Method of confirming a secure key exchange
First Claim
1. A method of securely exchanging a symmetric key between first and second components of a system comprising:
- generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair;
sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and
generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command.
2 Assignments
0 Petitions
Accused Products
Abstract
A key exchange protocol can be performed between components of a system, such as between a computer program being executed by the processor of a PC (or other computer system) and a peripheral. A peripheral with a user input capability and a very limited display capability, such as a keyboard or a mouse, may be used to confirm a key exchange between the system components in a way that requires the user to enter only small amounts of input data (e.g., keystrokes or mouse clicks). Security between components may be enhanced without having a negative impact on usability of the system. Embodiments of the present invention help to deter “man in the middle” attacks wherein an attacker gains control of a system component situated between certain communicating system components.
-
Citations
29 Claims
-
1. A method of securely exchanging a symmetric key between first and second components of a system comprising:
-
generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair; sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article comprising:
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions including
generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair; sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions including
-
21. A system comprising:
-
a processor configured to generate an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the processor'"'"'s asymmetric key pair, and to send a first command, the first hash value, and the processor'"'"'s public key; and a peripheral coupled to the processor and configured to receive the first command, the first hash value, and the processor'"'"'s public key, to generate a symmetric key, to encrypt the symmetric key using the processor'"'"'s public key, and to send the encrypted symmetric key to the processor, in response to receiving the first command. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification