Method for exchanging strong encryption keys between devices using alternate input methods in wireless personal area networks (WPAN)

US 9,401,902 B2
Filed: 01/16/2014
Issued: 07/26/2016
Est. Priority Date: 12/27/2006
Status: Expired due to Fees

First Claim

Patent Images

1. One or more non-transitory, machine-readable media comprising a plurality of instructions stored thereon that, when executed by a computing device, causes the computing device to:

communicate, in a key exchange mode, with another computing device via an in-band transmission channel;

negotiate, via the in-band transmission channel, with the another computing device to determine which computing device will generate an encryption key;

generate the encryption key using audible background noise as a random seed to a random number generator in response to a determination that the computing device is to generate the encryption key;

generate a cryptographic picture based on the encryption key, wherein the cryptographic picture includes the encryption key embedded in the cryptographic picture;

transmit the encryption key to the another computing device, wherein to transmit the encryption key to the another computing device comprises to display the cryptographic picture on a display of the computing device such that the cryptographic picture is visible to the another computing device;

determine whether the encryption key has been successfully validated by the another computing device based on the cryptographic picture; and

enable the computing device to automatically accept communications from the another computing device over the in-band transmission channel in response to a determination that the encryption key has been successfully validated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for exchanging strong encryption keys between devices using alternate input methods. At least two devices that want to communicate with one another are set in key exchange mode. The at least two devices are to communicate with one another using a short range radio or personal area network. The at least two devices negotiate with one another to determine which of the at least two devices will generate an encryption key, wherein device A represents the negotiated device and device B represents the non-negotiated device. Device A generates the encryption key and transmits the encryption key to device B using an out-of band transmission channel. The out-of-band transmission channel may be transmitting the encryption key via audio tones. A validation process determines whether the transmission of the encryption key via the out-of-band transmission channel was successful. If the encryption key has been successfully validated, the at least two devices are enabled to automatically accept communications between them over the short range radio or personal area network.

Citations

18 Claims

1. One or more non-transitory, machine-readable media comprising a plurality of instructions stored thereon that, when executed by a computing device, causes the computing device to:
- communicate, in a key exchange mode, with another computing device via an in-band transmission channel;
  
  negotiate, via the in-band transmission channel, with the another computing device to determine which computing device will generate an encryption key;
  
  generate the encryption key using audible background noise as a random seed to a random number generator in response to a determination that the computing device is to generate the encryption key;
  
  generate a cryptographic picture based on the encryption key, wherein the cryptographic picture includes the encryption key embedded in the cryptographic picture;
  
  transmit the encryption key to the another computing device, wherein to transmit the encryption key to the another computing device comprises to display the cryptographic picture on a display of the computing device such that the cryptographic picture is visible to the another computing device;
  
  determine whether the encryption key has been successfully validated by the another computing device based on the cryptographic picture; and
  
  enable the computing device to automatically accept communications from the another computing device over the in-band transmission channel in response to a determination that the encryption key has been successfully validated.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The one or more non-transitory, machine-readable media of claim 1, wherein to negotiate with the another computing device comprises to negotiate with the another computing device to determine which computing device will generate an encryption key based on a determination of which of the computing devices comprises more processing power.
  - 3. The one or more non-transitory, machine-readable media of claim 1, wherein the encryption key is hidden in the cryptographic picture.
  - 4. The one or more non-transitory, machine-readable media of claim 1, wherein the encryption key has a character length greater than sixteen characters.
  - 5. The one or more non-transitory, machine-readable media of claim 1, wherein to determine whether the encryption key has been successfully validated by the another computing device comprises to:
    - receive, subsequent to transmission of the encryption key, encrypted random data from the another computing device via a wireless transmission that requires pairing, wherein the encrypted random data comprises random data encrypted with the encryption key;
      
      decrypt the encrypted random data received from the another computing device with the encryption key to obtain the random data;
      
      add a time stamp to the random data;
      
      re-encrypt the random data with the encryption key, wherein the re-encrypted random data includes the time stamp; and
      
      transmit the re-encrypted random data that includes the time stamp to the another computing device.
  - 6. The one or more non-transitory, machine readable media of claim 1, wherein the plurality of instructions further cause the computing device to:
    - regenerate the encryption key using audible background noise a random seed to the random number generator in response to a determination that the encryption key is not validated;
      
      generate another cryptographic picture based on the regenerated encryption key, wherein the another cryptographic picture includes the regenerated encryption key embedded in the another cryptographic picture;
      
      display the another cryptographic picture on the display of the computing device; and
      
      determine whether the regenerated encryption key has been successfully validated by the another computing device based on the another cryptographic picture.

7. A computing device for secure communications, the computing device comprising:
- a display;
  
  a processing circuitry; and
  
  a memory having stored therein a plurality of instructions that, when executed by a processor, cause the processing circuitry to;
  
  establish an in-band transmission channel with another computing device in a key exchange mode of the computing device;
  
  negotiate, via the in-band transmission channel, with the another computing device to determine which device will generate an encryption key;
  
  generate the encryption key using audible background noise as a random seed to a random number generator in response to a determination that the computing device is to generate the encryption key;
  
  generate a cryptographic picture based on the encryption key, wherein the cryptographic picture includes the encryption key embedded in the cryptographic picture;
  
  transmit the encryption key to the another computing device, wherein to transmit the encryption key to the another computing device comprises to display the cryptographic picture on the display such that the cryptographic picture is visible to the another computing device;
  
  determine whether the encryption key has been successfully validated by the another computing device based on the cryptographic picture; and
  
  enable the computing device to automatically accept communications from the another computing device over the in-band transmission channel in response to a determination that the encryption key has been successfully validated.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computing device of claim 7, wherein to negotiate with the another computing device comprises to negotiate with the another computing device to determine which computing device will generate an encryption key based on a determination of which of the computing devices comprises more processing power.
  - 9. The computing device of claim 7, wherein to generate the encryption key comprises to capture the audible background noise.
  - 10. The computing device of claim 7, wherein the encryption key is hidden in the cryptographic picture.
  - 11. The computing device of claim 7, wherein the encryption key has a character length greater than sixteen characters.
  - 12. The computing device of claim 7, wherein to determine whether the encryption key has been successfully validated by the another computing device comprises to:
    - receive, subsequent to transmission of the encryption key, encrypted random data from the another computing device via a wireless transmission that requires pairing, wherein the encrypted random data comprises random data encrypted with the encryption key;
      
      decrypt the encrypted random data received from the another computing device with the encryption key to obtain the random data;
      
      add a time stamp to the random data;
      
      re-encrypt the random data with the encryption key, wherein the re-encrypted random data includes the time stamp; and
      
      transmit the re-encrypted random data that includes the time stamp to the another computing device.
  - 13. The computing device of claim 7, wherein the plurality of instructions further cause the processor to:
    - regenerate the encryption key using audible background noise a random seed to the random number generator in response to a determination that the encryption key is not validated;
      
      generate another cryptographic picture based on the regenerated encryption key, wherein the another cryptographic picture includes the regenerated encryption key embedded in the another cryptographic picture;
      
      display the another cryptographic picture on the display of the computing device; and
      
      determine whether the regenerated encryption key has been successfully validated by the another computing device based on the another cryptographic picture.

14. A method for secure communications between a first computing device and a second computing device, the method comprising:
- communicating, by the first computing device while in a key exchange mode, with the second computing device via an in-band transmission channel;
  
  negotiating, by the first computing device and via the in-band transmission channel, with the second computing device to determine which computing device will generate an encryption key;
  
  generating, by the first computing device, the encryption key using audible background noise as a random seed to a random number generator in response to a determination that the first computing device is to generate the encryption key;
  
  generating, by the first computing device, a cryptographic picture based on the encryption key, wherein the cryptographic picture includes the encryption key embedded in the cryptographic picture;
  
  transmitting the encryption key to the second computing device, wherein transmitting the encryption key to the second computing device comprises displaying the cryptographic picture on a display of the first computing device such that the cryptographic picture is visible to the second computing device;
  
  determining, by the first computing device, whether the encryption key has been successfully validated by the second computing device based on the cryptographic picture; and
  
  automatically accepting, by the first computing device, communications from the second computing device over the in-band transmission channel in response to a determination that the encryption key has been successfully validated.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein negotiating with the second computing device comprises negotiating, by the first computing device, with the second computing device to determine which computing device will generate an encryption key based on a determination of which of the computing devices comprises more processing power.
  - 16. The method of claim 14, wherein the encryption key has a character length greater than sixteen characters.
  - 17. The method of claim 14, wherein determining whether the encryption key has been successfully validated by the second computing device comprises:
    - receiving, subsequent to transmission of the encryption key, encrypted random data from the second computing device via a wireless transmission that requires pairing, wherein the encrypted random data comprises random data encrypted with the encryption key;
      
      decrypting the encrypted random data received from the second computing device with the encryption key to obtain the random data;
      
      adding a time stamp to the random data;
      
      re-encrypting the random data with the encryption key, wherein the re-encrypted random data includes the time stamp; and
      
      transmitting the re-encrypted random data that includes the time stamp to the another computing device.
  - 18. The method of claim 14, further comprising:
    - regenerating, by the first computing device, the encryption key using audible background noise a random seed to the random number generator in response to a determination that the encryption key is not validated;
      
      generating, by the first computing device, another cryptographic picture based on the regenerated encryption key, wherein the another cryptographic picture includes the regenerated encryption key embedded in the another cryptographic picture;
      
      displaying the another cryptographic picture on the display of the first computing device; and
      
      determining, by the first computing device, whether the regenerated encryption key has been successfully validated by the second computing device based on the another cryptographic picture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Kohlenberg, Tobias M., Aissi, Selim
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
Lane, Gregory

Application Number

US14/156,686
Publication Number

US 20140310525A1
Time in Patent Office

922 Days
Field of Search

713/169, 713/171
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 9/0838   Key agreement, i.e. key est...

H04W 12/04   Key management, e.g. using ...

H04W 12/50   Secure pairing of devices

H04W 12/65   Environment-dependent, e.g....

Method for exchanging strong encryption keys between devices using alternate input methods in wireless personal area networks (WPAN)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for exchanging strong encryption keys between devices using alternate input methods in wireless personal area networks (WPAN)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links