Device authentication in a PKI

US 8,661,256 B2
Filed: 07/16/2012
Issued: 02/25/2014
Est. Priority Date: 04/06/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of a first device establishing a key with a second device, the method comprising:

sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits;

receiving from the second device, at the first device, at least one second set of one or more digits;

indicating at the first device, the at least one second set of one or more digits;

receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device;

enabling the first device to participate in a key agreement with the second device to establish a shared secret;

generating, at the first device, an antispoof variable using the shared secret; and

using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.

Citations

13 Claims

1. A method of a first device establishing a key with a second device, the method comprising:
- sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits;
  
  receiving from the second device, at the first device, at least one second set of one or more digits;
  
  indicating at the first device, the at least one second set of one or more digits;
  
  receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device;
  
  enabling the first device to participate in a key agreement with the second device to establish a shared secret;
  
  generating, at the first device, an antispoof variable using the shared secret; and
  
  using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, the indicating at the first device comprising displaying the at least one second set of one or more digits.
  - 3. The method of claim 1, the indicating at the first device comprising audibly playing the at least one second set of one or more digits.
  - 4. The method of claim 1, the input responding to an indication of the at least one second set of one or more digits provided by the second device.
  - 5. The method of claim 1, the input comprising receipt of a voice signal using voice recognition technology.
  - 6. The method of claim 1, further comprising providing a prompt to acknowledge that digits of the antispoof variable indicated by the first device match digits of the antispoof variable indicated by the second device.

7. A first electronic device comprising a processor and memory, the memory comprising computer executable instructions that when executed by the processor, operate the first electronic device to:
- send to a second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits;
  
  receive from the second device at least one second set of one or more digits;
  
  indicate the at least one second set of one or more digits;
  
  receive an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device;
  
  enable the first device to participate in a key agreement with the second device to establish a shared secret;
  
  generate an antispoof variable using the shared secret; and
  
  use the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The first electronic device of claim 7, the indicating at the first device comprising displaying the at least one second set of one or more digits.
  - 9. The first electronic device of claim 7, the indicating at the first device comprising audibly playing the at least one second set of one or more digits.
  - 10. The first electronic device of claim 7, the input responding to an indication of the at least one second set of one or more digits provided by the second device.
  - 11. The first electronic device of claim 7, the input comprising receipt of a voice signal using voice recognition technology.
  - 12. The first electronic device of claim 7, the processor being further operable to provide a prompt to acknowledge that digits of the antispoof variable indicated by the first device match digits of the antispoof variable indicated by the second device.

13. A non-transitory computer readable medium for enabling a first device to establish a key with a second device, the non-transitory computer readable medium comprising instructions for:
- sending from the first device to the second device, at least one first set of one or more digits to enable the second device to indicate the at least one first set of one or more digits;
  
  receiving from the second device, at the first device, at least one second set of one or more digits;
  
  indicating at the first device, the at least one second set of one or more digits;
  
  receiving, at the first device, an input verifying that the at least one second set of one or more digits being indicated by the first device is equivalent to the at least one second set of one or more digits received from the second device;
  
  enabling the first device to participate in a key agreement with the second device to establish a shared secret;
  
  generating, at the first device, an antispoof variable using the shared secret; and
  
  using, at the first device, the antispoof variable to authenticate the second device and establish the key with the second device by indicating one at a time in sequence, successive ones of the at least one second set of one or more digits, the timing of the indicating one at a time in sequence on the first device being synchronized with the timing of the indicating the antispoof variable one at a time in sequence on the second device based on a timing of messages used to establish the shared secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certicom Corporation (Blackberry Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Willey, William Daniel
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US13/550,400
Publication Number

US 20130022198A1
Time in Patent Office

589 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0492   by using a location-limited...

H04L 63/14   for detecting or protecting...

H04L 63/1466   Active attacks involving in...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/64   using geofenced areas

Device authentication in a PKI

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Device authentication in a PKI

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links