Secure and efficient domain key distribution for device registration
First Claim
Patent Images
1. A method of transferring a domain key between a first device and a second device in a network, the method comprising:
- verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates;
receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;
determining a second random number at the first device;
sending the second random number from the first device to the second device;
generating a Personal Identification Number (PIN) at the first device;
in response to generating the PIN, outputting instructions, by the first device, that instruct a user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;
generating a session key from the first random number, the second random number, and the PIN; and
sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device.
4 Assignments
0 Petitions
Accused Products
Abstract
A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.
66 Citations
20 Claims
-
1. A method of transferring a domain key between a first device and a second device in a network, the method comprising:
-
verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates; receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted; determining a second random number at the first device;
sending the second random number from the first device to the second device;generating a Personal Identification Number (PIN) at the first device; in response to generating the PIN, outputting instructions, by the first device, that instruct a user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying; generating a session key from the first random number, the second random number, and the PIN; and sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium storing at least one computer program that when executed performs a method of transferring a domain key during a device registration between a first device and a second device in a network, the method comprising:
-
verifying the second device is an authorized device through an exchange of certificates, wherein the second device verifies the first device is an authorized device though the exchange of certificates; receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted; determining a second random number at the first device; sending the second random number from the first device to the second device; generating a Personal Identification Number (PIN) at the first device; in response to generating the PIN, outputting instructions, by the first device, that instruct a instructing user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying; generating a session key from the first random number, the second random number, and the PIN; and sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A device configured to communicate with a new device in a wireless network, the device comprising:
-
an interface configured to wirelessly transfer a domain key to the new device, wherein the domain key is encrypted at the device and is decrypted at the new device; a processor configured to; verifying the new device is an authorized device through an exchange of certificates, wherein the new device verifies the device is an authorized device though the exchange of certificates, receiving a first random number from the new device, wherein the first random number is encrypted, determining a second random number, sending the second random number to the new device, randomly generate a PIN, in response to generating the PIN, outputting instructions that instruct a user entry of the PIN in the new device, wherein the PIN is generated and the instructions are output after the verifying, derive a session key of the device from the first random number, the second random number, and the PIN, and exchange the session key of the device with a session key of the new device, and verify the session key of the new device, send the domain key encrypted with the session key to the new device or receiving the domain key encrypted with the session key from the new device; and a data storage storing the PIN, the session keys and the domain key.
-
Specification