Establishing secure mutual trust using an insecure password
First Claim
1. A method of establishing secure mutual trust comprising:
- acquiring a one-time-password by a first device;
outputting a bit-commit cryptographic encoding of the one-time-password and a certificate of the first device;
receiving a bit-commit cryptographic encoding of the on-time-password and a certificate of a second device;
step-wise revealing the one-time-password and the certificate of the first device; and
step-wise verifying the one-time-password and the certificate of the second device.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device'"'"'s authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
145 Citations
20 Claims
-
1. A method of establishing secure mutual trust comprising:
-
acquiring a one-time-password by a first device;
outputting a bit-commit cryptographic encoding of the one-time-password and a certificate of the first device;
receiving a bit-commit cryptographic encoding of the on-time-password and a certificate of a second device;
step-wise revealing the one-time-password and the certificate of the first device; and
step-wise verifying the one-time-password and the certificate of the second device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable media having instructions that, when executed on one or more processors, perform acts comprising:
-
acquiring a one-time-password;
generating a first set of nonces;
generating a first set of authenticators as a function of the one-time-password, the first set of nonces and a first authentication certificate;
iteratively outputting the first set of authenticators;
iteratively receiving a second set of authenticators;
iteratively outputting each nonce of the first set of nonces and the first authentication certificate;
iteratively receiving each nonce of a second set of nonces and a second authentication certificate;
iteratively calculating a set of validation parameters as a function of the one-time-password, the second set of nonces and the second authentication certificate; and
comparing the set of validation parameters to the received second set of authenticators. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a processor;
memory communicatively coupled to the processor;
a communication port, communicatively coupled to the processor, for receiving and sending communications;
wherein the apparatus is adapted to;
acquire a one-time-password;
decompose the one-time-password into a plurality of password sub-strings;
generate a first set of nonces;
hash each nonce of the first set of nonces with a respective one of the plurality of password sub-strings and a first authentication certificate to generate a first set of authenticators;
output the first set of authenticators; and
step-wise reveal each nonce of the first set of nonces and the first authentication certificates. - View Dependent Claims (17, 18, 19, 20)
-
Specification