Systems and methods for authenticating communications in a network medium
Abstract
Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authenticate data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for securing a communication over a network medium between at least two devices, comprising:
transmitting pre-authentication information from a first device to a second device over a location-limited channel; and using the pre-authentication information secured by the second device to authenticate the communication from the first device.
2 . The method of claim 1 , wherein transmitting pre-authentication information includes sending a digest of an authenticator from the first device to the second device.
3 . The method of claim 2 , wherein sending the digest of the authenticator includes sending a public key, or a digest of the public key.
4 . The method of claim 2 , wherein sending the digest of the authenticator includes sending a digest of a secret.
5 . The method of claim 3 , wherein using the pre-authentication information by the second device to authenticate the communication over the network medium includes using a key exchange protocol in the network medium.
6 . The method of claim 1 , wherein transmitting the pre-authentication information over a location-limited channel includes:
sending a commitment including at least a commitment to a first secret and a commitment to a meaningful message from the first device to the second device; responding to the commitment from the first device by sending a commitment including at least a commitment to a second secret and a commitment to a meaningless message from the second device to the first device; acknowledging receipt of the commitment of the second device by the first device; and acknowledging receipt of the commitment of the first device by the second device.
7 . The method of claim 1 , wherein transmitting pre-authentication information includes exchanging at least one public key between the first device and the second device.
8 . The method of claim 1 , further comprising using an infra-red channel as the location-limited channel.
9 . The method of claim 1 , further comprising using an audio channel as the location-limited channel.
10 . A method of securing a communication over a network medium among a group of devices, comprising:
designating at least one device of the group as a group manager; exchanging pre-authentication information between the group manager and other devices of the group using a broadcast location-limited channel; and using the exchanged pre-authentication information secured by the group manager and the other devices to authenticate the communication over the network medium.
11 . The method of claim 10 , further comprises using the network medium to distribute a group key information from the group manager to the other devices in the group.
12 . The method of claim 10 , further comprising:
receiving a new device into the group of devices; exchanging pre-authentication information between the group manager and the new device using the broadcast location-limited channel; and using the exchanged pre-authentication information secured by the group manager and the new device to authenticate the communication over the network medium between the group manager, the group of devices and the new device.
13 . The method of claim 10 , wherein, when a device leaves the group of devices, the method further comprises:
nullifying pre-authentication information of the group manager with respect to remaining ones of the other devices of the group; distributing new pre-authentication information by the group manager to the remaining devices in the group; using the distributed pre-authentication information by the group manager and the remaining ones of the devices of the group to authenticate the communication between the group manager and the remaining ones of the devices of the group.
14 . The method of claim 13 , further comprises using the network medium to distribute a new group key information from the group manager to the remaining ones of the devices of the group.
15 . A method of authenticating a communication over a network medium among a group of devices, comprising:
exchanging pre-authentication information between each device and other devices in the group over a broadcast location-limited channel; using the pre-authentication information of a selected device for communication that is secured by a communicating device to authenticate the communication over the network medium with the selected device.
16 . The method of claim 15 , wherein exchanging pre-authentication information comprises using a group key exchange protocol to exchange keys among the devices of the group, wherein the pre-authentication information received from a given device of the group a device is used to authenticate a key from that device.
17 . The method of claim 16 , wherein exchanging preauthorization information comprises using a Diffie-Hellman key exchange protocol as the group key exchange protocol.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.