Authentication and encryption methods using shared secret randomness in a joint channel

US 20070036353A1
Filed: 05/31/2006
Published: 02/15/2007
Est. Priority Date: 05/31/2005
Status: Abandoned Application

First Claim

Patent Images

1. A wireless communication system for securing wireless communications, the system comprising:

a wireless transmit/receive unit (WTRU);

a first access point (AP) for transmitting a first portion of a bit stream to the WTRU; and

a second AP for transmitting a second portion of the bit stream to the WTRU, wherein the WTRU is located in an area where a transmission pattern radiated from each of the first and second APs intersect, and the WTRU reassembles the first and second portions into the bit stream.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to secret key generation and authentication methods that are based on joint randomness not shared by others (JRNSO), in which unique channel response between two communication terminals generates a secret key. Multiple network access points use a unique physical location of a receiving station to increase user data security. High data rate communication data is encrypted by generating a random key and a pseudo-random bit stream. A configurable interleaving is achieved by introduction of JRNSO bits to an encoder used for error-correction codes. Databases of user data are also protected by JRNSO-based key mechanisms. Additional random qualities are induced on the joint channel using MIMO eigen-beamforming, antenna array deflection, polarization selection, pattern deformation, and path selection by beamforming or time correlation. Gesturing induces randomness according to uniquely random patterns of a human user'"'"'s arm movements inflected to the user device.

260 Citations

89 Claims

1. A wireless communication system for securing wireless communications, the system comprising:
- a wireless transmit/receive unit (WTRU);
  
  a first access point (AP) for transmitting a first portion of a bit stream to the WTRU; and
  
  a second AP for transmitting a second portion of the bit stream to the WTRU, wherein the WTRU is located in an area where a transmission pattern radiated from each of the first and second APs intersect, and the WTRU reassembles the first and second portions into the bit stream.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein it is not possible to receive both of the portions of the bit stream at a location outside of the area where transmission patterns of the first and second APs intersect.
  - 3. The system of claim 1 wherein the first portion of the bit stream is incorporated in a first packet data unit (PDU), the second portion of the bit stream is incorporated in a second PDU and the WTRU reassembles the first and second PDUs into a service data unit (SDU).
  - 4. The system of claim 1 wherein the WTRU reports the location of the WTRU to each of the APs and the APs transmit a sequence of messages at varying effective coding rates which request a positive acknowledgement (ACK) or a negative acknowledgement (NACK) from the WTRU, such that the APs can determine whether the location of the WTRU is correct.
  - 5. The system of claim 4 wherein the APs determine whether the WTRU can decode transmissions sent by the APs.
  - 6. The system of claim 4 wherein the APs verify the authenticity of the WTRU by sending a challenge question via a plurality of packet data units (PDUs) to the WTRU such that the challenge question would be decipherable by the WTRU and answered by the WTRU only if the WTRU is located at the location reported by the WTRU.

7. A wireless communication system for securing wireless communications, the system comprising:
- a wireless transmit/receive unit (WTRU);
  
  a first access point (AP) for transmitting a first packet data unit (PDU) to the WTRU; and
  
  a second AP for transmitting a second PDU to the WTRU, wherein the WTRU is located in an area where a transmission pattern radiated from each of the first and second APs intersect, and the WTRU performs a function on the first and second PDUs to derive a service data unit (SDU).
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7 wherein it is not possible to receive both of the first and second PDUs at a location outside of the area where transmission patterns of the first and second APs intersect.
  - 9. The system of claim 7 wherein the function is an exclusive-or (XOR) function.
  - 10. The system of claim 7 wherein the WTRU reports the location of the WTRU to each of the APs and the APs transmit a sequence of messages at varying effective coding rates which request a positive acknowledgement (ACK) or a negative acknowledgement (NACK) from the WTRU, such that the APs can determine whether the location of the WTRU is correct.
  - 11. The system of claim 10 wherein the APs determine whether the WTRU can decode transmissions sent by the APs.
  - 12. The system of claim 10 wherein the APs verify the authenticity of the WTRU by sending a challenge question via a plurality of packet data units (PDUs) to the WTRU such that the challenge question would be decipherable by the WTRU and answered by the WTRU only if the WTRU is located at the location reported by the WTRU.

13. A method for encryption of a high data rate communication data stream, comprising:
- generating a truly random key using a channel impulse response of a joint channel;
  
  generating a pseudo random bit stream of equal bit rate as the data stream, the pseudo random bit stream generated using a pseudo-random function; and
  
  applying the pseudo random bit stream to the data stream using a bit-wise XOR function.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, in which the truly random key generator is a JRNSO bit generator.
  - 15. The method of claim 13 in which the pseudo-random function is a cipher.
  - 16. The method of claim 15, wherein the cipher is an advanced encryption standard (AES) block cipher.
  - 17. The method of claim 16, further comprising:
    - ciphering a non-trivially repeating nonce using a strong key; and
      
      changing the strong key every time a new one is available.
  - 18. The method of claim 17 wherein the strong key is a joint randomness not shared by others (JRNSO) shared bit string.
  - 19. The method as in claim 13, further comprising:
    - generating an MK nonce, where M blocks of pseudo-random bits are combined with a block of K bits of truly random data, the K bits used as a starting key for M iterations.
  - 20. The method as in claim 13, wherein the communication is a CDMA signal that uses the pseudo-random bit stream produced by the pseudo-random function as its scrambling code.

21. A method for encoding a communication data stream, comprising:
- selecting an interleaving function from among a set of interleaving functions according to a joint randomness not shared by others (JRNSO) shared string of bits; and
  
  encoding the communication data stream using the interleaving function.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, in which the interleaving function is changed when a new string with a sufficient number of JRNSO bits is available.
  - 23. The method of claim 21, in which a first party and a second party communicate, and both parties generate truly random bits synchronously.
  - 24. The method of claim 21, in which publicly known pseudo-random bits are generated, further comprising:
    - combining the publicly generated pseudo-random bits with a set of the JRNSO bits when a sufficient number of JRNSO bits are available; and
      
      selecting a new candidate interleaver based on the combining of pseudo random bits and the JRNSO bits.

25. A method for encoding a communication data stream, comprising:
- generating truly random bits using a JRNSO procedure;
  
  using a maximum length shift register (MLSR) sequence generator with n-bit states to generate non-zero elements for a given Galois Field GS(2ⁿ);
  
  defining an interleaving function by a mapping from a predefined indexing of the non-zero Galois Field elements to the order in which they are generated; and
  
  encoding the communication data stream using the interleaving function.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein the starting phase of the MLSR sequence generator is determined by the truly random bits.
  - 27. The WTRU of claim 26 wherein selection of a new interleaver function is started once enough truly random bits are available to seed the MLSR sequence generator.
  - 28. The method as in claim 25, further comprising modulating in which the encoding of the communication data stream is applied prior to modulation for transmission.

29. A wireless transmit/receive unit (WTRU) configured for encryption of a high data rate communication data stream, comprising:
- a truly secret key generator configured to generate a truly random key using a channel impulse response of a joint channel;
  
  a pseudo-random function processor configured to generate a pseudo random bit stream of equal bit rate as the data stream, the pseudo random bit stream generated according to a pseudo-random function; and
  
  a one time pad unit configured to apply the pseudo random bit stream to the data stream using a bit-wise XOR function.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The WTRU of claim 29, in which the truly random key generator is a JRNSO bit generator.
  - 31. The WTRU of claim 29 in which the pseudo-random function is a cipher.
  - 32. The WTRU of claim 31, wherein the cipher is an advanced encryption standard (AES) block cipher.
  - 33. The WTRU of claim 32, in which a non-trivially repeating nonce is ciphered using the strong key and the strong key is changed every time a new one is available.
  - 34. The WTRU of claim 33 wherein the strong key is a joint randomness not shared by others (JRNSO) shared bit string.
  - 35. The WTRU as in claim 29, wherein an MK nonce is generated, where M blocks of pseudo-random bits are combined with a block of K bits of truly random data, and the K bits are used as a starting key for M iterations.
  - 36. The WTRU as in claim 29, wherein the communication is a CDMA signal that uses the random bit stream produced by the pseudo-random function as its scrambling code.

37. A WTRU configured for encoding a communication data stream, comprising:
- a processor configured to select an interleaving function from among a set of interleaving functions according to a joint randomness not shared by others (JRNSO) shared string of bits and to encode the communication data stream using the interleaving function.
- View Dependent Claims (38, 39, 40)
- - 38. The WTRU of claim 37, in which the interleaving function is changed when a new string with a sufficient number of JRNSO bits is available.
  - 39. The WTRU of claim 37, in which a first party and a second party communicate, and both parties generate random bits synchronously.
  - 40. The WTRU of claim 37, in which publicly known pseudo-random bits are generated, wherein the processor is further configured to combine the publicly generated pseudo-random bits with a set of the JRNSO bits when a sufficient number of JRNSO bits are available;
    - and select a new candidate interleaver based on the combining of pseudo random bits and the JRNSO bits.

41. A WTRU for encoding a communication data stream, comprising:
- a JRNSO generator configured to generate truly random bits using a JRNSO procedure;
  
  a maximum length shift register (MLSR) sequence generator with n-bit states configured to generate non-zero elements for a given Galois Field GS(2ⁿ);
  
  an interleaving processor configured to define an interleaving function by a mapping from a predefined indexing of the non-zero Galois Field elements to the order in which they are generated to encode the communication data stream using the interleaving function.
- View Dependent Claims (42, 43, 44)
- - 42. The WTRU of claim 41, wherein the starting phase of the MLSR sequence generator is determined by the truly random bits.
  - 43. The WTRU of claim 42 wherein selection of a new interleaver function is started once enough truly random bits are available to seed the MLSR sequence generator.
  - 44. The WTRU as in claim 42, further comprising an encoder configured to perform encoding of the communication data stream prior to RF modulation for transmission.

45. A method for amplifying channel randomness for enhancement of a message encryption, comprising:
- employing a symmetric block cipher in which one secret key is used to both encrypt and decrypt the message; and
  
  applying a joint randomness not shared by others (JRNSO) shared bit string for a secret key update on a block of plaintext data input using a bitwise XOR operation.
- View Dependent Claims (46, 47)
- - 46. The method according to claim 45 in which the symmetric block cipher is in accordance with an advanced encryption standard (AES).
  - 47. The method according to claim 45 in which the secret key update occurs each time a new string of bits equal in size to the length of the secret key is available for encryption.

48. A method for amplifying channel randomness for enhancement of a message encryption, comprising:
- applying a public key cryptosystem encryption according to a key having public and private elements; and
  
  applying available JRNSO secret bit strings to encrypt the public elements using an XOR operation.
- View Dependent Claims (49, 50, 51)
- - 49. The method according to claim 48, in which the public key cryptosystem encryption is according to an RSA approach.
  - 50. The method according to claim 48, in which encryption is according to the following equation:
    - y=e_K(x)=x^bmod n and decryption is according to the following equation;
      
      x=d_K(y)=y^amod n , where x is plaintext and y is ciphertext, the key K={n,p,q,a,b}, where n=pq , n and b are public and a, p and q are private.
  - 51. The method according to claim 49, in which p and q are prime numbers and a and b satisfy the following invertibility condition:
    - ab=1 mod(p−
      
      1)(q−
      
      1).

52. A method for authenticating a first party to a second party, comprising the steps of:
- sharing a JRNSO secret bit sequence between the first party and the second party;
  
  computing a value of a first function by the first party using a portion of the secret bit sequence and a secret underlying value;
  
  exchanging the value of the first function between the first party and the second party;
  
  computing a value of a second function by the second party using the portion of the secret bit sequence and the value of the first function; and
  
  computing a value of a third function by the second party using the value of the second function, whereby the third function is used to verify the secret underlying value.
- View Dependent Claims (53, 54, 55)
- - 53. The method according to claim 52, wherein the entire secret bit sequence is used in computing the value of the first function and the value of the second function.
  - 54. The method of claim 52, wherein the first party is a first node in a wireless communication network and the second party is a second node in the wireless communication network, whereby the identity of the first node is verified as the secret underlying value.
  - 55. The method according to claim 54, wherein all packets sent from the first node to the network are blocked by the second node until the first node is verified.

56. In a database system that includes a management system and an implementation of a JRNSO mechanism whereby random information is extracted from a layered communication system, a method for secure protection of database stream information, comprising:
- generating a secret key from a joint channel characteristics by the JRNSO mechanism;
  
  supplying every with the secret key generated between a remote client and a server; and
  
  extracting the secret key by the database management system.
- View Dependent Claims (57)
- - 57. The method of claim 56, further comprising using the secret key to encrypt the data returned from the database and transmitting the encrypted data by the database server to the remote user.

58. In a database system that includes a database management system (DBMS) and an implementation of a JRNSO mechanism whereby random information is extracted from an Operating System and used to establish and continuously update the keying mechanism applied, a method for database information secure protection, comprising:
- locally accessing the database server by an application;
  
  using a random electrical characteristic associated with an internal communication bus to generate a JRNSO secret key between the application and database;
  
  using the secret key to authenticate the application and grant it access to the database server.
- View Dependent Claims (59, 60, 61)
- - 59. The method of claim 58, further comprising the application supplying the secret key, protected with public certificates to authenticate itself.
  - 60. The method of claim 59, further comprising the DBMS using the secret key as a secure token and verifying with the version of the key available to itself.
  - 61. The method of claim 60, further comprising the DBMS encrypting the data to be returned with the secret key to the requesting application.

62. In a sensor network that exchanges streaming data between network nodes, a method for protection of the streaming data comprising:
- every node sending data continuously to a central server;
  
  extracting random information from the user data;
  
  generating a JRNSO secret key based on the random information; and
  
  encrypting the transmitted data from each node using the secret key.
- View Dependent Claims (63)
- - 63. The method of claim 62, wherein the random information includes one or more of the following characteristics:
    - user location, an electrical characteristic, a physical characteristic, battery life, and signal strength.

64. In a wireless communication system of at least two MIMO stations, a method for creating subchannels using eigen-decomposition for increased randomization of a wireless channel between the stations, comprising:
- using singular value decomposition (SVD) of a channel matrix H, where H represents the channel taps of antenna elements of the MIMO channel, as a function of unitary eigenvectors U, V, and a diagonal matrix of real values;
  
  decomposing the wireless channel into eigen-modes, each eigen-mode represented by a corresponding eigen-value;
  
  observing for each eigen mode, a distribution of eigen-values across channel frequency with respect to SNR and frequency dispersiveness; and
  
  selecting a dominant eigen-mode having highest SNR for data communication and one or more weaker eigen-modes having highest variability in frequency dispersion for increased generation of randomness for a JRSNO secret key.
- View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 65. The method according to claim 64, wherein a transmitting MIMO station uses eigenvector V for eigen-beamforming, where V is a right unitary matrix containing right singular vectors of H;
    - and wherein a receiving MIMO station uses eigenvector U for eigen-beamforming, where U is a left unitary matrix containing left singular vectors of H.
  - 66. A method as in claim 64, in which the smallest eigen-mode has a Rayleigh fading statistic, while stronger modes have respectively narrower distributions.
  - 67. A method as in claim 64, wherein the antennas are adaptive, further comprising:
    - steering an antenna beam so that the transmitted signal reflects to create the highest possible random variation into the channel.
  - 68. The method of claim 67, wherein the antennas are pointed toward the ground to create reflections off the ground.
  - 69. The method according to claim 68, further comprising:
    - selecting an antenna beam according to a trade off between the random variation and data throughput.
  - 70. The method according to claim 68, further comprising:
    - using separate sets of antenna beams for random variation and data throughput, such that a first set of antenna beams is configured to optimize random variation and a second set of antenna beams is configured to optimize data throughput, where each set comprises one or more antenna beams.
  - 71. The method according to claim 70, wherein a SISO station communicates with one of the MIMO stations, further comprising:
    - using a plurality of pilot signals on either set of antenna beams such that the first set and the second set of antenna beams can be distinguished when received by the SISO station.
  - 72. The method according to claim 71, wherein the pilot signals are selectively pre-delayed.
  - 73. The method according to claim 71, wherein the pilot signals use different sequences such that different pilot sequences are used on different antenna beams.

74. A method for enhancing randomness in a joint channel between a first transceiver and a second transceiver such that a secret key for encryption of a communication between the first and the second transceivers can be generated, comprising:
- altering the path of the communication channel at either or both of the first and the second transceiver such that a channel impulse response (CIR) is affected;
  
  generating a random set of bits based on the CIR to form a JRNSO based secret key, whereby the secret key bits are independently generated at each of the transceivers; and
  
  encrypting the communication between the first and the second transceivers using the secret key.
- View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83)
- - 75. The method of claim 74, in which the altering is achieved by deflection of an antenna array such that a choke impedance on an antenna ground plane is selectively changed, thereby changing antenna beam elevation angles.
  - 76. The method of claim 75, wherein the deflection of the antenna beam is toward the ground.
  - 77. The method of claim 74, in which the altering is with respect to selection of polarization path dominance.
  - 78. The method of claim 74, in which the altering is with respect to changing array element coupling to the RF medium.
  - 79. The method of claim 78, in which the antenna element loading is changed to affect transmit pattern deformation in two or three dimensions, thereby affecting the CIR measurements.
  - 80. The method of claim 74, wherein the communication is CDMA-based, further comprising determining a specific CDMA path by using a time shifted matched filter.
  - 81. The method of claim 80, wherein a RAKE receiver is used, further comprising:
    - keeping outputs from each RAKE finger separate for each I and Q value so that multiple RF paths can be identified;
      
      deriving a separate set of CIR values for each identified RF path; and
      
      using the CIR values for generating the JRNSO secrecy bits.
  - 82. The method of claim 74, wherein the altering occurs only when the number of security bits falls below a predetermined threshold.
  - 83. The method of claim 74, wherein the altering occurs when a CIR correlation time between the first and the second transceiver is longer than a predetermined threshold.

84. A method for enhancing shared randomness in a joint channel for authentication and encryption of a wireless communication signal between a mobile communication device used by a human user and a second communication device, comprising:
- gesturing by the human user such that the mobile device is moved to an extent that a change in distance to the second communication device is about half of a signal wavelength;
  
  measuring a CIR of the channel to generate a set of random bits;
  
  using the random set of bits to generate a JRNSO secret key; and
  
  encrypting the communication channel using the secret key.
- View Dependent Claims (85, 86, 87, 88, 89)
- - 85. The method of claim 84, further comprising providing an instruction to the human user as to which gesturing is preferred.
  - 86. The method of claim 85, wherein the instruction is visual or audio or both.
  - 87. The method of claim 85, wherein several instructions are stored in a memory and one instruction is randomly selected.
  - 88. The method of claim 84, further comprising:
    - observing movements of the mobile communication device caused by a human user'"'"'s gestures while handling the mobile communication device; and
      
      using the unique movements for authenticating the user to the access the device functions.
  - 89. The method of claim 84, further comprising:
    - observing movements of the mobile communication device caused by a human user'"'"'s gestures while handling the mobile communication device; and
      
      using the unique movements for authenticating the user to the network to allow access to a communication network.

Specification

Resources

Litigation Campaign Assessment

Application Number

US11/444,558
Publication Number

US 20070036353A1
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04B 7/0434   using multiple eigenmodes

H04B 7/0695   using beam selection

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/18   using different networks or...

H04L 9/0631   Substitution permutation ne...

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0875   based on channel impulse re...

H04L 9/3271   using challenge-response

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 12/68   Gesture-dependent or behavi...

H04W 92/10   between terminal device and...

Authentication and encryption methods using shared secret randomness in a joint channel

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

260 Citations

89 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and encryption methods using shared secret randomness in a joint channel

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

89 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links