Device authentication in a PKI

US 8,225,094 B2
Filed: 03/03/2009
Issued: 07/17/2012
Est. Priority Date: 04/06/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of establishing a link key between a first device operable to authenticate a second device, the method comprising:

the first device permitting non-sensitive communications with the second device when the first and second devices are spaced from each other within a first operating range;

the first device permitting sensitive communications with the second device only when the first and second devices are spaced from each other within a second operating range, the second operating range being less than the first operating range;

upon detecting initiation of a pairing process for establishing the link key, the first device sending a challenge to the second device to both verify the identity of the second device and determine a distance between the first and second devices;

the first device receiving, from the second device, a response to the challenge;

the first device determining whether the response is a function of at least a portion of the challenge and information in the second device;

the first device using the response to also determine a response time associated with receipt of the response to the challenge;

the first device using the response time to determine the distance between the first and second devices; and

if the distance between the first and second devices is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the second device, initiating an authentication process to establish the link key in the first device to permit the link key to be used in subsequent communications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.

34 Citations

View as Search Results

21 Claims

1. A method of establishing a link key between a first device operable to authenticate a second device, the method comprising:
- the first device permitting non-sensitive communications with the second device when the first and second devices are spaced from each other within a first operating range;
  
  the first device permitting sensitive communications with the second device only when the first and second devices are spaced from each other within a second operating range, the second operating range being less than the first operating range;
  
  upon detecting initiation of a pairing process for establishing the link key, the first device sending a challenge to the second device to both verify the identity of the second device and determine a distance between the first and second devices;
  
  the first device receiving, from the second device, a response to the challenge;
  
  the first device determining whether the response is a function of at least a portion of the challenge and information in the second device;
  
  the first device using the response to also determine a response time associated with receipt of the response to the challenge;
  
  the first device using the response time to determine the distance between the first and second devices; and
  
  if the distance between the first and second devices is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the second device, initiating an authentication process to establish the link key in the first device to permit the link key to be used in subsequent communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein if the response is not a function of at least a portion of the challenge and information in the second device, the method is aborted prior to determining the distance between the first and second devices.
  - 3. The method according to claim 1, wherein sending the challenge and receiving the response comprises sending the challenge in multiple portions and receiving multiple responses.
  - 4. The method according to claim 3, wherein the challenge comprises a random number having a plurality of bits, and wherein said sending the challenge in multiple portions comprises sending a most significant bit and continuing successively with less significant bits.
  - 5. The method according to claim 1, wherein the response time is related to an amount of time it takes for a transmitted signal to travel a distance twice a tolerable error in measurement.
  - 6. The method according to claim 1, wherein multiplying the response time by a speed associated with a signal type used and dividing this by two computes the distance.
  - 7. The method according to claim 1, wherein the challenge and response are exchanged using any one of the following signals:
    - a radio frequency (RF) signal, an ultra-wideband signal, a sound signal, a Bluetooth signal, and an infrared (IR) signal.

8. A communication device operable to communicate over a communication link, the communication device comprising:
- a processor and a memory, the memory comprising computer executable instructions that, when executed, cause the processor to be operable to;
  
  permit non-sensitive communications with another device when it and the other device are spaced from each other within a first operating range;
  
  permit sensitive communications with the other device only when the communication device and the other device are spaced from each other within a second operating range, the second operating range being less than the first operating range;
  
  upon detecting initiation of a pairing process for establishing the link key, send a challenge to the other device to both verify the identity of the other device and determine a distance between the communication device and the other device;
  
  receive, from the other device, a response to the challenge;
  
  determine whether the response is a function of at least a portion of the challenge and information in the other device;
  
  use the response to also determine a response time associated with receipt of the response to the challenge;
  
  use the response time to determine the distance between it and the other device; and
  
  if the distance between it and the other device is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the other device, initiate an authentication process to establish the link key in the communication device to permit the link key to be used in subsequent communications.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device according to claim 8, wherein if the response is not a function of at least a portion of the challenge and information in the other device, the authentication process is aborted prior to determining the distance between the communication device and the other device.
  - 10. The device according to claim 8, wherein the challenge and the response are sent and received by sending the challenge in multiple portions and receiving multiple responses.
  - 11. The device according to claim 10, wherein the challenge comprises a random number having a plurality of bits, and wherein said sending the challenge in multiple portions comprises sending a most significant bit and continuing successively with less significant bits.
  - 12. The device according to claim 8, wherein the response time is related to an amount of time it takes for a transmitted signal to travel a distance twice a tolerable error in measurement.
  - 13. The device according to claim 8, wherein multiplying the response time by a speed associated with a signal type used and dividing this by two computes the distance.
  - 14. The device according to claim 8, wherein the communication link is operable to exchange the challenge and response using any one of the following signals:
    - a radio frequency (RF) signal, an ultra-wideband signal, a sound signal, a Bluetooth signal, and an infrared (IR) signal.

15. A non-transitory computer readable medium comprising computer executable instructions for having a communication device communicate over a communication link, the computer executable instructions comprising instructions for:
- permitting non-sensitive communications with another device when it and the other device are spaced from each other within a first operating range;
  
  permitting sensitive communications with the other device only when it and the other device are spaced from each other within a second operating range, the second operating range being less than the first operating range;
  
  upon detecting initiation of a pairing process for establishing the link key, sending a challenge to the other device to both verify the identity of the other device and determine a distance between it and the other;
  
  receiving, from the other device, a response to the challenge;
  
  determining whether the response is a function of at least a portion of the challenge and information in the other device;
  
  using the response to also determine a response time associated with receipt of the response to the challenge;
  
  using the response time to determine the distance between it and the other device; and
  
  if the distance between it and the other device is within the second operating range, and the response is a function of both at least a portion of the challenge and information in the other device, initiating an authentication process to establish the link key in the communication device to permit the link key to be used in subsequent communications prior to determining the distance between the communication device and the other device.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The medium according to claim 15, wherein if the response is not a function of at least a portion of the challenge and information in the other device, the authentication process is aborted.
  - 17. The medium according to claim 15, wherein the challenge and the response are sent and received by sending the challenge in multiple portions and receiving multiple responses.
  - 18. The medium according to claim 17, wherein the challenge comprises a random number having a plurality of bits, and wherein said sending the challenge in multiple portions comprises sending a most significant bit and continuing successively with less significant bits.
  - 19. The medium according to claim 15, wherein the response time is related to an amount of time it takes for a transmitted signal to travel a distance twice a tolerable error in measurement.
  - 20. The medium according to claim 15, wherein multiplying the response time by a speed associated with a signal type used and dividing this by two computes the distance.
  - 21. The medium according to claim 15, wherein the communication link is operable to exchange the challenge and response using any one of the following signals:
    - a radio frequency (RF) signal, an ultra-wideband signal, a sound signal, a Bluetooth signal, and an infrared (IR) signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certicom Corporation (Blackberry Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Willey, William D.
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US12/379,847
Publication Number

US 20090292920A1
Time in Patent Office

1,232 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0492   by using a location-limited...

H04L 63/14   for detecting or protecting...

H04L 63/1466   Active attacks involving in...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/64   using geofenced areas

Device authentication in a PKI

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Device authentication in a PKI

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links