Systems and methods for authenticating communications in a network medium
First Claim
Patent Images
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
- receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
receiving a communication from said first device over said network medium, authenticating said communication at said second device wherein said second device requires said first device to authenticate to said second device that said first device actually possesses said secret information.
4 Assignments
0 Petitions
Accused Products
Abstract
Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authentication data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-based protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.
56 Citations
20 Claims
-
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
receiving a communication from said first device over said network medium, authenticating said communication at said second device wherein said second device requires said first device to authenticate to said second device that said first device actually possesses said secret information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. A method for securing a communication over a network medium between a group of devices, each of said group of devices associated with its own public authentication information, the method comprising designating a group manager from said group of devices wherein said group of devices includes said group manager and a plurality of other devices, said plurality of other devices comprising a first device and a second device;
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
securing said communication over said network medium;
wherein the improvement comprises;
sending, by said group manager over a location limited communication channel, public authentication information associated with said group manager to said first device and said second device, wherein said public authentication information commits said group manager to possession of group manager secret information, said location limited communication channel being difficult to actively attack without detection;
receiving, by said group manager over said location limited communication channel, public authentication information associated with said first device and public authentication information associated with said second device;
wherein said public authentication information associated with said first device commits said first device to possession of first device secret information and wherein said public authentication information associated with said second device commits said second device to possession of second device secret information, whereby sending and receiving over said location limited communication channel establishes said established trust relationship;
attempting to authenticate, by said group manager each of said plurality of other devices;
the attempting to authenticate by said group manager comprising said group manager requesting said first device to authenticate that said first device actually possesses said first device secret information and said group manager requesting said second device to authenticate that said second device actually possesses said second device secret information; and
attempting to authenticate, by each of said plurality of other devices, said group manager;
the attempting to authenticate by each of said plurality of other devices comprising said first device requesting said group manager to authenticate that said group manager actually possesses said group manager secret information and said second device requesting said group manager to authenticate that said group manager actually possesses said group manager secret information. - View Dependent Claims (9, 10, 11)
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
-
12. A method of authenticating a communication over a network medium among a group of devices including a first device and a second device, the method comprising performing a key exchange protocol between said group of devices, said key exchange protocol being dependent on an established trust relationship between said group of devices, and securing said communication over said network medium, wherein the improvement comprises:
-
sending, by each of said group of devices over a location limited communication channel, public authentication information associated with said each of said group of devices to every other of said group of devices, wherein said public authentication information associated with said each of said group of devices commits said each of said group of devices to possession of secret information corresponding thereto, said location limited communication channel being difficult to actively attack without detection;
receiving, by said each of said group of devices over said location limited communication channel, said public authentication information associated with said each of said group of devices from every other of said group of devices, whereby sending and receiving over said location limited communication channel establishes said established trust relationship; and
attempting to authenticate, by said each of said group of devices, that every other of said group of devices possesses respective secret information thereof. - View Dependent Claims (13)
-
-
14. A system for securing a communication over a network medium, the system comprising:
-
a first device and a second device, wherein the second device receives, over a location limited communication channel public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information, the second device receives a communication from said first device over said network medium, and the second device authenticates the communication by requiring the first device to authenticate to said second device that said first device actually possesses said secret information. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
transmitting, from said first device, public authentication information over a location limited communication channel, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
transmitting a communication from said first device to said second device over said network medium; and
demonstrating to said second device that said first device actually possesses said secret information.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeXerox Corporation (Xerox Holdings Corp.)
-
InventorsSmetters, Diana, Lopes, Cristina, Balfanz, Dirk, Wong, Hao-Chi, Stewart, Paul
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/168
-
CPC Class CodesG06F 21/43 wireless channelsG06F 21/445 by mutual authentication, e...G06F 2221/2111 Location-sensitive, e.g. ge...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0492 by using a location-limited...H04L 63/065 for group communications cr...H04L 63/18 using different networks or...H04L 67/34 involving the movement of s...H04L 69/16 Implementation or adaptatio...H04L 69/162 involving adaptations of so...H04L 69/168 specially adapted for link ...H04L 69/329 in the application layer [O...H04L 9/0844 with user authentication or...H04W 12/062 Pre-authenticationH04W 12/50 Secure pairing of devicesH04W 84/18 Self-organising networks, e...
