Systems and methods for authenticating communications in a network medium
First Claim
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
- receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, wherein the location limited communication channel has physical limitations which allow the second device to identify the first device communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection, and wherein said public authentication information comprises a commitment to secret information;
receiving a communication from said first device over said network medium, the communication comprising the secret information;
authenticating said communication at said second device by determining that the commitment corresponds to the received secret information, thereby authenticating that said first device actually possesses said secret information; and
in response to authenticating the communication at the second device, sending a communication over the network medium to the first device, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the second device.
4 Assignments
0 Petitions
Accused Products
Abstract
Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authentication data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-based protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.
-
Citations
20 Claims
-
1. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
receiving over a location limited communication channel, by the second device, public authentication information transmitted by said first device, wherein the location limited communication channel has physical limitations which allow the second device to identify the first device communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection, and wherein said public authentication information comprises a commitment to secret information; receiving a communication from said first device over said network medium, the communication comprising the secret information; authenticating said communication at said second device by determining that the commitment corresponds to the received secret information, thereby authenticating that said first device actually possesses said secret information; and in response to authenticating the communication at the second device, sending a communication over the network medium to the first device, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. A method for securing a communication over a network medium between a group of devices, each of said group of devices associated with its own public authentication information, the method comprising designating a group manager from said group of devices wherein said group of devices includes said group manager and a plurality of other devices, said plurality of other devices comprising a first device and a second device;
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
securing said communication over said network medium;
wherein the improvement comprises;sending, by said group manager over a location limited communication channel, public authentication information associated with said group manager to said first device and said second device, wherein said public authentication information comprises a commitment to group manager secret information, wherein the location limited communication channel has physical limitations which allow the group manager to identify the first and second devices communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection; receiving, by said group manager over said location limited communication channel, public authentication information associated with said first device, and public authentication information associated with said second device;
wherein said public authentication information associated with said first device comprises a commitment to first device secret information and wherein said public authentication information associated with said second device comprises a commitment to second device secret information, whereby sending and receiving over said location limited communication channel establishes said established trust relationship;receiving, by the group manager over the network medium, a communication from the first device and a communication from the second device, wherein the communication from the first device comprises the first device secret information, and wherein the communication from the second device comprises the second device secret information; attempting to authenticate, by said group manager each of said plurality of other devices;
the attempting to authenticate by said group manager comprising determining that the commitment received from the first device corresponds to the first device secret information, and determining that the commitment received from the second device corresponds to the second device secret information, thereby authenticating that said first device actually possesses said first device secret information and that said second device actually possesses said second device secret information;in response to authenticating the communication at the group manager, sending a communication over the network medium to the first device and the second device, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the group manager; receiving, by the first device and the second device over the network medium, a communication from the group manager, wherein the communication from the group manager comprises the group manager secret information; and attempting to authenticate, by each of said plurality of other devices, said group manager;
the attempting to authenticate by each of said plurality of other devices comprising said first device and the second device determining that the commitment received from the group manager corresponds to the group manager secret information, thereby authenticating that said group manager actually possesses said group manager secret information. - View Dependent Claims (9, 10, 11)
- performing a key exchange protocol by said group manager, said key exchange protocol being dependent on an established trust relationship between said group of devices; and
-
12. A method of authenticating a communication over a network medium among a group of devices including a first device and a second device, the method comprising performing a key exchange protocol between said group of devices, said key exchange protocol being dependent on an established trust relationship between said group of devices, and securing said communication over said network medium, wherein the improvement comprises:
-
sending, by each of said group of devices over a location limited communication channel, public authentication information associated with said each of said group of devices to every other of said group of devices, wherein said public authentication information associated with said each of said group of devices comprises a commitment to secret information corresponding thereto, wherein the location limited communication channel has physical limitations which allow each of the group of devices to identify every other of the group of devices communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection; receiving, by said each of said group of devices over said location limited communication channel, said public authentication information associated with said each of said group of devices from every other of said group of devices, whereby sending and receiving over said location limited communication channel establishes said established trust relationship; receiving, by each of the group of devices over the location limited communication channel, a communication from every other of the group of devices, wherein the communication received from every other of the group of devices comprises the secret information corresponding thereto; attempting to authenticate, by said each of said group of devices determining that commitment received from every other of the group of devices corresponds to the received secret information corresponding thereto, thereby authenticating that every other of said group of devices possesses respective secret information thereof; and in response to authenticating the communication at a respective device of the group of devices, sending a communication over the network medium to every other of the group of devices, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the respective device. - View Dependent Claims (13)
-
-
14. A system for securing a communication over a network medium, the system comprising:
-
a first device and a second device, wherein the second device receives, over a location limited communication channel public authentication information transmitted by said first device, wherein the location limited communication channel has physical limitations which allow the second device to identify the first device communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection, and wherein said public authentication information comprises a commitment to secret information, the second device receives a communication from said first device over said network medium, the communication comprising the secret information; the second device authenticates the communication by determining that the commitment corresponds to the received secret information, thereby authenticating that said first device actually possesses said secret information; and in response to authenticating the communication at the second device, the second device sends a communication over the network medium to the first device, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the second device. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for securing communication over a network medium between at least two devices including a first device and a second device, comprising:
-
transmitting, from said first device, public authentication information over a location limited communication channel, wherein the location limited communication channel has physical limitations which allow the second device to identify the first device communicating across the channel based on the limited locations accessible to the location-limited channel, thereby causing said location limited communication channel to be difficult to actively attack without detection, and wherein said public authentication information comprises a commitment to secret information; transmitting a communication from said first device to said second device over said network medium, the communication comprising the secret information; demonstrating to said second device that said first device actually possesses said secret information by demonstrating that the commitment corresponds to the secret information; and receiving at the first device a communication over the network medium from the second device, the communication comprising a commitment to new secret information that will be used to authenticate a subsequent message from the second device.
-
Specification