Asynchronous enhanced shared secret provisioning protocol
First Claim
1. A method for registering a first device with a second device, the method comprising:
- deriving a first commitment value at the first device from a first registration nonce value known to the first device and sending the first commitment value from the first device to the second device;
receiving, over at least a first communication channel, a second commitment value by the second device, wherein the second commitment value comprises at least one selected from the group consisting of the first commitment value and a commitment value generated by a third device;
communicating, over the first communication channel, the first registration nonce value from the first device to the second device;
receiving, over the first communication channel, a second registration nonce value by the second device, wherein the second registration nonce value comprises at least one selected from the group consisting of the first registration nonce value and a nonce value generated by the third device;
at the second device, attempting to validate the second registration nonce value received by the second device by generating a value based on the second registration nonce value and verifying that the generated value is equal to the second commitment value;
generating, at the first device, a first secret based at least in part on the first registration nonce value;
generating, at the second device, a second secret based at least in part on the second registration nonce value; and
verifying, using a second communication channel, first verification information derived from the first secret and the second verification information derived from the second secret.
1 Assignment
0 Petitions
Accused Products
Abstract
An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man-in-the-middle attacker involved in the key exchange.
11 Citations
19 Claims
-
1. A method for registering a first device with a second device, the method comprising:
-
deriving a first commitment value at the first device from a first registration nonce value known to the first device and sending the first commitment value from the first device to the second device; receiving, over at least a first communication channel, a second commitment value by the second device, wherein the second commitment value comprises at least one selected from the group consisting of the first commitment value and a commitment value generated by a third device; communicating, over the first communication channel, the first registration nonce value from the first device to the second device; receiving, over the first communication channel, a second registration nonce value by the second device, wherein the second registration nonce value comprises at least one selected from the group consisting of the first registration nonce value and a nonce value generated by the third device; at the second device, attempting to validate the second registration nonce value received by the second device by generating a value based on the second registration nonce value and verifying that the generated value is equal to the second commitment value; generating, at the first device, a first secret based at least in part on the first registration nonce value; generating, at the second device, a second secret based at least in part on the second registration nonce value; and verifying, using a second communication channel, first verification information derived from the first secret and the second verification information derived from the second secret. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device capable of registering with a disparate device, comprising:
-
an interface to at least one first communication channel; and a registration process that, by at least one processor; receives, from the disparate device, over the at least one first communication channel, a commitment value, wherein the commitment value comprises at least one selected from the group consisting of a hash of a security value known to the disparate device and a commitment value sent by an interfering device that is attempting to interfere with the registering; receives a second security value using the at least one first communication channel, wherein the second security value comprises at least one selected from the group consisting of the security value sent by the disparate device and a nonce value sent by the interfering device; generates a hash of the second security value to attempt to validate the second security value by verifying that the generated hash of the second security value is equal to the commitment value; generates, based at least in part on the second security value, a secret; and validates, over a second communication channel, verification information derived from the secret. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer storage device having stored thereon machine-executable instructions which, when executed by a machine, causes the machine to perform a method of registering with a network device, the method comprising:
-
receiving a commitment value on at least one first communication channel, wherein the commitment value comprises at least one selected from the group consisting of a first commitment value derived from a security value known to the network device and a commitment value sent by an interfering device that is attempting to interfere with the registering; receiving a second security value on the at least one first communication channel, wherein the second security value comprises at least one selected from the group consisting of the security value and a nonce value sent by the interfering device; attempting to validate the second security value by generating a value based on the second security value and verifying that the generated value is equal to the commitment value. generating, based at least in part on the second security value, a secret; and validating, over a second communication channel, verification information derived from the secret. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification