Establishing secure mutual trust using an insecure password
First Claim
1. A method of establishing secure mutual trust between a first device and a second device, comprising:
- receiving, by the second device, a one-time-password known to the first device;
receiving a first device identifier, a first device certificate, and a first authenticator, wherein the first authenticator is a cryptographic encoding comprising;
a first nonce,the first device certificate,the first device identifier, anda password sub-string of a first plurality of password sub-strings generated from the one-time-password by the first device;
receiving the first nonce;
calculating a corresponding authenticator by applying the cryptographic encoding to the first nonce, the first device certificate, the first device identifier, and a corresponding password sub-string of a second plurality of password sub-strings generated from the one-time-password by the second device; and
verifying that the received first authenticator and the calculated corresponding authenticator are the same.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device'"'"'s authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
92 Citations
15 Claims
-
1. A method of establishing secure mutual trust between a first device and a second device, comprising:
-
receiving, by the second device, a one-time-password known to the first device; receiving a first device identifier, a first device certificate, and a first authenticator, wherein the first authenticator is a cryptographic encoding comprising; a first nonce, the first device certificate, the first device identifier, and a password sub-string of a first plurality of password sub-strings generated from the one-time-password by the first device; receiving the first nonce; calculating a corresponding authenticator by applying the cryptographic encoding to the first nonce, the first device certificate, the first device identifier, and a corresponding password sub-string of a second plurality of password sub-strings generated from the one-time-password by the second device; and verifying that the received first authenticator and the calculated corresponding authenticator are the same. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium not consisting of propagating data signals having computer-readable instructions that when executed by one or more processors configure the one or more processors to perform a method of establishing secure mutual trust, the method comprising:
-
receiving, by a second device, a one-time-password known to a first device; receiving a first device identifier, a first device certificate, and a first authenticator, wherein the first authenticator is a cryptographic encoding comprising; a first nonce, the first device certificate, the first device identifier, and a password sub-string of a first plurality of password sub-strings generated from the one-time-password by the first device; receiving the first nonce; calculating a corresponding authenticator by applying the cryptographic encoding to the first nonce, the first device certificate, the first device identifier, and a corresponding password sub-string of a second plurality of password sub-strings generated from the one-time-password by the second device; and verifying that the received first authenticator and the calculated corresponding authenticator are the same. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification