Methods and apparatus for finding a shared secret without compromising non-shared secrets

US 20040128517A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method of finding a shared secret, comprising:

hashing first information associated with a first entity coupled to a communication channel to form a first hashed secret;

hashing second information associated with a second entity coupled to the communication channel to form a second hashed secret;

sending the first hashed secret to the second entity via the communication channel; and

comparing the first and second hashed secrets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for finding a shared secret without compromising non-shared secrets are disclosed. The methods and apparatus hash first information associated with a first entity coupled to a communication channel to form a first hashed secret and hash second information associated with a second entity coupled to the communication channel to form a second hashed secret. The methods and apparatus send the first hashed secret to the second entity via the communication channel and compare the first and second hashed secrets to find the shared secret.

Citations

68 Claims

1. A method of finding a shared secret, comprising:
- hashing first information associated with a first entity coupled to a communication channel to form a first hashed secret;
  
  hashing second information associated with a second entity coupled to the communication channel to form a second hashed secret;
  
  sending the first hashed secret to the second entity via the communication channel; and
  
  comparing the first and second hashed secrets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A method as defined in claim 1, wherein hashing the first information includes hashing a digital certificate.
  - 3. A method as defined in claim 1, wherein hashing the second information includes hashing a digital certificate.
  - 4. A method as defined in claim 1, including representing the first and second information in a canonical form prior to hashing the first and second information.
  - 5. A method as defined in claim 1, including respectively augmenting the first and second information with first and second random numbers prior to sending the first hashed secret to the second entity via the communication channel.
  - 6. A method as defined in claim 5, wherein augmenting the first and second information with the first and second random numbers includes concatenating the first and second random numbers to form a concatenated random number and appending the concatenated random number to the first and second information to form first and second augmented information.
  - 7. A method as defined in claim 6, including hashing the first and second augmented information to form the first and second hashed secrets.
  - 8. A method as defined in claim 5, including determining if the communication channel is an open channel prior to augmenting the first and second information with the first and second random numbers.
  - 9. A method as defined in claim 1, including encrypting the first hashed secret prior to sending the first hashed secret to the second entity via the communication channel.
  - 10. A method as defined in claim 9, wherein encrypting the first hashed secret includes using a first public key associated with the second entity to encrypt the first hashed secret.
  - 11. A method as defined in claim 1, wherein comparing the first and second hashed secrets includes determining that the first and second hashed secrets match.
  - 12. A method as defined in claim 1, wherein the first information includes a first group of secrets associated with the first entity and the second information includes a second group of secrets associated with the second entity.
  - 13. A method as defined in claim 12, wherein the first group of secrets includes a first group of digital certificates and the second group of secrets includes a second group of digital certificates.
  - 14. A method as defined in claim 13, wherein comparing the first and second hashed secrets includes finding a first digital certificate from the first group of digital certificates that matches a second digital certificate from the second group of digital certificates.
  - 15. A method as defined in claim 1, wherein the first and second entities negotiate to select a unique secret value.
  - 16. A method as defined in claim 15, wherein the first and second entities negotiate using a Diffie-Hellman technique.
  - 17. A method as defined in claim 15, wherein the first and second hashed secrets are uniquely associated with the unique secret value.
  - 18. A method as defined in claim 17, wherein the first and second hashed secrets are keyed hashes based on the unique secret value.

19. A system for finding a shared secret, comprising:
- a first entity coupled to a communication channel, wherein the first entity hashes first information to form a first hashed secret; and
  
  a second entity coupled to the communication channel, wherein the second entity hashes second information to form a second hashed secret, and wherein the first entity is adapted to send the first hashed secret to the second entity via the communication channel and the second entity is adapted to compare the first and second hashed secrets.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. A system as defined in claim 19, wherein first information includes a first group of digital certificates and the second information includes a second group of digital certificates.
  - 21. A system as defined in claim 19, wherein the first and second information is in a canonical form.
  - 22. A system as defined in claim 19, wherein the first and second entities are adapted to augment their first and second information with respective first and second random numbers.
  - 23. A system as defined in claim 19, wherein the first entity is adapted to encrypt the first hashed secrets.
  - 24. A system as defined in claim 19, wherein the first and second entities are adapted to negotiate to select a unique secret value.
  - 25. A system as defined in claim 24, wherein the first and second entities negotiate using a Diffie-Hellman technique.
  - 26. A system as defined in claim 24, wherein the first and second hashed secrets are uniquely associated with the unique secret value.
  - 27. A system as defined in claim 26, wherein the first and second hashed secrets are keyed hashes based on the unique secret value.

28. A machine accessible medium having data stored thereon that, when executed, causes a machine to:
- hash first information associated with a first entity coupled to a communication channel to form a first hashed secret;
  
  receive a second hashed secret at the first entity from the second entity via the communication channel; and
  
  compare the first and second hashed secrets to find a shared secret.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 29. A machine accessible medium as defined in claim 28, wherein the first information comprises a digital certificate.
  - 30. A machine accessible medium as defined in claim 28, wherein the second hashed secret is formed by hashing a digital certificate.
  - 31. A machine accessible medium as defined in claim 28 having data stored thereon that, when executed, causes the machine to augment the first information with a first random number.
  - 32. A machine accessible medium as defined in claim 31 having data stored thereon that, when executed, causes the machine to determine if the communication channel is an open channel prior to augmenting the first information with the first random number.
  - 33. A machine accessible medium as defined in claim 28 having data stored thereon that, when executed, causes the machine to encrypt the first hashed secret prior to sending the first hashed secret to the second entity via the communication channel.
  - 34. A machine accessible medium as defined in claim 28 the first and second hashed secrets match.
  - 35. A machine accessible medium as defined in claim 34, wherein the first hashed secret corresponds to a first digital certificate from a first group of digital certificates and the second hashed secret corresponds to a second digital certificate from a second group of digital certificates.
  - 36. A machine accessible medium as defined in claim 28 having data stored thereon that, when executed, causes the machine to negotiate to select a unique secret value.
  - 37. A machine accessible medium as defined in claim 36, wherein the negotiation is based on a Diffie-Hellman technique.
  - 38. A method as defined in claim 36, wherein the first and second hashed secrets are uniquely associated with the unique secret value.
  - 39. A method as defined in claim 38, wherein the first and second hashed secrets are keyed hashes based on the unique secret value.

40. A system for negotiating a data transfer via a communication channel, comprising:
- a first entity coupled to the communication channel and having first secure information stored therein; and
  
  a second entity coupled to the communication channel and having second secure information stored therein, wherein the first and second entities are programmed to;
  
  hash the first and second secure information to form first and second hashed information;
  
  transmit at least one of the first and second hashed information via the communication channel;
  
  compare the first and second hashed information to find matching secure information; and
  
  initiate the data transfer in response to finding the matching secure information.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 41. A system as defined in claim 40, wherein the first entity is a communication device and the second entity is a server.
  - 42. A system as defined in claim 41, wherein the server includes at least one of an application, data and information, at least one of which the communication device is authorized to download.
  - 43. A system as defined in claim 42, wherein the server includes a plurality of digital signatures corresponding to the plurality of applications.
  - 44. A system as defined in claim 41, wherein the communication device is a mobile communication device and the server is an application server.
  - 45. A system as defined in claim 40, wherein the first and second secure information includes first and second respective groups of digital certificates.
  - 46. A system as defined in claim 45, wherein at least one digital certificate within the first group of digital certificates matches a digital certificate within the second group of digital certificates.
  - 47. A system as defined in claim 40, wherein the communication channel includes a wireless communication link.
  - 48. A system as defined in claim 40, wherein the communication channel includes a packet-switched network.
  - 49. A system as defined in claim 40, wherein the first and second secure information is stored in a canonical form.
  - 50. A system as defined in claim 40, wherein the first and second entities are programmed to augment the first and second secure information with random numbers prior to transmitting the at least one of the first and second hashed information via the communication channel.
  - 51. A system as defined in claim 40, wherein the first and second entities are programmed to encrypt the at least one of the first and second hashed information prior to exchanging the at least one of the first and second hashed information via the communication channel.
  - 52. A system as defined in claim 40, wherein the data transfer includes the downloading at least one of an application, data and information from the second entity to the first entity.

53. A method of sending an application from an application server to a communication device via a communication channel, comprising:
- receiving a first group of hashed secrets from the communication device;
  
  comparing the first group of hashed secrets to a second group of hashed secrets associated with the application server;
  
  identifying a shared secret among the first and second groups of hashed secrets; and
  
  sending an application associated with the shared secret to the communication device via the communication channel.
- View Dependent Claims (54, 55, 56, 57)
- - 54. A method as defined in claim 53, wherein receiving the first group of hashed secrets from the communication device includes receiving hashed digital certificates associated with the communication device.
  - 55. A method as defined in claim 53, wherein identifying the shared secret among the first and second groups of hashed secrets includes identifying a shared digital certificate.
  - 56. A method as defined in claim 53, wherein receiving the first group of hashed secrets includes receiving secrets that have been augmented with a random number.
  - 57. A method as defined in claim 53, wherein receiving the first group of hashed secrets includes receiving encrypted secrets.

58. An application server, comprising:
- secure information stored within the application server;
  
  a communications interface adapted to be coupled to a communication channel; and
  
  a processor unit programmed to cause the application server to;
  
  receive a first group of hashed information from a communication device via the communications interface;
  
  hash at least a portion of the secure information to form a second group of hashed information;
  
  compare the first group of hashed information to the second group of hashed information; and
  
  identify a shared secret among the first and second groups of hashed information.
- View Dependent Claims (59, 60)
- - 59. A system as defined in claim 58, wherein the secure information includes a plurality of digital certificates.
  - 60. A system as defined in claim 58, wherein the communication channel includes a public communication channel.

61. A machine accessible medium having data stored thereon that, when executed, causes a machine to:
- receive a first group of hashed secrets from a communication device;
  
  compare the first group of hashed secrets to a second group of hashed secrets associated with an application server;
  
  identify a shared secret among the first and second groups of hashed secrets; and
  
  send an application associated with the shared secret to the communication device via the communication channel.
- View Dependent Claims (62, 63)
- - 62. A machine accessible medium as defined in claim 61 having data stored thereon that, when executed, causes the machine to receive the first group of hashed secrets from the communication device by receiving hashed digital certificates associated with the communication device.
  - 63. A machine accessible medium as defined in claim 61 having data stored thereon that, when executed, causes the machine to identify the shared secret among the first and second groups of hashed secrets by identifying a shared digital certificate.

64. A communication device, comprising:
- secure information stored within the communication device;
  
  a communications interface adapted to communicate via a communication channel; and
  
  a processor unit programmed to cause the communication device to;
  
  receive a first group of hashed information via the communication channel;
  
  hash at least a portion of the secure information to form a second group of hashed information;
  
  compare the first and second groups of hashed information to identify matching information; and
  
  receive data via the communication channel based on the matching information.
- View Dependent Claims (65, 66)
- - 65. A communication device as defined in claim 64, wherein the secure information includes a digital certificate associated with the communication device.
  - 66. A communication device as defined in claim 64, wherein the communications interface includes a wireless communication interface.

67. A method of finding a shared secret, comprising:
- receiving encoded data via a communication channel;
  
  encoding local data; and
  
  comparing the received encoded data to the encoded local data to find the shared secret.
- View Dependent Claims (68)
- - 68. A method as defined in claim 67, wherein the received encoded data is associated with a first digital certificate and wherein the encoded local data is associated with a second digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wheeler, David M., Drews, Paul C.

Granted Patent

US 7,461,260 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

H04L 2209/80 Wireless

H04L 9/0841 involving Diffie-Hellman or...

Methods and apparatus for finding a shared secret without compromising non-shared secrets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for finding a shared secret without compromising non-shared secrets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links