Device authentication in a PKI
First Claim
1. A method of establishing a key between a first device and a second device under control of a common user, said method comprising the steps of:
- establishing a shared secret in said first device and in said second device;
calculating an antispoof variable based at least in part upon said shared secret in said first device and in said second device, said antispoof variable being represented by a plurality of groups of at least one digit;
indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said first device to said common user using a first stimulus;
indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said second device to said common user using a second stimulus in the same order as indicated by said first stimulus;
upon said common user verifying that said digits of said antispoof variable from said first device and said second device are the same, completing mutual authentication of said first device and said second device and establishing said key in said first and second devices using said shared secret;
wherein the timing of said indicating one at a time in sequence on said first device is time synchronized with the timing of said indicating one at a time in sequence on said second device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, man-in-the middle attacks are minimized.
-
Citations
10 Claims
-
1. A method of establishing a key between a first device and a second device under control of a common user, said method comprising the steps of:
-
establishing a shared secret in said first device and in said second device; calculating an antispoof variable based at least in part upon said shared secret in said first device and in said second device, said antispoof variable being represented by a plurality of groups of at least one digit; indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said first device to said common user using a first stimulus; indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said second device to said common user using a second stimulus in the same order as indicated by said first stimulus; upon said common user verifying that said digits of said antispoof variable from said first device and said second device are the same, completing mutual authentication of said first device and said second device and establishing said key in said first and second devices using said shared secret; wherein the timing of said indicating one at a time in sequence on said first device is time synchronized with the timing of said indicating one at a time in sequence on said second device. - View Dependent Claims (2, 3, 4)
-
-
5. A method of establishing a key between a first device and a second device under control of a common user, the method including the steps of:
-
performing a key agreement to establish in said first device and in said second device a shared secret; calculating an antispoof variable in said first device and in said second device based at least in part upon said shared secret, said antispoof variable having a plurality of groups of at least one digit; indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said first device to said common user using an audible stimulus; indicating each of said groups said digits of said antispoof variable one at a time in sequence from said common user to said second device in the same order as indicated by said audible stimulus; upon verifying in said second device that said digits of said antispoof indicated by said common user are the same as said digits of said antispoof variable calculated by said second device, completing mutual authentication of said first device and said second device and establishing said key in said first and second devices using said shared secret; wherein the timing of said indicating one at a time in sequence on said first device is time synchronized with the timing of said indicating one at a time in sequence on said second device.
-
-
6. A method for establishing secure communications between a first correspondent and a second correspondent, said method including the steps of:
-
said first correspondent initializing communication with said second correspondent; said first correspondent and said second correspondent performing a key agreement; said first correspondent generating a first public signal associated with said first correspondent and said second correspondent generating a second signal associated with second correspondent; said first correspondent sending said first public signal to said second correspondent and said second correspondent sending said second public signal to said first correspondent; said first correspondent performing a first mathematical operation on said second public signal to generate a shared secret signal and said second correspondent performing a corresponding first mathematical operation on first public signal to generate a corresponding shared secret signal; performing a second mathematical operation on said shared secret signal and said corresponding shared secret signal to generate an authenticating signal; said first correspondent and said second correspondent performing mutual authentication of one another, said step of mutual authentication further including a step of; said first correspondent and said second correspondent performing a third mathematical operation on said authenticating signal to obtain a private verification signal; whereby said first correspondent and said second correspondent further synchronize one another to exchange said private verification signal and compare received verification signal with said private verification signal;
perform said exchange sequentially as determined by a predefined time period;
establish a link key for use in authentication between said first correspondent and said second correspondent subsequent to said verification; and
perform a fourth mathematical operation on said link key to generate an encryption key.
-
-
7. A system for establishing a key between a first device and a second device under control of a common user, said system comprising a first cryptographic module in said first device and a second cryptographic module in said second device, said first and second devices having a shared secret, said first and second modules being configured for calculating an antispoof variable based at least in part upon said shared secret, said antispoof variable being represented by a plurality of groups of at least one digit;
- said first module being configured for indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said first device to said common user using a first stimulus;
said second module being configured for indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said second device to said common user using a second stimulus in the same order as indicated by said first stimulus;
said system being configured such that upon said common user verifying that said digits of said antispoof variable from said first device and said second device are the same, mutual authentication of said first device and said second device is completed and said key is established using said shared secret;
wherein the timing of said indicating one at a time in sequence on said first device is time synchronized with the timing of said indicating one at a time in sequence on said second device. - View Dependent Claims (8, 9, 10)
- said first module being configured for indicating one at a time in sequence, successive ones of said groups of said digits of said antispoof variable from said first device to said common user using a first stimulus;
Specification