Method of confirming a secure key exchange

US 7,142,674 B2
Filed: 06/18/2002
Issued: 11/28/2006
Est. Priority Date: 06/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method of securely exchanging a symmetric key between first and second components of a system comprising:

generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair;

sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and

generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key exchange protocol can be performed between components of a system, such as between a computer program being executed by the processor of a PC (or other computer system) and a peripheral. A peripheral with a user input capability and a very limited display capability, such as a keyboard or a mouse, may be used to confirm a key exchange between the system components in a way that requires the user to enter only small amounts of input data (e.g., keystrokes or mouse clicks). Security between components may be enhanced without having a negative impact on usability of the system. Embodiments of the present invention help to deter “man in the middle” attacks wherein an attacker gains control of a system component situated between certain communicating system components.

Citations

29 Claims

1. A method of securely exchanging a symmetric key between first and second components of a system comprising:
- generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair;
  
  sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and
  
  generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - causing display of the first nonce by the first component;
      
      accepting, by the second component, input of the displayed first nonce; and
      
      generating, by the second component, a third nonce, encrypting the third nonce with the symmetric key, generating a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and sending the second hash value to the first component.
  - 3. The method of claim 2, further comprising:
    - sending, by the first component, the second nonce to the second component;
      
      checking, by the second component, that the hash value of the first nonce, the second nonce, and the first component'"'"'s public key matches the first hash value;
      
      activating, by the second component, a second trust indicator when the hash values match; and
      
      activating, by the second component, a third trust indicator when the hash values do not match.
  - 4. The method of claim 3, further comprising:
    - sending, by the second component, the third nonce to the first component; and
      
      checking, by the first component, that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value.
  - 5. The method of claim 1, wherein the second component comprises a keyboard and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard.
  - 6. The method of claim 1, wherein the second nonce comprises a predetermined number of randomly generated bits.
  - 7. The method of claim 1, wherein the first command comprises a “
    - reset-learn”
      
      command to put the second component into a “
      
      learn”
      
      mode, whereby input data received by the second component is not forwarded to the first component while the second component is in “
      
      learn”
      
      mode.
  - 8. The method of claim 1, further comprising activating a first trust indicator on the second component after receiving the first command.
  - 9. The method of claim 4, further comprising causing the display of a message indicating secure communications between the first and second components are enabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value.
  - 10. The method of claim 4, further comprising causing the display of a message indicating secure communications between the first and second components are disabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce does not match the second hash value.

11. An article comprising:
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions includinggenerating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component'"'"'s asymmetric key pair;
  
  sending, by the first component, a first command, the first hash value, and the first component'"'"'s public key to the second component; and
  
  generating, by the second component, the symmetric key, encrypting the symmetric key using the first component'"'"'s public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The article of claim 11, further comprising instructions forcausing display of the first nonce by the first component;
    - accepting, by the second component, input of the displayed first nonce; and
      
      generating, by the second component, a third nonce, encrypting the third nonce with the symmetric key, generating a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and sending the second hash value to the first component.
  - 13. The article of claim 12, further comprising instructions forsending, by the first component, the second nonce to the second component;
    - checking, by the second component, that the hash value of the first nonce, the second nonce, and the first component'"'"'s public key matches the first hash value;
      
      activating, by the second component, a second trust indicator when the hash values match; and
      
      activating, by the second component, a third trust indicator when the hash values do not match.
  - 14. The article of claim 13, further comprising instructions forsending, by the second component, the third nonce to the first component;
    - andchecking, by the first component, that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value.
  - 15. The article of claim 11, wherein the second component comprises a keyboard and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard.
  - 16. The article of claim 11, wherein the second nonce comprises a predetermined number of randomly generated bits.
  - 17. The article of claim 11, wherein the first command comprises a “
    - reset-learn”
      
      command to put the second component into a “
      
      learn”
      
      mode, whereby input data received by the second component is not forwarded to the first component while the second component is in “
      
      learn”
      
      mode.
  - 18. The article of claim 11, further comprising instructions for activating a first trust indicator on the second component after receiving the first command.
  - 19. The article of claim 14, further comprising instructions for causing the display of a message indicating secure communications between the first and second components are enabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value.
  - 20. The article of claim 14, further comprising instructions for causing the display of a message indicating secure communications between the first and second components are disabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce does not match the second hash value.

21. A system comprising:
- a processor configured to generate an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the processor'"'"'s asymmetric key pair, and to send a first command, the first hash value, and the processor'"'"'s public key; and
  
  a peripheral coupled to the processor and configured to receive the first command, the first hash value, and the processor'"'"'s public key, to generate a symmetric key, to encrypt the symmetric key using the processor'"'"'s public key, and to send the encrypted symmetric key to the processor, in response to receiving the first command.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The system of claim 21, wherein the processor is further configured to cause the display of the first nonce by the processor, and the peripheral is further configured to accept input of the displayed first nonce, to generate a third nonce, to encrypt the third nonce with the symmetric key, to generate a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and to send the second hash value to the processor.
  - 23. The system of claim 22, wherein the processor is further configured to send the second nonce to the peripheral;
    - and the peripheral comprises a second trust indicator and a third trust indicator and is further configured to check that the hash value of the first nonce, the second nonce, and the processor'"'"'s public key matches the first hash value, to activate the second trust indicator when the hash values match; and
      
      to activate the third trust indicator when the hash values do not match.
  - 24. The system of claim 23, wherein the peripheral is further configured to send the third nonce to the peripheral;
    - and the processor is further configured to check that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value.
  - 25. The system of claim 21, wherein the peripheral comprises a first trust indicator and is further configured to activate the first trust indicator after receiving the first command.
  - 26. The system of claim 24, wherein the peripheral comprises a keyboard, and the trust indicators comprise colored light emitting diodes (LEDs).
  - 27. The system of claim 24, wherein the peripheral comprises a keyboard, and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard.
  - 28. The system of claim 24, wherein the peripheral comprises a keyboard, and the trust indicators comprise audible tones.
  - 29. The system of claim 24, wherein the peripheral further comprises a non-volatile memory to store the symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie F.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Popham, Jeffrey D.

Application Number

US10/177,626
Publication Number

US 20030233550A1
Time in Patent Office

1,624 Days
Field of Search

380/44, 380/277, 380/283, 380/285
US Class Current

380/44
CPC Class Codes

G06F 21/85   interconnection devices, e....

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/1466   Active attacks involving in...

H04L 9/0841   involving Diffie-Hellman or...

Method of confirming a secure key exchange

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method of confirming a secure key exchange

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links