Systems and methods for authenticating communications in a network medium
First Claim
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
- receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
receiving a communication from said first device over said network medium, authenticating said communication at said second device wherein said second device requires said first device to authenticate to said second device that said first device actually possesses said secret information.
4 Assignments
0 Petitions
Accused Products
Abstract
Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authentication data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-based protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.
56 Citations
20 Claims
-
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
receiving a communication from said first device over said network medium, authenticating said communication at said second device wherein said second device requires said first device to authenticate to said second device that said first device actually possesses said secret information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. A method for securing a communication over a network medium between a group of devices, each of said group of devices associated with its own public authentication information, the method comprising designating a group manager from said group of devices wherein said group of devices includes said group manager and a plurality of other devices, said plurality of other devices comprising a first device and a second device;
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
securing said communication over said network medium;
wherein the improvement comprises;
sending, by said group manager over a location limited communication channel, public authentication information associated with said group manager to said first device and said second device, wherein said public authentication information commits said group manager to possession of group manager secret information, said location limited communication channel being difficult to actively attack without detection;
receiving, by said group manager over said location limited communication channel, public authentication information associated with said first device and public authentication information associated with said second device;
wherein said public authentication information associated with said first device commits said first device to possession of first device secret information and wherein said public authentication information associated with said second device commits said second device to possession of second device secret information, whereby sending and receiving over said location limited communication channel establishes said established trust relationship;
attempting to authenticate, by said group manager each of said plurality of other devices;
the attempting to authenticate by said group manager comprising said group manager requesting said first device to authenticate that said first device actually possesses said first device secret information and said group manager requesting said second device to authenticate that said second device actually possesses said second device secret information; and
attempting to authenticate, by each of said plurality of other devices, said group manager;
the attempting to authenticate by each of said plurality of other devices comprising said first device requesting said group manager to authenticate that said group manager actually possesses said group manager secret information and said second device requesting said group manager to authenticate that said group manager actually possesses said group manager secret information. - View Dependent Claims (9, 10, 11)
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
-
12. A method of authenticating a communication over a network medium among a group of devices including a first device and a second device, the method comprising performing a key exchange protocol between said group of devices, said key exchange protocol being dependent on an established trust relationship between said group of devices, and securing said communication over said network medium, wherein the improvement comprises:
-
sending, by each of said group of devices over a location limited communication channel, public authentication information associated with said each of said group of devices to every other of said group of devices, wherein said public authentication information associated with said each of said group of devices commits said each of said group of devices to possession of secret information corresponding thereto, said location limited communication channel being difficult to actively attack without detection;
receiving, by said each of said group of devices over said location limited communication channel, said public authentication information associated with said each of said group of devices from every other of said group of devices, whereby sending and receiving over said location limited communication channel establishes said established trust relationship; and
attempting to authenticate, by said each of said group of devices, that every other of said group of devices possesses respective secret information thereof. - View Dependent Claims (13)
-
-
14. A system for securing a communication over a network medium, the system comprising:
-
a first device and a second device, wherein the second device receives, over a location limited communication channel public authentication information transmitted by said first device, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information, the second device receives a communication from said first device over said network medium, and the second device authenticates the communication by requiring the first device to authenticate to said second device that said first device actually possesses said secret information. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
transmitting, from said first device, public authentication information over a location limited communication channel, said location limited communication channel being difficult to actively attack without detection, wherein said public authentication information commits said first device to possession of secret information;
transmitting a communication from said first device to said second device over said network medium; and
demonstrating to said second device that said first device actually possesses said secret information.
-
Specification