Establishing secure mutual trust using an insecure password
First Claim
1. A method of establishing trust between a first device and a second device, comprising:
- generating, by the first device, a first set of n password substrings from a one-time-password known to the second device, wherein n is an integer greater than one;
receiving n received authenticators from the second device, wherein a first received authenticator of the n received authenticators is a cryptographic encoding comprising a first nonce of n nonces and a first password substring of a second set of n password substrings generated by the second device;
receiving the n nonces from the second device;
generating, by the first device, n corresponding authenticators, wherein each of the n corresponding authenticators is a cryptographic encoding comprising one of the nonces of the n nonces and one of the password substrings of the first set of n password substrings, wherein a first corresponding authenticator of the n corresponding authenticators is a cryptographic encoding comprising a first nonce of the n nonces and a first password substring of the first set of n password substrings;
verifying that each received authenticator of the n received authenticators matches a corresponding authenticator of the n corresponding authenticators including verifying that the first corresponding authenticator matches the first received authenticator; and
establishing trust between the first device and the second device after each received authenticator of the n received authenticators has been verified.
1 Assignment
0 Petitions
Accused Products
Abstract
A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device'"'"'s authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
-
Citations
20 Claims
-
1. A method of establishing trust between a first device and a second device, comprising:
-
generating, by the first device, a first set of n password substrings from a one-time-password known to the second device, wherein n is an integer greater than one; receiving n received authenticators from the second device, wherein a first received authenticator of the n received authenticators is a cryptographic encoding comprising a first nonce of n nonces and a first password substring of a second set of n password substrings generated by the second device; receiving the n nonces from the second device; generating, by the first device, n corresponding authenticators, wherein each of the n corresponding authenticators is a cryptographic encoding comprising one of the nonces of the n nonces and one of the password substrings of the first set of n password substrings, wherein a first corresponding authenticator of the n corresponding authenticators is a cryptographic encoding comprising a first nonce of the n nonces and a first password substring of the first set of n password substrings; verifying that each received authenticator of the n received authenticators matches a corresponding authenticator of the n corresponding authenticators including verifying that the first corresponding authenticator matches the first received authenticator; and establishing trust between the first device and the second device after each received authenticator of the n received authenticators has been verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising a first device and a second device, the first device comprising:
-
one or more processors; a memory storing computer-readable instructions that when executed by the one or more processors perform a method of establishing trust between the first device and the second device, the method comprising; generating, by the first device, a first set of n password substrings from a one-time-password known to the second device, wherein n is an integer greater than one; receiving a first authenticator of n received authenticators from the second device, wherein the first authenticator is a cryptographic encoding comprising a first nonce of a set of n nonces and a first password substring of a second set of n password substrings generated by the second device; receiving the first nonce of the set of n nonces from the second device; generating, by the first device, a first corresponding authenticator of n corresponding authenticators, wherein the first corresponding authenticator is a cryptographic encoding comprising the first nonce and a first password substring of the first set of n password substrings, and wherein each corresponding authenticator of the n corresponding authenticators is a cryptographic encoding of one nonce of the n nonces and one password substring of the first set of n password substrings; verifying that the first received authenticator matches the first corresponding authenticator; receiving a next authenticator of the n received authenticators and a next nonce of the n nonces from the second device, wherein the next authenticator is a cryptographic encoding comprising the next nonce of the set of n nonces and a next password substring of the second set of n password substrings generated by the second device; generating, by the first device, a next corresponding authenticator of the n corresponding authenticators, wherein the next corresponding authenticator is a cryptographic encoding comprising the next nonce and a next password substring of the first set of n password substrings; verifying that the next received authenticator matches the next corresponding authenticator; and establishing trust between the first device and the second device when each received authenticator of the n received authenticators has been verified. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer medium not consisting of a propagated data signal, the computer medium storing instructions that when executed by one or more processors configure the one or more processors to perform a method of establishing trust between a first device and a second device, the method comprising:
-
generating, by the first device, a first set of n password substrings from a one-time-password known to the second device, wherein n is an integer greater than one; receiving n received authenticators from the second device, wherein a first received authenticator of the n received authenticators is a cryptographic encoding comprising a first nonce of n nonces and a first password substring of a second set of n password substrings generated by the second device; receiving the n nonces from the second device; generating, by the first device, n corresponding authenticators, wherein each of the n corresponding authenticators is a cryptographic encoding comprising one of the nonces of the n nonces and one of the password substrings of the first set of password substrings, wherein a first corresponding authenticator of the n corresponding authenticators is a cryptographic encoding comprising a first nonce of the n nonces and a first password substring of the first set of n password substrings; verifying that each received authenticator of the n received authenticators matches a corresponding authenticator of the n corresponding authenticators including verifying that the first corresponding authenticator matches the first received authenticator; and establishing trust between the first device and the second device after each received authenticator of the n received authenticators has been verified. - View Dependent Claims (18, 19, 20)
-
Specification