Technique to bootstrap cryptographic keys between devices
First Claim
1. A method for bootstrapping a secure communications channel between devices, comprising:
- generating a key via a first device;
establishing a short range communication channel between the first device and a second device;
sending a copy of the key from the first device to the second device via the short range communication channel to produce a shared key that is shared by both the first and second devices;
establishing a secure communication channel between the first and second devices using an encrypted communication protocol that implements an encryption scheme based on a common encryption key derived from the shared key, said secure communication channel being separate and apart from the short range communication channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique to bootstrap a secure communications channel between devices via a cryptographic key. A key is generated by a first device and a copy of the key is sent to a second device via a short range wireless communication channel so as to provide each device with a shared key. In one embodiment, the short range channel comprises a transponder/transponder reader pair in which the transponder is placed in proximity to the transponder reader to enable communication between the devices. Upon receipt of the shared key, symmetric authenticated key agreement algorithms, one for each device, are executed to cooperatively generate a cryptographic key that is used to provide for a secure communication channel using an encrypted communication protocol based on the cryptographic key. The invention removes the necessity of entering userIDs, passwords, and the like at devices to enable the creation of shared cryptographic keys.
91 Citations
25 Claims
-
1. A method for bootstrapping a secure communications channel between devices, comprising:
-
generating a key via a first device;
establishing a short range communication channel between the first device and a second device;
sending a copy of the key from the first device to the second device via the short range communication channel to produce a shared key that is shared by both the first and second devices;
establishing a secure communication channel between the first and second devices using an encrypted communication protocol that implements an encryption scheme based on a common encryption key derived from the shared key, said secure communication channel being separate and apart from the short range communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for bootstrapping a secure communications channel between devices, comprising:
-
generating a key via a first device;
activating a transponder reader in a second device;
transmitting data corresponding to a copy of the key from a transponder operatively coupled to the first device to the transponder reader;
storing the copy of the key in the second device to produce a shared key that is shared by both the first and second devices;
establishing a secure communication channel between the first and second devices using an encrypted communication protocol that implements an encryption scheme based on a common encryption key derived from the shared key. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A device comprising:
-
a processor;
a transceiver to receive and send data via radio frequency RF signals;
a key generator operatively coupled to the transceiver and the processor;
a communication interface to send and receive data from an external device via a communication link; and
a memory coupled to the processor in which a plurality of machine instructions including an authenticated key agreement algorithm module are stored that when executed by the processor performs the operations of;
invoking the key generator to generate a key;
passing a copy of the key to the transceiver;
enabling the transceiver to send a copy of the key to the external device via a first RF signal to share the key between the device and the external device; and
establishing a secure communication channel with the second device over the communication link that uses a cryptographic key that is generated through execution of the authenticated key agreement algorithm module in cooperative interaction with a symmetrical key agreement algorithm operating on the external device and is based on the key that is shared between the device and the external device. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A device comprising:
-
a processor;
a transceiver to receive and send data via radio frequency (RF) signals;
a communication interface to send data to and receive data from an external device via a communication link; and
a memory coupled to the processor in which a plurality of machine instructions including an authenticated key agreement algorithm module are stored that when executed by the processor performs the operations of;
controlling the transceiver to enable the transceiver to receive a copy of a shared key from the external device via a first RF signal; and
establishing a secure communication channel with the external device over the communication link, wherein the secure communication channel uses a cryptographic key that is generated through execution of the authenticated key agreement algorithm module through cooperative interaction with a symmetrical key agreement algorithm operating on the external device and is based on the shared key. - View Dependent Claims (23, 24, 25)
-
Specification