ASYNCHRONOUS ENHANCED SHARED SECRET PROVISIONING PROTOCOL
First Claim
1. A method for registering a first device with a second device, comprising:
- deriving a commitment value at the first device from a first security value known to the first device;
communicating the commitment value from the first device to the second device;
communicating the security value from the first device to the second device; and
at the second device, attempting to derive the commitment value communicated thereto from the security value communicated thereto and terminating registration if the commitment value is not correctly derived from the security value.
1 Assignment
0 Petitions
Accused Products
Abstract
An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man-in-the-middle attacker involved in the key exchange.
11 Citations
20 Claims
-
1. A method for registering a first device with a second device, comprising:
-
deriving a commitment value at the first device from a first security value known to the first device; communicating the commitment value from the first device to the second device; communicating the security value from the first device to the second device; and at the second device, attempting to derive the commitment value communicated thereto from the security value communicated thereto and terminating registration if the commitment value is not correctly derived from the security value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device capable of registering with a disparate device, comprising:
-
an interface to a first communication channel; and means for conducting a registration process that receives a first hash of a security value from the disparate device using the first communication channel, receives the security value from the disparate device using the first communication channel, generates a second hash of the security value, and terminates registration if the first hash of the security value differs from the second hash of the security value. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-readable medium having stored thereon machine-executable instructions which, when executed by a machine, causes the machine to perform a method of registering with a network device comprising:
-
receiving a commitment value on a first communication channel, wherein the commitment value is derived from a security value; receiving the security value on the first communication channel; attempting to derive the commitment value from the security value; and terminating registration with the network device if the commitment value is not successfully derived from the security value. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification