IMAGE-BASED MAN-IN-THE-MIDDLE PROTECTION IN NUMERIC COMPARISON ASSOCIATION MODELS

US 20090228707A1
Filed: 03/06/2008
Published: 09/10/2009
Est. Priority Date: 03/06/2008
Status: Active Grant

First Claim

Patent Images

1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:

performing a cryptographic key exchange with a second device, wherein cryptographic information for the first and second device is obtained;

obtaining a confirmation value for the first device based on the cryptographic information;

obtaining a confirmation image based on the confirmation value; and

providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication scheme is provided for securely establishing an association with a second device over a wireless communication link. A cryptographic key exchange is performed between a first device and a second device, wherein cryptographic information for the first and second device is obtained. The first and second devices may independently generate a confirmation value based on the cryptographic information. Each device may obtain a confirmation image based on their respective confirmation values. A confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image. The images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values.

94 Citations

View as Search Results

51 Claims

1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:
- performing a cryptographic key exchange with a second device, wherein cryptographic information for the first and second device is obtained;
  
  obtaining a confirmation value for the first device based on the cryptographic information;
  
  obtaining a confirmation image based on the confirmation value; and
  
  providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - receiving feedback from the operator on whether to accept or decline association with the second device;
      
      accepting an association with the second device if the feedback indicates that the confirmation image is the same as the corresponding confirmation image in the second device; and
      
      declining an association with the second device if the feedback indicates that the confirmation image is different than the corresponding confirmation image in the second device.
  - 3. The method of claim 1, further comprising:
    - storing a plurality of images in the first device, wherein the confirmation value is converted into the confirmation image by mapping one or more digits of the confirmation value to one or more of the plurality of images.
  - 4. The method of claim 3, wherein obtaining the confirmation image based on the confirmation value further comprises selecting one or more images from the plurality of images stored in the first device.
  - 5. The method of claim 1, further comprising:
    - storing an image generation algorithm in the first device, wherein the confirmation value is converted into the confirmation image by using the image generation algorithm.
  - 6. The method of claim 5, wherein the image generation algorithm combines one or more images, icons, colors, shapes, sounds, and backgrounds to generate the confirmation image.
  - 7. The method of claim 1, wherein the confirmation image is uniquely associated with the confirmation value.
  - 8. The method of claim 1, wherein the confirmation image is formed from a plurality of images.
  - 9. The method of claim 1, wherein the cryptographic information includes at least one of a first public key associated with the first device, a first nonce associated with the first device, a second public key associated with the second device, and a second nonce associated with the second device.
  - 10. The method of claim 1, wherein the confirmation image is based on a first derivative of the confirmation value.
  - 11. The method of claim 1, wherein obtaining the confirmation image based on the confirmation value includes applying a collision-resistant function to generate the confirmation image, wherein the collision-resistant function inhibits generating the same image using different values.
  - 12. The method of claim 1, wherein the confirmation image includes at least one of icons, graphics, symbols, color, and sounds.
  - 13. The method of claim 12, wherein the confirmation value includes at least one of a numeric value having a plurality of digits and an alpha-numeric sequence.
  - 14. The method of claim 1, wherein the first device includes a Bluetooth-compliant communication interface used for the cryptographic key exchange with the second device.
  - 15. The method of claim 1, wherein providing the confirmation image to the operator for authentication includes presenting the image on a display of the first device.
  - 16. The method of claim 1, wherein obtaining a confirmation image based on the confirmation value includesmapping the confirmation value to a longitude and latitude pair;
    - andobtaining at least one of a map or image of a location associated with the longitude and latitude pair, and use the map or image of the location as the confirmation image.
  - 17. The method of claim 1, wherein obtaining a confirmation image based on the confirmation value includesconverting the confirmation value into a search string;
    - inputting the search string into a search engine to obtain one or more search results including a plurality of webpages; and
      
      utilizing a webpage in the search results as the confirmation image.
  - 18. The method of claim 17, wherein the search engine operates on an external network and the plurality of webpages are accessible via the external network.
  - 19. The method of claim 1, wherein obtaining a confirmation image based on the confirmation value includesconverting the confirmation value into an address reference for content on a network, wherein content includes an image;
    - obtaining an image associated with the address reference; and
      
      utilizing the image as the confirmation image.

20. A device adapted to securely establish an association with a second device over a wireless communication link, comprising:
- a wireless communication interface for communicating with the second device;
  
  an authentication module configured toperform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained;
  
  obtain a confirmation value based on the cryptographic information;
  
  obtain a confirmation image based on the confirmation value; and
  
  provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 21. The device of claim 20, further comprising:
    - an input interface coupled to the authentication module, the input interface for receiving feedback from the operator on whether to accept or decline association with the second device,wherein the authentication module is further configured toaccept an association with the second device if the feedback indicates that the confirmation image is the same as the corresponding confirmation image in the second device; and
      
      decline an association with the second device if the feedback indicates that the confirmation image is different than the corresponding confirmation image in the second device.
  - 22. The device of claim 20, further comprising:
    - a storage device for storing a plurality of images, wherein the confirmation value is converted into the confirmation image by mapping one or more digits of the confirmation value to one or more of the plurality of images.
  - 23. The device of claim 22, wherein the authentication module is further configured to select one or more images from the plurality of images stored in the first device to obtain the confirmation image.
  - 24. The device of claim 22, further comprising:
    - an image generator coupled to the authentication module, wherein the image generator is configured to convert the confirmation value into the confirmation image.
  - 25. The device of claim 24, wherein the image generator combines one or more images, icons, colors, shapes, sounds, and backgrounds to generate the confirmation image.
  - 26. The device of claim 20, wherein the confirmation image is uniquely associated with the confirmation value.
  - 27. The device of claim 20, wherein the confirmation image is formed from a plurality of images.
  - 28. The device of claim 20, wherein the cryptographic information includes at least one of a first public key associated with the first device, a first nonce associated with the first device, a second public key associated with the second device, and a second nonce associated with the second device.
  - 29. The device of claim 20, wherein the confirmation image is based on a first derivative of the confirmation value.
  - 30. The device of claim 20, wherein the confirmation image includes at least one of icons, graphics, symbols, color, and sounds.
  - 31. The device of claim 20, wherein the communication interface includes a Bluetooth-compliant communication interface used for the cryptographic key exchange with the second device.
  - 32. The device of claim 20, wherein the output interface includes at least one of a display for visually presenting the confirmation image to the operator and a speaker for audibly providing the image to the operator.
  - 33. The device of claim 20, wherein the authentication module is further configured tomap the confirmation value to a longitude and latitude pair;
    - andobtain at least one of a map or image of a location associated with the longitude and latitude pair, and use the map or image of the location as the confirmation image.
  - 34. The device of claim 20, wherein the authentication module is further configured toconvert the confirmation value into a search string;
    - input the search string into a search engine to obtain one or more search results including a plurality of webpages; and
      
      utilize a webpage in the search results as the confirmation image.
  - 35. The device of claim 34, wherein the search engine operates on an external network and the plurality of webpages are accessible via the external network.
  - 36. The device of claim 20, wherein the authentication module is further configured toconvert the confirmation value into an address reference for content on a network, wherein content includes an image;
    - obtain an image associated with the address reference; and
      
      utilize the image as the confirmation image.

37. A device comprising:
- means for communicating with a second device;
  
  means for performing a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained;
  
  means for obtaining a confirmation value based on the cryptographic information;
  
  means for obtaining a confirmation image based on the confirmation value; and
  
  means for providing the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The device of claim 37, further comprising:
    - means for receiving feedback from the operator on whether to accept or decline association with the second device;
      
      means for accepting an association with the second device if the feedback indicates that the confirmation image is the same as the corresponding confirmation image in the second device; and
      
      means for declining an association with the second device if the feedback indicates that the confirmation image is different than the corresponding confirmation image in the second device.
  - 39. The device of claim 37, further comprising:
    - means for storing a plurality of images, wherein the confirmation value is converted into the confirmation image by mapping one or more digits of the confirmation value to one or more of the plurality of images.
  - 40. The device of claim 37, further comprising:
    - means for converting the confirmation value into the confirmation image.
  - 41. The device of claim 37, wherein the confirmation image is uniquely associated with the confirmation value.

42. A computer program operational on a first device for securely establishing an association with a second device over a wireless communication link, which when executed by a processor causes the processor to:
- perform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained;
  
  obtain a confirmation value based on the cryptographic information;
  
  obtain a confirmation image based on the confirmation value; and
  
  provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device.
- View Dependent Claims (43, 44, 45, 46)
- - 43. The computer program of claim 42, which when executed by the processor causes the processor to further:
    - receive feedback from the operator on whether to accept or decline association with the second device;
      
      accept an association with the second device if the feedback indicates that the confirmation image is the same as the corresponding confirmation image in the second device; and
      
      decline an association with the second device if the feedback indicates that the confirmation image is different than the corresponding confirmation image in the second device.
  - 44. The computer program of claim 42, which when executed by the processor causes the processor to further:
    - store a plurality of images, wherein the confirmation value is converted into the confirmation image by mapping one or more digits of the confirmation value to one or more of the plurality of images.
  - 45. The computer program of claim 42, which when executed by the processor causes the processor to further:
    - convert the confirmation value into the confirmation image.
  - 46. The computer program of claim 42, wherein the confirmation image is uniquely associated with the confirmation value.

47. A processing circuit for securely establishing an association with a second device over a wireless communication link, the processing circuit adapted toperform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained;
- obtain a confirmation value based on the cryptographic information;
  
  obtain a confirmation image based on the confirmation value; and
  
  provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device.
- View Dependent Claims (48, 49, 50, 51)
- - 48. The processing circuit of claim 47 further adapted toreceive feedback from the operator on whether to accept or decline association with the second device;
    - accept an association with the second device if the feedback indicates that the confirmation image is the same as the corresponding confirmation image in the second device; and
      
      decline an association with the second device if the feedback indicates that the confirmation image is the different than the corresponding confirmation image in the second device.
  - 49. The processing circuit of claim 47 further adapted tostore a plurality of images, wherein the confirmation value is converted into the confirmation image by mapping one or more digits of the confirmation value to one or more of the plurality of images.
  - 50. The processing circuit of claim 47 further adapted toconvert the confirmation value into the confirmation image.
  - 51. The processing circuit of claim 47, wherein the confirmation image is uniquely associated with the confirmation value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Linsky, Joel

Granted Patent

US 9,398,046 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2129   Authenticate client device ...

H04L 63/1466   Active attacks involving in...

H04L 63/1475   Passive attacks, e.g. eaves...

H04W 12/06   Authentication

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/50   Secure pairing of devices

H04W 12/63   Location-dependent; Proximi...

H04W 12/65   Environment-dependent, e.g....

H04W 12/77   Graphical identity

H04W 88/02   Terminal devices

IMAGE-BASED MAN-IN-THE-MIDDLE PROTECTION IN NUMERIC COMPARISON ASSOCIATION MODELS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

51 Claims

Specification

Use Cases

Quick Links

Others

IMAGE-BASED MAN-IN-THE-MIDDLE PROTECTION IN NUMERIC COMPARISON ASSOCIATION MODELS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

51 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others