Asynchronous enhanced shared secret provisioning protocol

US 7,434,054 B2
Filed: 03/31/2004
Issued: 10/07/2008
Est. Priority Date: 03/31/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for registering a first device with a second device, comprising the steps of:

initiating communication between the first device and the second device over a first communication channel by engaging a trigger at the first device and detecting at the second device that the trigger at the first device has been engaged;

upon initiation of communication between the first device and the second device, deriving a commitment value at the first device from a registration nonce value known to the first device and communicating the commitment value from the first device to the second device;

communicating information from the second device to the first device for use in generating a secret;

communicating a registration nonce value from the first device to the second device in response to the information communicated from the second device;

at the second device, attempting to derive the commitment value from the registration nonce value communicated from the first device;

if the commitment value is successfully derived by the second device, generating a first secret known to the first device and a second secret known to the second device using communications between the first device and the second device over the first communication channel;

from the first device, producing first information derived from the first secret;

from the second device, producing second information derived from the second secret;

using a communication channel other than the first communication channel, comparing the first information and the second information in a manner sufficient to assure a third party that the first secret and the second secret are the same; and

enabling the first and second device to use the first and second secrets upon the third party being assured that the first secret and the second secret are the same.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man-in-the-middle attacker involved in the key exchange.

29 Citations

View as Search Results

30 Claims

1. A method for registering a first device with a second device, comprising the steps of:
- initiating communication between the first device and the second device over a first communication channel by engaging a trigger at the first device and detecting at the second device that the trigger at the first device has been engaged;
  
  upon initiation of communication between the first device and the second device, deriving a commitment value at the first device from a registration nonce value known to the first device and communicating the commitment value from the first device to the second device;
  
  communicating information from the second device to the first device for use in generating a secret;
  
  communicating a registration nonce value from the first device to the second device in response to the information communicated from the second device;
  
  at the second device, attempting to derive the commitment value from the registration nonce value communicated from the first device;
  
  if the commitment value is successfully derived by the second device, generating a first secret known to the first device and a second secret known to the second device using communications between the first device and the second device over the first communication channel;
  
  from the first device, producing first information derived from the first secret;
  
  from the second device, producing second information derived from the second secret;
  
  using a communication channel other than the first communication channel, comparing the first information and the second information in a manner sufficient to assure a third party that the first secret and the second secret are the same; and
  
  enabling the first and second device to use the first and second secrets upon the third party being assured that the first secret and the second secret are the same.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the first device and the second device generate the first and second secrets using Diffie-Hellman key exchange.
  - 3. The method of claim 1 wherein:
    - the first information is derived from a hash of the first secret; and
      
      the second information is derived from a hash of the second secret.
  - 4. The method of claim 1 wherein the first information comprises a credential.

5. A method for registering a first device with a second device, comprising the steps of:
- (a) engaging a trigger coupled to the first device, wherein the trigger is a switch or a button;
  
  (b) detecting at the second device that the trigger coupled to the first device has been engaged;
  
  (c) after step (b), communicating a commitment value from the first device to the second device over a first communication channel, wherein said commitment value is derived from a security value known to the first device;
  
  (d) communicating from the second device to the first device over the first communication channel, information for use in generating a first secret;
  
  (e) after step (d), communicating a security value from the first device to the second device;
  
  (f) at the second device, attempting to derive the commitment value communicated to the second device at step (c) from the security value communicated to the second device at step (e) and terminating registration if the commitment value is not correctly derived from the security value;
  
  (g) generating the first secret at the first device and a second secret at the second device;
  
  (h) from the first device, on a communication channel other than the first communication channel, validating first verification information related to the first secret;
  
  (i) from the second device, on a communication channel other than the first communication channel, validating second verification information related to the second secret; and
  
  (j) enabling the first and second devices to use the first and second secrets upon a third party being assured that the first secret and the second secret are the same.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method of claim 5 wherein the commitment value is a hash of the security value.
  - 7. The method of claim 5 wherein the first verification information is a hash value derived from the first secret and the security value.
  - 8. The method of claim 7 wherein the first verification information is a hash value derived from a catenation of the first secret with the security value.
  - 9. The method of claim 5 wherein the length of the first verification information is shorter than a length needed to provide an identical level of security in a method that does not utilize a commitment value.
  - 10. The method of claim 5 wherein the first verification information comprise a credential.

11. A device capable of registering with an other device, comprising:
- a trigger coupled to the device, the trigger comprising a switch or a button;
  
  an interface to a first communication channel associated with a first communication method;
  
  an interface to a second communication channel associated with a communication method other than the first communication method; and
  
  a registration process that (1) initiates communication with the other device over the first communication channel upon engagement of the trigger coupled to the device and acknowledgement at the other device that the trigger has been engaged, (2) receives a hash of a security value from the other device using the first communication channel, (3) receives a security value from the other device using the first communication channel and terminates registration if a generated hash of the security value received from the other device differs from the hash received at step (2), (4) generates a first secret that is to-be-shared with the other device using the first communication channel, (5) validates on the second communication channel verification information derived from the to-be-shared secret, and (6) is enabled to use the to-be-shared secret upon receipt of an indication that a third party is assured that the first secret is shared with the other device.
- View Dependent Claims (12, 13, 14)
- - 12. The device of claim 11 wherein the device generates the first secret using a Diffie-Hellman key exchange.
  - 13. The device of claim 11 wherein the verification information is derived from a hash of the first secret.
  - 14. The device of claim 11 wherein the verification information comprises a credential.

15. A device capable of registering with an other device, comprising:
- a trigger coupled to the device;
  
  an interface to a first communication channel associated with a first communication method;
  
  an interface to a second communication channel associated with a communication method other than the first communication method; and
  
  a registration process that (1) initiates communication with the other device over the first communication channel upon engagement of the trigger coupled to the device, (2) receives, on the first communication channel, a commitment value derived from a security value;
  
  (3) produces, on the first communication channel, information for use in generating a shared secret;
  
  (4) after step (3), receives a security value on the first communication channel;
  
  (5) attempts to derive the commitment value received at step (2) from the security value received at step (4) and, if the commitment value is not successfully derived from the security value, terminates the registration process;
  
  (6) generates a first secret to-be-shared with the other device, (7) communicates on the second communication channel verification information related to the first secret, and (8) is enabled to use the first secret upon receipt of an indication that a third party is assured that the first secret is shared with the other device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15 wherein the commitment value is a hash of the security value.
  - 17. The device of claim 15 wherein the verification information is a hash value derived from the first secret and the security value.
  - 18. The device of claim 17 wherein the verification information is a hash value derived from the catenation of the first secret with the security value.
  - 19. The device of claim 15 wherein the length of the verification information is shorter than a length needed to provide an identical level of security in a method that does not utilize a commitment value.
  - 20. The method of claim 15 wherein the verification information is a credential.

21. A server capable of registering a device to a network, comprising:
- an interface to a first communication channel associated with a first communication method;
  
  an interface to a second communication channel associated with a communication method other than the first communication method; and
  
  a registration process that (1) derives a commitment value from a registration nonce by computing a hash of the registration nonce and communicates the commitment value to the device on the first communication channel upon detecting that a trigger coupled to the device has been engaged;
  
  (2) after step (1), communicates a registration nonce to the device on the first communication channel;
  
  (3) upon determining that the device has successfully derived the commitment value from the registration nonce, generates a first secret that is to be shared with the device using the first communication channel;
  
  (4) validates verification information derived from the first secret on the second communication channel; and
  
  (5) enables the network to use the first secret upon receipt of an indication that a third party is assured that the first secret is shared with the device.
- View Dependent Claims (22, 23, 24)
- - 22. The server of claim 21 wherein the sewer generates the first secret using Diffie-Hellman key exchange.
  - 23. The server of claim 21 wherein the verification information is derived from a hash of the first secret.
  - 24. The server of claim 21 wherein the verification information comprises a credential.

25. A server capable of registering a device to a network, comprising:
- an interface to a first communication channel associated with a first communication method;
  
  an interface to a second communication channel associated with a communication method other than the first communication method; and
  
  a registration process that (1) determines that the registration process has been initiated at the device by detecting that a trigger physically coupled to the device has been engaged;
  
  (2) after step (1), communicates to the device over the first communication channel a commitment comprising information derived from a security value;
  
  (3) communicates to the device over the first communication channel information for use in generating a shared secret;
  
  (4) after step (3), communicates the security value to the device over the first communication channel and terminates the registration process upon an indication from the device that the device has unsuccessfully attempted to derive the commitment communicated at step (2) from the security value;
  
  (5) generates a first secret to-be-shared with the device;
  
  (6) communicates over the second communication channel verification information related to the secret; and
  
  (7) enables the network to use the first secret upon receipt of an indication that a third party is assured that the first secret is shared with the device.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The server of claim 25 wherein the commitment is a hash of the security value.
  - 27. The server of claim 25 wherein the verification information is a hash value derived from the secret and the security value.
  - 28. The server of claim 27 wherein the verification information is a hash value derived from the catenation of the first secret with the security value.
  - 29. The server of claim 25 wherein the length of the verification information is shorter that a length needed to provide an identical level of security in a method that does not utilize a commitment.
  - 30. The method of claim 25, wherein the verification information comprises a credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zick, Donald A.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/813,357
Publication Number

US 20050223230A1
Time in Patent Office

1,651 Days
Field of Search

713/171, 713/169
US Class Current

713/171
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/18   using different networks or...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0869   involving random numbers or...

H04L 9/3013   involving the discrete loga...

H04L 9/321   involving a third party or ...

H04L 9/3236   using cryptographic hash fu...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 12/122   Counter-measures against at...

Asynchronous enhanced shared secret provisioning protocol

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Asynchronous enhanced shared secret provisioning protocol

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links