Method of confirming a secure key exchange
First Claim
1. A method of securely exchanging a symmetric key between first and second components of a system comprising:
- performing a public key exchange to share a symmetric key;
committing, by the first component, to a first value;
securely exchanging a shared secret between the first component and the second component;
disclosing, by the first component, the first value; and
verifying, by the second component, the correctness of the first component'"'"'s commitment.
1 Assignment
0 Petitions
Accused Products
Abstract
A key exchange protocol can be performed between components of a system, such as between a computer program being executed by the processor of a PC (or other computer system) and a peripheral. A peripheral with a user input capability and a very limited display capability, such as a keyboard or a mouse, may be used to confirm a key exchange between the system components in a way that requires the user to enter only small amounts of input data (e.g., keystrokes or mouse clicks). Security between components may be enhanced without having a negative impact on usability of the system. Embodiments of the present invention help to deter “man in the middle” attacks wherein an attacker gains control of a system component situated between certain communicating system components.
117 Citations
12 Claims
-
1. A method of securely exchanging a symmetric key between first and second components of a system comprising:
-
performing a public key exchange to share a symmetric key;
committing, by the first component, to a first value;
securely exchanging a shared secret between the first component and the second component;
disclosing, by the first component, the first value; and
verifying, by the second component, the correctness of the first component'"'"'s commitment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article comprising:
- a machine accessible medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions including performing a public key exchange to share a symmetric key;
committing, by the first component, to a first value;
securely exchanging a shared secret between the first component and the second component;
disclosing, by the first component, the first value; and
verifying, by the second component, the correctness of the first component'"'"'s commitment. - View Dependent Claims (8, 9, 10, 11, 12)
- a machine accessible medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions including performing a public key exchange to share a symmetric key;
Specification