PROVISION OF SECURE COMMUNICATIONS CONNECTION USING THIRD PARTY AUTHENTICATION
First Claim
1. A method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb);
- the method comprising;
receiving a request from the first device at the authentication server;
the authentication server and the first device both generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) sent from the authentication server to the first device;
the authentication server and the second device both generating a second device key (K_B) using the second device shared secret data in response to a second device random number (RANDb) sent from the authentication server to the second device;
the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B, K_A).
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb). The method comprises receiving a request from the first device at the authentication server; the authentication server and the first device both generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) sent from the authentication server to the first device; the authentication server and the second device both generating a second device key (K_B) using the second device shared secret data in response to a second device random number (RANDb) sent from the authentication server to the second device; and the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B, K_A).
-
Citations
17 Claims
-
1. A method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb);
- the method comprising;
receiving a request from the first device at the authentication server; the authentication server and the first device both generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) sent from the authentication server to the first device; the authentication server and the second device both generating a second device key (K_B) using the second device shared secret data in response to a second device random number (RANDb) sent from the authentication server to the second device; the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B, K_A). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- the method comprising;
-
11. A method of operating an authentication server for securely connecting a first device (A) to a second device (B), the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb);
- the method comprising;
receiving a request from the first device; generating a first device random number (RANDa) and a first device key (K_A) using the first device random number (RANDa) and the first device shared secret data (SSDa), and forwarding the first device random number to the first device; generating a second device random number (RANDb) and a second device key (K_B) using the second device random number (RANDb) and the second device shared secret data (SSDb), and forwarding the second device random number (RANDb) to the second device; the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B,K_A). - View Dependent Claims (12)
- the method comprising;
-
13. A method of operating a second device (B) for securely connecting a first device
(A) to the second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb); - the method comprising;
generating a second device key (K_B) using the second device shared secret data 5 in response to receiving a second device random number (RANDb) from the authentication server, wherein the second device shared secret data (SSDb) is stored on a removable module associated with the second device; receiving a common key (K_AB) from the authentication server encrypted using the second device key (K_B or K_WS); communicating with the first device using the common shared key (K_AB). - View Dependent Claims (14, 15)
- the method comprising;
-
16. A method of operating a first device (A) for securely connecting to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb);
- the method comprising;
sending a request to the authentication server; generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) received from the authentication server; authenticating the second device in response to receiving a common shared secret key (K_AB) from the authentication server encrypted using the first device shared secret key (K_A); communicating with the second device using a secure connection between the first device and the second device which uses the common key (K_AB). - View Dependent Claims (17)
- the method comprising;
Specification