GB2447674A - Using environmental data to generate a cryptographic key - Google Patents
Using environmental data to generate a cryptographic key Download PDFInfo
- Publication number
- GB2447674A GB2447674A GB0705342A GB0705342A GB2447674A GB 2447674 A GB2447674 A GB 2447674A GB 0705342 A GB0705342 A GB 0705342A GB 0705342 A GB0705342 A GB 0705342A GB 2447674 A GB2447674 A GB 2447674A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- devices
- environmental data
- previous
- limitation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H04L29/06707—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/65—Environment-dependent, e.g. using captured environmental data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
Secure communication between two paired electronic devices already in wireless communication is established by generating a cryptographic key based on environmental data measured independently in each of the devices via one or more sensors. A processed version of the data is exchanged securely between the devices using known techniques, and each device accesses local and remote representations of the environmental data to determine if it represents a shared experience, by comparing the local and remote representations. The local and remote representations of the data are then used independently in the two devices to generate a common cryptographic key. The environmental data may be obtained with microphones sensing the ambient sound field, cameras taking photographs of the same scene, sensing signal strength of radio frequency radiation, obtaining the users' biometric data, or moving the two devices together for example by shaking or colliding them.
Description
ENVIRONMENTAL KEY GENERATION
DESCRIPTION
BACKGROUND
There are occasions when secure communication is required between two or more electronic devices. There are well known schemes for achieving this, many of which depend on the devices (and only the devices) having knowledge of a cryptographic key (which is effectively a very large number).
The present invention allows a plurality of devices which are already in wireless communication to generate such a key by using as a starting point mutually experienced environmental data independently sensed by sensors in each device.
CURRENT STATE OF THE ART
Electronic Device Pairing We recognise three levels of pairing: The first is when two devices establish a wireless communication channel.
The second level is where the two devices exchange data to identify themselves, and at this stage either device may reject an undesired pairing The third level (where the present invention operates) is where two devices (a mutually desired pairing) not only pair, but together generate a new cryptographic key to secure further interactions between them.
First Level Pairing First Level Pairing is often achieved by a device broadcasting its presence and waiting for replies from other devices. This depends on the devices having compatible hardware and communication protocols. One well-known protocol for short-range interactions is BluetoothTM. This stage of pairing is well known to practitioners.
Second Level Pairing -Identification One criterion for desired pairings is physical proximity.
One approach to this where there are a number of patents (eg Method and Device for Bluetooth Pairing, EPI 745610) is to limit the power of the initial broadcast.
An alternative approach to proximity is physical contact (eg Device pairing via device to device contact, US2007003061, and Device pairing via human initiated contact US2006267860) A second criterion for desired pairings is identification Voice control is wefi-known for control of electronic devices, and has been proposed for device pairing (eg Device pairing via voice commands, US2006282649) The patent System and Method for Electronically Pairing Devices US2004253923 uses barcodes for identification The patent Method and Apparatus for Secure Pairing W02006071 364 uses a wired link (whereas the present invention uses wireless) to achieve initial identification The patent Device Pairing US20051 25664 requires use of a PIN code to achieve pairing The patent Method for Initiializing Secure Communication and Pairing Device Exclusively, Computer Program and Device W00072506 uses unique hardware identifiers, and is therefore unsuitable (unlike the present invention) for ad hoc pairings of devices All the above techniques simply allow identification of devices in order to reject or effect pairing. Unlike the present invention they do not use environmental data to generate a cryptographic key.
A related patent is Techniques for Verification of Electronic Device Pairing W02006093640 which discusses non-alphanumeric representations of a key to verify that two devices have the same cryptographic key. Unlike the present invention it is not concerned with generating that key
PROBLEM ADDRESSED
The present invention addresses the problem of setting up secure communications between two electronic devices which are paired. Physical proximity alone is not sufficient as it may give access for eavesdropping "bugs" We take as a given fact, that if two devices (and only those two devices) can independently calculate the same sufficiently large number, they can thereafter use well-known protocols for communicating securely with each other.
ESSENTIAL FEATURES OF THE PRESENT INVENTION
When two or more electronic devices have established an ad hoc communications channel, there may be a requirement to send data securely so that only those devices (and not eavesdroppers) can understand it. Many cryptographic techniques rely on a large number known only to sender and receiver.
Clearly for high security this large number must not be transmitted between the two devices unencrypted. So ideally the number is generated independently in both devices.
The core of the present invention is: (1) to use sensors independently in each device to sense and record environmental data, (2) to exchange the data (or rather a processed version) securely between devices (3) to assess local and remote representations of data to determine whether it represents a shared environmental experience (4) to use the local and remote representations of data independently in two devices to generate a common cryptographic key A First Protocol The numbers in the text refer to Figure 1.
Two or more devices (101, 201) are selected and the process begins. The environmental sensors (111, 211) in each device independently collect environmental data (113, 213 respectively) Some non-limiting examples include: * Moving two devices together (for example shaking) and sensing motion data * Devices with cameras taking photographs of the same scene * Devices with microphones sensing the ambient sound field * Devices sensing the signal strength of radio frequency radiation, such as emitted from IEEE 802.11 wireless LAN access points or BluetoothTM devices For methods which involve collecting data over a period of time, a trigger event is preferably used to synchronise the data collection in the devices. In the examples above this can be a sharp sudden movement or a loud sound, etc. As the data is sensed it is digitized (if in analogue format), so that it becomes in effect a series of numbers.
The Second Protocol (below) is common to here, then diverges In the First Protocol each pair of devices (101, 201) exchange messages (301) to generate a Diffie-Hellman key (311). This is a well-known standard process and this stage does not involve the environmental data.
This Diffie-Heilman key (311) is then used by each device (101, 201) to encrypt (125, 225) its environmental data (113 and 213 respectively).
The generation of the Diffie-Heilman key (311) is potentially open to a "man-in-the-middle" (MITM) attack. To overcome this potential weakness, the two devices send each other the encrypted environmental data using a two part commitment or interlock protocol. Each device (101, 201) initially sends only the first half (321) of its encrypted data to the other. Only on receipt of the first half data (321)) from the other does each device send its own second half (323). On receipt of the second half (323) each device can decrypt the other device's data, and at that point each device has its own data (113, 213) and data (213, 113 respectively) from a candidate partner device.
Once these two datasets (113, 213) are available a decision is required in each device (101 201) on whether they represent the same environmental data. This is a classification problem. Each device processes the two datasets of data to determine a numerical similarity (341) indicating whether or not the data refers to a common experience.
The exact signal processing employed depends on the format of the data, and is well known to practitioners. Some non-limiting examples of techniques which may be employed are Fourier transforms (where since complex numbers are incompatible with the later cryptographic calculations, power spectrum values are preferred) and non-linear feature extraction methods.
If the similarity exceeds a pre-defined threshold value, then each device considers that the candidate device has indeed sensed the same environmental data, and is therefore a suitable partner. Otherwise the pairing is rejected, and if this is a false negative the process is restarted by a human.
Since each device in a successful pairing has each other's complete dataset, each device uses the two datasets (113, 213) to generate a shared cryptographic key (271) to secure future communication between the two.
A Second Protocol The numbers in the text refer to Figure 2 The Second Protocol runs identically to the First Protocol (above) until where indicated.
The Second Protocol is symmetrical in that each device (101, 201) performs identical processing. For convenience only one side of this processing is described here.
The environmental data (113) is pre-processed in chunks using standard signal processing techniques (121). These may include without limitation noise reduction techniques and Fourier transforms. Each chunk yields a data vector (123).
One problem encountered in practice is that very similar data sensed in two devices may appear to be different because of differences in digitization levels. To overcome this problem a plurality of data vectors (123) is preferably generated using slightly different parameters to increase the opportunity of a correct match.
Each vector is then hashed (transformed by a one-way function) to give a hash key (131 -a large number) which is broadcast in messages (141) to other candidate devices.
Throughout the Second Protocol wherever a hash key is generated and sent to another device, it is preferably "salted" by the addition of a random number, which is sent alongside the hash key. This is a standard cryptographic technique to make "brute-force" dictionary attacks harder.
Each other device (201) calculates its own set of hash keys (231). On receipt of a hash key (131) from a first device (101), the other device (201) re-computes its own hash keys (231) using the random salt value received with the message (141) and compares these with the received hash key (231). When there is an exact match the recipient (201) marks its corresponding vector (223) as a matched vector, and hence accumulates a set of matched vectors (251). Where there are multiple devices present, each device (201) will have one set of matched vectors (251) which may be empty, for each other device present.
When a device has a sufficient number (according to a predetermined criterion, preferably that their combined entropy exceeds a required minimum) of matched vectors (251) relating to another device (101), it processes (261) them by concatenating the matched vectors (251) and then mathematically generates a candidate key (271, another large number).
It then hashes the candidate key (271) to create a hash key (273) and sends this in a message (281) to the specific other device (101).
On receipt of the message (281) the first device compares the hash key (273) to its own hash key similarly generated locally, and sends back a message (191) containing a positive or negative acknowledgement. On a positive acknowledgement, the two devices (101, 201) are able to begin secure communications using the key (271), and on a negative acknowledgement both devices clear their matched vectors (251) and start to accumulate new matched vectors.
Security is maintained throughout the Second Protocol by the devices sending hash keys to each other while maintaining secrecy on the true keys.
Embodiments A feature of embodiments of the present invention is that initially no keys, public or private are required. Instead environmental data shared by devices is used as the basis for key generation Shaking One embodiment of the present invention is to use the motion of shaking together of two devices as an environmental signal. Many devices incorporate accelerometers or other sensors capable of detecting small local movements. Shaking is a preferable action as it is a vigorous source of data with high entropy, and the start of the movement is easily detected. Practical experience suggests that sampling rates of 100-600 Hz are preferable, and that lack of synchronisation between the devices' clocks is not a problem.
Even though the devices may be carefully aligned, the internal sensor alignment is arbitrary so preferably the amplitudes of acceleration and/or velocity and/or displacement vectors are used as the environmental data.
CoI/iding One embodiment of the present invention is to tap devices together and generate a time series of vibration data. The timing and sequence of taps (ie rhythm) gives an environmental signal for processing. This is useful when one of the devices is immobile.
Imaging If devices to be paired incorporate cameras, a local object may be photographed.
Comparing the images is non-trivial as they may be of different resolutions, cover different areas and have different colour scales, but this is a well-known problem to practitioners and numerous computational approaches exist Others From the paragraphs above it will be readily seen that other types of sensor data to which a plurality of devices have independent access may be readily used in the same manner.
While the invention has been described in terms of several embodiments and protocols, those skilled in the art will recognize that the invention is not limited to the embodiments and protocols described, but can be practised with modification and alteration within the spirit and scope of the appended claims. The Description is thus to be regarded as illustrative instead of limiting.
Claims (1)
1 A system and method for directly determining pairing and generating a common cryptographic key in a plurality of electronic devices already in wireless communication, the key being based on mutually experienced environmental data measured independently in each of the plurality of devices via one or more sensors 2 A system according to Claim I where the environmental data is a common spatial path followed by the plurality of devices 3 A system according to Claim 1 where the environmental data is a series of physical collisions between the plurality of devices 4 A system according to Claim 1 where the environmental data is a visual image captured independently by each of the plurality of devices (including without limitation one dimensional and two dimensional barcodes and/or a television image andfor an image displayed on a computer monitor) A system according to Claim 1 where the environmental data is a visual image generated by transforming non-visual data captured independently by each of the plurality of devices (including without limitation ultrasound images, X-ray images and other electromagnetic images) 6 A system according to Claim 1 where the environmental data is a vibration (including without limitation human-audible sound) captured independently by each of the plurality of devices 7 A system according to Claim 1 where the environmental data is biometric data (including without limitation a fingerprint) captured independently by each of the plurality of devices 8 A system according to Claim 1 where the environmental data is a the field strength of electromagnetic radiation in a predefined spectral range (including without limitation human-visible light and radio frequency radiation) captured independently by each of the plurality of devices 9 A system according to Claim 1 where the environmental data is pressure and/or load data captured independently by each of the plurality of devices A system according to any previous Claim where the environmental data is a time series of data in any previous Claim 11 A system according to any previous Claim where a predefined signal or event is used to synchronise data acquisition across the plurality of devices 12 A system where the environmental data is a combination or permutation of data in any previous Claim 13 A system according to any previous Claim where the device collects environmental data and digitises it (if the data is not already digital) 14 A system according to any previous Claim where the device is without limitation a mobile telephone, a digital camera, a computer, a GPS unit, a keyboard, a computer mouse, a game control device, a games playing device, a personal digital assistant (PDA), a television, a remote controller, a printer, a memory storage device, a music player, a musical instrument, a display device, a projector, a scanner, a photocopier, an audio reproduction and/or recording device, a video reproduction and/or recording device, a multimedia reproduction and/or recording device, a utility company meter, a household appliance, an industrial machine, a vending machine, a payment card, a payment terminal, an automatic teller machine, a motor or engine, a turnstile or gate, and/or any combination thereof A system according to any previous Claim where at least one device is wearable, portable or implanted 16 A system according to any previous Claim where each pair of devices together create a Diffie-Heilman key, and use this to exchange their environmental data (optionally using a commitment and/or interlock exchange of messages), and then each of the pair makes an assessment of whether the local and received data represent a shared environmental experience and if so the devices pair and each uses the local and received datasets to generate a common cryptographic key for future communication with the other device 17 A system according to Claim 16 where the method of assessment uses without limitation any of the following techniques or any combination thereof: minimum entropy and/or Fourier transform and/or feature extraction and/or coherence averages 18 A system according to Claims 1 to 14 where a device pre-processes environmental data in blocks using signal processing techniques so that each block yields a data vector which is then (optionally salted and) hashed to give a hash key which is broadcast to one or more candidate devices for pairing 19 A system according to Claim 18 where the signal processing techniques include without limitation any technique stated in Claim 17 or any combination thereof A system according to Claims 18 and/or 19 where a p'urality of data vectors and hash keys is generated from each block of data, by using signal processing techniques but varying certain parameters to generate differences in each data vector 21 A system according to Claims 18 and/or 19 and/or 20 where each device on receiving a hash key from another device ("sender") compares it with its own set of data vectors and respective hash keys, and where the hash keys match exactly, it marks the respective local data vector as a matched vector for the specific sender, 22 A system according to Claim 21 where each device on marking a local data vector as a matched vector for a sender assesses its set of matched vectors for that sender, and if the set meets a predefined criterion, the devices pair and each uses the local and received datasets to generate a common cryptographic key for communication with the other device 23 A system according to Claim 22 where the method of assessment uses without limitation any technique stated in Claim 17 or any combination thereof 24 A system according to Claim 22 where the criterion is a predefined minimum number of matched vectors A system according to Claim 22 where the criterion is that the overall entropy of the set of matched vectors exceeds a predefined minimum value 26 A system according to Claims 22 to 25 where the cryptographic key is generated by processing the set of matched vectors 27 A system according to Claim 26 where the devices exchange and acknowledge (optionally salted) hashed versions of the cryptographic key to confirm pairing 28 A system according to any previous CIa,m imp'emented in electronic hardware, firmware and/or software Amendments to the claims have been filed as follows
I A system and method for directly determining pairing and generating a common cryptographic key in a plurality of electronic devices already in wireless communication, the key being based on mutually experienced environmental data external to the means of said wireless communication and measured independently in each of the plurality of devices via one or more sensors 2 A system according to Claim I where the environmental data is a common spatial path followed by the plurality of devices 3 A system according to Claim I where the environmental data is a series of physical collisions between the plurality of devices 4 A system according to Claim I where the environmental data is a visual image captured independently by each of the plurality of devices (including without limitation one dimensional and two dimensional barcodes and/or a television image and/or an image displayed on a computer monitor) A system according to Claim I where the environmental data is a visual image generated by transforming non-visual data captured independently by each of the plurality of devices * * (including without limitation ultrasound images, X-ray images and other electromagnetic images) 6 A system according to Claim 1 where the environmental data is a vibration (including without limitation human-audible sound) captured independently by each of the plurality of devices S. * S 7 A system according to Claim I where the environmental data is biometric data (including without limitation a fingerprint) captured independently by each of the plurality of devices 8 A system according to Claim I where the environmental data is a the field strength of electromagnetic radiation in a predefined spectral range (including without limitation human-visible light and radio frequency radiation) captured independently by each of the plurality of devices 9 A system according to Claim 1 where the environmental data is pressure and/or load data captured independently by each of the plurality of devices A system according to any previous Claim where the environmental data is a time series of data in any previous Claim 11 A system according to any previous Claim where a predefined signal or event is used to synchronise data acquisition across the plurality of devices 12 A system where the environmental data is a combination or permutation of data in any previous Claim 13 A system according to any previous Claim where the device collects environmental data and digitises it (if the data is not already digital) 14 A system according to any previous Claim where the device is without limitation a mobile telephone, a digital camera, a computer, a GPS unit, a keyboard, a computer mouse, a game control device, a games playing device, a personal digital assistant (PDA), a television, a remote controller, a printer, a memory storage device, a music player, a musical instrument, a display device, a projector, a scanner, a photocopier, an audio reproduction and/or recording device, a video reproduction and/or recording device, a multimedia reproduction and/or recording device, a utility company meter. a household * IS appliance, an industrial machine, a vending machine, a payment card, a payment terminal, * SS an automatic teller machine, a motor or engine, a turnstile or gate; and/or any combination thereof p.. *S.
* 15 A system according to any previous Claim where at least one device is wearable, portable or implanted 16 A system according to any previous Claim where each pair of devices together create a Diffie- Heliman key, and use this to exchange their environmental data (optionally using a commitment and/or interlock exchange of messages), and then each of the pair makes an assessment of whether the local and received data represent a shared environmental experience and if so the devices pair and each uses the local and received datasets to generate a common cryptographic key for future communication with the other device 17 A system according to Claim 16 where the method of assessment uses without limitation any of the foHowing techniques or any combination thereof: minimum entropy and/or Fourier transform and/or feature extraction and/or coherence averages 18 A system according to Claims I to 14 where a device pre-processes environmental data in blocks using signal processing techniques so that each block yields a data vector which is then (optionally salted and) hashed to give a hash key which is broadcast to one or more candidate devices for pairing 19 A system according to Claim 18 where the signal processing techniques include without limitation any technique stated in Claim 17 or any combination thereof A system according to Claims 18 and/or 19 where a plurality of data vectors and hash keys is generated from each block of data, by using signal processing techniques but varying certain parameters to generate differences in each data vector 21 A system according to Claims 18 and/or 19 and/or 20 where each device on receiving a hash key from another device (usenderhl) compares it with its own set of data vectors and respective hash keys, and where the hash keys match exactly, it marks the respective local data vector as a matched vector for the specific sender. * **
22 A system according to Claim 21 where each device on marking a local data vector as a * matched vector for a sender assesses its set of matched vectors for that sender, and if the I..
set meets a predefined criterion, the devices pair and each uses the local and received S...
datasets to generate a common cryptographic key for communication with the other device 55.
23 A system according to Claim 22 where the method of assessment uses without limitation any technique stated in Claim 17 or any combination thereof * . 24 A system according to Claim 22 where the criterion is a predefined minimum number of matched vectors A system according to Claim 22 where the criterion is that the overall entropy of the set of matched vectors exceeds a predefined minimum value 26 A system according to Claims 22 to 25 where the cryptographic key is generated by processing the set of matched vectors *1 27 A system according to Claim 26 where the devices exchange and acknowledge (optionally salted) hashed versions of the cryptographic key to confirm pairing 28 A system according to any previous Claim implemented in electronic hardware, firmware and/or software * ** . S * *%.S.
I a...
I S.
S SI.
I a.
S *
S
IS S.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0705342A GB2447674B (en) | 2007-03-21 | 2007-03-21 | Generation of a cryptographic key from device motion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0705342A GB2447674B (en) | 2007-03-21 | 2007-03-21 | Generation of a cryptographic key from device motion |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0705342D0 GB0705342D0 (en) | 2007-04-25 |
GB2447674A true GB2447674A (en) | 2008-09-24 |
GB2447674B GB2447674B (en) | 2011-08-03 |
Family
ID=38008762
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0705342A Expired - Fee Related GB2447674B (en) | 2007-03-21 | 2007-03-21 | Generation of a cryptographic key from device motion |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2447674B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2226965A1 (en) * | 2009-03-04 | 2010-09-08 | Nederlandse Organisatie voor toegepast -natuurwetenschappelijk onderzoek TNO | Method for generating cryptographic keys. |
WO2011002412A1 (en) * | 2009-07-03 | 2011-01-06 | Uraeus Communications Systems Ab | Method for generating an encryption/decryption key |
US20120300923A1 (en) * | 2011-05-24 | 2012-11-29 | Empire Technology Development Llc | Encryption using real-world objects |
WO2013003642A2 (en) | 2011-06-29 | 2013-01-03 | Intel Corporation | Secure context-based computing |
US8433537B2 (en) | 2007-09-07 | 2013-04-30 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Identifying mobile devices |
WO2013173848A3 (en) * | 2012-05-18 | 2014-03-27 | Qualcomm Incorporated | Automatic device-to-device connection control by environmental information |
WO2014179334A1 (en) * | 2013-04-29 | 2014-11-06 | Qualcomm Incorporated | Selectively authenticating a group of devices as being in a shared environment based on locally captured ambient sound |
WO2015181434A1 (en) * | 2014-05-26 | 2015-12-03 | Nokia Technologies Oy | Management of cryptographic keys |
US9253633B2 (en) * | 2012-12-20 | 2016-02-02 | Telefonaktiebolaget L M Ericsson (Publ) | Method and mobile device for generating a data authentication key |
WO2016020679A1 (en) * | 2014-08-08 | 2016-02-11 | Apply Mobile Limited | Improvements in and relating to random number generation apparatus |
WO2016023796A1 (en) * | 2014-08-12 | 2016-02-18 | Robert Bosch Gmbh | System and method for shared key agreement over untrusted communication channels |
WO2019086969A1 (en) * | 2017-11-01 | 2019-05-09 | Abb Schweiz Ag | Condition monitoring device and method for secure communication |
US20220085995A1 (en) * | 2018-11-27 | 2022-03-17 | Microsoft Technology Licensing, Llc | Trusted execution based on environmental factors |
WO2023094397A1 (en) * | 2021-11-24 | 2023-06-01 | T.J. Smith And Nephew, Limited | Device communication management in user activity monitoring systems |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9818315B2 (en) | 2013-06-04 | 2017-11-14 | At&T Intellectual Property I, L.P. | Secure multi-party device pairing using sensor data |
CN115014696B (en) * | 2022-08-08 | 2022-10-25 | 中国空气动力研究与发展中心高速空气动力研究所 | Method for synchronous acquisition and integrated processing of wind tunnel multi-signal source data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6002770A (en) * | 1995-07-28 | 1999-12-14 | Mytec Technologies Inc. | Method for secure data transmission between remote stations |
US20040086115A1 (en) * | 2002-11-06 | 2004-05-06 | Chi-Sung Laih | Image public key generation method |
WO2006081122A2 (en) * | 2005-01-27 | 2006-08-03 | Interdigital Technology Corporation | Method and system for deriving an encryption key using joint randomness not shared by others |
DE102005033228A1 (en) * | 2005-07-15 | 2007-01-25 | Siemens Ag | Data transmission securing method for use in communication system, involves generating private and public keys based on biometric characteristic data and coding data with private key or notching data, which is to be verified with public key |
US7177426B1 (en) * | 2000-10-11 | 2007-02-13 | Digital Authentication Technologies, Inc. | Electronic file protection using location |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW541814B (en) * | 2000-06-05 | 2003-07-11 | Yang-Han Li | Communication system with environmental dynamic encryption |
-
2007
- 2007-03-21 GB GB0705342A patent/GB2447674B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6002770A (en) * | 1995-07-28 | 1999-12-14 | Mytec Technologies Inc. | Method for secure data transmission between remote stations |
US7177426B1 (en) * | 2000-10-11 | 2007-02-13 | Digital Authentication Technologies, Inc. | Electronic file protection using location |
US20040086115A1 (en) * | 2002-11-06 | 2004-05-06 | Chi-Sung Laih | Image public key generation method |
WO2006081122A2 (en) * | 2005-01-27 | 2006-08-03 | Interdigital Technology Corporation | Method and system for deriving an encryption key using joint randomness not shared by others |
DE102005033228A1 (en) * | 2005-07-15 | 2007-01-25 | Siemens Ag | Data transmission securing method for use in communication system, involves generating private and public keys based on biometric characteristic data and coding data with private key or notching data, which is to be verified with public key |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8433537B2 (en) | 2007-09-07 | 2013-04-30 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Identifying mobile devices |
EP2226965A1 (en) * | 2009-03-04 | 2010-09-08 | Nederlandse Organisatie voor toegepast -natuurwetenschappelijk onderzoek TNO | Method for generating cryptographic keys. |
AU2010266760B2 (en) * | 2009-07-03 | 2014-04-10 | Kelisec Ab | Method for generating an encryption/decryption key |
WO2011002412A1 (en) * | 2009-07-03 | 2011-01-06 | Uraeus Communications Systems Ab | Method for generating an encryption/decryption key |
US8433066B2 (en) | 2009-07-03 | 2013-04-30 | Kelisec Ab | Method for generating an encryption/decryption key |
EA019411B1 (en) * | 2009-07-03 | 2014-03-31 | Келисек Аб | Method for generating an encryption/decryption key |
US20120300923A1 (en) * | 2011-05-24 | 2012-11-29 | Empire Technology Development Llc | Encryption using real-world objects |
KR101497386B1 (en) * | 2011-05-24 | 2015-03-02 | 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 | Encryption using real-world objects |
JP2014512154A (en) * | 2011-05-24 | 2014-05-19 | エンパイア テクノロジー ディベロップメント エルエルシー | Encryption using real world objects |
CN103621128A (en) * | 2011-06-29 | 2014-03-05 | 英特尔公司 | Secure context-based computing |
WO2013003642A2 (en) | 2011-06-29 | 2013-01-03 | Intel Corporation | Secure context-based computing |
EP2727390A4 (en) * | 2011-06-29 | 2015-03-18 | Intel Corp | Secure context-based computing |
US9307564B2 (en) | 2012-05-18 | 2016-04-05 | Qualcomm Incorporated | Automatic device-to-device connection control by environmental information |
WO2013173848A3 (en) * | 2012-05-18 | 2014-03-27 | Qualcomm Incorporated | Automatic device-to-device connection control by environmental information |
US9253633B2 (en) * | 2012-12-20 | 2016-02-02 | Telefonaktiebolaget L M Ericsson (Publ) | Method and mobile device for generating a data authentication key |
WO2014179334A1 (en) * | 2013-04-29 | 2014-11-06 | Qualcomm Incorporated | Selectively authenticating a group of devices as being in a shared environment based on locally captured ambient sound |
WO2015181434A1 (en) * | 2014-05-26 | 2015-12-03 | Nokia Technologies Oy | Management of cryptographic keys |
US10574441B2 (en) | 2014-05-26 | 2020-02-25 | Nokia Technologies Oy | Management of cryptographic keys |
WO2016020679A1 (en) * | 2014-08-08 | 2016-02-11 | Apply Mobile Limited | Improvements in and relating to random number generation apparatus |
WO2016023796A1 (en) * | 2014-08-12 | 2016-02-18 | Robert Bosch Gmbh | System and method for shared key agreement over untrusted communication channels |
WO2019086969A1 (en) * | 2017-11-01 | 2019-05-09 | Abb Schweiz Ag | Condition monitoring device and method for secure communication |
US20220085995A1 (en) * | 2018-11-27 | 2022-03-17 | Microsoft Technology Licensing, Llc | Trusted execution based on environmental factors |
US11962694B2 (en) * | 2018-11-27 | 2024-04-16 | Microsoft Technology Licensing, Llc | Key pair generation based on environmental factors |
WO2023094397A1 (en) * | 2021-11-24 | 2023-06-01 | T.J. Smith And Nephew, Limited | Device communication management in user activity monitoring systems |
Also Published As
Publication number | Publication date |
---|---|
GB0705342D0 (en) | 2007-04-25 |
GB2447674B (en) | 2011-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2447674A (en) | Using environmental data to generate a cryptographic key | |
Mayrhofer et al. | Shake well before use: Intuitive and secure pairing of mobile devices | |
Jin et al. | Magpairing: Pairing smartphones in close proximity using magnetometers | |
EP1926335B1 (en) | Wireless device monitoring system | |
US20090167487A1 (en) | Secure association between devices | |
US10021079B2 (en) | Security system, method, and apparatus | |
US20080195866A1 (en) | System and method for human assisted secure information exchange | |
KR20070105826A (en) | System providing public key authentication and the same method | |
EP3501195A1 (en) | Secure authentication of devices without server assistance or pre-shared credentials | |
US9565173B2 (en) | Systems and methods for establishing trusted, secure communications from a mobile device to a multi-function device | |
US9949122B2 (en) | Challenge-response-test image to phone for secure pairing | |
US20200012801A1 (en) | Method for synchronous generation of random numbers for the purpose of cryptographic processing | |
Saxena et al. | Authentication technologies for the blind or visually impaired | |
KR101031450B1 (en) | Secure association between devices | |
US10311594B2 (en) | Method for verifying positions of a plurality of monitoring devices | |
Nguyen et al. | Pattern-based alignment of audio data for ad hoc secure device pairing | |
Liu et al. | Secure pairing with wearable devices by using ambient sound and light | |
Sigg | Context-based security: State of the art, open research topics and a case study | |
Jin et al. | MagPairing: Exploiting magnetometers for pairing smartphones in close proximity | |
Shi et al. | iShake: Imitation-resistant secure pairing of smart devices via shaking | |
JP2020088638A (en) | Verification device and verification method | |
Shang et al. | AudioKey: a usable device pairing system using audio signals on smartwatches | |
FR3083627A1 (en) | METHOD FOR SECURE TRANSMISSION OF CRYPTOGRAPHIC DATA | |
JP2006332903A (en) | Key acquisition apparatus, key providing apparatus, key exchange system, and key exchange method | |
Gu et al. | Toauth: Towards automatic near field authentication for smartphones |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
746 | Register noted 'licences of right' (sect. 46/1977) |
Effective date: 20130820 |
|
732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20131010 AND 20131016 |
|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20190321 |