WO2005101722A3 - Asynchronous enhanced shared secret provisioning protocol - Google Patents

Asynchronous enhanced shared secret provisioning protocol Download PDF

Info

Publication number
WO2005101722A3
WO2005101722A3 PCT/US2005/009079 US2005009079W WO2005101722A3 WO 2005101722 A3 WO2005101722 A3 WO 2005101722A3 US 2005009079 W US2005009079 W US 2005009079W WO 2005101722 A3 WO2005101722 A3 WO 2005101722A3
Authority
WO
WIPO (PCT)
Prior art keywords
devices
asynchronous
shared secret
provisioning protocol
esspp
Prior art date
Application number
PCT/US2005/009079
Other languages
French (fr)
Other versions
WO2005101722A2 (en
Inventor
Donald A Zick
Original Assignee
Interlink Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Interlink Networks Inc filed Critical Interlink Networks Inc
Publication of WO2005101722A2 publication Critical patent/WO2005101722A2/en
Publication of WO2005101722A3 publication Critical patent/WO2005101722A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man­ in-the-middle attacker involved in the key exchange.
PCT/US2005/009079 2004-03-31 2005-03-18 Asynchronous enhanced shared secret provisioning protocol WO2005101722A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/813,357 US7434054B2 (en) 2004-03-31 2004-03-31 Asynchronous enhanced shared secret provisioning protocol
US10/813,357 2004-03-31

Publications (2)

Publication Number Publication Date
WO2005101722A2 WO2005101722A2 (en) 2005-10-27
WO2005101722A3 true WO2005101722A3 (en) 2006-12-21

Family

ID=35055754

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/009079 WO2005101722A2 (en) 2004-03-31 2005-03-18 Asynchronous enhanced shared secret provisioning protocol

Country Status (2)

Country Link
US (2) US7434054B2 (en)
WO (1) WO2005101722A2 (en)

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7889052B2 (en) 2001-07-10 2011-02-15 Xatra Fund Mx, Llc Authorizing payment subsequent to RF transactions
US7725427B2 (en) 2001-05-25 2010-05-25 Fred Bishop Recurrent billing maintenance with radio frequency payment devices
US9031880B2 (en) * 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US7705732B2 (en) 2001-07-10 2010-04-27 Fred Bishop Authenticating an RF transaction using a transaction counter
US8548927B2 (en) 2001-07-10 2013-10-01 Xatra Fund Mx, Llc Biometric registration for facilitating an RF transaction
US9024719B1 (en) 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US8284025B2 (en) 2001-07-10 2012-10-09 Xatra Fund Mx, Llc Method and system for auditory recognition biometrics on a FOB
US7543738B1 (en) * 2001-07-10 2009-06-09 American Express Travel Related Services Company, Inc. System and method for secure transactions manageable by a transaction account provider
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US7735725B1 (en) 2001-07-10 2010-06-15 Fred Bishop Processing an RF transaction using a routing number
US7668750B2 (en) 2001-07-10 2010-02-23 David S Bonalle Securing RF transactions using a transactions counter
US20040236699A1 (en) 2001-07-10 2004-11-25 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
US6805287B2 (en) 2002-09-12 2004-10-19 American Express Travel Related Services Company, Inc. System and method for converting a stored value card to a credit card
US7398550B2 (en) * 2003-06-18 2008-07-08 Microsoft Corporation Enhanced shared secret provisioning protocol
US7580398B2 (en) * 2004-06-30 2009-08-25 Canon Kabushiki Kaisha Information processing device, printing device, printing system, system setting method, storage medium storing computer-readable program, and program
US7318550B2 (en) 2004-07-01 2008-01-15 American Express Travel Related Services Company, Inc. Biometric safeguard method for use with a smartcard
US8146142B2 (en) * 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US7757274B2 (en) * 2005-04-05 2010-07-13 Mcafee, Inc. Methods and systems for exchanging security information via peer-to-peer wireless networks
US20070016767A1 (en) * 2005-07-05 2007-01-18 Netdevices, Inc. Switching Devices Avoiding Degradation of Forwarding Throughput Performance When Downloading Signature Data Related to Security Applications
FR2899750A1 (en) * 2006-04-10 2007-10-12 Everbee Networks Sa Common encryption key generating method for e.g. voice over Internet protocol application, involves verifying correspondence between control data displayed on terminal of one user and control data received from another user by latter user
US8171302B2 (en) * 2006-05-30 2012-05-01 Hewlett-Packard Development Company, L.P. Method and system for creating a pre-shared key
JP5138970B2 (en) * 2006-12-20 2013-02-06 リプレックス株式会社 System, server, information terminal, operating system, middleware, information communication device, authentication method, system, and application software
US7933413B2 (en) * 2007-02-02 2011-04-26 Microsoft Corporation Key exchange verification
US20080222543A1 (en) * 2007-03-09 2008-09-11 Naono Norihiko Information terminal, server and information processing method
US20080219427A1 (en) * 2007-03-09 2008-09-11 Naono Norihiko Information terminal, server and communication method and method for selecting a communication service
US20080288462A1 (en) * 2007-05-16 2008-11-20 Naono Norihiko Database system and display method on information terminal
JP2008312048A (en) * 2007-06-15 2008-12-25 Ripplex Inc Authentication method of information terminal
JP2009003690A (en) * 2007-06-21 2009-01-08 Ripplex Inc System, server, and information terminal
JP2009005202A (en) * 2007-06-25 2009-01-08 Ripplex Inc Information exchange device
JP2009157737A (en) * 2007-12-27 2009-07-16 Ripplex Inc Server device and information terminal for sharing information
JP2010026936A (en) * 2008-07-23 2010-02-04 Ripplex Inc Terminal device and system for searching personal information
US8402519B2 (en) * 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US9525999B2 (en) * 2009-12-21 2016-12-20 Blackberry Limited Method of securely transferring services between mobile devices
US20150095493A1 (en) * 2012-04-05 2015-04-02 Qualcomm Incorporated Push button configuration for hybrid network devices
KR102026898B1 (en) * 2012-06-26 2019-09-30 삼성전자주식회사 Method and apparatus for secure communication between transmitter and receiver, method and apparatus for determining the secure information
WO2014016864A1 (en) * 2012-07-23 2014-01-30 富士通株式会社 Node and communication method
CN106105131B (en) * 2014-03-12 2021-09-10 诺基亚技术有限公司 Electronic device, method, apparatus, and computer medium pairing a plurality of devices
RU2663972C1 (en) * 2015-02-27 2018-08-14 Телефонактиеболагет Лм Эрикссон (Пабл) Security assurance at connection between communication device and network device
US10887090B2 (en) * 2017-09-22 2021-01-05 Nec Corporation Scalable byzantine fault-tolerant protocol with partial tee support

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6263437B1 (en) * 1998-02-19 2001-07-17 Openware Systems Inc Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4771461A (en) 1986-06-27 1988-09-13 International Business Machines Corporation Initialization of cryptographic variables in an EFT/POS network with a large number of terminals
DE4236778A1 (en) * 1992-10-30 1994-05-05 Siemens Ag Method for connecting transmitters / receivers of a cordless communication system to form a communication-capable unit
FI105309B (en) * 1997-06-24 2000-07-14 Nokia Mobile Phones Ltd Mobile communication systems
US6825945B1 (en) 1999-05-25 2004-11-30 Silverbrook Research Pty Ltd Method and system for delivery of a brochure
FR2803974A1 (en) 2000-01-14 2001-07-20 Canon Europa Nv SUBSCRIPTION METHODS BETWEEN A MOBILE STATION AND A BASE STATION IN A TELECOMMUNICATIONS NETWORK, AND SYSTEMS IMPLEMENTING THEM
FI20000760A0 (en) 2000-03-31 2000-03-31 Nokia Corp Authentication in a packet data network
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US6820201B1 (en) * 2000-08-04 2004-11-16 Sri International System and method using information-based indicia for securing and authenticating transactions
US7181620B1 (en) * 2001-11-09 2007-02-20 Cisco Technology, Inc. Method and apparatus providing secure initialization of network devices using a cryptographic key distribution approach
US7191467B1 (en) * 2002-03-15 2007-03-13 Microsoft Corporation Method and system of integrating third party authentication into internet browser code
US20030221126A1 (en) * 2002-05-24 2003-11-27 International Business Machines Corporation Mutual authentication with secure transport and client authentication
US20080301298A1 (en) * 2002-07-29 2008-12-04 Linda Bernardi Identifying a computing device
AU2002326280A1 (en) * 2002-08-14 2004-03-19 Agency For Science, Technology And Research A method of generating an authentication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6263437B1 (en) * 1998-02-19 2001-07-17 Openware Systems Inc Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks

Also Published As

Publication number Publication date
US7434054B2 (en) 2008-10-07
WO2005101722A2 (en) 2005-10-27
US20050223230A1 (en) 2005-10-06
US20090037737A1 (en) 2009-02-05
US8433903B2 (en) 2013-04-30

Similar Documents

Publication Publication Date Title
WO2005101722A3 (en) Asynchronous enhanced shared secret provisioning protocol
Krawczyk et al. The OPTLS protocol and TLS 1.3
Ying et al. Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography
Chen et al. Server-aided public key encryption with keyword search
Xue et al. A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture
WO2020133655A1 (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
Xie et al. Chaotic maps-based three-party password-authenticated key agreement scheme
CN101917270B (en) Weak authentication and key agreement method based on symmetrical password
WO2008030523A3 (en) Real privacy management authentication system
WO2007121190A3 (en) Method and apparatus for binding multiple authentications
NO20080532L (en) Distributed simple log-on service
JP2015180092A5 (en)
WO2007111710A3 (en) Method and apparatus for providing a key for secure communications
CN103023911B (en) Trustable network equipment access trustable network authentication method
CN104735068A (en) SIP security authentication method based on commercial passwords
Saied et al. A distributed approach for secure M2M communications
WO2007092080A3 (en) Authenticating mobile network provider equipment
MX2010003403A (en) Authentication method and framework.
WO2011017099A3 (en) Secure communication using asymmetric cryptography and light-weight certificates
WO2008054375A3 (en) Constrained cryptographic keys
WO2009048574A3 (en) Secure wireless communication
SG143127A1 (en) Client credential based secure session authentication method and apparatus
WO2009126209A3 (en) Methods and apparatus for authentication and identity management using a public key infrastructure (pki) in an ip-based telephony environment
Liu et al. Cryptanalysis of a SIP authentication scheme
WO2009053818A3 (en) Method and apparatus for providing secure linking to a user identity in a digital rights management system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC OF 190107

122 Ep: pct application non-entry in european phase