Localized network authentication and security using tamper-resistant keys
First Claim
1. A method of authenticating computing devices on a communications network comprising the steps of:
- receiving a first challenge from a computing device, wherein said first challenge comprises an encrypted first random number and a unique identifier associated with said computing device;
obtaining a first secret cryptographic key associated with said unique identifier;
generating a second random number;
decrypting said first random number with said first secret cryptographic key;
encrypting said second random number with said first secret cryptographic key; and
transmitting a second challenge to said computing device, wherein said second challenge comprises said encrypted said second random number.
5 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.
-
Citations
28 Claims
-
1. A method of authenticating computing devices on a communications network comprising the steps of:
-
receiving a first challenge from a computing device, wherein said first challenge comprises an encrypted first random number and a unique identifier associated with said computing device;
obtaining a first secret cryptographic key associated with said unique identifier;
generating a second random number;
decrypting said first random number with said first secret cryptographic key;
encrypting said second random number with said first secret cryptographic key; and
transmitting a second challenge to said computing device, wherein said second challenge comprises said encrypted said second random number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A communications system comprising:
-
a number of computing devices, and at least one authentication device, wherein each client device or authentication device includes a unique tamper-resistant physical token comprising a random number generator, a unique secret cryptographic key, and and a unique serial number. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method of authenticating computing devices on a communications network comprising the steps of:
-
receiving a first challenge from a computing device, wherein said first challenge comprises a first random number and a unique identifier associated with said computing device;
obtaining a first secret cryptographic key associated with said unique identifier;
generating a second random number;
encrypting said first random number with said first secret cryptographic key; and
transmitting a second challenge to said computing device, wherein said second challenge comprises said encrypted first random number and said second random number. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification