IMAGE-BASED MAN-IN-THE-MIDDLE PROTECTION IN NUMERIC COMPARISON ASSOCIATION MODELS
First Claim
1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:
- performing a cryptographic key exchange with a second device, wherein cryptographic information for the first and second device is obtained;
obtaining a confirmation value for the first device based on the cryptographic information;
obtaining a confirmation image based on the confirmation value; and
providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication scheme is provided for securely establishing an association with a second device over a wireless communication link. A cryptographic key exchange is performed between a first device and a second device, wherein cryptographic information for the first and second device is obtained. The first and second devices may independently generate a confirmation value based on the cryptographic information. Each device may obtain a confirmation image based on their respective confirmation values. A confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image. The images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values.
94 Citations
51 Claims
-
1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:
-
performing a cryptographic key exchange with a second device, wherein cryptographic information for the first and second device is obtained; obtaining a confirmation value for the first device based on the cryptographic information; obtaining a confirmation image based on the confirmation value; and providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A device adapted to securely establish an association with a second device over a wireless communication link, comprising:
-
a wireless communication interface for communicating with the second device; an authentication module configured to perform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained; obtain a confirmation value based on the cryptographic information; obtain a confirmation image based on the confirmation value; and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A device comprising:
-
means for communicating with a second device; means for performing a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained; means for obtaining a confirmation value based on the cryptographic information; means for obtaining a confirmation image based on the confirmation value; and means for providing the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A computer program operational on a first device for securely establishing an association with a second device over a wireless communication link, which when executed by a processor causes the processor to:
-
perform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained; obtain a confirmation value based on the cryptographic information; obtain a confirmation image based on the confirmation value; and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (43, 44, 45, 46)
-
-
47. A processing circuit for securely establishing an association with a second device over a wireless communication link, the processing circuit adapted to
perform a cryptographic key exchange with the second device, wherein cryptographic information for the device and second device is obtained; -
obtain a confirmation value based on the cryptographic information; obtain a confirmation image based on the confirmation value; and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (48, 49, 50, 51)
-
Specification