Public Key Out-of-Band Transfer for Mutual Authentication
First Claim
Patent Images
1. A network device comprisinga transceiver;
- a processor;
a machine readable medium; and
a private key,wherein said network device performs a key exchange and authentication method with a second network device, said method comprising;
revealing a unique identifier to said second network device;
receiving a revelation of a key associated with said second network device from said second network device which used said unique identifier of said network device to obtain a key associated with said network device; and
said network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium.
-
Citations
28 Claims
-
1. A network device comprising
a transceiver; -
a processor; a machine readable medium; and a private key, wherein said network device performs a key exchange and authentication method with a second network device, said method comprising; revealing a unique identifier to said second network device; receiving a revelation of a key associated with said second network device from said second network device which used said unique identifier of said network device to obtain a key associated with said network device; and said network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a first network device comprising; a transceiver; a processor; a machine readable medium; and a private key, a second network device comprising; a transceiver; a processor; a machine readable medium; and a private key, wherein said first network device performs a key exchange and authentication method with said second network device, said method comprising; first network device revealing a unique identifier of said first network device to said second network device; second network device revealing a unique identifier a unique identifier of said second network device to said first network device; first network device using said second network device'"'"'s said unique identifier to obtain a key associated with said second network device; second network device using said second network device'"'"'s said unique identifier to obtain a key associated with said first network device; and each said network device using its private key, said key associated with said other network device, and known parameters to generate a shared secret. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for key exchange and authentication between a first network device and a second network device, each said network device having a private key, said method comprising:
-
first network device revealing a unique identifier to said second network device; first network device obtaining a key associated with said second network device, said key created using said unique identifier of said first network device; and first network device using its private key, said key associated with said second network device, and known parameters to generate a shared secret. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for key exchange and authentication between two network devices comprising
each said network device having a private key and revealing a unique identifier; -
one of said network devices also revealing a key associated with said device; each said network device that receives only the unique identifier of said other network device using said unique identifier to obtain a key associated with said other network device; each said network device that receives both a unique identifier and an associated key from said other network device verifying that the received unique identifier corresponds with the received associated key; and each said network device using its private key, said key associated with said other network device, and known parameters to generate a shared secret.
-
Specification