US20030149874A1 - Systems and methods for authenticating communications in a network medium - Google Patents
Systems and methods for authenticating communications in a network medium Download PDFInfo
- Publication number
- US20030149874A1 US20030149874A1 US10/066,699 US6669902A US2003149874A1 US 20030149874 A1 US20030149874 A1 US 20030149874A1 US 6669902 A US6669902 A US 6669902A US 2003149874 A1 US2003149874 A1 US 2003149874A1
- Authority
- US
- United States
- Prior art keywords
- group
- devices
- authentication information
- wireless device
- location
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000004891 communication Methods 0.000 title claims description 98
- 238000000034 method Methods 0.000 title claims description 50
- 230000003993 interaction Effects 0.000 abstract description 3
- 230000005540 biological transmission Effects 0.000 description 6
- 238000013459 approach Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 241000282412 Homo Species 0.000 description 1
- 230000004397 blinking Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000002604 ultrasonography Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G06F21/43—User authentication using separate channels for security data wireless channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/168—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- This invention relates to systems and methods for authenticating a communication between at least two devices that is transmitted using a network medium.
- the network medium includes wired networks and wireless networks. Information transmitted over the network medium may be accessible to others. However, users typically desire that such information received not be available to others.
- FIG. 1 illustrates an example where a user 110 is in a public place that is accessible to others.
- the user 110 wants to print a sensitive document that the user 110 just received on the user's wireless device 112 .
- the user 110 may have access to a number of printers 122 , 124 , 126 or 128 with wireless capabilities by various companies, some of which may be familiar to the user 110 and some which may not be familiar.
- the user 110 wants to choose a particular printer such as, for example, a first printer 122 , and further wants to ensure that the user's wireless device 112 prints to that first printer 122 and to no other printers 124 , 126 , 128 or any other device. Additionally, the user 110 wants to ensure that no other person 130 within the wireless transmission range of the wireless device 112 , can learn the contents of the sensitive document.
- the user 110 needs to let the wireless device 112 know how to find the first printer 122 over a wireless medium, such as a wireless network.
- a wireless medium such as a wireless network.
- the user 110 may use to find the first printer 122 . Assuming each printer has a unique name, the user 110 may type the name of the first printer 122 into the user's wireless device 112 . Alternatively, the user 110 may have access to a discovery protocol, where the user 110 may pick the first printer 122 out of a list of printers. But the wireless device 112 should guarantee that it is actually talking to the first printer 122 and that the communication is secure.
- the wireless device 112 may perform a key exchange with the first printer 122 and establish an authenticated and secret channel with the first printer 122 .
- an immense public key infrastructure may be required and every printer, including potential participants of the public key infrastructure, may require a unique name with a certificate being issued by the trusted authority. This is typically very expensive. Further, an immense public key infrastructure may not be practical.
- Wired Equivalent Privacy Wired Equivalent Privacy
- Wired Equivalent Privacy the link-layer security protocol for ANSI/IEEE 802.11, also has usability issues. It requires a group of communicating wireless devices to be initialized with the same key, usually derived from a password. WEP too has been subject to security breaches.
- Another method may be to use an out-of-band mechanism for establishing security.
- Frank Stajano et al. “Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks,” 7 th International Workshop, Lecture Notes in Computer Science, Cambridge, United Kingdom, April 1999, Springer-Verlag, Berlin, Germany, describes a security model usable to regulate secure transient association between devices in ad-hoc wireless networks.
- a “mother-duckling” relationship between two devices is set up when the “mother” device establishes a shared secret with the “duckling” device through a physical contact. The shared secret enables the “duckling” device to recognize the “mother” device and be controlled by the “mother” device in future interactions.
- the “mother” device may upload an access-control policy into the “duckling” device, which determines the type of relationships that the “duckling” device may have with various other devices. More importantly, the shared secret allows the “mother” and “duckling” devices to securely communicate.
- FIG. 2 illustrates one exemplary embodiment where several users 221 , 223 , 225 and 227 with wireless devices 201 , 203 , 205 and 207 , such as a laptop computers with wireless capabilities, are located within a locality, such as a conference room at a conference center.
- the users 221 , 223 , 225 and 227 desire to exchange various sensitive documents among themselves using the wireless devices 201 , 203 , 205 and 207 .
- the radio frequencies in which the wireless devices operate penetrate the conference room walls.
- the sensitive documents are subject to capture by potential eavesdroppers 222 , 224 and 226 lurking in the corridors or the next conference room.
- the users 221 , 223 , 225 and 227 want to contain the information within the conference room perimeter. However, the properties of the wireless network prevents them from doing so.
- This invention provides systems and methods that allow a communication between a plurality of devices to be secured.
- This invention separately provides systems and methods for authenticating wireless communications between a plurality of devices.
- This invention separately provides systems and methods that allow pre-authentication information to be transmitted between a plurality of devices.
- This invention further provides systems and methods that are location-limited communication channels to transmit the pre-authentication information between the plurality of devices.
- a first device sends pre-authentication information to a second device over a location-limited channel.
- a second device responds by sending its pre-authentication information to the first device over the location-limited channel.
- the pre-authentication information includes sending one or more of a public key, digest of an authenticator, such as a public key, a secret or the like.
- the location-limited channel includes one or more channels such as an infra-red channel , an audio channel and the like.
- At least one device is designated as a group manager.
- the group manager uses a location-limited channel to exchange pre-authentication information with the remaining devices in the group.
- the group manager and the remaining devices authenticate communication over a network medium using exchanged pre-authentication information.
- the pre-authentication information includes a commitment to a secret sent by the first device to the second device, along with a commitment to its first, meaningful, message.
- the second device reciprocates by sending a commitment to its secret, along with a commitment to its first, meaningless, message to the first device.
- Each device in turn then acknowledges the message received from the other device over the location-limited channel.
- the devices continue to communicate over the wireless link in this fashion, producing an exchange of messages from the legitimate sender that is secure.
- communication over the network medium is secured between a group of devices.
- At least one device is designated as a group manager.
- the group manager uses a location-limited channel to exchange pre-authentication information between the group manager and the remaining devices in the group.
- the group manager and the devices in the group authenticates communication over the network medium using the exchanged pre-authentication information.
- communication over the network medium is secured among a group of devices.
- Each device exchanges pre-authentication information with one or more other devices in the group.
- a communicating device uses the exchanged pre-authentication to authenticate a communication over the network medium with one or more selected devices.
- FIG. 1 illustrates one exemplary situation in which the systems and methods according to this invention may be used
- FIG. 2 illustrates a second exemplary situation in which the systems and methods according to this invention may be used
- FIG. 3 illustrates one exemplary embodiment of a communication authenticating system according to this invention
- FIG. 4 illustrates one exemplary embodiment of a wireless device according to this invention
- FIG. 5 is a flowchart outlining a first exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention
- FIGS. 6 A- 6 C are a flowchart outlining a second exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention.
- FIGS. 7 - 9 illustrate an exemplary embodiment of a communication authenticating system for a group of devices according to this invention
- FIG. 10 is a flowchart outlining a third exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention.
- FIG. 11 is a flowchart outlining a fourth exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention.
- pre-authenticating a number of wireless devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions.
- This may also include a bootstrap to a key exchange protocol that is used to set up an encrypted channel.
- a public key is committed to on the pre-authentication channel.
- a key exchange protocol using public key cryptography is used in the main wireless link to establish secure communications. Due to pre-authenticating the wireless devices using public keys, the types of media usable as location-limited channels do not need to be immune to eavesdropping and can include, for example, audio and/or infra-red channels.
- pre-authenticating the wireless devices using public keys allows a range of public-key-base key exchange protocols which can authenticate wireless devices to be used.
- a large range of location-limited channel types, devices and protocols can be used in various applications.
- an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access the ad-hoc exchange, wired network or wireless network, as opposed to a passive attack, such as eavesdropping, on the location-limited channel or active or a passive attack on the wireless channel.
- a passive attack such as eavesdropping
- FIG. 3 illustrates one exemplary embodiment of a wireless system 300 that authenticates communication in a network medium, such as an ad-hoc wireless network.
- a network medium such as an ad-hoc wireless network.
- the first wireless device 310 includes a location-limited channel receiver/transmitter 312 and a main wireless link receiver/transmitter 314 .
- the second wireless device 320 includes a location-limited channel receiver/transmitter 322 and a main wireless link receiver/transmitter 324 .
- the first and second wireless devices each has a main wired link receiver/transmitter, such as Transport Control Protocol/Internet Protocol (TCP/IP) sockets or any other known or later developed wired network receivers/transmitter.
- TCP/IP Transport Control Protocol/Internet Protocol
- the first and second wireless devices have both a main wireless link and a main wired link.
- the first wireless device 310 initiate communication with the second wireless device 320 , the first wireless device 310 initially sends pre-authentication information through the location-limited channel receiver/transmitter 312 to the second wireless device 320 via the location-limited channel 330 .
- the second wireless device 320 receives the pre-authentication information from the first wireless device 310 through the location-limited channel receiver/transmitter 322 .
- the first wireless device 310 does not need to send pre-authentication information to the second wireless device 320 .
- a wireless device that does not mutually exchange pre-authentication information with another wireless device cannot authenticate the communication received from the other wireless device. Thus, that wireless device is unprotected against attacks by an eavesdropper.
- the second wireless device 320 responds by sending additional pre-authentication information through the location-limited channel receiver/transmitter 322 to the wireless device 310 via the location-limited channel 330 .
- the first wireless device 310 receives the pre-authentication information through its location-limited channel receiver/transmitter 312 . With the pre-authentication information exchanged between the first and second wireless device 310 and 320 , the first wireless device 310 uses the main wireless link receiver/transmitter 314 to communicate with the second wireless device 320 via the main wireless link 340 . The second wireless device 320 uses its main wireless link receiver/transmitter 324 to communicate with the first wireless device 310 via the main wireless link 340 .
- each of the first and second wireless devices 310 and 320 authenticates the communication of the other wireless device 320 and 310 , respectively, using the received pre-authentication information received from that other wireless device 320 or 310 , respectively.
- FIG. 4 illustrates one exemplary embodiment of a wireless device 400 for authenticating communication in a network medium that is usable as either of the first or second wireless devices 310 or 320 .
- the wireless device 400 may be a Personal Digital Assistant (PDA), a laptop computer with wireless capability, a wireless hand held computer, a BlackberryTM device, a printer with wireless capability, a wireless phone or any other known or later developed wireless-capable device.
- the wireless device 400 includes a processor 410 , a memory 420 , an input/output (I/O) interface 430 , a location-limited channel receiver/transmitter 442 and a main wireless link receiver/transmitter 444 .
- I/O input/output
- the processor 410 may be a microprocessor, a microcontroller, a digital signal processor (DSP), an arithmetic logic unit (ALU), an application specific integrated circuit (ASIC) and the like.
- the memory 420 may include volatile memory and/or non-volatile memory, including one or more of random access memory (RAM), read only memory (ROM), Flash memory, a soft or a hard disk drive, an optical disk drive and the like.
- the memory 420 stores an operating system 422 , a wireless application 424 , an authentication application 426 and an authenticator 428 .
- the operating system 422 may be a customized basic I/O system, any known or later developed commercially available operating system or the like.
- the operating system 422 provides the computer instructions which, when executed by the processor 410 , programs and controls various I/O controllers including the I/O interface 430 of the wireless device 400 .
- the operating system 422 also provides the computer instructions that stores the wireless application 424 , the authentication application 426 and the authenticator 428 in a retrievable manner.
- the wireless application 424 provides computer instructions which, when executed by the processor 410 , allows the wireless device 400 to communicate with a wireless network through the main wireless link receiver/transmitter 444 connected to a main wireless link interface 434 of the I/O interface 430 .
- the wireless application 424 may be BluetoothTM, ANSI/IEEE 802.11, or any other known or later developed wireless communication media.
- the main wireless link interface 434 and the main wireless link receiver/transmitter 444 can be implemented using any known or later developed wireless communication circuit or structure.
- a wireless receiver/transmitter and interface used in a wireless network can be used as the main wireless link interface 434 and the main wireless link receiver/transmitter 444 .
- the wireless device has main wired link interface and main wireless link receiver/transmitter such as TCP/IP interface and socket or both the main wireless link interface and transmitter, and main wired interface and receiver/transmitter.
- the location-limited channel receiver/transmitter 442 is separate from the main wireless link receiver/transmitter 444 .
- a suitable location-limited channel receiver/transmitter 442 has at least two properties in order to send and receive pre-authentication information of the wireless devices. The first such property is a demonstrative property.
- a suitable location-limited channel receiver/transmitter 442 has physical limitations in its transmissions. For example, sound, whether in the audible and/or in the ultrasonic range, which has a limited transmission range and broadcast characteristics, may be used as a location-limited channel for a group of wireless devices.
- a location-limited channel with directionality such as an infra-red channel may be used.
- the demonstrative property allows for communication across a location-limited channel to “name” a target device or group of devices based on the physical relationships between the devices and the limited locations accessible through the location-limited channel.
- the second property is authenticity.
- the second property only requires that the pre-authentication information be authentic.
- This property ensures that pre-authentication information exchanged over the location-limited channel allows the exchanging wireless devices to securely authenticate each other over the main wireless link, even in the presence of eavesdroppers. If the participants use the location-limited channel to exchange their public keys as pre-authentication information, an attack by an eavesdropper on location-limited channel does not matter because the eavesdropper does not know the participants' private keys. The participants will authenticate each other over the main wireless link by proving possession of their corresponding private keys as part of a key exchange protocol. Thus, the eavesdropper will not be able to impersonate any of the participants.
- a location-limited channel receiver/transmitter Another property of a location-limited channel receiver/transmitter is that the location-limited channel is difficult to attack without the attack being detected by at least one legitimate participant (human or device).
- a receiver/transmitter that uses infra-red, sound, whether audio and/or ultrasound, and/or near-field signaling across the body, such as that described in, for example, T. G. Zimmerman, “Personal Area Networks: Near-field intrabody communication”, IBM Systems Journal, 35(3&4): p609-617, 1996, which is incorporated herein by reference in its entirety.
- Detecting the attack may not require that the devices transmitting on the location-limited channel be identified. Instead, for example, detecting the attack may merely depend on one's ability to count. Thus, if two wireless devices are attempting to communicate, and the communication is successful, as indicated, for example, by the lights on the target device blinking, or by the human that is using a laptop computer indicating that the communication was successful, then the number of legitimate participants are known. If extra, illegitimate, participants are detected, for example, by the laptop indicating that a third participant has joined the communication, the communication may simply be aborted by the legitimate participants.
- the pre-authentication information is used to authenticate the received authenticator 428 .
- the authenticator 428 may be a key, a secret, or the like.
- the key may be either a long-lived key or an ephemeral key. An ephemeral key is created afresh for each new session or during a session. The choice is usually based on the application in which the key is being used. In either case, the key does not require certification by a trusted authority. However, if the key exchange protocol chosen requires an exchange of certificates, the certificate may be self-signed by the wireless device 400 .
- the amount of information exchanged across the location-limited channel is a small fraction of the amount of information sent across the main wireless link because the location-limited channel usually has limited data rate.
- One method of reducing the size of the pre-authentication information is to use cryptographically-secure hash functions, such as, for example, Secure Hash Algorithm-1 (SHA-1), which may be part of the authentication application 426 .
- SHA-1 Secure Hash Algorithm-1
- the participants need not actually exchange their complete public keys as pre-authentication information. Instead the participants send commitments of the keys, for example, by exchanging digests of the keys.
- the participants exchange commitments to their public keys across a chosen location-limited channel. In doing so, each participant is able to identify whom that participant is communicating with.
- the wireless device 400 communicates with another wireless device using the main wireless link receiver/transmitter 444 .
- the wireless device 400 uses the authentication application 426 , which may include various established public-key-based key exchange protocol, such as the commercially available Secure Socket Layer/Transport Layer Security (SSL/TLS), Secure Key Exchange Mechanism (SKEME), Internet Key Exchange (IKE) or any other known or later developed public-key based exchange protocol, to prove possession of the private key, which corresponds to the public key committed during the pre-authentication information exchange.
- SSL/TLS Secure Socket Layer/Transport Layer Security
- SKEME Secure Key Exchange Mechanism
- IKE Internet Key Exchange
- the wireless device 400 exchanges the complete public key over the main wireless link.
- the key exchange may either be prefixed to protocol execution, or, as in Socket Layer/Transport Layer Security (SSL/TLS), occurs naturally as a standard part of the key exchange protocol.
- SSL/TLS Socket Layer/Transport Layer Security
- the keys are authenticated by the fact that they were the ones committed to across the location-limited channel.
- the wireless device 400 having authenticated the other wireless device's public keys, proceed with the exchange protocol on the main wireless link.
- FIG. 5 is a flowchart outlining one exemplary embodiment of a method for authenticating a communication over a network medium between a first wireless device and a second wireless device.
- the first wireless device contains a first public key PK 1 .
- the second wireless device contains a second public key PK 2 .
- step S 110 operation continues to step S 110 , where first wireless device sends a commitment to the public key PK 1 using a location-limited channel to a second wireless device. This is at least a part of the exchange of pre-authentication information over the location-limited channel.
- the commitment can be the public key itself, a certificate, or a digest of the public key.
- step S 120 in response to receiving the commitment to the public key PK 1 from the first wireless device, the second wireless device sends a commitment to the public key PK 2 over the location-limited channel, which is received by the first wireless device.
- the first wireless device may also receive the address of the second wireless device to provide for communication over the main wireless link. It should be appreciated that additional amounts or rounds of information exchange over the location limited channel can be performed if desired. Operation then continues to step S 130 .
- step S 130 the first wireless device sends the public key PK 1 to the second wireless device using the wireless main link.
- step S 140 the second wireless device sends its public key PK 2 to the first wireless device and the exchange of keys take place.
- step S 150 the first wireless device authenticates the public key PK 2 received from the second wireless device and compares the public key PK 2 against the commitment received in the pre-authentication information stage.
- the authentication of the received public key PK 2 is performed using a key exchange protocol, such as those illustrated in FIG. 4, that proves ownership of a private key corresponding to the public key.
- the second wireless device In the event that the second wireless device is using a secret S 2 when the first wireless device sends its public key PK 1 across the wireless main link the second wireless device verifies the public key PK 1 against the commitment, and uses it to encrypt its secret S2 and returns the result EPK 1 (S 2 ) to the first wireless device. Authentication is performed by the second wireless device's ability to produce the secret S 2 , and the first wireless device's ability to decrypt the result EPK 1 (S 2 ). Operation then continues to step S 160 .
- step S 160 a determination is made whether the commitment for the public key PK 2 previously received from the second wireless device matches the received public key PK 2 . If so, operation continues to step S 170 . Otherwise, operation jumps to step S 180 .
- step S 170 the first wireless device resumes communication with the second wireless device over the main wireless link using the symmetric key agreed upon during the key exchange protocol to encrypt the communication. Operation then jumps to step S 190 .
- step S 180 if the first wireless device cannot authenticate the public key PK 2 of the second wireless device the first wireless device terminates the communication with the second wireless device. Operation then continues to step S 190 , where the method ends.
- the first wireless device includes an arbitrary secret S 1, such as a random number.
- S 1 a cryptographic digest h
- the first wireless device may also transmit its address, such as an IP address and port number, a Bluetooth device address, a user-friendly name or any other appropriate information to provide for communication at the main wireless link.
- FIGS. 6 A- 6 C are a flowchart outlining one exemplary embodiment of a method that complements an improved Guy Fawkes protocol that provides for interactive communication. This method may be used where the wireless devices have limited computational resources, such that public key operations are infeasible, and the location-limited channel does not provide a trusted exchange of secret data.
- Guy Fawkes protocol An example of a conventional Guy Fawkes protocol is described in Anderson et al., “A New Family of Authentication Protocols”, ACMOSR: ACM Operating Systems Review, 32, 1998. Initially designed for authenticating digital streams the Guy Fawkes protocol assumes that parties A and B want to exchange streams, comprising sequential blocks A 0 ,A 1 ,A 2 , . . . and B 0 ,B 1 ,B 2 , . . . respectively.
- B does the same during that step i. Assuming that B received an authenticated packet P. B authenticates the packet Pi as soon as B receives it, because the packet Pi contained the digest n(a 1+1 ). It should be appreciated that this does not hold if A and B do not execute in lock-step. Thus, this protocol requires both A and B to know, one step ahead of time, what they want to say next, which makes the protocol unsuitable for interactive exchanges.
- step S 200 begins in step S 200 and continues to step S 205 , where a counter N is set to 1.
- step S 210 a first wireless device sends an N th communication that includes a digest of its N th secret (authenticator) that will be used to authenticate its N th message together with a digest of its N th message over a location-limited channel to a second wireless device.
- N th secret authentication
- step S 215 the second wireless device sends an N th communication that includes a digest of its N th secret that will be used to authenticate its N th message together with a digest of its N th message over the location-limited channel to the first wireless device. Operation then continues to step S 220 .
- step S 220 the first wireless device sends a digest of the N th communication of the second wireless device and the first wireless device's N th secret to the second wireless device.
- step 225 the second wireless device sends a digest of the N th communication of the first wireless device and the second device's N th secret to the first wireless device.
- step S 230 a determination is made by one or both of the first and second wireless devices whether to terminate the communication. If either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S 320 . Otherwise, the communication continues and operation continues to step S 235 .
- step S 235 the first wireless device continues the communication over a main wireless link.
- the first wireless device sends an N th message which is meaningful, and a digest of its (N+1) th secret that will be used to authenticate its (N+1) th message together with an (N+1) th communication that includes a digest of the (N+1) th message to the second wireless device.
- the second wireless device sends an N th message which is meaningless, and a digest of its (N+1) th secret that will be used to authenticate its (N+1) th message together with an (N+1) th communication that includes a digest of the (N+ 1 ) th message to the first wireless device.
- the N th message of the second wireless device is meaningless because the N th message was committed to in step S 215 , when the second wireless device did not know the N th message of the first wireless device that was transmitted in step S 210 .
- either of the wireless device can terminate the communication.
- step S 245 a determination is made by one or both of the first and second wireless devices whether to terminate the communication. In either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S 320 . Otherwise, the communication continues and operation continues to step S 250 .
- step S 250 the first wireless device sends a digest of the second wireless device's (N+1) th communication and the first wireless device's (N+1) th secret to the second wireless device.
- step S 255 the second wireless device sends a digest of the first wireless device's (N+1) th communication and the second device's (N+1) th secret to the first wireless device. Operation then continues to step S 260 .
- step S 260 the first wireless device sends an (N+1) th message which is meaningless, and a digest of its (N+2) th secret that will be used to authenticate its (N+2) th message together with a (N+2) th communication that includes a digest of the (N+2) th message to the second wireless device.
- the (N+1) th message of the first wireless device is meaningless because it is the second wireless device's turn to send a message which is meaningful.
- step S 265 the second wireless device sends an (N+1) th message which is meaningful, and a digest of its (N+2) th secret that will be used to authenticate its (N+2) th message together with a (N+2) th communication that includes a digest of the (N+2) th message to the first wireless device.
- the second wireless device sends the message that is meaningful due to the commitment made in step S 240 after the second wireless device learned of the N th message of the first wireless device that was meaningful. Operation then continues to step S 270 .
- step S 270 a determination is made by one or both of the first and second wireless devices whether to terminate the communication. In either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S 320 . Otherwise, the continues operation and continues to step S 275 .
- step S 275 the first wireless device sends a digest of the second wireless device's (N+2) th communication and the first device's (N+2) th secret to the second wireless device.
- step S 280 the second wireless device sends a digest of the first wireless device's (N+2) th communication and the second device's (N+2) th secret to the first wireless device.
- step S 285 the first wireless device sends an (N+2) th message that is meaningless, and a digest of its (N+3) th secret that will be used to authenticate its (N+3) th message together with a (N+3) th communication that includes a digest of the (N+3) th message to the second wireless device.
- the (N+2) th message is meaningless because the first wireless device was committed in step S 260 when the first wireless device had not received the (N+1) th message of the second wireless device that was meaningful. However, the first wireless device can commit to the (N+3) th message that is meaningful because the first wireless device had the (N+1) th message from the second wireless device in step S 265 that was meaningful. Operation then continues to step S 340 S 290 .
- step S 290 the second wireless device sends an (N+2) th message that is meaningless, and a digest of its (N+3) th secret that will be used to authenticate its (N+3) th message together with a (N+3) th communication including a digest of the (N+3) th message to the first wireless device.
- the (N+2) th message of the second wireless device is meaningless because the next turn to “talk” belongs to the first wireless device.
- either of the wireless devices can terminate the communication.
- step S 295 a determination is made by one or both of the first wireless device and the second wireless device whether to terminate the communication. If either of the first wireless device or the second wireless device determines to terminate the communication, operation jumps to step S 320 . Otherwise, the communication continues and operation continues to step S 300 .
- step S 300 the first wireless device sends a digest of the second wireless device's (N+3) th communication and the first device's (N+3) th secret to the second wireless device.
- step S 305 the second wireless device sends a digest of the first wireless device's (N+3) th communication and the second device's (N+3) th secret to the first wireless device.
- step S 310 the controller N is incremented by 4. Operation then returns to step S 235 .
- step S 320 operation of the method ends.
- a device designed to provide a service to anyone that requests the service does not need to authenticate the device with which it is communicating, and therefore may be the only one to send pre-authentication information.
- a device may have, for example, a passive beacon such as, for example, an Infra-red (IR) beacon or Radio frequency Identification (RFId) tag, sending pre-authentication information that is sufficient to uniquely and securely identify its active proxy in wireless space.
- IR Infra-red
- RFIDd Radio frequency Identification
- Some of the location-limited channels described with respect to FIG. 4 have broadcast capability. Using such broadcast capabilities, protocols may be constructed that provide for authenticated group communication. Applications can include networked games and meeting support and/or conferencing software.
- Audio is a medium that may provide a broadcast location-limited channel. Audio may be monitored and tracked by participants. Even if the participants in the exchange do not know what is carried in the audio messages, they can recognize the legitimate group participants that ought to be sending such audio messages. Audio may be incorporated into sounds that are already used by many pieces of software to provide feedback to participants. For example, most corporate conference call settings play a short “join tone” whenever a new participant enters a call. Such tones may be altered to also contain the participant's key information. Because designated channels designed to carry audio and/or voice information already exists, audio as a location-limited channel may be used via the telephone network.
- the broadcast characteristics of an audio channel may be used to pre-authenticate group communication.
- Each participant in the group communication broadcasts that participant's pre-authentication information over the audio channel, which is heard by all other legitimate participants.
- the preauthorization information will generally include a commitment to a public key.
- the broadcast may also be heard by attackers, but that poses no risk to the protocol's security unless those attackers also managed to broadcast their own pre-authentication information over the audio channel without detection by the legitimate participants, whether by humans or by devices.
- Any attackers so attempting to broadcast the attacker's information to mount an active attack on the location-limited channel will usually be detected by the legitimate human or device participants, because there will be an “extra” broadcast. For example, in the case of audio, there will be a broadcast from an unexpected location.
- FIGS. 7 - 9 illustrates an exemplary setting for authenticating a communication over a network medium among a group of wireless devices.
- one participant acts as the group manager 610 .
- the first participant to send pre-authenticate information becomes the group manager 610 .
- a random participant is selected as the group manager.
- the group manager 610 broadcasts pre-authentication information, such as a commitment to a group public key, or its own public key, during a pre-authentication stage to various legitimate participants 612 , 614 and 616 over a broadcast location-limited channel.
- pre-authentication information such as a commitment to a group public key, or its own public key, during a pre-authentication stage to various legitimate participants 612 , 614 and 616 over a broadcast location-limited channel.
- other parties 622 , 624 and 626 are present and have access to the wireless network.
- any attempt to send on the location-limited channel results in the detection of the attempt, because the legitimate participants are usually able to detect all transmissions on the location-limited channel, and to are able compare the number of such transmissions with the number of expected transmissions, i.e., the number of legitimate participants. If those numbers do not match, the communication may be terminated.
- each participant 612 , 614 and 616 responds to the pre-authentication broadcast information from the group manager 610 by each broadcasting that participant's own pre-authentication information, each containing a commitment to that participant's own public key, over the location-limited channel. These broadcasts are received by both the group manager 610 and the other legitimate participants 612 , 614 and 616 . After broadcasting that participant's pre-authentication information, each participant 612 , 614 , and 616 in turn makes a point-to-point connection to the group manager 610 , for example, using the address provided by the group manager 610 as part of the group manager's pre-authentication information.
- Each participant 612 , 614 , and 616 engages with the group manager 610 in a point-to-point key exchange protocol, such as, for example Socket Layer/Transport Layer Security (SSL/TLS).
- SSL/TLS Socket Layer/Transport Layer Security
- the group manager 610 gives each of the participants 612 , 614 , and 616 a copy of a shared group encryption key or keys. These keys are used to encrypt and authenticate further communication between all the participants, including the group manager 610 and the other participants 612 , 614 and 616 .
- the group manager 610 does not recognize the parties 622 , 624 and 626 as legitimate participants in the group communication. The parties 622 , 624 and 626 , therefore, will not be able to successfully create point-to-point connections on the main wireless link with the group manager, 610 . This results in the parties 622 , 624 and 626 not receiving the shared group key that would allow them to decrypt group communications between the legitimate participants including the group manager 610 and all the other participants 612 , 614 , and 616 .
- FIG. 10 is a flowchart outlining a first exemplary embodiment of a method for authenticating a communication over a network medium among a group of wireless devices.
- the method begins on step S 400 .
- Operation continues from step S 400 to step S 410 , where a group manager is selected for participants of the group.
- the group manager broadcasts its pre-authentication information over a location-limited channel to the participants of the group.
- the pre-authentication information may be a digest of a public key of the group manager.
- each participant that receives the pre-authentication information of the group manager reciprocates by sending its pre-authentication information to the group manager and the other participants.
- the exchange of the pre-authentication information between the participants, including the group manager, occurs as a broadcast over the location-limited channel.
- the pre-authentication information of a participant is a digest of a public key of that participant. Operation then continues to step S 440 .
- step S 440 the group manager and each of the participants perform a point-to-point key exchange using the public keys corresponding to the digest of the public keys received during the pre-authentication stage, using any known or later-developed key exchange protocol over the wireless link, for example. Such a protocol will also set up a point-to-point encrypted and authenticated channel between the group manager and the current participants of the group.
- step S 450 the group manager may distribute to each participant over the wireless link a copy of a group key to be used as a shared session key.
- step 460 operation of the authentication method ends, allowing for secure communication among participants of the group, including the group manager, to proceed.
- a joining participant may use one of the two-party protocols discussed above with the group manager 610 to authenticate itself, and to receive the group key over a secured wireless link.
- the group manager 610 can distribute a new group key to all remaining participants over the wireless link. This may be done because the group manager 610 has established shared secret keys with each individual participant of the group during the point-to-point key exchange.
- FIG. 11 is a flowchart outlining a second exemplary embodiments of the method for authenticating a communication over a network medium among a group of wireless devices.
- the method outlined in FIG. 11 allows all participants to equally participate in key generation, and thus all participants may be equally trusted.
- step S 500 operation of the method begins in step S 500 and continues to step S 510 , where each participant broadcasts its pre-authentication information, such as a commitment to a Diffie-Hellman public value, to the participants of the group using a broadcast location-limited channel. Then, in step S 520 , each participant proceed with a chosen group key exchange protocol, where participants present their complete Diffie-Hellman public values over a wireless network.
- the group key exchange protocol may be a modified Diffie-Hellman key exchange among participants of the group, which allows all participants to share in the generation of the group shared secret key.
- step S 530 the participants may then proceed with the chosen group key exchange protocol over the wireless link and, for example, use the presented complete Diffie-Hellman public values to derive a group key. Operation then continues to step S 540 , where operation of the authentication method ends, allowing secure communication to proceed.
- a participant who joins in after a session has started may broadcast that participant's key commitment over the location-limited channel to the rest of the participants of the group as that participant joins.
- a randomly selected current participant can respond, providing mutual authentication.
- the chosen group key exchange protocol is used to handle the details of updating the shared group key for these new participants, or revoking keys of departing participants.
- the systems and methods according to this invention allow at least two devices to be authenticated over a network medium.
- the systems and methods according to this invention allow the medium used for the location-limited channel, the public key algorithm used for the key commitments, and/or the final authenticated key exchange protocol used over the wireless link to be dynamically chosen.
- a software framework that supports inclusion of different location-limited channel types, public key algorithms used for the key exchange protocols and the final key exchange protocols chosen, and allows these to be dynamically chosen, can be used.
- the framework can be extended, to provide a new location-limited channel type, or a new key exchange protocol for example, by implementing a JavaTM interface to provide a small amount of syntactic “glue”.
- the framework provides both client and server components, and allows developers to choose from either low-level, step-by-step control over data exchange, or to use simpler, higher-level interfaces.
- Such interfaces for instance, provide server threads that can manage pre-authentication of multiple clients over the location-limited channel, and offer control over how such pre-authentication information is used to authenticate those clients over the wireless link.
- Framework components maintain state tracking regarding which devices have currently pre-authenticated, what keying information is currently in use by a particular device, and the like.
- a system comprises a client, which is the initiator of the authenticated channel, and a responding server.
- the server listens for a connection on both the location-limited channel and the primary link, but only admits primary-link connections from clients who have performed pre-authentication on the location-limited channel.
- the commercially-available Infra-red Data Association (IrDA) system can be used as a medium for the location-limited channel.
- the client opens an IrDA connection to the server, and generates an error if it discovers more than one potential IrDA endpoint.
- the client and the server exchange pre-authentication data such as, for example, XML-encoded pre-authentication data, containing pre-authentication information, such as, for example, a commitment to an ephemeral Digital Signature Algorithm (DSA) public key, a “friendly name”, and an IP address and a port on which the server is listing.
- DSA Digital Signature Algorithm
- the IR channel is closed, and the client extracts the server's IP address and port number from the data it received.
- the client opens a normal SSL/TLS connection to the server on the primary link.
- Each side uses the information gained in the pre-authentication step, i.e., the commitments to the public keys, to authenticate the newly opened channel.
- the client and server are now free to securely exchange any information they choose over the primary link.
Abstract
Description
- 1. Field of Invention
- This invention relates to systems and methods for authenticating a communication between at least two devices that is transmitted using a network medium.
- 2. Background of the Related Art
- Developments in network communications have enabled users to receive information, such as documents, over the network medium. The network medium includes wired networks and wireless networks. Information transmitted over the network medium may be accessible to others. However, users typically desire that such information received not be available to others.
- FIG. 1 illustrates an example where a
user 110 is in a public place that is accessible to others. Theuser 110 wants to print a sensitive document that theuser 110 just received on the user'swireless device 112. As shown in FIG. 1, theuser 110 may have access to a number ofprinters user 110 and some which may not be familiar. Theuser 110 wants to choose a particular printer such as, for example, a first printer 122, and further wants to ensure that the user'swireless device 112 prints to that first printer 122 and to noother printers user 110 wants to ensure that noother person 130 within the wireless transmission range of thewireless device 112, can learn the contents of the sensitive document. - To do this, the
user 110 needs to let thewireless device 112 know how to find the first printer 122 over a wireless medium, such as a wireless network. Conventionally, there arefew options user 110 may use to find the first printer 122. Assuming each printer has a unique name, theuser 110 may type the name of the first printer 122 into the user'swireless device 112. Alternatively, theuser 110 may have access to a discovery protocol, where theuser 110 may pick the first printer 122 out of a list of printers. But thewireless device 112 should guarantee that it is actually talking to the first printer 122 and that the communication is secure. - If the first printer122 has a certificate issued by a trusted authority the
wireless device 112 may perform a key exchange with the first printer 122 and establish an authenticated and secret channel with the first printer 122. However, several problems are associated with this approach. For instance, an immense public key infrastructure may be required and every printer, including potential participants of the public key infrastructure, may require a unique name with a certificate being issued by the trusted authority. This is typically very expensive. Further, an immense public key infrastructure may not be practical. - One method of bootstrapping trust in the specific context of ad-hoc wireless networks is available in various known wireless protocols. One system, commercially available under the Bluetooth trade name, in its most secure configuration, requires users to enter a random personal identification number (PIN) into each wireless device that is to participate in communication, placing the burden of establishing shared secrets on the user. In addition, Bluetooth has been subject to security breaches. Wired Equivalent Privacy (WEP), the link-layer security protocol for ANSI/IEEE 802.11, also has usability issues. It requires a group of communicating wireless devices to be initialized with the same key, usually derived from a password. WEP too has been subject to security breaches.
- Another method may be to use an out-of-band mechanism for establishing security. Frank Stajano et al., “Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks,” 7th International Workshop, Lecture Notes in Computer Science, Cambridge, United Kingdom, April 1999, Springer-Verlag, Berlin, Germany, describes a security model usable to regulate secure transient association between devices in ad-hoc wireless networks. In the model, a “mother-duckling” relationship between two devices is set up when the “mother” device establishes a shared secret with the “duckling” device through a physical contact. The shared secret enables the “duckling” device to recognize the “mother” device and be controlled by the “mother” device in future interactions. The “mother” device may upload an access-control policy into the “duckling” device, which determines the type of relationships that the “duckling” device may have with various other devices. More importantly, the shared secret allows the “mother” and “duckling” devices to securely communicate.
- FIG. 2 illustrates one exemplary embodiment where
several users wireless devices users wireless devices potential eavesdroppers users - This invention provides systems and methods that allow a communication between a plurality of devices to be secured.
- This invention separately provides systems and methods for authenticating wireless communications between a plurality of devices.
- This invention separately provides systems and methods that allow pre-authentication information to be transmitted between a plurality of devices.
- This invention further provides systems and methods that are location-limited communication channels to transmit the pre-authentication information between the plurality of devices.
- In various exemplary embodiments, a first device sends pre-authentication information to a second device over a location-limited channel. In various exemplary embodiments, a second device responds by sending its pre-authentication information to the first device over the location-limited channel.
- In various exemplary embodiments, the pre-authentication information includes sending one or more of a public key, digest of an authenticator, such as a public key, a secret or the like. In various exemplary embodiments, the location-limited channel includes one or more channels such as an infra-red channel , an audio channel and the like.
- In various exemplary embodiments, at least one device is designated as a group manager. In various exemplary embodiments, the group manager uses a location-limited channel to exchange pre-authentication information with the remaining devices in the group. In various exemplary embodiments, the group manager and the remaining devices authenticate communication over a network medium using exchanged pre-authentication information.
- In various embodiments, the pre-authentication information includes a commitment to a secret sent by the first device to the second device, along with a commitment to its first, meaningful, message. The second device reciprocates by sending a commitment to its secret, along with a commitment to its first, meaningless, message to the first device. Each device in turn then acknowledges the message received from the other device over the location-limited channel. The devices continue to communicate over the wireless link in this fashion, producing an exchange of messages from the legitimate sender that is secure.
- In various exemplary embodiments, communication over the network medium is secured between a group of devices. At least one device is designated as a group manager. The group manager uses a location-limited channel to exchange pre-authentication information between the group manager and the remaining devices in the group. The group manager and the devices in the group authenticates communication over the network medium using the exchanged pre-authentication information.
- In various exemplary embodiments, communication over the network medium is secured among a group of devices. Each device exchanges pre-authentication information with one or more other devices in the group. A communicating device uses the exchanged pre-authentication to authenticate a communication over the network medium with one or more selected devices.
- These and other features and advantages of the invention are described in, or are apparent from, the following detailed description of various exemplary embodiments of the systems and methods according to this invention.
- Various exemplary embodiments of the invention are described in detail, with reference to the following figures, wherein:
- FIG. 1 illustrates one exemplary situation in which the systems and methods according to this invention may be used;
- FIG. 2 illustrates a second exemplary situation in which the systems and methods according to this invention may be used;
- FIG. 3 illustrates one exemplary embodiment of a communication authenticating system according to this invention;
- FIG. 4 illustrates one exemplary embodiment of a wireless device according to this invention;
- FIG. 5 is a flowchart outlining a first exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention;
- FIGS.6A-6C are a flowchart outlining a second exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention;
- FIGS.7-9 illustrate an exemplary embodiment of a communication authenticating system for a group of devices according to this invention;
- FIG. 10 is a flowchart outlining a third exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention; and
- FIG. 11 is a flowchart outlining a fourth exemplary embodiment of a method for authenticating communication over a wireless medium according to this invention.
- In various exemplary embodiments of systems and methods according to this invention, pre-authenticating a number of wireless devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. This may also include a bootstrap to a key exchange protocol that is used to set up an encrypted channel. In one exemplary embodiment, a public key is committed to on the pre-authentication channel. A key exchange protocol using public key cryptography is used in the main wireless link to establish secure communications. Due to pre-authenticating the wireless devices using public keys, the types of media usable as location-limited channels do not need to be immune to eavesdropping and can include, for example, audio and/or infra-red channels. In various embodiments, pre-authenticating the wireless devices using public keys allows a range of public-key-base key exchange protocols which can authenticate wireless devices to be used. As a result, a large range of location-limited channel types, devices and protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access the ad-hoc exchange, wired network or wireless network, as opposed to a passive attack, such as eavesdropping, on the location-limited channel or active or a passive attack on the wireless channel. However, this usually, if not always, results in the discovery of the eavesdropper.
- FIG. 3 illustrates one exemplary embodiment of a
wireless system 300 that authenticates communication in a network medium, such as an ad-hoc wireless network. To aid in the understanding of the invention, only twowireless devices system 300 is capable of including more than two wireless devices in the arbitrary, ad-hoc wireless network to be established between the wireless devices. Thefirst wireless device 310 includes a location-limited channel receiver/transmitter 312 and a main wireless link receiver/transmitter 314. Likewise, thesecond wireless device 320 includes a location-limited channel receiver/transmitter 322 and a main wireless link receiver/transmitter 324. In an alternative embodiment, the first and second wireless devices each has a main wired link receiver/transmitter, such as Transport Control Protocol/Internet Protocol (TCP/IP) sockets or any other known or later developed wired network receivers/transmitter. In another embodiment, the first and second wireless devices have both a main wireless link and a main wired link. - If the
first wireless device 310 initiate communication with thesecond wireless device 320, thefirst wireless device 310 initially sends pre-authentication information through the location-limited channel receiver/transmitter 312 to thesecond wireless device 320 via the location-limitedchannel 330. Thesecond wireless device 320 receives the pre-authentication information from thefirst wireless device 310 through the location-limited channel receiver/transmitter 322. - In various embodiments, where mutual authentication is not required, for example, where the
second wireless device 320 is a wireless printer that services any request, thefirst wireless device 310 does not need to send pre-authentication information to thesecond wireless device 320. A wireless device that does not mutually exchange pre-authentication information with another wireless device cannot authenticate the communication received from the other wireless device. Thus, that wireless device is unprotected against attacks by an eavesdropper. Thus, where mutual authentication is required, such as an exchange of sensitive information between two wireless devices, such as between two laptop computers, thesecond wireless device 320 responds by sending additional pre-authentication information through the location-limited channel receiver/transmitter 322 to thewireless device 310 via the location-limitedchannel 330. - The
first wireless device 310 receives the pre-authentication information through its location-limited channel receiver/transmitter 312. With the pre-authentication information exchanged between the first andsecond wireless device first wireless device 310 uses the main wireless link receiver/transmitter 314 to communicate with thesecond wireless device 320 via themain wireless link 340. Thesecond wireless device 320 uses its main wireless link receiver/transmitter 324 to communicate with thefirst wireless device 310 via themain wireless link 340. Because pre-authentication information has been exchanged between the twowireless devices second wireless devices other wireless device other wireless device - FIG. 4 illustrates one exemplary embodiment of a
wireless device 400 for authenticating communication in a network medium that is usable as either of the first orsecond wireless devices wireless device 400 may be a Personal Digital Assistant (PDA), a laptop computer with wireless capability, a wireless hand held computer, a Blackberry™ device, a printer with wireless capability, a wireless phone or any other known or later developed wireless-capable device. According to one exemplary embodiment, thewireless device 400 includes aprocessor 410, amemory 420, an input/output (I/O)interface 430, a location-limited channel receiver/transmitter 442 and a main wireless link receiver/transmitter 444. Theprocessor 410 may be a microprocessor, a microcontroller, a digital signal processor (DSP), an arithmetic logic unit (ALU), an application specific integrated circuit (ASIC) and the like. Thememory 420 may include volatile memory and/or non-volatile memory, including one or more of random access memory (RAM), read only memory (ROM), Flash memory, a soft or a hard disk drive, an optical disk drive and the like. - The
memory 420 stores anoperating system 422, awireless application 424, anauthentication application 426 and anauthenticator 428. Theoperating system 422 may be a customized basic I/O system, any known or later developed commercially available operating system or the like. Theoperating system 422 provides the computer instructions which, when executed by theprocessor 410, programs and controls various I/O controllers including the I/O interface 430 of thewireless device 400. Theoperating system 422 also provides the computer instructions that stores thewireless application 424, theauthentication application 426 and theauthenticator 428 in a retrievable manner. - The
wireless application 424 provides computer instructions which, when executed by theprocessor 410, allows thewireless device 400 to communicate with a wireless network through the main wireless link receiver/transmitter 444 connected to a mainwireless link interface 434 of the I/O interface 430. Thewireless application 424 may be Bluetooth™, ANSI/IEEE 802.11, or any other known or later developed wireless communication media. - The main
wireless link interface 434 and the main wireless link receiver/transmitter 444 can be implemented using any known or later developed wireless communication circuit or structure. For example, a wireless receiver/transmitter and interface used in a wireless network can be used as the mainwireless link interface 434 and the main wireless link receiver/transmitter 444. In an alternative embodiment, the wireless device has main wired link interface and main wireless link receiver/transmitter such as TCP/IP interface and socket or both the main wireless link interface and transmitter, and main wired interface and receiver/transmitter. - In various exemplary embodiments, the location-limited channel receiver/
transmitter 442 is separate from the main wireless link receiver/transmitter 444. In various exemplary embodiments, a suitable location-limited channel receiver/transmitter 442 has at least two properties in order to send and receive pre-authentication information of the wireless devices. The first such property is a demonstrative property. A suitable location-limited channel receiver/transmitter 442 has physical limitations in its transmissions. For example, sound, whether in the audible and/or in the ultrasonic range, which has a limited transmission range and broadcast characteristics, may be used as a location-limited channel for a group of wireless devices. For point-to-point communication, such as between two wireless devices, a location-limited channel with directionality, such as an infra-red channel may be used. The demonstrative property allows for communication across a location-limited channel to “name” a target device or group of devices based on the physical relationships between the devices and the limited locations accessible through the location-limited channel. - The second property is authenticity. In contrast with the “mother-duckling” model described above that assumes the impossibility of eavesdropping, the second property only requires that the pre-authentication information be authentic. This property ensures that pre-authentication information exchanged over the location-limited channel allows the exchanging wireless devices to securely authenticate each other over the main wireless link, even in the presence of eavesdroppers. If the participants use the location-limited channel to exchange their public keys as pre-authentication information, an attack by an eavesdropper on location-limited channel does not matter because the eavesdropper does not know the participants' private keys. The participants will authenticate each other over the main wireless link by proving possession of their corresponding private keys as part of a key exchange protocol. Thus, the eavesdropper will not be able to impersonate any of the participants.
- Another property of a location-limited channel receiver/transmitter is that the location-limited channel is difficult to attack without the attack being detected by at least one legitimate participant (human or device). These include a receiver/transmitter that uses infra-red, sound, whether audio and/or ultrasound, and/or near-field signaling across the body, such as that described in, for example, T. G. Zimmerman, “Personal Area Networks: Near-field intrabody communication”, IBM Systems Journal, 35(3&4): p609-617, 1996, which is incorporated herein by reference in its entirety.
- Detecting the attack may not require that the devices transmitting on the location-limited channel be identified. Instead, for example, detecting the attack may merely depend on one's ability to count. Thus, if two wireless devices are attempting to communicate, and the communication is successful, as indicated, for example, by the lights on the target device blinking, or by the human that is using a laptop computer indicating that the communication was successful, then the number of legitimate participants are known. If extra, illegitimate, participants are detected, for example, by the laptop indicating that a third participant has joined the communication, the communication may simply be aborted by the legitimate participants.
- The pre-authentication information is used to authenticate the received
authenticator 428. Theauthenticator 428 may be a key, a secret, or the like. The key may be either a long-lived key or an ephemeral key. An ephemeral key is created afresh for each new session or during a session. The choice is usually based on the application in which the key is being used. In either case, the key does not require certification by a trusted authority. However, if the key exchange protocol chosen requires an exchange of certificates, the certificate may be self-signed by thewireless device 400. - Usually, the amount of information exchanged across the location-limited channel is a small fraction of the amount of information sent across the main wireless link because the location-limited channel usually has limited data rate. One method of reducing the size of the pre-authentication information is to use cryptographically-secure hash functions, such as, for example, Secure Hash Algorithm-1 (SHA-1), which may be part of the
authentication application 426. Using this method, the participants need not actually exchange their complete public keys as pre-authentication information. Instead the participants send commitments of the keys, for example, by exchanging digests of the keys. The participants exchange commitments to their public keys across a chosen location-limited channel. In doing so, each participant is able to identify whom that participant is communicating with. - The
wireless device 400 communicates with another wireless device using the main wireless link receiver/transmitter 444. Thewireless device 400 uses theauthentication application 426, which may include various established public-key-based key exchange protocol, such as the commercially available Secure Socket Layer/Transport Layer Security (SSL/TLS), Secure Key Exchange Mechanism (SKEME), Internet Key Exchange (IKE) or any other known or later developed public-key based exchange protocol, to prove possession of the private key, which corresponds to the public key committed during the pre-authentication information exchange. In the case, where a digest of the public key was sent during the pre-authentication information exchange, thewireless device 400 exchanges the complete public key over the main wireless link. The key exchange may either be prefixed to protocol execution, or, as in Socket Layer/Transport Layer Security (SSL/TLS), occurs naturally as a standard part of the key exchange protocol. The keys are authenticated by the fact that they were the ones committed to across the location-limited channel. Thewireless device 400, having authenticated the other wireless device's public keys, proceed with the exchange protocol on the main wireless link. - FIG. 5 is a flowchart outlining one exemplary embodiment of a method for authenticating a communication over a network medium between a first wireless device and a second wireless device. The first wireless device contains a first public key PK1. The second wireless device contains a second public key PK2. Beginning in step S100, operation continues to step S110, where first wireless device sends a commitment to the public key PK1 using a location-limited channel to a second wireless device. This is at least a part of the exchange of pre-authentication information over the location-limited channel. The commitment can be the public key itself, a certificate, or a digest of the public key. Then, on step S120, in response to receiving the commitment to the public key PK1 from the first wireless device, the second wireless device sends a commitment to the public key PK2 over the location-limited channel, which is received by the first wireless device. At this stage, the first wireless device may also receive the address of the second wireless device to provide for communication over the main wireless link. It should be appreciated that additional amounts or rounds of information exchange over the location limited channel can be performed if desired. Operation then continues to step S130.
- In step S130, the first wireless device sends the public key PK1 to the second wireless device using the wireless main link. Next, in step S140, the second wireless device sends its public key PK2 to the first wireless device and the exchange of keys take place. Then, in step S150, the first wireless device authenticates the public key PK2 received from the second wireless device and compares the public key PK2 against the commitment received in the pre-authentication information stage. In one embodiment, the authentication of the received public key PK2 is performed using a key exchange protocol, such as those illustrated in FIG. 4, that proves ownership of a private key corresponding to the public key. In the event that the second wireless device is using a secret S2 when the first wireless device sends its public key PK1 across the wireless main link the second wireless device verifies the public key PK1 against the commitment, and uses it to encrypt its secret S2 and returns the result EPK1(S2) to the first wireless device. Authentication is performed by the second wireless device's ability to produce the secret S2, and the first wireless device's ability to decrypt the result EPK1(S2). Operation then continues to step S160.
- In step S160, a determination is made whether the commitment for the public key PK2 previously received from the second wireless device matches the received public key PK2. If so, operation continues to step S170. Otherwise, operation jumps to step S180. In step S170, the first wireless device resumes communication with the second wireless device over the main wireless link using the symmetric key agreed upon during the key exchange protocol to encrypt the communication. Operation then jumps to step S190. In contrast, in step S180, if the first wireless device cannot authenticate the public key PK2 of the second wireless device the first wireless device terminates the communication with the second wireless device. Operation then continues to step S190, where the method ends.
- It should be appreciated that in various exemplary embodiments, the first wireless device includes an arbitrary secret S1, such as a random number. In this case, because the first wireless device is sending a commitment to the arbitrary secret S1 the commitment is sent in a form of a cryptographic digest h (S1) because S1 is to remain a secret. In various other exemplary embodiments, the first wireless device may also transmit its address, such as an IP address and port number, a Bluetooth device address, a user-friendly name or any other appropriate information to provide for communication at the main wireless link.
- FIGS.6A-6C are a flowchart outlining one exemplary embodiment of a method that complements an improved Guy Fawkes protocol that provides for interactive communication. This method may be used where the wireless devices have limited computational resources, such that public key operations are infeasible, and the location-limited channel does not provide a trusted exchange of secret data.
- An example of a conventional Guy Fawkes protocol is described in Anderson et al., “A New Family of Authentication Protocols”, ACMOSR: ACM Operating Systems Review, 32, 1998. Initially designed for authenticating digital streams the Guy Fawkes protocol assumes that parties A and B want to exchange streams, comprising sequential blocks A0,A1,A2, . . . and B0,B1,B2, . . . respectively. At each step i, A sends to B a packet Pi containing 4 pieces of data: a block Ai; a random value Xi, used as an authenticator for the block Ai; the digest Xi+1h(Xi+1) of the next authenticator; and the n(a1+1) digest of the message ai+1=“(Ai+1,h(Xi+2),Xi+1)”. B does the same during that step i. Assuming that B received an authenticated packet P. B authenticates the packet Pi as soon as B receives it, because the packet Pi contained the digest n(a1+1). It should be appreciated that this does not hold if A and B do not execute in lock-step. Thus, this protocol requires both A and B to know, one step ahead of time, what they want to say next, which makes the protocol unsuitable for interactive exchanges.
- As shown in FIGS.6A-6C, in accordance with the improved Guy Fawkes protocol, according to this invention, operation begins in step S200 and continues to step S205, where a counter N is set to 1. Then, in step S210, a first wireless device sends an Nth communication that includes a digest of its Nth secret (authenticator) that will be used to authenticate its Nth message together with a digest of its Nth message over a location-limited channel to a second wireless device. Next, in step S215, the second wireless device sends an Nth communication that includes a digest of its Nth secret that will be used to authenticate its Nth message together with a digest of its Nth message over the location-limited channel to the first wireless device. Operation then continues to step S220.
- In step S220 the first wireless device sends a digest of the Nth communication of the second wireless device and the first wireless device's Nth secret to the second wireless device. Next, in
step 225, the second wireless device sends a digest of the Nth communication of the first wireless device and the second device's Nth secret to the first wireless device. Then, in step S230, a determination is made by one or both of the first and second wireless devices whether to terminate the communication. If either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S320. Otherwise, the communication continues and operation continues to step S235. - In step S235, the first wireless device continues the communication over a main wireless link. As the initiator of the communication, the first wireless device sends an Nth message which is meaningful, and a digest of its (N+1)th secret that will be used to authenticate its (N+1)th message together with an (N+1)th communication that includes a digest of the (N+1)th message to the second wireless device. Next, in step S240, the second wireless device sends an Nth message which is meaningless, and a digest of its (N+1)th secret that will be used to authenticate its (N+1)th message together with an (N+1)th communication that includes a digest of the (N+1)th message to the first wireless device. The Nth message of the second wireless device is meaningless because the Nth message was committed to in step S215, when the second wireless device did not know the Nth message of the first wireless device that was transmitted in step S210. At this point, either of the wireless device can terminate the communication. Accordingly, in step S245, a determination is made by one or both of the first and second wireless devices whether to terminate the communication. In either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S320. Otherwise, the communication continues and operation continues to step S250.
- In step S250, the first wireless device sends a digest of the second wireless device's (N+1)th communication and the first wireless device's (N+1)th secret to the second wireless device. Next, in step S255 the second wireless device sends a digest of the first wireless device's (N+1)th communication and the second device's (N+1)th secret to the first wireless device. Operation then continues to step S260.
- Then in step S260, the first wireless device sends an (N+1)th message which is meaningless, and a digest of its (N+2)th secret that will be used to authenticate its (N+2)th message together with a (N+2)th communication that includes a digest of the (N+2)th message to the second wireless device. The (N+1)th message of the first wireless device is meaningless because it is the second wireless device's turn to send a message which is meaningful. Next, in step S265, the second wireless device sends an (N+1)th message which is meaningful, and a digest of its (N+2)th secret that will be used to authenticate its (N+2)th message together with a (N+2)th communication that includes a digest of the (N+2)th message to the first wireless device. The second wireless device sends the message that is meaningful due to the commitment made in step S240 after the second wireless device learned of the Nth message of the first wireless device that was meaningful. Operation then continues to step S270. Accordingly, in step S270, a determination is made by one or both of the first and second wireless devices whether to terminate the communication. In either of the first wireless device or the second wireless device determines to terminate the communication, operation proceeds to step S320. Otherwise, the continues operation and continues to step S275.
- In step S275, the first wireless device sends a digest of the second wireless device's (N+2)th communication and the first device's (N+2)th secret to the second wireless device. Next, in step S280, the second wireless device sends a digest of the first wireless device's (N+2)th communication and the second device's (N+2)th secret to the first wireless device. Then, in step S285, the first wireless device sends an (N+2)th message that is meaningless, and a digest of its (N+3)th secret that will be used to authenticate its (N+3)th message together with a (N+3)th communication that includes a digest of the (N+3)th message to the second wireless device. The (N+2)th message is meaningless because the first wireless device was committed in step S260 when the first wireless device had not received the (N+1)th message of the second wireless device that was meaningful. However, the first wireless device can commit to the (N+3)th message that is meaningful because the first wireless device had the (N+1)th message from the second wireless device in step S265 that was meaningful. Operation then continues to step S340S290.
- In step S290, the second wireless device sends an (N+2)th message that is meaningless, and a digest of its (N+3)th secret that will be used to authenticate its (N+3)th message together with a (N+3)th communication including a digest of the (N+3)th message to the first wireless device. The (N+2)th message of the second wireless device is meaningless because the next turn to “talk” belongs to the first wireless device. Again, at this point, either of the wireless devices can terminate the communication. Accordingly, in step S295, a determination is made by one or both of the first wireless device and the second wireless device whether to terminate the communication. If either of the first wireless device or the second wireless device determines to terminate the communication, operation jumps to step S320. Otherwise, the communication continues and operation continues to step S300.
- In step S300, the first wireless device sends a digest of the second wireless device's (N+3)th communication and the first device's (N+3)th secret to the second wireless device. Next, in step S305, the second wireless device sends a digest of the first wireless device's (N+3)th communication and the second device's (N+3)th secret to the first wireless device. In step S310, the controller N is incremented by 4. Operation then returns to step S235. In contrast, in step S320 operation of the method ends.
- It should be appreciated that there are applications for which mutual authentication is not required. For instance, a device designed to provide a service to anyone that requests the service does not need to authenticate the device with which it is communicating, and therefore may be the only one to send pre-authentication information. Such a device may have, for example, a passive beacon such as, for example, an Infra-red (IR) beacon or Radio frequency Identification (RFId) tag, sending pre-authentication information that is sufficient to uniquely and securely identify its active proxy in wireless space. Such an approach may be used to add a measure of security and authentication to systems that use such beacons to provide a “digital presence” for physical objects.
- Some of the location-limited channels described with respect to FIG. 4 have broadcast capability. Using such broadcast capabilities, protocols may be constructed that provide for authenticated group communication. Applications can include networked games and meeting support and/or conferencing software.
- Audio is a medium that may provide a broadcast location-limited channel. Audio may be monitored and tracked by participants. Even if the participants in the exchange do not know what is carried in the audio messages, they can recognize the legitimate group participants that ought to be sending such audio messages. Audio may be incorporated into sounds that are already used by many pieces of software to provide feedback to participants. For example, most corporate conference call settings play a short “join tone” whenever a new participant enters a call. Such tones may be altered to also contain the participant's key information. Because designated channels designed to carry audio and/or voice information already exists, audio as a location-limited channel may be used via the telephone network.
- Because using public key cryptography on location-limited channels means that those exchanges do not require secrecy, and thus are not vulnerable to eavesdropping, the broadcast characteristics of an audio channel may be used to pre-authenticate group communication. Each participant in the group communication broadcasts that participant's pre-authentication information over the audio channel, which is heard by all other legitimate participants. The preauthorization information will generally include a commitment to a public key. The broadcast may also be heard by attackers, but that poses no risk to the protocol's security unless those attackers also managed to broadcast their own pre-authentication information over the audio channel without detection by the legitimate participants, whether by humans or by devices. Any attackers so attempting to broadcast the attacker's information to mount an active attack on the location-limited channel will usually be detected by the legitimate human or device participants, because there will be an “extra” broadcast. For example, in the case of audio, there will be a broadcast from an unexpected location.
- Legitimate participants proceed with known or later developed group key exchange protocol, such as those described with respect to FIG. 4, where each participant proves, to one or more legitimate participants, that participant's possession of the private key corresponding to the public key committed to by the participant on the location-limited channel. Any participant capable of proving possession of the private key corresponding to one of the public keys so committed to is considered an authenticated participant in the group communication. Further, the chosen key exchange protocol may also result in all participants sharing a number of additional keys that can be used for encrypting and/or authenticating further communication between the participants of the group communication. Various schemes in constructing an audio channel and applications in wireless network may be found in co-pending provisional application No. 60/291,521 filed May 15, 2001, which is incorporated herein by reference in its entirety.
- FIGS.7-9 illustrates an exemplary setting for authenticating a communication over a network medium among a group of wireless devices. As shown in FIG. 7, one participant acts as the
group manager 610. In various embodiments, the first participant to send pre-authenticate information becomes thegroup manager 610. In various other exemplary embodiments, a random participant is selected as the group manager. Thegroup manager 610 broadcasts pre-authentication information, such as a commitment to a group public key, or its own public key, during a pre-authentication stage to variouslegitimate participants other parties - As shown in FIG. 8, each
participant group manager 610 by each broadcasting that participant's own pre-authentication information, each containing a commitment to that participant's own public key, over the location-limited channel. These broadcasts are received by both thegroup manager 610 and the otherlegitimate participants participant group manager 610, for example, using the address provided by thegroup manager 610 as part of the group manager's pre-authentication information. Eachparticipant group manager 610 in a point-to-point key exchange protocol, such as, for example Socket Layer/Transport Layer Security (SSL/TLS). Through the point-to-point exchange protocol, thegroup manager 610 gives each of theparticipants group manager 610 and theother participants - Because the
parties group manager 610 does not recognize theparties parties parties group manager 610 and all theother participants - FIG. 10 is a flowchart outlining a first exemplary embodiment of a method for authenticating a communication over a network medium among a group of wireless devices. As shown in FIG. 10, the method begins on step S400. Operation continues from step S400 to step S410, where a group manager is selected for participants of the group. Then, in step S420, the group manager broadcasts its pre-authentication information over a location-limited channel to the participants of the group. The pre-authentication information according to one embodiment may be a digest of a public key of the group manager. Next, in step S430, each participant that receives the pre-authentication information of the group manager reciprocates by sending its pre-authentication information to the group manager and the other participants. The exchange of the pre-authentication information between the participants, including the group manager, occurs as a broadcast over the location-limited channel. According to one embodiment, the pre-authentication information of a participant is a digest of a public key of that participant. Operation then continues to step S440.
- In step S440, the group manager and each of the participants perform a point-to-point key exchange using the public keys corresponding to the digest of the public keys received during the pre-authentication stage, using any known or later-developed key exchange protocol over the wireless link, for example. Such a protocol will also set up a point-to-point encrypted and authenticated channel between the group manager and the current participants of the group. Next, in step S450, the group manager may distribute to each participant over the wireless link a copy of a group key to be used as a shared session key. Then, in
step 460, operation of the authentication method ends, allowing for secure communication among participants of the group, including the group manager, to proceed. - In a centrally-managed group, managing the joining and leaving of participants may be relatively easy. In various exemplary embodiments, a joining participant may use one of the two-party protocols discussed above with the
group manager 610 to authenticate itself, and to receive the group key over a secured wireless link. When a participant leaves a group, thegroup manager 610 can distribute a new group key to all remaining participants over the wireless link. This may be done because thegroup manager 610 has established shared secret keys with each individual participant of the group during the point-to-point key exchange. - FIG. 11 is a flowchart outlining a second exemplary embodiments of the method for authenticating a communication over a network medium among a group of wireless devices. The method outlined in FIG. 11 allows all participants to equally participate in key generation, and thus all participants may be equally trusted.
- As shown in FIG. 11, operation of the method begins in step S500 and continues to step S510, where each participant broadcasts its pre-authentication information, such as a commitment to a Diffie-Hellman public value, to the participants of the group using a broadcast location-limited channel. Then, in step S520, each participant proceed with a chosen group key exchange protocol, where participants present their complete Diffie-Hellman public values over a wireless network. In various exemplary embodiments, the group key exchange protocol may be a modified Diffie-Hellman key exchange among participants of the group, which allows all participants to share in the generation of the group shared secret key.
- An example of the Diffie-Hellman key exchange is described in M. Just et al., “Authenticated Multi-party Key Agreement”, Advances in Cryptology, ASIACRYPT '96, Lecture Notes in Computer Science, Berlin, 1996, Springer-Verlag and Y. Kim et al., “Simple and Fault-tolerant Key Agreement for Dynamic Collaborative Groups”, In S. Jajodin et al., editors, 7th ACM Conference on Computer and Communications Security, pages 235-241, each of which is incorporated herein by reference in its entirety. However, like the standard two-party Diffie-Hellman key exchange, while a secret may be established, the participants of the group are strangers. Thus, these protocols based on extending Diffie-Hellman assume that all participants participate in a shared public key infrastructure, or have previously exchanged public keys.
- In various exemplary embodiments, because pre-authentication information exchanged over the location-limited channels allows the participants to authenticate each other, this assumption is no longer necessary. The use of a broadcast location-limited channel allows all participants of the group to commit to their public keys publicly to one or more participants of the group. Next, in step S530, the participants may then proceed with the chosen group key exchange protocol over the wireless link and, for example, use the presented complete Diffie-Hellman public values to derive a group key. Operation then continues to step S540, where operation of the authentication method ends, allowing secure communication to proceed.
- A participant who joins in after a session has started may broadcast that participant's key commitment over the location-limited channel to the rest of the participants of the group as that participant joins. A randomly selected current participant can respond, providing mutual authentication. The chosen group key exchange protocol is used to handle the details of updating the shared group key for these new participants, or revoking keys of departing participants.
- As described above, the systems and methods according to this invention allow at least two devices to be authenticated over a network medium. The systems and methods according to this invention allow the medium used for the location-limited channel, the public key algorithm used for the key commitments, and/or the final authenticated key exchange protocol used over the wireless link to be dynamically chosen.
- In various exemplary embodiments, a software framework that supports inclusion of different location-limited channel types, public key algorithms used for the key exchange protocols and the final key exchange protocols chosen, and allows these to be dynamically chosen, can be used. The framework can be extended, to provide a new location-limited channel type, or a new key exchange protocol for example, by implementing a Java™ interface to provide a small amount of syntactic “glue”.
- The framework provides both client and server components, and allows developers to choose from either low-level, step-by-step control over data exchange, or to use simpler, higher-level interfaces. Such interfaces, for instance, provide server threads that can manage pre-authentication of multiple clients over the location-limited channel, and offer control over how such pre-authentication information is used to authenticate those clients over the wireless link. Framework components maintain state tracking regarding which devices have currently pre-authenticated, what keying information is currently in use by a particular device, and the like.
- In various exemplary embodiments, a system comprises a client, which is the initiator of the authenticated channel, and a responding server. The server listens for a connection on both the location-limited channel and the primary link, but only admits primary-link connections from clients who have performed pre-authentication on the location-limited channel.
- In various exemplary embodiments, the commercially-available Infra-red Data Association (IrDA) system can be used as a medium for the location-limited channel. The client opens an IrDA connection to the server, and generates an error if it discovers more than one potential IrDA endpoint. Across this connection, the client and the server exchange pre-authentication data such as, for example, XML-encoded pre-authentication data, containing pre-authentication information, such as, for example, a commitment to an ephemeral Digital Signature Algorithm (DSA) public key, a “friendly name”, and an IP address and a port on which the server is listing.
- With the pre-authentication complete, the IR channel is closed, and the client extracts the server's IP address and port number from the data it received. The client opens a normal SSL/TLS connection to the server on the primary link. Each side uses the information gained in the pre-authentication step, i.e., the commitments to the public keys, to authenticate the newly opened channel. The client and server are now free to securely exchange any information they choose over the primary link.
- While the invention has been described in conjunction with the specific embodiments outlined above, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the preferred embodiments of the invention, as set forth above, are intended to be illustrative, not limiting. Various changes may be made without departing from the spirit and scope of the invention.
Claims (17)
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/066,699 US20030149874A1 (en) | 2002-02-06 | 2002-02-06 | Systems and methods for authenticating communications in a network medium |
JP2003026278A JP4481574B2 (en) | 2002-02-06 | 2003-02-03 | Method for authenticating communication over a network medium |
EP03250701A EP1335563B1 (en) | 2002-02-06 | 2003-02-04 | Method for securing communication over a network medium |
DE60317123T DE60317123T2 (en) | 2002-02-06 | 2003-02-04 | Method for securing communication over a network |
US10/656,551 US7937089B2 (en) | 2002-02-06 | 2003-09-05 | Method, apparatus, and program product for provisioning secure wireless sensors |
US11/395,274 US8156337B2 (en) | 2002-02-06 | 2006-04-03 | Systems and methods for authenticating communications in a network medium |
US13/026,665 US8515389B2 (en) | 2002-02-06 | 2011-02-14 | Method, apparatus, and program product for provisioning secure wireless sensors |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/066,699 US20030149874A1 (en) | 2002-02-06 | 2002-02-06 | Systems and methods for authenticating communications in a network medium |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/656,551 Continuation US7937089B2 (en) | 2002-02-06 | 2003-09-05 | Method, apparatus, and program product for provisioning secure wireless sensors |
US11/395,274 Continuation US8156337B2 (en) | 2002-02-06 | 2006-04-03 | Systems and methods for authenticating communications in a network medium |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030149874A1 true US20030149874A1 (en) | 2003-08-07 |
Family
ID=27610512
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/066,699 Abandoned US20030149874A1 (en) | 2002-02-06 | 2002-02-06 | Systems and methods for authenticating communications in a network medium |
US11/395,274 Active 2026-04-18 US8156337B2 (en) | 2002-02-06 | 2006-04-03 | Systems and methods for authenticating communications in a network medium |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/395,274 Active 2026-04-18 US8156337B2 (en) | 2002-02-06 | 2006-04-03 | Systems and methods for authenticating communications in a network medium |
Country Status (4)
Country | Link |
---|---|
US (2) | US20030149874A1 (en) |
EP (1) | EP1335563B1 (en) |
JP (1) | JP4481574B2 (en) |
DE (1) | DE60317123T2 (en) |
Cited By (105)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030110374A1 (en) * | 2001-04-19 | 2003-06-12 | Masaaki Yamamoto | Terminal communication system |
US20030235309A1 (en) * | 2002-03-08 | 2003-12-25 | Marinus Struik | Local area network |
US20040005058A1 (en) * | 2002-07-06 | 2004-01-08 | Kyung-Hun Jang | Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefor |
US20040044629A1 (en) * | 2002-08-30 | 2004-03-04 | Rhodes James E. | License modes in call processing |
US20040044901A1 (en) * | 2002-08-30 | 2004-03-04 | Serkowski Robert J. | License file serial number tracking |
US20040054899A1 (en) * | 2002-08-30 | 2004-03-18 | Xerox Corporation | Apparatus and methods for providing secured communication |
US20040054891A1 (en) * | 2002-08-27 | 2004-03-18 | Hengeveld Thomas Andrew | Secure encryption key distribution |
US20040083363A1 (en) * | 2002-10-25 | 2004-04-29 | Hengeveld Thomas Andrew | Secure group secret distribution |
US20040172367A1 (en) * | 2003-02-27 | 2004-09-02 | Chavez David L. | Method and apparatus for license distribution |
US20040181695A1 (en) * | 2003-03-10 | 2004-09-16 | Walker William T. | Method and apparatus for controlling data and software access |
US20040215974A1 (en) * | 2003-04-25 | 2004-10-28 | Palo Alto Research Center Incorporated | System and method for establishing secondary channels |
US20040264701A1 (en) * | 2003-06-24 | 2004-12-30 | Jong-Hwa Lee | Method for transmitting/receiving encoded ultra-wideband signal and terminal therefor |
US20050018687A1 (en) * | 2003-06-16 | 2005-01-27 | Microsoft Corporation | System and process for discovery of network-connected devices at remote sites using audio-based discovery techniques |
US20050036616A1 (en) * | 2003-08-12 | 2005-02-17 | Qiang Huang | Secure routing protocol for an ad hoc network using one-way/one-time hash functions |
US20050100166A1 (en) * | 2003-11-10 | 2005-05-12 | Parc Inc. | Systems and methods for authenticating communications in a network medium |
US20050125669A1 (en) * | 2003-12-08 | 2005-06-09 | Palo Alto Research Center Incorporated | Method and apparatus for using a secure credential infrastructure to access vehicle components |
US20050129240A1 (en) * | 2003-12-15 | 2005-06-16 | Palo Alto Research Center Incorporated | Method and apparatus for establishing a secure ad hoc command structure |
US20050138359A1 (en) * | 2003-12-17 | 2005-06-23 | Simon Daniel R. | Mesh networks with exclusion capability |
US20050190768A1 (en) * | 2003-06-16 | 2005-09-01 | Ross Cutler | System and process for discovery of network-connected devices |
US20050193199A1 (en) * | 2004-02-13 | 2005-09-01 | Nokia Corporation | Accessing protected data on network storage from multiple devices |
US20050216747A1 (en) * | 2004-03-26 | 2005-09-29 | Bce Inc. | Security system and method |
US20050266826A1 (en) * | 2004-06-01 | 2005-12-01 | Nokia Corporation | Method for establishing a security association between a wireless access point and a wireless node in a UPnP environment |
US20050278776A1 (en) * | 2004-06-10 | 2005-12-15 | Kenji Kitagawa | Personal authentication system |
US20050287985A1 (en) * | 2004-06-24 | 2005-12-29 | Dirk Balfanz | Using a portable security token to facilitate public key certification for devices in a network |
US20060020797A1 (en) * | 2004-07-08 | 2006-01-26 | Kan Zhang | Method for verifying a secure association between devices |
US20060026271A1 (en) * | 2004-07-09 | 2006-02-02 | Luc Julia | System and method for enabling the establishment and use of a personal network |
US20060053276A1 (en) * | 2004-09-03 | 2006-03-09 | Lortz Victor B | Device introduction and access control framework |
US20060060451A1 (en) * | 2004-09-22 | 2006-03-23 | Golias Robert J | Hanger for conveyor assembly |
GB2419067A (en) * | 2004-10-06 | 2006-04-12 | Sharp Kk | Deciding whether to permit a transaction, based on the value of an identifier sent over a communications channel and returned over a secure connection |
US20060126838A1 (en) * | 2004-12-09 | 2006-06-15 | Avner Taieb | Method and system for facilitating communication |
US20060146765A1 (en) * | 2003-02-19 | 2006-07-06 | Koninklijke Philips Electronics, N.V. | System for ad hoc sharing of content items between portable devices and interaction methods therefor |
US20060168647A1 (en) * | 2005-01-26 | 2006-07-27 | Microsoft Corporation | Secure method and system for creating a plug and play network |
US20070011335A1 (en) * | 2005-07-08 | 2007-01-11 | Gregory Burns | Using Bluetooth to establish ad-hoc connections between non-Bluetooth wireless communication modules |
US20070030973A1 (en) * | 2005-08-03 | 2007-02-08 | Cingular Wireless Ii, Llc | Limiting services based on location |
US20070079113A1 (en) * | 2005-09-30 | 2007-04-05 | Amol Kulkarni | Automatic secure device introduction and configuration |
WO2007059378A2 (en) * | 2005-11-10 | 2007-05-24 | Motorola Inc. | A method for managing security keys utilized by media devices in a local area network |
US20070136796A1 (en) * | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Wireless authentication |
US20070170238A1 (en) * | 2006-01-26 | 2007-07-26 | Ricoh Company, Ltd. | Techniques for introducing devices to device families with paper receipt |
US20070184816A1 (en) * | 2006-02-09 | 2007-08-09 | Shozo Horisawa | Wireless connection system and wireless connection method |
US20070198836A1 (en) * | 2005-04-08 | 2007-08-23 | Nortel Networks Limited | Key negotiation and management for third party access to a secure communication session |
US7272500B1 (en) * | 2004-03-25 | 2007-09-18 | Avaya Technology Corp. | Global positioning system hardware key for software licenses |
WO2006116061A3 (en) * | 2005-04-22 | 2007-10-25 | Microsoft Corp | Wireless device discovery and configuration |
US20080002573A1 (en) * | 2006-07-03 | 2008-01-03 | Palo Alto Research Center Incorporated | Congestion management in an ad-hoc network based upon a predicted information utility |
US20080022417A1 (en) * | 2006-07-20 | 2008-01-24 | Garrison John M | System and Method For Securing Portable Computers |
US7353388B1 (en) | 2004-02-09 | 2008-04-01 | Avaya Technology Corp. | Key server for securing IP telephony registration, control, and maintenance |
US20080107270A1 (en) * | 2003-02-25 | 2008-05-08 | Kabushiki Kaisha Toshiba | System and apparatus for information display |
US20080114251A1 (en) * | 2006-11-10 | 2008-05-15 | Penrith Corporation | Transducer array imaging system |
US20080222711A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create Trust Domains Based on Proximity |
US20080229402A1 (en) * | 2007-03-15 | 2008-09-18 | Palo Alto Research Center Incorporated | Wormhole devices for usable secure access to remote resource |
US20090025062A1 (en) * | 2007-07-17 | 2009-01-22 | Alcatel Lucent | Verifying authenticity of conference call invitees |
US20090044255A1 (en) * | 2007-08-10 | 2009-02-12 | Yamaha Marine Kabushiki Kaisha | Device authentication control method, device authentication control device, and boat |
US20090187982A1 (en) * | 2002-11-21 | 2009-07-23 | Palo Alto Research Center Incorporated | Systems and methods for authenticating communications in a network medium |
US7577837B1 (en) * | 2003-04-17 | 2009-08-18 | Cisco Technology, Inc. | Method and apparatus for encrypted unicast group communication |
US7584360B2 (en) | 2004-02-16 | 2009-09-01 | Mitsubishi Electric Corporation | Data sending/receiving device and digital certificate issuing method |
US20090222659A1 (en) * | 2008-03-03 | 2009-09-03 | Sony Corporation | Communication device and communication method |
US20090327391A1 (en) * | 2008-06-27 | 2009-12-31 | Qualcomm Incorporated | Methods and apparatus for securely advertising identification and/or discovery information |
WO2010002596A2 (en) * | 2008-06-30 | 2010-01-07 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of-band (oob) channel |
US7681245B2 (en) | 2002-08-30 | 2010-03-16 | Avaya Inc. | Remote feature activator feature extraction |
US7707405B1 (en) | 2004-09-21 | 2010-04-27 | Avaya Inc. | Secure installation activation |
US7707116B2 (en) | 2002-08-30 | 2010-04-27 | Avaya Inc. | Flexible license file feature controls |
WO2010065008A1 (en) * | 2004-07-15 | 2010-06-10 | Cisco Technology, Inc. | Method and system for pre-authentication |
US7747851B1 (en) | 2004-09-30 | 2010-06-29 | Avaya Inc. | Certificate distribution via license files |
US7814023B1 (en) | 2005-09-08 | 2010-10-12 | Avaya Inc. | Secure download manager |
US7885896B2 (en) | 2002-07-09 | 2011-02-08 | Avaya Inc. | Method for authorizing a substitute software license server |
US7890997B2 (en) | 2002-12-26 | 2011-02-15 | Avaya Inc. | Remote feature activation authentication file system |
US20110134847A1 (en) * | 2002-02-06 | 2011-06-09 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for provisioning secure wireless sensors |
US7965701B1 (en) | 2004-09-30 | 2011-06-21 | Avaya Inc. | Method and system for secure communications with IP telephony appliance |
US7966520B2 (en) | 2002-08-30 | 2011-06-21 | Avaya Inc. | Software licensing for spare processors |
US8036249B2 (en) | 2007-07-18 | 2011-10-11 | Samsung Electronics Co., Ltd. | System and method of data verification |
US8041642B2 (en) | 2002-07-10 | 2011-10-18 | Avaya Inc. | Predictive software license balancing |
US20120084448A1 (en) * | 2010-10-04 | 2012-04-05 | Brother Kogyo Kabushiki Kaisha | Communication Control Device, Communication System and Communication Method |
US8156337B2 (en) | 2002-02-06 | 2012-04-10 | Palo Alto Research Center Incorporated | Systems and methods for authenticating communications in a network medium |
US8195765B2 (en) | 2004-07-09 | 2012-06-05 | Orb Networks, Inc. | System and method for remotely controlling network resources |
US8229858B1 (en) | 2004-09-30 | 2012-07-24 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
US8271786B1 (en) * | 2002-10-16 | 2012-09-18 | Hewlett-Packard Development Company, L.P. | Method and system for providing secure communications between a first and a second peer device |
JP2013065091A (en) * | 2011-09-15 | 2013-04-11 | Ricoh Co Ltd | Information transmission system, information transmission apparatus, information reception apparatus, information transmission program, and information reception program |
US20130205369A1 (en) * | 2012-02-05 | 2013-08-08 | Institute For Information Industry | Direct mode communication system and discovery interactive method thereof |
US8583926B1 (en) * | 2005-09-19 | 2013-11-12 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
US20140093079A1 (en) * | 2012-09-29 | 2014-04-03 | Microsoft Corporation | Securely joining a secure wireless communications network |
US8738693B2 (en) | 2004-07-09 | 2014-05-27 | Qualcomm Incorporated | System and method for managing distribution of media files |
US8787164B2 (en) | 2004-07-09 | 2014-07-22 | Qualcomm Incorporated | Media delivery system and method for transporting media to desired target devices |
US20140244723A1 (en) * | 2011-12-27 | 2014-08-28 | Michelle X. Gong | Systems and methods for cross-layer secure connection set up |
US20140254799A1 (en) * | 2013-03-06 | 2014-09-11 | Qualcomm Incorporated | Systems and methods for secure high-speed link maintenance via nfc |
US20140283136A1 (en) * | 2013-03-13 | 2014-09-18 | Optio Labs, Inc. | Systems and methods for securing and locating computing devices |
US20140351480A1 (en) * | 2013-05-23 | 2014-11-27 | Samsung Electronics Co., Ltd. | Method and apparatus for managing wireless docking network |
CN104704769A (en) * | 2012-10-15 | 2015-06-10 | 皇家飞利浦有限公司 | A wireless communication system |
US9077766B2 (en) | 2004-07-09 | 2015-07-07 | Qualcomm Incorporated | System and method for combining memory resources for use on a personal network |
US9241016B2 (en) | 2013-03-05 | 2016-01-19 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US9295444B2 (en) | 2006-11-10 | 2016-03-29 | Siemens Medical Solutions Usa, Inc. | Transducer array imaging system |
US9311504B2 (en) | 2014-06-23 | 2016-04-12 | Ivo Welch | Anti-identity-theft method and hardware database device |
US20160127050A1 (en) * | 2013-06-07 | 2016-05-05 | Gemalto Sa | Pairing device |
US9363670B2 (en) | 2012-08-27 | 2016-06-07 | Optio Labs, Inc. | Systems and methods for restricting access to network resources via in-location access point protocol |
US20160269128A1 (en) * | 2015-03-10 | 2016-09-15 | Nxp B.V. | Transmitter and receiver audio devices and associated methods |
WO2017018708A1 (en) * | 2015-07-29 | 2017-02-02 | 삼성전자 주식회사 | Method for communication between devices and devices thereof |
US9609020B2 (en) | 2012-01-06 | 2017-03-28 | Optio Labs, Inc. | Systems and methods to enforce security policies on the loading, linking, and execution of native code by mobile applications running inside of virtual machines |
US9712530B2 (en) | 2012-01-06 | 2017-07-18 | Optio Labs, Inc. | Systems and methods for enforcing security in mobile computing |
US9773107B2 (en) | 2013-01-07 | 2017-09-26 | Optio Labs, Inc. | Systems and methods for enforcing security in mobile computing |
US9787681B2 (en) | 2012-01-06 | 2017-10-10 | Optio Labs, Inc. | Systems and methods for enforcing access control policies on privileged accesses for mobile devices |
US20170329955A1 (en) * | 2014-02-21 | 2017-11-16 | Liveensure, Inc. | System and method for peer to peer mobile contextual authentication |
US20170329977A1 (en) * | 2016-05-13 | 2017-11-16 | Silicon Integrated Systems Corp. | Encoding-locked method for audio processing and audio receiving device |
CN110637470A (en) * | 2017-05-16 | 2019-12-31 | 苹果公司 | Techniques for verifying user intent and securely configuring a computing device |
US10805279B2 (en) * | 2013-06-03 | 2020-10-13 | Ayla Networks, Inc. | Communication module for embedded system |
US11074615B2 (en) | 2008-09-08 | 2021-07-27 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US11463244B2 (en) * | 2019-01-10 | 2022-10-04 | Samsung Electronics Co., Ltd. | Electronic apparatus, method of controlling the same, and network system thereof |
US20230224678A1 (en) * | 2007-10-25 | 2023-07-13 | Blackberry Limited | Sending location information from within a communication application |
Families Citing this family (68)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4349788B2 (en) * | 2002-10-31 | 2009-10-21 | パナソニック株式会社 | Semiconductor integrated circuit device |
US7454619B2 (en) | 2003-06-24 | 2008-11-18 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for securely presenting situation information |
US11294618B2 (en) | 2003-07-28 | 2022-04-05 | Sonos, Inc. | Media player system |
US11650784B2 (en) | 2003-07-28 | 2023-05-16 | Sonos, Inc. | Adjusting volume levels |
US11106424B2 (en) | 2003-07-28 | 2021-08-31 | Sonos, Inc. | Synchronizing operations among a plurality of independently clocked digital data processing devices |
US8290603B1 (en) | 2004-06-05 | 2012-10-16 | Sonos, Inc. | User interfaces for controlling and manipulating groupings in a multi-zone media system |
US11106425B2 (en) | 2003-07-28 | 2021-08-31 | Sonos, Inc. | Synchronizing operations among a plurality of independently clocked digital data processing devices |
US8234395B2 (en) | 2003-07-28 | 2012-07-31 | Sonos, Inc. | System and method for synchronizing operations among a plurality of independently clocked digital data processing devices |
US8060745B2 (en) * | 2003-12-16 | 2011-11-15 | Seiko Epson Corporation | Security for wireless transmission |
US7716726B2 (en) * | 2004-02-13 | 2010-05-11 | Microsoft Corporation | System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication |
US7814543B2 (en) | 2004-02-13 | 2010-10-12 | Microsoft Corporation | System and method for securing a computer system connected to a network from attacks |
JP4554968B2 (en) * | 2004-03-26 | 2010-09-29 | 株式会社日立製作所 | Wireless communication terminal device in ad hoc network |
WO2005096656A1 (en) * | 2004-03-31 | 2005-10-13 | Nec Corporation | Wireless communication network system, and communication service providing method, program and recording medium for the system |
US9977561B2 (en) | 2004-04-01 | 2018-05-22 | Sonos, Inc. | Systems, methods, apparatus, and articles of manufacture to provide guest access |
US8326951B1 (en) | 2004-06-05 | 2012-12-04 | Sonos, Inc. | Establishing a secure wireless network with minimum human intervention |
US8868698B2 (en) | 2004-06-05 | 2014-10-21 | Sonos, Inc. | Establishing a secure wireless network with minimum human intervention |
US7644276B2 (en) * | 2004-08-03 | 2010-01-05 | Hewlett-Packard Development Company, L.P. | Method for verifying a secure association between devices |
US9282455B2 (en) | 2004-10-01 | 2016-03-08 | Intel Corporation | System and method for user certificate initiation, distribution, and provisioning in converged WLAN-WWAN interworking networks |
US7716727B2 (en) | 2004-10-29 | 2010-05-11 | Microsoft Corporation | Network security device and method for protecting a computing device in a networked environment |
JP4027360B2 (en) * | 2004-11-08 | 2007-12-26 | キヤノン株式会社 | Authentication method and system, information processing method and apparatus |
US7386275B2 (en) * | 2005-03-11 | 2008-06-10 | Dell Products Llp | Systems and methods for managing out-of-band device connection |
US8495244B2 (en) | 2005-06-29 | 2013-07-23 | Jumpstart Wireless Corporation | System and method for dynamic automatic communication path selection, distributed device synchronization and task delegation |
US8576846B2 (en) * | 2005-10-05 | 2013-11-05 | Qualcomm Incorporated | Peer-to-peer communication in ad hoc wireless network |
US20100005294A1 (en) * | 2005-10-18 | 2010-01-07 | Kari Kostiainen | Security in Wireless Environments Using Out-Of-Band Channel Communication |
US7539889B2 (en) * | 2005-12-30 | 2009-05-26 | Avega Systems Pty Ltd | Media data synchronization in a wireless network |
US8462627B2 (en) | 2005-12-30 | 2013-06-11 | Altec Lansing Australia Pty Ltd | Media data transfer in a network environment |
US8607310B2 (en) * | 2006-04-17 | 2013-12-10 | Raritan Americas, Inc. | Association of in-band and out-of-band identification credentials of a target device |
JP4187010B2 (en) * | 2006-05-31 | 2008-11-26 | ブラザー工業株式会社 | Network device, information processing apparatus, and program |
DE102006027462B4 (en) * | 2006-06-12 | 2009-06-18 | Nec Europe Ltd. | Method for operating a wireless sensor network |
US20080072292A1 (en) * | 2006-09-01 | 2008-03-20 | Narjala Ranjit S | Secure device introduction with capabilities assessment |
US8483853B1 (en) | 2006-09-12 | 2013-07-09 | Sonos, Inc. | Controlling and manipulating groupings in a multi-zone media system |
US9202509B2 (en) | 2006-09-12 | 2015-12-01 | Sonos, Inc. | Controlling and grouping in a multi-zone media system |
US8788080B1 (en) | 2006-09-12 | 2014-07-22 | Sonos, Inc. | Multi-channel pairing in a media system |
JP5018315B2 (en) * | 2006-09-14 | 2012-09-05 | ソニー株式会社 | Wireless communication system, wireless communication device, authentication method for wireless communication device, and program |
US7983615B2 (en) * | 2006-10-17 | 2011-07-19 | Altec Lansing Australia Pty Limited | Configuring and connecting to a media wireless network |
JP2010507294A (en) * | 2006-10-17 | 2010-03-04 | アベガ システムズ ピーティーワイ リミテッド | Integration of multimedia devices |
JP2010510695A (en) | 2006-10-17 | 2010-04-02 | アベガ システムズ ピーティーワイ リミテッド | Media distribution in wireless networks |
US20080248835A1 (en) * | 2007-04-04 | 2008-10-09 | Sony Ericsson Mobile Communications Ab | Accessory communication method and system for mobile services |
GB2449485A (en) * | 2007-05-24 | 2008-11-26 | Iti Scotland Ltd | Authentication device requiring close proximity to client |
CN101946453B (en) * | 2007-12-19 | 2014-03-05 | 佩塞特股份公司 | System for receiving and transmitting encrypted data |
EP2340666A4 (en) * | 2008-09-22 | 2012-06-20 | Jumpstart Wireless Corp | System and method for dynamic automatic communication path selection, distributed device synchronization and task delegation |
US8341318B2 (en) | 2009-03-16 | 2012-12-25 | Apple Inc. | Techniques for facilitating communication between an accessory and a mobile computing device using application specific protocols |
US20120081207A1 (en) | 2010-09-30 | 2012-04-05 | Apple Inc. | Application launching in conjunction with an accessory |
US8769285B2 (en) * | 2009-08-13 | 2014-07-01 | Qualcomm Incorporated | Methods and apparatus for deriving, communicating and/or verifying ownership of expressions |
US8750507B2 (en) * | 2010-01-25 | 2014-06-10 | Cisco Technology, Inc. | Dynamic group creation for managed key servers |
US11265652B2 (en) | 2011-01-25 | 2022-03-01 | Sonos, Inc. | Playback device pairing |
US11429343B2 (en) | 2011-01-25 | 2022-08-30 | Sonos, Inc. | Stereo playback configuration and control |
US8793780B2 (en) * | 2011-04-11 | 2014-07-29 | Blackberry Limited | Mitigation of application-level distributed denial-of-service attacks |
US10681021B2 (en) | 2011-06-01 | 2020-06-09 | Qualcomm Incorporated | Selective admission into a network sharing session |
EP2624081B1 (en) | 2012-01-31 | 2018-01-10 | Nxp B.V. | Configuration method, configuration device, computer program product and control system |
US9219715B2 (en) * | 2012-02-13 | 2015-12-22 | PivotCloud, Inc. | Mediator utilizing electronic content to enforce policies to a resource |
JP2013207376A (en) * | 2012-03-27 | 2013-10-07 | Toshiba Corp | Information processing device and program |
EP2665235B1 (en) * | 2012-05-15 | 2016-01-06 | Nxp B.V. | Method for establishing secure communication between nodes in a network, network node, key manager, installation device and computer program product |
US10785630B2 (en) | 2012-12-10 | 2020-09-22 | Nokia Technologies Oy | Method and apparatus for low energy discovery |
US9215075B1 (en) | 2013-03-15 | 2015-12-15 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
DE102013007202A1 (en) * | 2013-04-25 | 2014-10-30 | Giesecke & Devrient Gmbh | Method for building a key infrastructure |
US8769610B1 (en) * | 2013-10-31 | 2014-07-01 | Eventure Interactive, Inc. | Distance-modified security and content sharing |
US9485093B2 (en) * | 2014-02-10 | 2016-11-01 | Broadcom Corporation | Push button configuration pairing |
US10248376B2 (en) | 2015-06-11 | 2019-04-02 | Sonos, Inc. | Multiple groupings in a playback system |
US10462109B2 (en) * | 2016-06-12 | 2019-10-29 | Apple Inc. | Secure transfer of a data object between user devices |
US10712997B2 (en) | 2016-10-17 | 2020-07-14 | Sonos, Inc. | Room association based on name |
WO2018125945A1 (en) * | 2016-12-30 | 2018-07-05 | Pcms Holdings, Inc. | System and method for lightweight broadcast authentication |
JP6895273B2 (en) | 2017-03-02 | 2021-06-30 | 任天堂株式会社 | Information processing equipment, information processing programs, wireless communication systems, and communication methods |
JP6979740B2 (en) | 2017-03-02 | 2021-12-15 | 任天堂株式会社 | Wireless communication system, communication method, information processing device, and information processing program |
US11874936B2 (en) | 2018-10-31 | 2024-01-16 | Hewlett-Packard Development Company, L.P. | Group printing |
KR102008670B1 (en) * | 2019-04-18 | 2019-08-08 | 주식회사 유니온플레이스 | Apparatus of monitoring multicast group |
KR20220161068A (en) * | 2021-05-28 | 2022-12-06 | 삼성에스디에스 주식회사 | Method for proximity communication between terminals and apparatus thereof |
KR20220161066A (en) * | 2021-05-28 | 2022-12-06 | 삼성에스디에스 주식회사 | Method for proximity communication between terminals and apparatus thereof |
Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US231194A (en) * | 1880-08-17 | Sectional steam-generator | ||
US301931A (en) * | 1884-07-15 | Or cooling pad | ||
US5091942A (en) * | 1990-07-23 | 1992-02-25 | Ericsson Ge Mobile Communications Holding, Inc. | Authentication system for digital cellular communications |
US5408250A (en) * | 1991-05-20 | 1995-04-18 | Xerox Corporation | Portable computer for short-range graphical multiparty communication |
US5519778A (en) * | 1993-08-13 | 1996-05-21 | Silvio Micali | Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications between the users |
US5539824A (en) * | 1993-12-08 | 1996-07-23 | International Business Machines Corporation | Method and system for key distribution and authentication in a data communication network |
US5598459A (en) * | 1995-06-29 | 1997-01-28 | Ericsson Inc. | Authentication and handover methods and systems for radio personal communications |
US6064741A (en) * | 1995-04-13 | 2000-05-16 | Siemens Aktiengesellschaft | Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N |
US6075860A (en) * | 1997-02-19 | 2000-06-13 | 3Com Corporation | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
US6105133A (en) * | 1997-03-10 | 2000-08-15 | The Pacid Group | Bilateral authentication and encryption system |
US6243772B1 (en) * | 1997-01-31 | 2001-06-05 | Sharewave, Inc. | Method and system for coupling a personal computer with an appliance unit via a wireless communication link to provide an output display presentation |
US6243373B1 (en) * | 1995-11-01 | 2001-06-05 | Telecom Internet Ltd. | Method and apparatus for implementing a computer network/internet telephone system |
US20010048744A1 (en) * | 2000-06-01 | 2001-12-06 | Shinya Kimura | Access point device and authentication method thereof |
US6366654B1 (en) * | 1998-07-06 | 2002-04-02 | Nortel Networks Limited | Method and system for conducting a multimedia phone cell |
US20020061748A1 (en) * | 2000-11-17 | 2002-05-23 | Kabushiki Kaisha Toshiba | Scheme for registration and authentication in wireless communication system using wireless LAN |
US6396612B1 (en) * | 1998-02-11 | 2002-05-28 | Telefonaktiebolaget L M Ericsson | System, method and apparatus for secure transmission of confidential information |
US20020094087A1 (en) * | 2001-01-16 | 2002-07-18 | Harris Corporation | Secure wireless LAN device and associated methods |
US20020147920A1 (en) * | 2001-04-05 | 2002-10-10 | Anthony Mauro | Method and apparatus for providing secure processing and data storage for a wireless communication device |
US20020159598A1 (en) * | 1997-10-31 | 2002-10-31 | Keygen Corporation | System and method of dynamic key generation for digital communications |
US20030014646A1 (en) * | 2001-07-05 | 2003-01-16 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20030011798A1 (en) * | 2001-07-04 | 2003-01-16 | Dainippon Screen Mfg. Co., Ltd. | Patch measurement device |
US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20030081774A1 (en) * | 2001-10-26 | 2003-05-01 | Paul Lin | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure |
US20040088548A1 (en) * | 2002-11-06 | 2004-05-06 | Xerox Corporation | System and method for providing secure resource management |
US6901241B2 (en) * | 1998-02-11 | 2005-05-31 | Telefonaktiebolaget L M Ericsson (Publ) | System, method and apparatus for secure transmission of confidential information |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5341426A (en) * | 1992-12-15 | 1994-08-23 | Motorola, Inc. | Cryptographic key management apparatus and method |
EP1024626A1 (en) | 1999-01-27 | 2000-08-02 | International Business Machines Corporation | Method, apparatus, and communication system for exchange of information in pervasive environments |
US20020022483A1 (en) * | 2000-04-18 | 2002-02-21 | Wayport, Inc. | Distributed network communication system which allows multiple wireless service providers to share a common network infrastructure |
US20020065065A1 (en) * | 2000-11-30 | 2002-05-30 | E. Michael Lunsford | Method and system for applying line of sight IR selection of a receiver to implement secure transmission of data to a mobile computing device via an RF link |
US20020176579A1 (en) * | 2001-05-24 | 2002-11-28 | Deshpande Nikhil M. | Location-based services using wireless hotspot technology |
US7321784B2 (en) | 2001-10-24 | 2008-01-22 | Texas Instruments Incorporated | Method for physically updating configuration information for devices in a wireless network |
US20030095663A1 (en) * | 2001-11-21 | 2003-05-22 | Nelson David B. | System and method to provide enhanced security in a wireless local area network system |
JP3792154B2 (en) | 2001-12-26 | 2006-07-05 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Network security system, computer apparatus, access point recognition processing method, access point check method, program, and storage medium |
US20030149874A1 (en) | 2002-02-06 | 2003-08-07 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
US7937089B2 (en) | 2002-02-06 | 2011-05-03 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for provisioning secure wireless sensors |
US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
US7581096B2 (en) * | 2002-08-30 | 2009-08-25 | Xerox Corporation | Method, apparatus, and program product for automatically provisioning secure network elements |
US7185199B2 (en) | 2002-08-30 | 2007-02-27 | Xerox Corporation | Apparatus and methods for providing secured communication |
US7027836B2 (en) * | 2002-09-10 | 2006-04-11 | Eastman Kodak Company | Method and system for establishing a communication network |
US7549047B2 (en) | 2002-11-21 | 2009-06-16 | Xerox Corporation | Method and system for securely sharing files |
US7426271B2 (en) | 2003-04-25 | 2008-09-16 | Palo Alto Research Center Incorporated | System and method for establishing secondary channels |
US7454619B2 (en) | 2003-06-24 | 2008-11-18 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for securely presenting situation information |
-
2002
- 2002-02-06 US US10/066,699 patent/US20030149874A1/en not_active Abandoned
-
2003
- 2003-02-03 JP JP2003026278A patent/JP4481574B2/en not_active Expired - Lifetime
- 2003-02-04 EP EP03250701A patent/EP1335563B1/en not_active Expired - Fee Related
- 2003-02-04 DE DE60317123T patent/DE60317123T2/en not_active Expired - Lifetime
-
2006
- 2006-04-03 US US11/395,274 patent/US8156337B2/en active Active
Patent Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US231194A (en) * | 1880-08-17 | Sectional steam-generator | ||
US301931A (en) * | 1884-07-15 | Or cooling pad | ||
US5091942A (en) * | 1990-07-23 | 1992-02-25 | Ericsson Ge Mobile Communications Holding, Inc. | Authentication system for digital cellular communications |
US5408250A (en) * | 1991-05-20 | 1995-04-18 | Xerox Corporation | Portable computer for short-range graphical multiparty communication |
US5519778A (en) * | 1993-08-13 | 1996-05-21 | Silvio Micali | Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications between the users |
US5539824A (en) * | 1993-12-08 | 1996-07-23 | International Business Machines Corporation | Method and system for key distribution and authentication in a data communication network |
US6064741A (en) * | 1995-04-13 | 2000-05-16 | Siemens Aktiengesellschaft | Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N |
US5598459A (en) * | 1995-06-29 | 1997-01-28 | Ericsson Inc. | Authentication and handover methods and systems for radio personal communications |
US6243373B1 (en) * | 1995-11-01 | 2001-06-05 | Telecom Internet Ltd. | Method and apparatus for implementing a computer network/internet telephone system |
US6243772B1 (en) * | 1997-01-31 | 2001-06-05 | Sharewave, Inc. | Method and system for coupling a personal computer with an appliance unit via a wireless communication link to provide an output display presentation |
US6075860A (en) * | 1997-02-19 | 2000-06-13 | 3Com Corporation | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
US6105133A (en) * | 1997-03-10 | 2000-08-15 | The Pacid Group | Bilateral authentication and encryption system |
US20020159598A1 (en) * | 1997-10-31 | 2002-10-31 | Keygen Corporation | System and method of dynamic key generation for digital communications |
US6396612B1 (en) * | 1998-02-11 | 2002-05-28 | Telefonaktiebolaget L M Ericsson | System, method and apparatus for secure transmission of confidential information |
US6901241B2 (en) * | 1998-02-11 | 2005-05-31 | Telefonaktiebolaget L M Ericsson (Publ) | System, method and apparatus for secure transmission of confidential information |
US6366654B1 (en) * | 1998-07-06 | 2002-04-02 | Nortel Networks Limited | Method and system for conducting a multimedia phone cell |
US20010048744A1 (en) * | 2000-06-01 | 2001-12-06 | Shinya Kimura | Access point device and authentication method thereof |
US20020061748A1 (en) * | 2000-11-17 | 2002-05-23 | Kabushiki Kaisha Toshiba | Scheme for registration and authentication in wireless communication system using wireless LAN |
US20020094087A1 (en) * | 2001-01-16 | 2002-07-18 | Harris Corporation | Secure wireless LAN device and associated methods |
US20020147920A1 (en) * | 2001-04-05 | 2002-10-10 | Anthony Mauro | Method and apparatus for providing secure processing and data storage for a wireless communication device |
US20030011798A1 (en) * | 2001-07-04 | 2003-01-16 | Dainippon Screen Mfg. Co., Ltd. | Patch measurement device |
US20030014646A1 (en) * | 2001-07-05 | 2003-01-16 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20030081774A1 (en) * | 2001-10-26 | 2003-05-01 | Paul Lin | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure |
US20040088548A1 (en) * | 2002-11-06 | 2004-05-06 | Xerox Corporation | System and method for providing secure resource management |
Cited By (192)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030110374A1 (en) * | 2001-04-19 | 2003-06-12 | Masaaki Yamamoto | Terminal communication system |
US7962744B2 (en) * | 2001-04-19 | 2011-06-14 | Ntt Docomo, Inc. | Terminal communication system |
US8156337B2 (en) | 2002-02-06 | 2012-04-10 | Palo Alto Research Center Incorporated | Systems and methods for authenticating communications in a network medium |
US20110134847A1 (en) * | 2002-02-06 | 2011-06-09 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for provisioning secure wireless sensors |
US8515389B2 (en) | 2002-02-06 | 2013-08-20 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for provisioning secure wireless sensors |
US20090296939A1 (en) * | 2002-03-08 | 2009-12-03 | Marinus Struik | Local area network |
US9356778B2 (en) | 2002-03-08 | 2016-05-31 | Certicom Corp. | Secured communication for local area network |
US9871776B2 (en) | 2002-03-08 | 2018-01-16 | Certicom Corp. | Local area network |
US8681993B2 (en) * | 2002-03-08 | 2014-03-25 | Certicom Corp. | Local area network |
US20030235309A1 (en) * | 2002-03-08 | 2003-12-25 | Marinus Struik | Local area network |
US20040005058A1 (en) * | 2002-07-06 | 2004-01-08 | Kyung-Hun Jang | Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefor |
US7835525B2 (en) * | 2002-07-06 | 2010-11-16 | Samsung Electronics Co., Ltd. | Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefor |
US7885896B2 (en) | 2002-07-09 | 2011-02-08 | Avaya Inc. | Method for authorizing a substitute software license server |
US8041642B2 (en) | 2002-07-10 | 2011-10-18 | Avaya Inc. | Predictive software license balancing |
US20040054891A1 (en) * | 2002-08-27 | 2004-03-18 | Hengeveld Thomas Andrew | Secure encryption key distribution |
US7599496B2 (en) * | 2002-08-27 | 2009-10-06 | Pine Valley Investments, Inc. | Secure encryption key distribution |
US7707116B2 (en) | 2002-08-30 | 2010-04-27 | Avaya Inc. | Flexible license file feature controls |
US20040054899A1 (en) * | 2002-08-30 | 2004-03-18 | Xerox Corporation | Apparatus and methods for providing secured communication |
US7681245B2 (en) | 2002-08-30 | 2010-03-16 | Avaya Inc. | Remote feature activator feature extraction |
US7844572B2 (en) | 2002-08-30 | 2010-11-30 | Avaya Inc. | Remote feature activator feature extraction |
US7392387B2 (en) | 2002-08-30 | 2008-06-24 | Xerox Corporation | Apparatus and methods for providing secured communication |
US7966520B2 (en) | 2002-08-30 | 2011-06-21 | Avaya Inc. | Software licensing for spare processors |
US20040044629A1 (en) * | 2002-08-30 | 2004-03-04 | Rhodes James E. | License modes in call processing |
US8620819B2 (en) | 2002-08-30 | 2013-12-31 | Avaya Inc. | Remote feature activator feature extraction |
US20040044901A1 (en) * | 2002-08-30 | 2004-03-04 | Serkowski Robert J. | License file serial number tracking |
US7698225B2 (en) | 2002-08-30 | 2010-04-13 | Avaya Inc. | License modes in call processing |
US7228567B2 (en) | 2002-08-30 | 2007-06-05 | Avaya Technology Corp. | License file serial number tracking |
US7185199B2 (en) | 2002-08-30 | 2007-02-27 | Xerox Corporation | Apparatus and methods for providing secured communication |
US8271786B1 (en) * | 2002-10-16 | 2012-09-18 | Hewlett-Packard Development Company, L.P. | Method and system for providing secure communications between a first and a second peer device |
US20040083363A1 (en) * | 2002-10-25 | 2004-04-29 | Hengeveld Thomas Andrew | Secure group secret distribution |
US7917748B2 (en) | 2002-10-25 | 2011-03-29 | Pine Valley Investments, Inc. | Secure group secret distribution |
US20090187982A1 (en) * | 2002-11-21 | 2009-07-23 | Palo Alto Research Center Incorporated | Systems and methods for authenticating communications in a network medium |
US7937752B2 (en) * | 2002-11-21 | 2011-05-03 | Palo Alto Research Center Incorporated | Systems and methods for authenticating communications in a network medium |
US7913301B2 (en) | 2002-12-26 | 2011-03-22 | Avaya Inc. | Remote feature activation authentication file system |
US7890997B2 (en) | 2002-12-26 | 2011-02-15 | Avaya Inc. | Remote feature activation authentication file system |
US20060146765A1 (en) * | 2003-02-19 | 2006-07-06 | Koninklijke Philips Electronics, N.V. | System for ad hoc sharing of content items between portable devices and interaction methods therefor |
US20080107270A1 (en) * | 2003-02-25 | 2008-05-08 | Kabushiki Kaisha Toshiba | System and apparatus for information display |
US9002013B2 (en) * | 2003-02-25 | 2015-04-07 | Kabushiki Kaisha Toshiba | System and apparatus for information display |
US7260557B2 (en) | 2003-02-27 | 2007-08-21 | Avaya Technology Corp. | Method and apparatus for license distribution |
US20040172367A1 (en) * | 2003-02-27 | 2004-09-02 | Chavez David L. | Method and apparatus for license distribution |
US7373657B2 (en) | 2003-03-10 | 2008-05-13 | Avaya Technology Corp. | Method and apparatus for controlling data and software access |
US20040181695A1 (en) * | 2003-03-10 | 2004-09-16 | Walker William T. | Method and apparatus for controlling data and software access |
US7577837B1 (en) * | 2003-04-17 | 2009-08-18 | Cisco Technology, Inc. | Method and apparatus for encrypted unicast group communication |
US20040215974A1 (en) * | 2003-04-25 | 2004-10-28 | Palo Alto Research Center Incorporated | System and method for establishing secondary channels |
US20050190768A1 (en) * | 2003-06-16 | 2005-09-01 | Ross Cutler | System and process for discovery of network-connected devices |
US20050018687A1 (en) * | 2003-06-16 | 2005-01-27 | Microsoft Corporation | System and process for discovery of network-connected devices at remote sites using audio-based discovery techniques |
US7525928B2 (en) * | 2003-06-16 | 2009-04-28 | Microsoft Corporation | System and process for discovery of network-connected devices at remote sites using audio-based discovery techniques |
US7443807B2 (en) * | 2003-06-16 | 2008-10-28 | Microsoft Corporation | System and process for discovery of network-connected devices |
US20040264701A1 (en) * | 2003-06-24 | 2004-12-30 | Jong-Hwa Lee | Method for transmitting/receiving encoded ultra-wideband signal and terminal therefor |
US20050036616A1 (en) * | 2003-08-12 | 2005-02-17 | Qiang Huang | Secure routing protocol for an ad hoc network using one-way/one-time hash functions |
JP2005117626A (en) * | 2003-08-12 | 2005-04-28 | Mitsubishi Electric Research Laboratories Inc | Method for authenticating packet transmitted serially in network |
US7401217B2 (en) * | 2003-08-12 | 2008-07-15 | Mitsubishi Electric Research Laboratories, Inc. | Secure routing protocol for an ad hoc network using one-way/one-time hash functions |
EP1536609A3 (en) * | 2003-11-10 | 2005-08-03 | Xerox Corporation | Systems and methods for authenticating communications in a network |
US20050100166A1 (en) * | 2003-11-10 | 2005-05-12 | Parc Inc. | Systems and methods for authenticating communications in a network medium |
EP1536609A2 (en) * | 2003-11-10 | 2005-06-01 | Xerox Corporation | Systems and methods for authenticating communications in a network |
US7757076B2 (en) | 2003-12-08 | 2010-07-13 | Palo Alto Research Center Incorporated | Method and apparatus for using a secure credential infrastructure to access vehicle components |
US20050125669A1 (en) * | 2003-12-08 | 2005-06-09 | Palo Alto Research Center Incorporated | Method and apparatus for using a secure credential infrastructure to access vehicle components |
US20050129240A1 (en) * | 2003-12-15 | 2005-06-16 | Palo Alto Research Center Incorporated | Method and apparatus for establishing a secure ad hoc command structure |
US7665126B2 (en) * | 2003-12-17 | 2010-02-16 | Microsoft Corporation | Mesh networks with exclusion capability |
US20050138359A1 (en) * | 2003-12-17 | 2005-06-23 | Simon Daniel R. | Mesh networks with exclusion capability |
US7353388B1 (en) | 2004-02-09 | 2008-04-01 | Avaya Technology Corp. | Key server for securing IP telephony registration, control, and maintenance |
US8059818B2 (en) * | 2004-02-13 | 2011-11-15 | Nokia Corporation | Accessing protected data on network storage from multiple devices |
US20050193199A1 (en) * | 2004-02-13 | 2005-09-01 | Nokia Corporation | Accessing protected data on network storage from multiple devices |
US7584360B2 (en) | 2004-02-16 | 2009-09-01 | Mitsubishi Electric Corporation | Data sending/receiving device and digital certificate issuing method |
US7272500B1 (en) * | 2004-03-25 | 2007-09-18 | Avaya Technology Corp. | Global positioning system hardware key for software licenses |
US7861081B2 (en) | 2004-03-26 | 2010-12-28 | Bce Inc. | Security system and method |
US20050216747A1 (en) * | 2004-03-26 | 2005-09-29 | Bce Inc. | Security system and method |
US20050266826A1 (en) * | 2004-06-01 | 2005-12-01 | Nokia Corporation | Method for establishing a security association between a wireless access point and a wireless node in a UPnP environment |
US7375615B2 (en) * | 2004-06-10 | 2008-05-20 | Hitachi, Ltd. | Personal authentication system |
US20050278776A1 (en) * | 2004-06-10 | 2005-12-15 | Kenji Kitagawa | Personal authentication system |
US20050287985A1 (en) * | 2004-06-24 | 2005-12-29 | Dirk Balfanz | Using a portable security token to facilitate public key certification for devices in a network |
US7552322B2 (en) | 2004-06-24 | 2009-06-23 | Palo Alto Research Center Incorporated | Using a portable security token to facilitate public key certification for devices in a network |
US20060020797A1 (en) * | 2004-07-08 | 2006-01-26 | Kan Zhang | Method for verifying a secure association between devices |
US9166879B2 (en) | 2004-07-09 | 2015-10-20 | Qualcomm Connected Experiences, Inc. | System and method for enabling the establishment and use of a personal network |
US8195765B2 (en) | 2004-07-09 | 2012-06-05 | Orb Networks, Inc. | System and method for remotely controlling network resources |
US8738730B2 (en) | 2004-07-09 | 2014-05-27 | Qualcomm Incorporated | System and method for remotely controlling network resources |
US9077766B2 (en) | 2004-07-09 | 2015-07-07 | Qualcomm Incorporated | System and method for combining memory resources for use on a personal network |
US8787164B2 (en) | 2004-07-09 | 2014-07-22 | Qualcomm Incorporated | Media delivery system and method for transporting media to desired target devices |
US9374805B2 (en) | 2004-07-09 | 2016-06-21 | Qualcomm Atheros, Inc. | System and method for combining memory resources for use on a personal network |
US8819140B2 (en) * | 2004-07-09 | 2014-08-26 | Qualcomm Incorporated | System and method for enabling the establishment and use of a personal network |
US8738693B2 (en) | 2004-07-09 | 2014-05-27 | Qualcomm Incorporated | System and method for managing distribution of media files |
US20060026271A1 (en) * | 2004-07-09 | 2006-02-02 | Luc Julia | System and method for enabling the establishment and use of a personal network |
WO2010065008A1 (en) * | 2004-07-15 | 2010-06-10 | Cisco Technology, Inc. | Method and system for pre-authentication |
US20060053276A1 (en) * | 2004-09-03 | 2006-03-09 | Lortz Victor B | Device introduction and access control framework |
US8146142B2 (en) * | 2004-09-03 | 2012-03-27 | Intel Corporation | Device introduction and access control framework |
US9602471B2 (en) | 2004-09-03 | 2017-03-21 | Intel Corporation | Device introduction and access control framework |
US7707405B1 (en) | 2004-09-21 | 2010-04-27 | Avaya Inc. | Secure installation activation |
US20060060451A1 (en) * | 2004-09-22 | 2006-03-23 | Golias Robert J | Hanger for conveyor assembly |
US7747851B1 (en) | 2004-09-30 | 2010-06-29 | Avaya Inc. | Certificate distribution via license files |
US7965701B1 (en) | 2004-09-30 | 2011-06-21 | Avaya Inc. | Method and system for secure communications with IP telephony appliance |
US10503877B2 (en) | 2004-09-30 | 2019-12-10 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
US8229858B1 (en) | 2004-09-30 | 2012-07-24 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
GB2419067A (en) * | 2004-10-06 | 2006-04-12 | Sharp Kk | Deciding whether to permit a transaction, based on the value of an identifier sent over a communications channel and returned over a secure connection |
US20060126838A1 (en) * | 2004-12-09 | 2006-06-15 | Avner Taieb | Method and system for facilitating communication |
US20060168647A1 (en) * | 2005-01-26 | 2006-07-27 | Microsoft Corporation | Secure method and system for creating a plug and play network |
US7634802B2 (en) * | 2005-01-26 | 2009-12-15 | Microsoft Corporation | Secure method and system for creating a plug and play network |
US20070198836A1 (en) * | 2005-04-08 | 2007-08-23 | Nortel Networks Limited | Key negotiation and management for third party access to a secure communication session |
US7975140B2 (en) * | 2005-04-08 | 2011-07-05 | Nortel Networks Limited | Key negotiation and management for third party access to a secure communication session |
WO2006116061A3 (en) * | 2005-04-22 | 2007-10-25 | Microsoft Corp | Wireless device discovery and configuration |
US20070011335A1 (en) * | 2005-07-08 | 2007-01-11 | Gregory Burns | Using Bluetooth to establish ad-hoc connections between non-Bluetooth wireless communication modules |
US7882238B2 (en) * | 2005-07-08 | 2011-02-01 | Qualcomm Incorporated | Using bluetooth to establish ad-hoc connections between non-bluetooth wireless communication modules |
US9712957B2 (en) | 2005-08-03 | 2017-07-18 | At&T Mobility Ii Llc | Limiting services based on location |
US8832792B2 (en) * | 2005-08-03 | 2014-09-09 | At&T Mobility Ii Llc | Limiting services based on location |
US20070030973A1 (en) * | 2005-08-03 | 2007-02-08 | Cingular Wireless Ii, Llc | Limiting services based on location |
US7814023B1 (en) | 2005-09-08 | 2010-10-12 | Avaya Inc. | Secure download manager |
US9661021B2 (en) | 2005-09-19 | 2017-05-23 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
US10027707B2 (en) | 2005-09-19 | 2018-07-17 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
US9374366B1 (en) | 2005-09-19 | 2016-06-21 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
US8583926B1 (en) * | 2005-09-19 | 2013-11-12 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
US20070079113A1 (en) * | 2005-09-30 | 2007-04-05 | Amol Kulkarni | Automatic secure device introduction and configuration |
WO2007059378A2 (en) * | 2005-11-10 | 2007-05-24 | Motorola Inc. | A method for managing security keys utilized by media devices in a local area network |
WO2007059378A3 (en) * | 2005-11-10 | 2008-06-05 | Motorola Inc | A method for managing security keys utilized by media devices in a local area network |
US8191161B2 (en) * | 2005-12-13 | 2012-05-29 | Microsoft Corporation | Wireless authentication |
US20070136796A1 (en) * | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Wireless authentication |
US20070170238A1 (en) * | 2006-01-26 | 2007-07-26 | Ricoh Company, Ltd. | Techniques for introducing devices to device families with paper receipt |
US7900817B2 (en) | 2006-01-26 | 2011-03-08 | Ricoh Company, Ltd. | Techniques for introducing devices to device families with paper receipt |
US9130993B2 (en) * | 2006-02-09 | 2015-09-08 | Sony Corporation | Wireless connection system and wireless connection method |
US20070184816A1 (en) * | 2006-02-09 | 2007-08-09 | Shozo Horisawa | Wireless connection system and wireless connection method |
US20080002573A1 (en) * | 2006-07-03 | 2008-01-03 | Palo Alto Research Center Incorporated | Congestion management in an ad-hoc network based upon a predicted information utility |
US7966419B2 (en) | 2006-07-03 | 2011-06-21 | Palo Alto Research Center Incorporated | Congestion management in an ad-hoc network based upon a predicted information utility |
US20080022417A1 (en) * | 2006-07-20 | 2008-01-24 | Garrison John M | System and Method For Securing Portable Computers |
US20080114251A1 (en) * | 2006-11-10 | 2008-05-15 | Penrith Corporation | Transducer array imaging system |
US9295444B2 (en) | 2006-11-10 | 2016-03-29 | Siemens Medical Solutions Usa, Inc. | Transducer array imaging system |
US8522019B2 (en) * | 2007-02-23 | 2013-08-27 | Qualcomm Incorporated | Method and apparatus to create trust domains based on proximity |
US20080222711A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create Trust Domains Based on Proximity |
US8387124B2 (en) | 2007-03-15 | 2013-02-26 | Palo Alto Research Center Incorporated | Wormhole devices for usable secure access to remote resource |
US20080229402A1 (en) * | 2007-03-15 | 2008-09-18 | Palo Alto Research Center Incorporated | Wormhole devices for usable secure access to remote resource |
US20090025062A1 (en) * | 2007-07-17 | 2009-01-22 | Alcatel Lucent | Verifying authenticity of conference call invitees |
US8036249B2 (en) | 2007-07-18 | 2011-10-11 | Samsung Electronics Co., Ltd. | System and method of data verification |
US8307216B2 (en) * | 2007-08-10 | 2012-11-06 | Yamaha Hatsudoki Kabushiki Kaisha | Device authentication control method, device authentication control device, and boat |
US20090044255A1 (en) * | 2007-08-10 | 2009-02-12 | Yamaha Marine Kabushiki Kaisha | Device authentication control method, device authentication control device, and boat |
US20230224678A1 (en) * | 2007-10-25 | 2023-07-13 | Blackberry Limited | Sending location information from within a communication application |
US20090222659A1 (en) * | 2008-03-03 | 2009-09-03 | Sony Corporation | Communication device and communication method |
US8924716B2 (en) * | 2008-03-03 | 2014-12-30 | Sony Corporation | Communication device and communication method |
US8380982B2 (en) * | 2008-03-03 | 2013-02-19 | Sony Corporation | Communication device and communication method |
US20130195271A1 (en) * | 2008-03-03 | 2013-08-01 | Sony Corporation | Communication device and communication method |
US8606873B2 (en) | 2008-06-27 | 2013-12-10 | Qualcomm Incorporated | Methods and apparatus for securely advertising identification and/or discovery information |
US20090327391A1 (en) * | 2008-06-27 | 2009-12-31 | Qualcomm Incorporated | Methods and apparatus for securely advertising identification and/or discovery information |
US8285994B2 (en) | 2008-06-30 | 2012-10-09 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of-band (OOB) channel |
GB2473351B (en) * | 2008-06-30 | 2012-06-13 | Intel Corp | Two-way authentication between two communication endpoints using a one-way out-of-band (OOB) channel |
GB2473351A (en) * | 2008-06-30 | 2011-03-09 | Intel Corp | Two-way authentication between two communication endpoints using a one-way out-of-band (OOB) channel |
US8078873B2 (en) | 2008-06-30 | 2011-12-13 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of-band (OOB) channel |
US8745392B2 (en) | 2008-06-30 | 2014-06-03 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of band (OOB) channel |
WO2010002596A3 (en) * | 2008-06-30 | 2010-03-18 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of-band (oob) channel |
WO2010002596A2 (en) * | 2008-06-30 | 2010-01-07 | Intel Corporation | Two-way authentication between two communication endpoints using a one-way out-of-band (oob) channel |
US11074615B2 (en) | 2008-09-08 | 2021-07-27 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US11687971B2 (en) | 2008-09-08 | 2023-06-27 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US11334918B2 (en) | 2008-09-08 | 2022-05-17 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US11443344B2 (en) | 2008-09-08 | 2022-09-13 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US10855828B2 (en) * | 2010-10-04 | 2020-12-01 | Brother Kogyo Kabushiki Kaisha | Communication control device, communication system and communication method |
US20120084448A1 (en) * | 2010-10-04 | 2012-04-05 | Brother Kogyo Kabushiki Kaisha | Communication Control Device, Communication System and Communication Method |
JP2013065091A (en) * | 2011-09-15 | 2013-04-11 | Ricoh Co Ltd | Information transmission system, information transmission apparatus, information reception apparatus, information transmission program, and information reception program |
US20140244723A1 (en) * | 2011-12-27 | 2014-08-28 | Michelle X. Gong | Systems and methods for cross-layer secure connection set up |
US9628585B2 (en) * | 2011-12-27 | 2017-04-18 | Intel Corporation | Systems and methods for cross-layer secure connection set up |
US9609020B2 (en) | 2012-01-06 | 2017-03-28 | Optio Labs, Inc. | Systems and methods to enforce security policies on the loading, linking, and execution of native code by mobile applications running inside of virtual machines |
US9787681B2 (en) | 2012-01-06 | 2017-10-10 | Optio Labs, Inc. | Systems and methods for enforcing access control policies on privileged accesses for mobile devices |
US9712530B2 (en) | 2012-01-06 | 2017-07-18 | Optio Labs, Inc. | Systems and methods for enforcing security in mobile computing |
US20130205369A1 (en) * | 2012-02-05 | 2013-08-08 | Institute For Information Industry | Direct mode communication system and discovery interactive method thereof |
US9294453B2 (en) * | 2012-02-05 | 2016-03-22 | Institute For Information Industry | Direct mode communication system and discovery interactive method thereof |
US9363670B2 (en) | 2012-08-27 | 2016-06-07 | Optio Labs, Inc. | Systems and methods for restricting access to network resources via in-location access point protocol |
US9392450B2 (en) * | 2012-09-29 | 2016-07-12 | Microsoft Technology Licensing, Llc | Securely joining a secure wireless communications network |
US8948390B2 (en) * | 2012-09-29 | 2015-02-03 | Microsoft Corporation | Securely joining a secure wireless communications network |
US20140093079A1 (en) * | 2012-09-29 | 2014-04-03 | Microsoft Corporation | Securely joining a secure wireless communications network |
US20150124968A1 (en) * | 2012-09-29 | 2015-05-07 | Microsoft Technology Licensing, Llc | Securely joining a secure wireless communications network |
US20150271667A1 (en) * | 2012-10-15 | 2015-09-24 | Koninklijke Philips N.V. | Wireless communication system |
CN104704769A (en) * | 2012-10-15 | 2015-06-10 | 皇家飞利浦有限公司 | A wireless communication system |
US10149153B2 (en) * | 2012-10-15 | 2018-12-04 | Koninklijke Philips N.V. | Wireless communication system |
US9773107B2 (en) | 2013-01-07 | 2017-09-26 | Optio Labs, Inc. | Systems and methods for enforcing security in mobile computing |
US9241016B2 (en) | 2013-03-05 | 2016-01-19 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US11303362B2 (en) | 2013-03-05 | 2022-04-12 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US10491311B2 (en) | 2013-03-05 | 2019-11-26 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US10277332B2 (en) | 2013-03-05 | 2019-04-30 | Cisco Technology, Inc. | System and associated methodology for detecting same room presence using ultrasound as an out-of-band channel |
US20140254799A1 (en) * | 2013-03-06 | 2014-09-11 | Qualcomm Incorporated | Systems and methods for secure high-speed link maintenance via nfc |
US9277402B2 (en) * | 2013-03-06 | 2016-03-01 | Qualcomm Incorporated | Systems and methods for secure high-speed link maintenance via NFC |
CN105191250A (en) * | 2013-03-06 | 2015-12-23 | 高通股份有限公司 | Systems and methods for secure high-speed link maintenance via nfc |
US20140283136A1 (en) * | 2013-03-13 | 2014-09-18 | Optio Labs, Inc. | Systems and methods for securing and locating computing devices |
US9578445B2 (en) | 2013-03-13 | 2017-02-21 | Optio Labs, Inc. | Systems and methods to synchronize data to a mobile device based on a device usage context |
US20140351480A1 (en) * | 2013-05-23 | 2014-11-27 | Samsung Electronics Co., Ltd. | Method and apparatus for managing wireless docking network |
US10805279B2 (en) * | 2013-06-03 | 2020-10-13 | Ayla Networks, Inc. | Communication module for embedded system |
US20160127050A1 (en) * | 2013-06-07 | 2016-05-05 | Gemalto Sa | Pairing device |
US9722710B2 (en) * | 2013-06-07 | 2017-08-01 | Gemalto Sa | Pairing device |
US20170329955A1 (en) * | 2014-02-21 | 2017-11-16 | Liveensure, Inc. | System and method for peer to peer mobile contextual authentication |
US9990489B2 (en) * | 2014-02-21 | 2018-06-05 | Liveensure, Inc. | System and method for peer to peer mobile contextual authentication |
US9311504B2 (en) | 2014-06-23 | 2016-04-12 | Ivo Welch | Anti-identity-theft method and hardware database device |
US9941979B2 (en) * | 2015-03-10 | 2018-04-10 | Nxp B.V. | Transmitter and receiver audio devices and associated methods |
US20160269128A1 (en) * | 2015-03-10 | 2016-09-15 | Nxp B.V. | Transmitter and receiver audio devices and associated methods |
US10771244B2 (en) | 2015-07-29 | 2020-09-08 | Samsung Electronics Co., Ltd. | Method for communication between devices and devices thereof |
WO2017018708A1 (en) * | 2015-07-29 | 2017-02-02 | 삼성전자 주식회사 | Method for communication between devices and devices thereof |
US10977378B2 (en) * | 2016-05-13 | 2021-04-13 | Silicon Integrated Systems Corp. | Encoding-locked method for audio processing and audio processing system |
US20170329977A1 (en) * | 2016-05-13 | 2017-11-16 | Silicon Integrated Systems Corp. | Encoding-locked method for audio processing and audio receiving device |
CN110637470A (en) * | 2017-05-16 | 2019-12-31 | 苹果公司 | Techniques for verifying user intent and securely configuring a computing device |
US11463244B2 (en) * | 2019-01-10 | 2022-10-04 | Samsung Electronics Co., Ltd. | Electronic apparatus, method of controlling the same, and network system thereof |
Also Published As
Publication number | Publication date |
---|---|
US20060174116A1 (en) | 2006-08-03 |
EP1335563A3 (en) | 2003-10-15 |
DE60317123T2 (en) | 2008-08-14 |
DE60317123D1 (en) | 2007-12-13 |
JP4481574B2 (en) | 2010-06-16 |
EP1335563A2 (en) | 2003-08-13 |
US8156337B2 (en) | 2012-04-10 |
EP1335563B1 (en) | 2007-10-31 |
JP2003309558A (en) | 2003-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8156337B2 (en) | Systems and methods for authenticating communications in a network medium | |
Balfanz et al. | Talking to strangers: Authentication in ad-hoc wireless networks. | |
US10958632B1 (en) | Authentication methods and apparatus using key-encapsulating ciphertexts and other techniques | |
EP1536609B1 (en) | Systems and methods for authenticating communications in a network | |
JP3552648B2 (en) | Data transmission / reception system for ad hoc wireless communication and data transmission / reception method for ad hoc wireless communication | |
US7957534B2 (en) | System and method for security association between communication devices within a wireless home network | |
US7181614B1 (en) | Method and arrangement in a communication network | |
US6912657B2 (en) | Method and arrangement in a communication network | |
US7760885B2 (en) | Method of distributing encryption keys among nodes in mobile ad hoc network and network device using the same | |
Suomalainen et al. | Security associations in personal networks: A comparative analysis | |
US20070280481A1 (en) | Method and apparatus for multiple pre-shared key authorization | |
US20100235638A1 (en) | Identification and authentication of devices in a network | |
WO2009089738A1 (en) | Authentication access method and authentication access system for wireless multi-hop network | |
JP2001265729A (en) | Multicast system, authentication server terminal, multicast recipient terminal managing method and recording medium | |
US20020106085A1 (en) | Security breach management | |
US20090198998A1 (en) | Method and apparatus of ensuring security of communication in home network | |
Kostiainen | Intuitive Security Initiation Using Location-Limited Channels | |
GB2411801A (en) | Establishing secure connections in ad-hoc wireless networks in blind trust situations | |
KR20040102968A (en) | Apparatus and method having a function of client-to-clinet authenticattion | |
KR101165350B1 (en) | An Authentication Method of Device Member In Ubiquitous Computing Network | |
JP2003318875A (en) | Method for group cryptographic communication, certification method, computer, and program | |
WO2008004174A2 (en) | Establishing a secure authenticated channel | |
Verma et al. | Progressive authentication in ad hoc networks | |
CN114501473B (en) | Mesh network distribution method, electronic equipment and computer readable storage medium | |
Ischi | Security properties of device pairing protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: XEROX CORPORATION, CONNECTICUT Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BALFANZ, DIRK;LOPES, CRISTINA;SMETTERS, DIANA;AND OTHERS;REEL/FRAME:012955/0490 Effective date: 20020424 |
|
AS | Assignment |
Owner name: BANK ONE, NA, AS ADMINISTRATIVE AGENT, ILLINOIS Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:013111/0001 Effective date: 20020621 Owner name: BANK ONE, NA, AS ADMINISTRATIVE AGENT,ILLINOIS Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:013111/0001 Effective date: 20020621 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, AS COLLATERAL AGENT, TEXAS Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:015134/0476 Effective date: 20030625 Owner name: JPMORGAN CHASE BANK, AS COLLATERAL AGENT,TEXAS Free format text: SECURITY AGREEMENT;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:015134/0476 Effective date: 20030625 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: XEROX CORPORATION, NEW YORK Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK ONE, NA;REEL/FRAME:035760/0065 Effective date: 20030625 |
|
AS | Assignment |
Owner name: XEROX CORPORATION, NEW YORK Free format text: LIEN RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:040502/0272 Effective date: 20061204 |
|
AS | Assignment |
Owner name: CISCO SYSTEMS, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:041697/0595 Effective date: 20170110 |
|
AS | Assignment |
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CISCO SYSTEMS, INC.;REEL/FRAME:041715/0001 Effective date: 20170210 |
|
AS | Assignment |
Owner name: XEROX CORPORATION, CONNECTICUT Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. AS SUCCESSOR-IN-INTEREST ADMINISTRATIVE AGENT AND COLLATERAL AGENT TO BANK ONE, N.A.;REEL/FRAME:061388/0388 Effective date: 20220822 Owner name: XEROX CORPORATION, CONNECTICUT Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. AS SUCCESSOR-IN-INTEREST ADMINISTRATIVE AGENT AND COLLATERAL AGENT TO JPMORGAN CHASE BANK;REEL/FRAME:066728/0193 Effective date: 20220822 |