring data transmission security, communication system and communication device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links