Method, apparatus, and program product for securely presenting situation information
First Claim
Patent Images
1. A method for facilitating secure communication between two networked devices, comprising:
- establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping;
wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and
wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel;
prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves;
exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel;
exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and
verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device;
providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive subject matter information responsive to said provisioning information;
receiving said subject matter information;
verifying said subject matter information with said provisioning information; and
presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine.
7 Assignments
0 Petitions
Accused Products
Abstract
We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.
-
Citations
27 Claims
-
1. A method for facilitating secure communication between two networked devices, comprising:
-
establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping; wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel; prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves; exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel; exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device; providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive subject matter information responsive to said provisioning information; receiving said subject matter information; verifying said subject matter information with said provisioning information; and presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 25)
-
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to present subject matter information, the method comprising steps of:
-
establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping; wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel; prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves; exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel; exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device; providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive said subject matter information responsive to said provisioning information; receiving said subject matter information; verifying said subject matter information with said provisioning information; and presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 26)
-
-
17. An apparatus comprising:
-
at least one port configured to establish a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping; wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel; a first communication mechanism configured to receive provisioning information over said preferred channel, whereby the apparatus is configured to be able to receive subject matter information responsive to said provisioning information, wherein the port is further configured to pre-authenticate the first communication mechanism prior to receiving the provisioning information to ensure that the first communication mechanism has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves; exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel; exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device; a second communication mechanism configured to receive said subject matter information subsequent to operation of the first communication mechanism; a verification mechanism configured to verify said subject mailer information with said provisioning information; and a presentation mechanism configured to present said subject matter information to a user of the situation notification device responsive to the verification mechanism, wherein the step of verifying ensures that the subject matter information is genuine. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 27)
-
Specification