Generating a symmetric key to secure a communication link

US 9,071,426 B2
Filed: 11/29/2013
Issued: 06/30/2015
Est. Priority Date: 04/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing a communication link between a first device and a second device, the method comprising:

the first device generating a first symmetric key, wherein generating the first symmetric key includes the first device sending to the second device a first public key in one or more first packets over the communication link and the first device receiving from the second device a second public key in one or more second packets over the communication link, the first public key and the second public key both based on a secret shared by the first device and the second device;

the first device generating a second symmetric key, wherein generating the second symmetric key includes the first device sending to the second device a third public key in one or more third packets over the communication link and the first device receiving from the second device a fourth public key in one or more fourth packets over the communication link;

the first device creating a hash result by hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets;

the first device generating a third symmetric key by hashing the first symmetric key, the second symmetric key and the hash result; and

one or more of the following;

the first device encrypting first data using a symmetric algorithm keyed by the third symmetric key to produce first encrypted data, and sending to the second device the first encrypted data over the communication link;

orthe first device receiving from the second device second encrypted data over the communication link, and decrypting the second encrypted data using the symmetric algorithm keyed by the third symmetric key to produce decrypted data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A symmetric key to be used to secure a communication link between a first device and a second device is generated as follows: a first symmetric key is generated; a second symmetric key is generated; packets communicated between the first device and the second device over communication link are hashed to create a hash result; the first symmetric key, the second symmetric key and the hash result are hashed to generate a third symmetric key to be used to secure the communication link.

58 Citations

23 Claims

1. A method for securing a communication link between a first device and a second device, the method comprising:
- the first device generating a first symmetric key, wherein generating the first symmetric key includes the first device sending to the second device a first public key in one or more first packets over the communication link and the first device receiving from the second device a second public key in one or more second packets over the communication link, the first public key and the second public key both based on a secret shared by the first device and the second device;
  
  the first device generating a second symmetric key, wherein generating the second symmetric key includes the first device sending to the second device a third public key in one or more third packets over the communication link and the first device receiving from the second device a fourth public key in one or more fourth packets over the communication link;
  
  the first device creating a hash result by hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets;
  
  the first device generating a third symmetric key by hashing the first symmetric key, the second symmetric key and the hash result; and
  
  one or more of the following;
  
  the first device encrypting first data using a symmetric algorithm keyed by the third symmetric key to produce first encrypted data, and sending to the second device the first encrypted data over the communication link;
  
  orthe first device receiving from the second device second encrypted data over the communication link, and decrypting the second encrypted data using the symmetric algorithm keyed by the third symmetric key to produce decrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein generating the first symmetric key includes:
    - the first device applying a function to the secret to obtain a generator element of a mathematical group;
      
      the first device raising the generator element to a first random number to obtain another element of the group;
      
      the first device sending the other element, which is the first public key, to the second device over the communication link;
      
      the first device receiving from the second device over the communication link a further element of the group, which is the second public key, the further element having been created by the second device raising the generator element to a second random number; and
      
      the first device raising the further element to the first random number to obtain the first symmetric key.
  - 3. The method of claim 1, wherein the third public key and the fourth public key are generated according to a Diffie-Hellman algorithm on an elliptical curve group.
  - 4. The method of claim 1, wherein the third public key and the fourth public key are generated according to a Diffie-Hellman algorithm on a large prime-order finite group.
  - 5. The method of claim 1, wherein generating the second symmetric key includes:
    - the first device raising a known generator element of a mathematical group to a first random number to obtain another element of the group;
      
      the first device sending the other element, which is the third public kev, to the second device over the communication link;
      
      the first device receiving from the second device over the communication link a further element of the group, which is the fourth public key, the further element having been created by the second device raising the known generator element to a second random number; and
      
      the first device raising the further element to the first random number to obtain the second symmetric key.
  - 6. The method of claim 1, wherein hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets comprises hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets according to a Secure Hashing Algorithm 2 (SHA-2).
  - 7. The method of claim 1, wherein hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets comprises hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets according to a Message Digest 5 (MD5) algorithm.
  - 8. The method of claim 1, wherein hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets employs a first hash function and hashing the first symmetric key, the second symmetric key and the hash result employs a second hash function that differs from the first hash function.
  - 9. The method of claim 1, wherein hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets employs a first hash function and hashing the first symmetric key, the second symmetric key and the hash result employs the first hash function.
  - 10. The method of claim 1, wherein the first data is a hash of contents of a message.
  - 11. The method of claim 1, wherein the first data is a hash of contents of a message to be sent by the first device, the method further comprising:
    - the first device receiving from the second device over the communication link a digital signature produced by the second device from the hash; and
      
      the first device transmitting the digital signature and the message to a recipient.
  - 12. The method of claim 1, wherein the decrypted data is a session key.
  - 13. The method of claim 12, the method further comprising:
    - the first device decrypting a received message using a symmetric algorithm keyed by the session key.

14. A first device comprising:
- a processor;
  
  a communication interface through which the first device is able to establish a communication link with a second device, the communication interface coupled to the processor; and
  
  a memory able to store executable code which, when executed by the processor, causes the first device to;
  
  generate a first symmetric key, wherein generating the first symmetric key includes the first device sending to the second device a first public key in one or more first packets over the communication link and the first device receiving from the second device a second public key in one or more second packets over the communication link, the first public key and the second public key both based on a secret shared by the first device and the second device;
  
  generate a second symmetric key, wherein generating the second symmetric key includes the first device sending to the second device a third public key in one or more third packets over the communication link and the first device receiving from the second device a fourth public key in one or more fourth packets over the communication link;
  
  create a hash result by hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets;
  
  generate a third symmetric key by hashing the first symmetric key, the second symmetric key and the hash result; and
  
  one or more of the following;
  
  encrypt first data using a symmetric algorithm keyed by the third symmetric key to produce first encrypted data, and send to the second device the first encrypted data over the communication link;
  
  orreceive from the second device second encrypted data over the communication link, and decrypt the second encrypted data using the symmetric algorithm keyed by the third symmetric key to produce decrypted data.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The first device of claim 14, wherein generating the first symmetric key includes:
    - the first device applying a function to the secret to obtain a generator element of a mathematical group;
      
      the first device raising the generator element to a first random number to obtain another element of the group;
      
      the first device sending the other element, which is the first public key, to the second device over the communication link;
      
      the first device receiving from the second device over the communication link a further element of the group, which is the second public key, the further element having been created by the second device raising the generator element to a second random number; and
      
      the first device raising the further element to the first random number to obtain the first symmetric key.
  - 16. The first device of claim 14, wherein the third public key and the fourth public key are generated according to a Diffie-Hellman algorithm on an elliptical curve group.
  - 17. The first device of claim 14, wherein the third public key and the fourth public key are generated according to a Diffie-Hellman algorithm on a large prime-order finite group.
  - 18. The first device of claim 14, wherein generating the second symmetric key includes:
    - the first device raising a known generator element of a mathematical group to a first random number to obtain another element of the group;
      
      the first device sending the other element, which is the third public key, to the second device over the communication link;
      
      the first device receiving from the second device over the communication link a further element of the group, which is the fourth public key, the further element having been created by the second device raising the known generator element to a second random number; and
      
      the first device raising the further element to the first random number to obtain the second symmetric key.
  - 19. The first device of claim 14, wherein the first data is a hash of contents of a message.
  - 20. The first device of claim 14, wherein the first data is a hash of contents of a message to be sent by the first device, and the executable code, when executed by the processor, causes the first device to:
    - receive from the second device over the communication link a digital signature produced by the second device from the hash; and
      
      transmit the digital signature and the message to a recipient.
  - 21. The first device of claim 14, wherein the decrypted data is a session key.
  - 22. The first device of claim 21, wherein the executable code, when executed by the processor, causes the first device to decrypt a received message using a symmetric algorithm keyed by the session key.

23. A non-transitory computer-readable medium having stored thereon instructions which, when executed by a first device, result in:
- generating a first symmetric key, wherein generating the first symmetric key includes the first device sending to a second device a first public key in one or more first packets over a communication link and the first device receiving from the second device a second public key in one or more second packets over the communication link, the first public key and the second public key both based on a secret shared by the first device and the second device;
  
  generating a second symmetric key, wherein generating the second symmetric key includes the first device sending to the second device a third public key in one or more third packets over the communication link and the first device receiving from the second device a fourth public key in one or more fourth packets over the communication link;
  
  creating a hash result by hashing the one or more first packets, the one or more second packets, the one or more third packets and the one or more fourth packets;
  
  generating a third symmetric key by hashing the first symmetric key, the second symmetric key and the hash result; and
  
  one or more of the following;
  
  encrypting first data using a symmetric algorithm keyed by the third symmetric key to produce first encrypted data, and sending to the second device the first encrypted data over the communication link;
  
  orreceiving from the second device second encrypted data over the communication link, and decrypting the second encrypted data using the symmetric algorithm keyed by the third symmetric key to produce decrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Kenneth, Little, Herbert Anthony, Brown, Michael Stephen, Adams, Neil Patrick
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/093,253
Publication Number

US 20140237246A1
Time in Patent Office

578 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/205   involving negotiation or de...

H04L 9/0861   Generation of secret inform...

H04L 9/0869   involving random numbers or...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 88/02   Terminal devices

Generating a symmetric key to secure a communication link

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Generating a symmetric key to secure a communication link

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others