Public Key Out-of-Band Transfer for Mutual Authentication

US 20100042838A1
Filed: 08/12/2009
Published: 02/18/2010
Est. Priority Date: 08/12/2008
Status: Active Grant

First Claim

Patent Images

1. A network device comprisinga transceiver;

a processor;

a machine readable medium; and

a private key,wherein said network device performs a key exchange and authentication method with a second network device, said method comprising;

revealing a unique identifier to said second network device;

receiving a revelation of a key associated with said second network device from said second network device which used said unique identifier of said network device to obtain a key associated with said network device; and

said network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium.

Citations

28 Claims

1. A network device comprisinga transceiver;
- a processor;
  
  a machine readable medium; and
  
  a private key,wherein said network device performs a key exchange and authentication method with a second network device, said method comprising;
  
  revealing a unique identifier to said second network device;
  
  receiving a revelation of a key associated with said second network device from said second network device which used said unique identifier of said network device to obtain a key associated with said network device; and
  
  said network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The network device of claim 1, wherein said second network device obtains said key associated with said network device by accessing a local machine readable medium.
  - 3. The network device of claim 1, wherein said second network device obtains said key associated with said network device by connecting to a remote database.
  - 4. The network device of claim 1, wherein said key associated with said network device is transferred to said second network device via a removable machine readable medium.
  - 5. The network device of claim 1, wherein said second network device obtains said key associated with said network device by directly accessing a machine readable medium of said network device.
  - 6. The network device of claim 1, wherein said method additionally comprises:
    - each network device using said shared secret and other information known to both devices to compute two distinct verification numbers;
      
      each network device sharing one of said verification numbers while keeping the other secret; and
      
      each network device accepting the identity of the other network device if the verification number kept secret by the network device is identical to the verification number received from the other network device.
  - 7. The network device of claim 6, wherein said distinct verification numbers are computed using a standardized one-way cryptographic hash function.
  - 8. The network device of claim 1, wherein said method additionally comprises:
    - each network device using said shared secret and other information known to both devices to compute a shared secret master key; and
      
      each network device using said shared secret master key to secure subsequent communication with the other device.
  - 9. The network device of claim 8, wherein said shared secret master key is computed using a standardized one-way cryptographic hash function.

10. A system comprising:
- a first network device comprising;
  
  a transceiver;
  
  a processor;
  
  a machine readable medium; and
  
  a private key,a second network device comprising;
  
  a transceiver;
  
  a processor;
  
  a machine readable medium; and
  
  a private key,wherein said first network device performs a key exchange and authentication method with said second network device, said method comprising;
  
  first network device revealing a unique identifier of said first network device to said second network device;
  
  second network device revealing a unique identifier a unique identifier of said second network device to said first network device;
  
  first network device using said second network device'"'"'s said unique identifier to obtain a key associated with said second network device;
  
  second network device using said second network device'"'"'s said unique identifier to obtain a key associated with said first network device; and
  
  each said network device using its private key, said key associated with said other network device, and known parameters to generate a shared secret.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein one of said network devices obtains said key associated with said other network device by accessing a machine readable medium.
  - 12. The system of claim 10, wherein one of said network devices obtains said key associated with said other network device by connecting to a remote database.
  - 13. The system of claim 10, wherein said key associated with one of said network devices is transferred to said other network device via a removable machine readable medium.
  - 14. The system of claim 10, wherein one of said network devices obtains said key associated with said other network device by directly accessing a machine readable medium of said other network device.
  - 15. The system of claim 10, wherein said method additionally comprises:
    - each said network device using said shared secret and other information known to both of said network devices to compute two distinct verification numbers;
      
      each said network device sharing one of said verification numbers while keeping the other secret; and
      
      each said network device accepting the identity of said other network device if the verification number kept secret by said network device is identical to the verification number received from said other network device.
  - 16. The system of claim 15, wherein said distinct verification numbers are computed using a standardized one-way cryptographic hash function.
  - 17. The system of claim 10, wherein said method additionally comprising:
    - each said network device using said shared secret and other information known to both said network devices to compute a shared secret master key; and
      
      each said network device using said shared secret master key to secure subsequent communication with said other network device.
  - 18. The system of claim 17, wherein said shared secret master key is computed using a standardized one-way cryptographic hash function.

19. A method for key exchange and authentication between a first network device and a second network device, each said network device having a private key, said method comprising:
- first network device revealing a unique identifier to said second network device;
  
  first network device obtaining a key associated with said second network device, said key created using said unique identifier of said first network device; and
  
  first network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The method of claim 19, wherein said first network device obtains said key associated with said second network device by accessing a machine readable medium.
  - 21. The method of claim 19, wherein said first network device obtains said key associated with said second network device by connecting to a remote database.
  - 22. The method of claim 19, wherein said key associated with said second network device is transferred to said second network device via a removable machine readable medium.
  - 23. The method of claim 19, wherein one of said first network device obtains said key associated with said second network device by directly accessing a machine readable medium of said second network device.
  - 24. The method of claim 19, additionally comprisingeach said network device using said shared secret and other information known to both said network devices to compute two distinct verification numbers;
    - each said network device sharing one of said verification numbers while keeping the other secret; and
      
      each said network device accepting the identity of said other network device if the verification number kept secret by said network device is identical to the verification number received from said other network device.
  - 25. The method of claim 24, wherein said distinct verification numbers are computed using a standardized one-way cryptographic hash function.
  - 26. The method of claim 19, wherein said method additionally comprises:
    - each said network device using said shared secret and other information known to both devices to compute a shared secret master key; and
      
      each said network device using said shared secret master key to secure subsequent communication with the other device.
  - 27. The method of claim 26, wherein said shared secret master key is computed using a standardized one-way cryptographic hash function.

28. A method for key exchange and authentication between two network devices comprisingeach said network device having a private key and revealing a unique identifier;
- one of said network devices also revealing a key associated with said device;
  
  each said network device that receives only the unique identifier of said other network device using said unique identifier to obtain a key associated with said other network device;
  
  each said network device that receives both a unique identifier and an associated key from said other network device verifying that the received unique identifier corresponds with the received associated key; and
  
  each said network device using its private key, said key associated with said other network device, and known parameters to generate a shared secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Ho, Jin-Meng

Granted Patent

US 8,156,334 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 9/0844 with user authentication or...

Public Key Out-of-Band Transfer for Mutual Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Public Key Out-of-Band Transfer for Mutual Authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links