Secure spontaneous associations between networkable devices
First Claim
1. A method for communicating a public key of a sender device to a receiver device, the method comprising:
- transmitting a plurality of messages to the receiver device, each message including a first message portion including the public key of the sender device and a message identifier, and a value representing a predetermined transformation of the first message portion;
receiving at least a subset of the plurality of messages at the receiver device;
verifying that each received message fulfils at least one predetermined criterion;
extracting a respective message identifier from each received messages;
transmitting the message identifiers extracted from the received messages to the sender device; and
verifying that each of said transmitted message identifiers that are received at the sender device are message identifiers that were included in a message of the plurality of messages transmitted to the receiver device.
1 Assignment
0 Petitions
Accused Products
Abstract
In a first aspect, the present invention provides a protocol for communications across a securable communication channel between a first device and a second device. The protocol includes the transmission of a plurality of uniquely identifiable messages which each include security-related data, from the first device to the second device. The protocol includes determining whether a subset of messages that are received by the second device comply with at least one predetermined message criterion and are identifiable as having been sent from the first device. In the event that said subset of messages are determined to comply with the predetermined verification criterion (or criteria) and are identifiable as having been sent from the first device, the security-related data is determined to have been successfully communicated to the second device.
47 Citations
37 Claims
-
1. A method for communicating a public key of a sender device to a receiver device, the method comprising:
-
transmitting a plurality of messages to the receiver device, each message including a first message portion including the public key of the sender device and a message identifier, and a value representing a predetermined transformation of the first message portion;
receiving at least a subset of the plurality of messages at the receiver device;
verifying that each received message fulfils at least one predetermined criterion;
extracting a respective message identifier from each received messages;
transmitting the message identifiers extracted from the received messages to the sender device; and
verifying that each of said transmitted message identifiers that are received at the sender device are message identifiers that were included in a message of the plurality of messages transmitted to the receiver device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for communicating a public key of a sender device to a receiver device, the method comprising:
-
transmitting a plurality of messages to the receiver device, each message including a first message portion including the public key of the sender device and a message identifier, and a value representing a predetermined transformation of the first message portion;
receiving from the receiver device a plurality of message;
verifying that each of said received messages includes a message identifier that was sent to the receiver device in a message of the plurality of messages transmitted to the receiver device. - View Dependent Claims (11, 12, 13)
-
-
14. A method for verifying that an association formed between a first device and second device has been secured with a valid session key pair including:
-
transmitting a set of message from the first device to the second device wherein each message includes a unique message identifier and is encrypted with a session key of the first device;
verifying the reception and decryption of at least a subset of the transmitted set of messages by the second device wherein the decryption is performed using a session key of the second device;
verifying the content of the subset of messages received and decrypted by the second device including verifying that a message identifier portion of at least some of the subset of messages received and decrypted by the second device include a message identifiers that were included in a message of the transmitted set of messages. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of verifying that an association formed between a first device and a second device has been secured with a valid session key pair including:
-
transmitting a set of messages from the first device to the second device wherein each message includes a unique message identifier and is encrypted using a session key of the first device;
awaiting confirmation from the second device that it has received and decrypted at least a subset of the set of messages, said confirmation including the transmission of a set of verification messages wherein each message includes a message identifier extracted from the subset of messages received and decrypted by the second device; and
verifying that said set of verification messages is received from the second device and that the set of verification messages includes a plurality of message identifiers that were included in respective messages of the transmitted set of messages. - View Dependent Claims (25)
-
-
26. A method for verifying that a secure association been formed between a first device and a second device by verifying that each device possesses a network address of the other device and a common encryption key is shared by the two devices, said method including:
-
generating a first cipher text by encrypting, using a secret encryption key of the first device, plaintext including the second device'"'"'s network address and a message identifier;
communicating the first cipher text to the second device;
decrypting the received first cipher text at the second device to obtain a decrypted plain text;
verifying that the decrypted plain text includes the network address of the second device, and a message identifier;
communicating the decrypted message identifier to the first device; and
verifying that the decrypted message identifier and the message identifier included in the plaintext are equal;
encrypting, using a secret encryption key of the second device, second plaintext including the first device'"'"'s network address, and a message identifier to generate a second cipher text;
communicating the second cipher text to the first device;
decrypting the received second cipher text at the first device to obtain a decrypted second plain text;
verifying that the decrypted second plaintext includes the network address of the first device, and a message identifier;
communicating the decrypted message identifier to the second device; and
verifying that the decrypted message identifier and the message identifier included in the second plaintext are equal. - View Dependent Claims (27, 28, 29)
-
-
30. A protocol for communications across a securable communication channel between a first device and a second device, the protocol including:
-
transmitting a plurality of uniquely identifiable messages including at least security-related data from the first device to the second device;
determining whether a subset of messages received by the second device comply with at least one predetermined message criterion and are identifiable as having been sent from the first device; and
in the event that said subset of messages are determined comply with said at one or more predetermined verification criterion, and are identifiable as having been sent from the first device, verifying that said security-related data has been communicated to the second device. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
-
Specification