Image-based man-in-the-middle protection in numeric comparison association models
First Claim
1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:
- performing a cryptographic key exchange with the second device, wherein cryptographic information for the first and second device is obtained;
receiving a first commitment value from the second device;
generating a second commitment value at the first device;
determining that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the first device and the second device;
obtaining a confirmation value for the first device based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value;
obtaining a confirmation image based on the confirmation value by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image; and
providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication scheme is provided for securely establishing an association with a second device over a wireless communication link. A cryptographic key exchange is performed between a first device and a second device, wherein cryptographic information for the first and second device is obtained. The first and second devices may independently generate a confirmation value based on the cryptographic information. Each device may obtain a confirmation image based on their respective confirmation values. A confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image. The images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values.
-
Citations
44 Claims
-
1. A method operational on a first device for securely establishing an association with a second device over a wireless communication link, comprising:
-
performing a cryptographic key exchange with the second device, wherein cryptographic information for the first and second device is obtained; receiving a first commitment value from the second device; generating a second commitment value at the first device; determining that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the first device and the second device; obtaining a confirmation value for the first device based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value; obtaining a confirmation image based on the confirmation value by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image; and providing the confirmation image to an operator for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A first device to securely establish an association with a second device over a wireless communication link, the first device comprising:
-
a wireless communication interface for communicating with the second device; and an authentication module configured to perform a cryptographic key exchange with the second device, wherein cryptographic information for the first device and second device is obtained, receive a first commitment value from the second device, generate a second commitment value at the first device, determine that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the first device and the second device, obtain a confirmation value based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value, obtain a confirmation image based on the confirmation value by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image, and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A first device to securely establish an association with a second device over a wireless communication link, the first device comprising:
-
means for communicating with the second device; means for performing a cryptographic key exchange with the second device, wherein cryptographic information for the first device and second device is obtained; means for receiving a first commitment value from the second device; means for generating a second commitment value at the first device; means for determining that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the first device and the second device; means for obtaining a confirmation value based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value; means for obtaining a confirmation image based on the confirmation value by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image; and means for providing the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A computer program embodied in a non-transitory computer-readable medium operational on a first device for securely establishing an association with a second device over a wireless communication link, which when executed by a processor causes the processor to:
-
perform a cryptographic key exchange with the second device, wherein cryptographic information for the first device and second device is obtained; receive a first commitment value from the second device; generate a second commitment value at the first device; determine that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the first device and the second device; obtain a confirmation value based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value; obtain a confirmation image based on the confirmation value by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image; and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (38, 39, 40)
-
-
41. A processing circuit for securely establishing an association with a second device over a wireless communication link, the processing circuit configured to:
-
perform a cryptographic key exchange with the second device, wherein cryptographic information for the processing circuit and second device is obtained; receive a first commitment value from the second device; generate a second commitment value at the processing circuit; determine that the received first commitment value is equal to or a function of the generated second commitment value to secure communications between the processing circuit and the second device; obtain a confirmation value based on the cryptographic information after determining that the received first commitment value is equal to or the function of the second commitment value; obtain a confirmation image by dynamically generating the confirmation image by one or more of (a) generating a watch face based on different portions of the confirmation value or (b) mapping the confirmation value to a longitude and latitude pair, obtaining at least one of a map or image of a location associated with the longitude and latitude pair, and using the map or image of the location as the confirmation image; and provide the confirmation image to an operator over an output interface for authentication against a corresponding confirmation image for the second device. - View Dependent Claims (42, 43, 44)
-
Specification