Device authentication in a PKI
First Claim
1. A method of establishing a link key between a first device operable to authenticate a second device, the method comprising:
- the first device permitting non-sensitive communications with the second device when the first and second devices are spaced from each other within a first operating range;
the first device permitting sensitive communications with the second device only when the first and second devices are spaced from each other within a second operating range, the second operating range being less than the first operating range;
upon detecting initiation of a pairing process for establishing the link key, the first device sending a challenge to the second device to both verify the identity of the second device and determine a distance between the first and second devices;
the first device receiving, from the second device, a response to the challenge;
the first device determining whether the response is a function of at least a portion of the challenge and information in the second device;
the first device using the response to also determine a response time associated with receipt of the response to the challenge;
the first device using the response time to determine the distance between the first and second devices; and
if the distance between the first and second devices is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the second device, initiating an authentication process to establish the link key in the first device to permit the link key to be used in subsequent communications.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.
34 Citations
21 Claims
-
1. A method of establishing a link key between a first device operable to authenticate a second device, the method comprising:
-
the first device permitting non-sensitive communications with the second device when the first and second devices are spaced from each other within a first operating range; the first device permitting sensitive communications with the second device only when the first and second devices are spaced from each other within a second operating range, the second operating range being less than the first operating range; upon detecting initiation of a pairing process for establishing the link key, the first device sending a challenge to the second device to both verify the identity of the second device and determine a distance between the first and second devices; the first device receiving, from the second device, a response to the challenge; the first device determining whether the response is a function of at least a portion of the challenge and information in the second device; the first device using the response to also determine a response time associated with receipt of the response to the challenge; the first device using the response time to determine the distance between the first and second devices; and if the distance between the first and second devices is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the second device, initiating an authentication process to establish the link key in the first device to permit the link key to be used in subsequent communications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A communication device operable to communicate over a communication link, the communication device comprising:
a processor and a memory, the memory comprising computer executable instructions that, when executed, cause the processor to be operable to; permit non-sensitive communications with another device when it and the other device are spaced from each other within a first operating range; permit sensitive communications with the other device only when the communication device and the other device are spaced from each other within a second operating range, the second operating range being less than the first operating range; upon detecting initiation of a pairing process for establishing the link key, send a challenge to the other device to both verify the identity of the other device and determine a distance between the communication device and the other device; receive, from the other device, a response to the challenge; determine whether the response is a function of at least a portion of the challenge and information in the other device; use the response to also determine a response time associated with receipt of the response to the challenge; use the response time to determine the distance between it and the other device; and if the distance between it and the other device is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the other device, initiate an authentication process to establish the link key in the communication device to permit the link key to be used in subsequent communications. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer readable medium comprising computer executable instructions for having a communication device communicate over a communication link, the computer executable instructions comprising instructions for:
-
permitting non-sensitive communications with another device when it and the other device are spaced from each other within a first operating range; permitting sensitive communications with the other device only when it and the other device are spaced from each other within a second operating range, the second operating range being less than the first operating range; upon detecting initiation of a pairing process for establishing the link key, sending a challenge to the other device to both verify the identity of the other device and determine a distance between it and the other; receiving, from the other device, a response to the challenge; determining whether the response is a function of at least a portion of the challenge and information in the other device; using the response to also determine a response time associated with receipt of the response to the challenge; using the response time to determine the distance between it and the other device; and if the distance between it and the other device is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the other device, initiating an authentication process to establish the link key in the communication device to permit the link key to be used in subsequent communications prior to determining the distance between the communication device and the other device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification