Device authentication in a PKI
First Claim
1. A method of a first device establishing a key with a second device, the method comprising:
- sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits;
receiving from the second device, at the first device, at least one second set of one or more digits;
indicating at the first device, the at least one second set of one or more digits;
receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device;
enabling the first device to participate in a key agreement with the second device to establish a shared secret;
generating, at the first device, an antispoof variable using the shared secret; and
using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.
-
Citations
13 Claims
-
1. A method of a first device establishing a key with a second device, the method comprising:
-
sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits; receiving from the second device, at the first device, at least one second set of one or more digits; indicating at the first device, the at least one second set of one or more digits; receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device; enabling the first device to participate in a key agreement with the second device to establish a shared secret; generating, at the first device, an antispoof variable using the shared secret; and using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A first electronic device comprising a processor and memory, the memory comprising computer executable instructions that when executed by the processor, operate the first electronic device to:
-
send to a second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits; receive from the second device at least one second set of one or more digits; indicate the at least one second set of one or more digits; receive an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device; enable the first device to participate in a key agreement with the second device to establish a shared secret; generate an antispoof variable using the shared secret; and use the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium for enabling a first device to establish a key with a second device, the non-transitory computer readable medium comprising instructions for:
-
sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits; receiving from the second device, at the first device, at least one second set of one or more digits; indicating at the first device, the at least one second set of one or more digits; receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device; enabling the first device to participate in a key agreement with the second device to establish a shared secret; generating, at the first device, an antispoof variable using the shared secret; and using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.
-
Specification