DISCOVERY OF SECURITY ASSOCIATIONS
First Claim
1. A method for forming a discoverable security association between a first computing device and a second computing device, comprising:
- the first computing device being provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device, wherein the secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange.
-
Citations
30 Claims
-
1. A method for forming a discoverable security association between a first computing device and a second computing device, comprising:
the first computing device being provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device, wherein the secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
18. A method for discovering a security association formed between a first computing device and a second computing device, comprising:
-
a third computing device obtaining a secret from a fourth computing device, wherein the secret is the same secret generated by the first computing device, wherein the first computing device generated the secret based on a seed provided thereto by the fourth computing device and wherein the first computing device used the seed to generate the secret and used the secret to compute a key for use in securing communications with the second computing device; and the third computing device re-computing the key based on the secret in order to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. Apparatus for forming a discoverable security association between a first computing device and a second computing device, comprising:
-
a memory; and a processor coupled to the memory and configured such that the first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device, wherein the secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device.
-
-
30. Apparatus for discovering a security association formed between a first computing device and a second computing device, comprising:
-
a memory; and a processor coupled to the memory and configured such that a third computing device obtains a secret from a fourth computing device, wherein the secret is the same secret generated by the first computing device, wherein the first computing device generated the secret based on a seed provided thereto by the fourth computing device and wherein the first computing device used the seed to generate the secret and used the secret to compute a key for use in securing communications with the second computing device, and such that the third computing device re-computes the key based on the secret in order to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device.
-
Specification