GB2447674A - Using environmental data to generate a cryptographic key - Google Patents

Using environmental data to generate a cryptographic key Download PDF

Info

Publication number
GB2447674A
GB2447674A GB0705342A GB0705342A GB2447674A GB 2447674 A GB2447674 A GB 2447674A GB 0705342 A GB0705342 A GB 0705342A GB 0705342 A GB0705342 A GB 0705342A GB 2447674 A GB2447674 A GB 2447674A
Authority
GB
United Kingdom
Prior art keywords
data
devices
environmental data
previous
limitation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0705342A
Other versions
GB0705342D0 (en
GB2447674B (en
Inventor
Hans-Werner Gellersen
Rene Michael Mayrhofer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lancaster University
Original Assignee
Lancaster University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lancaster University filed Critical Lancaster University
Priority to GB0705342A priority Critical patent/GB2447674B/en
Publication of GB0705342D0 publication Critical patent/GB0705342D0/en
Publication of GB2447674A publication Critical patent/GB2447674A/en
Application granted granted Critical
Publication of GB2447674B publication Critical patent/GB2447674B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • H04L29/06707
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

Secure communication between two paired electronic devices already in wireless communication is established by generating a cryptographic key based on environmental data measured independently in each of the devices via one or more sensors. A processed version of the data is exchanged securely between the devices using known techniques, and each device accesses local and remote representations of the environmental data to determine if it represents a shared experience, by comparing the local and remote representations. The local and remote representations of the data are then used independently in the two devices to generate a common cryptographic key. The environmental data may be obtained with microphones sensing the ambient sound field, cameras taking photographs of the same scene, sensing signal strength of radio frequency radiation, obtaining the users' biometric data, or moving the two devices together for example by shaking or colliding them.

Description

ENVIRONMENTAL KEY GENERATION
DESCRIPTION
BACKGROUND
There are occasions when secure communication is required between two or more electronic devices. There are well known schemes for achieving this, many of which depend on the devices (and only the devices) having knowledge of a cryptographic key (which is effectively a very large number).
The present invention allows a plurality of devices which are already in wireless communication to generate such a key by using as a starting point mutually experienced environmental data independently sensed by sensors in each device.
CURRENT STATE OF THE ART
Electronic Device Pairing We recognise three levels of pairing: The first is when two devices establish a wireless communication channel.
The second level is where the two devices exchange data to identify themselves, and at this stage either device may reject an undesired pairing The third level (where the present invention operates) is where two devices (a mutually desired pairing) not only pair, but together generate a new cryptographic key to secure further interactions between them.
First Level Pairing First Level Pairing is often achieved by a device broadcasting its presence and waiting for replies from other devices. This depends on the devices having compatible hardware and communication protocols. One well-known protocol for short-range interactions is BluetoothTM. This stage of pairing is well known to practitioners.
Second Level Pairing -Identification One criterion for desired pairings is physical proximity.
One approach to this where there are a number of patents (eg Method and Device for Bluetooth Pairing, EPI 745610) is to limit the power of the initial broadcast.
An alternative approach to proximity is physical contact (eg Device pairing via device to device contact, US2007003061, and Device pairing via human initiated contact US2006267860) A second criterion for desired pairings is identification Voice control is wefi-known for control of electronic devices, and has been proposed for device pairing (eg Device pairing via voice commands, US2006282649) The patent System and Method for Electronically Pairing Devices US2004253923 uses barcodes for identification The patent Method and Apparatus for Secure Pairing W02006071 364 uses a wired link (whereas the present invention uses wireless) to achieve initial identification The patent Device Pairing US20051 25664 requires use of a PIN code to achieve pairing The patent Method for Initiializing Secure Communication and Pairing Device Exclusively, Computer Program and Device W00072506 uses unique hardware identifiers, and is therefore unsuitable (unlike the present invention) for ad hoc pairings of devices All the above techniques simply allow identification of devices in order to reject or effect pairing. Unlike the present invention they do not use environmental data to generate a cryptographic key.
A related patent is Techniques for Verification of Electronic Device Pairing W02006093640 which discusses non-alphanumeric representations of a key to verify that two devices have the same cryptographic key. Unlike the present invention it is not concerned with generating that key
PROBLEM ADDRESSED
The present invention addresses the problem of setting up secure communications between two electronic devices which are paired. Physical proximity alone is not sufficient as it may give access for eavesdropping "bugs" We take as a given fact, that if two devices (and only those two devices) can independently calculate the same sufficiently large number, they can thereafter use well-known protocols for communicating securely with each other.
ESSENTIAL FEATURES OF THE PRESENT INVENTION
When two or more electronic devices have established an ad hoc communications channel, there may be a requirement to send data securely so that only those devices (and not eavesdroppers) can understand it. Many cryptographic techniques rely on a large number known only to sender and receiver.
Clearly for high security this large number must not be transmitted between the two devices unencrypted. So ideally the number is generated independently in both devices.
The core of the present invention is: (1) to use sensors independently in each device to sense and record environmental data, (2) to exchange the data (or rather a processed version) securely between devices (3) to assess local and remote representations of data to determine whether it represents a shared environmental experience (4) to use the local and remote representations of data independently in two devices to generate a common cryptographic key A First Protocol The numbers in the text refer to Figure 1.
Two or more devices (101, 201) are selected and the process begins. The environmental sensors (111, 211) in each device independently collect environmental data (113, 213 respectively) Some non-limiting examples include: * Moving two devices together (for example shaking) and sensing motion data * Devices with cameras taking photographs of the same scene * Devices with microphones sensing the ambient sound field * Devices sensing the signal strength of radio frequency radiation, such as emitted from IEEE 802.11 wireless LAN access points or BluetoothTM devices For methods which involve collecting data over a period of time, a trigger event is preferably used to synchronise the data collection in the devices. In the examples above this can be a sharp sudden movement or a loud sound, etc. As the data is sensed it is digitized (if in analogue format), so that it becomes in effect a series of numbers.
The Second Protocol (below) is common to here, then diverges In the First Protocol each pair of devices (101, 201) exchange messages (301) to generate a Diffie-Hellman key (311). This is a well-known standard process and this stage does not involve the environmental data.
This Diffie-Heilman key (311) is then used by each device (101, 201) to encrypt (125, 225) its environmental data (113 and 213 respectively).
The generation of the Diffie-Heilman key (311) is potentially open to a "man-in-the-middle" (MITM) attack. To overcome this potential weakness, the two devices send each other the encrypted environmental data using a two part commitment or interlock protocol. Each device (101, 201) initially sends only the first half (321) of its encrypted data to the other. Only on receipt of the first half data (321)) from the other does each device send its own second half (323). On receipt of the second half (323) each device can decrypt the other device's data, and at that point each device has its own data (113, 213) and data (213, 113 respectively) from a candidate partner device.
Once these two datasets (113, 213) are available a decision is required in each device (101 201) on whether they represent the same environmental data. This is a classification problem. Each device processes the two datasets of data to determine a numerical similarity (341) indicating whether or not the data refers to a common experience.
The exact signal processing employed depends on the format of the data, and is well known to practitioners. Some non-limiting examples of techniques which may be employed are Fourier transforms (where since complex numbers are incompatible with the later cryptographic calculations, power spectrum values are preferred) and non-linear feature extraction methods.
If the similarity exceeds a pre-defined threshold value, then each device considers that the candidate device has indeed sensed the same environmental data, and is therefore a suitable partner. Otherwise the pairing is rejected, and if this is a false negative the process is restarted by a human.
Since each device in a successful pairing has each other's complete dataset, each device uses the two datasets (113, 213) to generate a shared cryptographic key (271) to secure future communication between the two.
A Second Protocol The numbers in the text refer to Figure 2 The Second Protocol runs identically to the First Protocol (above) until where indicated.
The Second Protocol is symmetrical in that each device (101, 201) performs identical processing. For convenience only one side of this processing is described here.
The environmental data (113) is pre-processed in chunks using standard signal processing techniques (121). These may include without limitation noise reduction techniques and Fourier transforms. Each chunk yields a data vector (123).
One problem encountered in practice is that very similar data sensed in two devices may appear to be different because of differences in digitization levels. To overcome this problem a plurality of data vectors (123) is preferably generated using slightly different parameters to increase the opportunity of a correct match.
Each vector is then hashed (transformed by a one-way function) to give a hash key (131 -a large number) which is broadcast in messages (141) to other candidate devices.
Throughout the Second Protocol wherever a hash key is generated and sent to another device, it is preferably "salted" by the addition of a random number, which is sent alongside the hash key. This is a standard cryptographic technique to make "brute-force" dictionary attacks harder.
Each other device (201) calculates its own set of hash keys (231). On receipt of a hash key (131) from a first device (101), the other device (201) re-computes its own hash keys (231) using the random salt value received with the message (141) and compares these with the received hash key (231). When there is an exact match the recipient (201) marks its corresponding vector (223) as a matched vector, and hence accumulates a set of matched vectors (251). Where there are multiple devices present, each device (201) will have one set of matched vectors (251) which may be empty, for each other device present.
When a device has a sufficient number (according to a predetermined criterion, preferably that their combined entropy exceeds a required minimum) of matched vectors (251) relating to another device (101), it processes (261) them by concatenating the matched vectors (251) and then mathematically generates a candidate key (271, another large number).
It then hashes the candidate key (271) to create a hash key (273) and sends this in a message (281) to the specific other device (101).
On receipt of the message (281) the first device compares the hash key (273) to its own hash key similarly generated locally, and sends back a message (191) containing a positive or negative acknowledgement. On a positive acknowledgement, the two devices (101, 201) are able to begin secure communications using the key (271), and on a negative acknowledgement both devices clear their matched vectors (251) and start to accumulate new matched vectors.
Security is maintained throughout the Second Protocol by the devices sending hash keys to each other while maintaining secrecy on the true keys.
Embodiments A feature of embodiments of the present invention is that initially no keys, public or private are required. Instead environmental data shared by devices is used as the basis for key generation Shaking One embodiment of the present invention is to use the motion of shaking together of two devices as an environmental signal. Many devices incorporate accelerometers or other sensors capable of detecting small local movements. Shaking is a preferable action as it is a vigorous source of data with high entropy, and the start of the movement is easily detected. Practical experience suggests that sampling rates of 100-600 Hz are preferable, and that lack of synchronisation between the devices' clocks is not a problem.
Even though the devices may be carefully aligned, the internal sensor alignment is arbitrary so preferably the amplitudes of acceleration and/or velocity and/or displacement vectors are used as the environmental data.
CoI/iding One embodiment of the present invention is to tap devices together and generate a time series of vibration data. The timing and sequence of taps (ie rhythm) gives an environmental signal for processing. This is useful when one of the devices is immobile.
Imaging If devices to be paired incorporate cameras, a local object may be photographed.
Comparing the images is non-trivial as they may be of different resolutions, cover different areas and have different colour scales, but this is a well-known problem to practitioners and numerous computational approaches exist Others From the paragraphs above it will be readily seen that other types of sensor data to which a plurality of devices have independent access may be readily used in the same manner.
While the invention has been described in terms of several embodiments and protocols, those skilled in the art will recognize that the invention is not limited to the embodiments and protocols described, but can be practised with modification and alteration within the spirit and scope of the appended claims. The Description is thus to be regarded as illustrative instead of limiting.

Claims (1)

1 A system and method for directly determining pairing and generating a common cryptographic key in a plurality of electronic devices already in wireless communication, the key being based on mutually experienced environmental data measured independently in each of the plurality of devices via one or more sensors 2 A system according to Claim I where the environmental data is a common spatial path followed by the plurality of devices 3 A system according to Claim 1 where the environmental data is a series of physical collisions between the plurality of devices 4 A system according to Claim 1 where the environmental data is a visual image captured independently by each of the plurality of devices (including without limitation one dimensional and two dimensional barcodes and/or a television image andfor an image displayed on a computer monitor) A system according to Claim 1 where the environmental data is a visual image generated by transforming non-visual data captured independently by each of the plurality of devices (including without limitation ultrasound images, X-ray images and other electromagnetic images) 6 A system according to Claim 1 where the environmental data is a vibration (including without limitation human-audible sound) captured independently by each of the plurality of devices 7 A system according to Claim 1 where the environmental data is biometric data (including without limitation a fingerprint) captured independently by each of the plurality of devices 8 A system according to Claim 1 where the environmental data is a the field strength of electromagnetic radiation in a predefined spectral range (including without limitation human-visible light and radio frequency radiation) captured independently by each of the plurality of devices 9 A system according to Claim 1 where the environmental data is pressure and/or load data captured independently by each of the plurality of devices A system according to any previous Claim where the environmental data is a time series of data in any previous Claim 11 A system according to any previous Claim where a predefined signal or event is used to synchronise data acquisition across the plurality of devices 12 A system where the environmental data is a combination or permutation of data in any previous Claim 13 A system according to any previous Claim where the device collects environmental data and digitises it (if the data is not already digital) 14 A system according to any previous Claim where the device is without limitation a mobile telephone, a digital camera, a computer, a GPS unit, a keyboard, a computer mouse, a game control device, a games playing device, a personal digital assistant (PDA), a television, a remote controller, a printer, a memory storage device, a music player, a musical instrument, a display device, a projector, a scanner, a photocopier, an audio reproduction and/or recording device, a video reproduction and/or recording device, a multimedia reproduction and/or recording device, a utility company meter, a household appliance, an industrial machine, a vending machine, a payment card, a payment terminal, an automatic teller machine, a motor or engine, a turnstile or gate, and/or any combination thereof A system according to any previous Claim where at least one device is wearable, portable or implanted 16 A system according to any previous Claim where each pair of devices together create a Diffie-Heilman key, and use this to exchange their environmental data (optionally using a commitment and/or interlock exchange of messages), and then each of the pair makes an assessment of whether the local and received data represent a shared environmental experience and if so the devices pair and each uses the local and received datasets to generate a common cryptographic key for future communication with the other device 17 A system according to Claim 16 where the method of assessment uses without limitation any of the following techniques or any combination thereof: minimum entropy and/or Fourier transform and/or feature extraction and/or coherence averages 18 A system according to Claims 1 to 14 where a device pre-processes environmental data in blocks using signal processing techniques so that each block yields a data vector which is then (optionally salted and) hashed to give a hash key which is broadcast to one or more candidate devices for pairing 19 A system according to Claim 18 where the signal processing techniques include without limitation any technique stated in Claim 17 or any combination thereof A system according to Claims 18 and/or 19 where a p'urality of data vectors and hash keys is generated from each block of data, by using signal processing techniques but varying certain parameters to generate differences in each data vector 21 A system according to Claims 18 and/or 19 and/or 20 where each device on receiving a hash key from another device ("sender") compares it with its own set of data vectors and respective hash keys, and where the hash keys match exactly, it marks the respective local data vector as a matched vector for the specific sender, 22 A system according to Claim 21 where each device on marking a local data vector as a matched vector for a sender assesses its set of matched vectors for that sender, and if the set meets a predefined criterion, the devices pair and each uses the local and received datasets to generate a common cryptographic key for communication with the other device 23 A system according to Claim 22 where the method of assessment uses without limitation any technique stated in Claim 17 or any combination thereof 24 A system according to Claim 22 where the criterion is a predefined minimum number of matched vectors A system according to Claim 22 where the criterion is that the overall entropy of the set of matched vectors exceeds a predefined minimum value 26 A system according to Claims 22 to 25 where the cryptographic key is generated by processing the set of matched vectors 27 A system according to Claim 26 where the devices exchange and acknowledge (optionally salted) hashed versions of the cryptographic key to confirm pairing 28 A system according to any previous CIa,m imp'emented in electronic hardware, firmware and/or software Amendments to the claims have been filed as follows
I A system and method for directly determining pairing and generating a common cryptographic key in a plurality of electronic devices already in wireless communication, the key being based on mutually experienced environmental data external to the means of said wireless communication and measured independently in each of the plurality of devices via one or more sensors 2 A system according to Claim I where the environmental data is a common spatial path followed by the plurality of devices 3 A system according to Claim I where the environmental data is a series of physical collisions between the plurality of devices 4 A system according to Claim I where the environmental data is a visual image captured independently by each of the plurality of devices (including without limitation one dimensional and two dimensional barcodes and/or a television image and/or an image displayed on a computer monitor) A system according to Claim I where the environmental data is a visual image generated by transforming non-visual data captured independently by each of the plurality of devices * * (including without limitation ultrasound images, X-ray images and other electromagnetic images) 6 A system according to Claim 1 where the environmental data is a vibration (including without limitation human-audible sound) captured independently by each of the plurality of devices S. * S 7 A system according to Claim I where the environmental data is biometric data (including without limitation a fingerprint) captured independently by each of the plurality of devices 8 A system according to Claim I where the environmental data is a the field strength of electromagnetic radiation in a predefined spectral range (including without limitation human-visible light and radio frequency radiation) captured independently by each of the plurality of devices 9 A system according to Claim 1 where the environmental data is pressure and/or load data captured independently by each of the plurality of devices A system according to any previous Claim where the environmental data is a time series of data in any previous Claim 11 A system according to any previous Claim where a predefined signal or event is used to synchronise data acquisition across the plurality of devices 12 A system where the environmental data is a combination or permutation of data in any previous Claim 13 A system according to any previous Claim where the device collects environmental data and digitises it (if the data is not already digital) 14 A system according to any previous Claim where the device is without limitation a mobile telephone, a digital camera, a computer, a GPS unit, a keyboard, a computer mouse, a game control device, a games playing device, a personal digital assistant (PDA), a television, a remote controller, a printer, a memory storage device, a music player, a musical instrument, a display device, a projector, a scanner, a photocopier, an audio reproduction and/or recording device, a video reproduction and/or recording device, a multimedia reproduction and/or recording device, a utility company meter. a household * IS appliance, an industrial machine, a vending machine, a payment card, a payment terminal, * SS an automatic teller machine, a motor or engine, a turnstile or gate; and/or any combination thereof p.. *S.
* 15 A system according to any previous Claim where at least one device is wearable, portable or implanted 16 A system according to any previous Claim where each pair of devices together create a Diffie- Heliman key, and use this to exchange their environmental data (optionally using a commitment and/or interlock exchange of messages), and then each of the pair makes an assessment of whether the local and received data represent a shared environmental experience and if so the devices pair and each uses the local and received datasets to generate a common cryptographic key for future communication with the other device 17 A system according to Claim 16 where the method of assessment uses without limitation any of the foHowing techniques or any combination thereof: minimum entropy and/or Fourier transform and/or feature extraction and/or coherence averages 18 A system according to Claims I to 14 where a device pre-processes environmental data in blocks using signal processing techniques so that each block yields a data vector which is then (optionally salted and) hashed to give a hash key which is broadcast to one or more candidate devices for pairing 19 A system according to Claim 18 where the signal processing techniques include without limitation any technique stated in Claim 17 or any combination thereof A system according to Claims 18 and/or 19 where a plurality of data vectors and hash keys is generated from each block of data, by using signal processing techniques but varying certain parameters to generate differences in each data vector 21 A system according to Claims 18 and/or 19 and/or 20 where each device on receiving a hash key from another device (usenderhl) compares it with its own set of data vectors and respective hash keys, and where the hash keys match exactly, it marks the respective local data vector as a matched vector for the specific sender. * **
22 A system according to Claim 21 where each device on marking a local data vector as a * matched vector for a sender assesses its set of matched vectors for that sender, and if the I..
set meets a predefined criterion, the devices pair and each uses the local and received S...
datasets to generate a common cryptographic key for communication with the other device 55.
23 A system according to Claim 22 where the method of assessment uses without limitation any technique stated in Claim 17 or any combination thereof * . 24 A system according to Claim 22 where the criterion is a predefined minimum number of matched vectors A system according to Claim 22 where the criterion is that the overall entropy of the set of matched vectors exceeds a predefined minimum value 26 A system according to Claims 22 to 25 where the cryptographic key is generated by processing the set of matched vectors *1 27 A system according to Claim 26 where the devices exchange and acknowledge (optionally salted) hashed versions of the cryptographic key to confirm pairing 28 A system according to any previous Claim implemented in electronic hardware, firmware and/or software * ** . S * *%.S.
I a...
I S.
S SI.
I a.
S *
S
IS S.
GB0705342A 2007-03-21 2007-03-21 Generation of a cryptographic key from device motion Expired - Fee Related GB2447674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0705342A GB2447674B (en) 2007-03-21 2007-03-21 Generation of a cryptographic key from device motion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0705342A GB2447674B (en) 2007-03-21 2007-03-21 Generation of a cryptographic key from device motion

Publications (3)

Publication Number Publication Date
GB0705342D0 GB0705342D0 (en) 2007-04-25
GB2447674A true GB2447674A (en) 2008-09-24
GB2447674B GB2447674B (en) 2011-08-03

Family

ID=38008762

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0705342A Expired - Fee Related GB2447674B (en) 2007-03-21 2007-03-21 Generation of a cryptographic key from device motion

Country Status (1)

Country Link
GB (1) GB2447674B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2226965A1 (en) * 2009-03-04 2010-09-08 Nederlandse Organisatie voor toegepast -natuurwetenschappelijk onderzoek TNO Method for generating cryptographic keys.
WO2011002412A1 (en) * 2009-07-03 2011-01-06 Uraeus Communications Systems Ab Method for generating an encryption/decryption key
US20120300923A1 (en) * 2011-05-24 2012-11-29 Empire Technology Development Llc Encryption using real-world objects
WO2013003642A2 (en) 2011-06-29 2013-01-03 Intel Corporation Secure context-based computing
US8433537B2 (en) 2007-09-07 2013-04-30 Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno Identifying mobile devices
WO2013173848A3 (en) * 2012-05-18 2014-03-27 Qualcomm Incorporated Automatic device-to-device connection control by environmental information
WO2014179334A1 (en) * 2013-04-29 2014-11-06 Qualcomm Incorporated Selectively authenticating a group of devices as being in a shared environment based on locally captured ambient sound
WO2015181434A1 (en) * 2014-05-26 2015-12-03 Nokia Technologies Oy Management of cryptographic keys
US9253633B2 (en) * 2012-12-20 2016-02-02 Telefonaktiebolaget L M Ericsson (Publ) Method and mobile device for generating a data authentication key
WO2016020679A1 (en) * 2014-08-08 2016-02-11 Apply Mobile Limited Improvements in and relating to random number generation apparatus
WO2016023796A1 (en) * 2014-08-12 2016-02-18 Robert Bosch Gmbh System and method for shared key agreement over untrusted communication channels
WO2019086969A1 (en) * 2017-11-01 2019-05-09 Abb Schweiz Ag Condition monitoring device and method for secure communication
US20220085995A1 (en) * 2018-11-27 2022-03-17 Microsoft Technology Licensing, Llc Trusted execution based on environmental factors
WO2023094397A1 (en) * 2021-11-24 2023-06-01 T.J. Smith And Nephew, Limited Device communication management in user activity monitoring systems

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9818315B2 (en) 2013-06-04 2017-11-14 At&T Intellectual Property I, L.P. Secure multi-party device pairing using sensor data
CN115014696B (en) * 2022-08-08 2022-10-25 中国空气动力研究与发展中心高速空气动力研究所 Method for synchronous acquisition and integrated processing of wind tunnel multi-signal source data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6002770A (en) * 1995-07-28 1999-12-14 Mytec Technologies Inc. Method for secure data transmission between remote stations
US20040086115A1 (en) * 2002-11-06 2004-05-06 Chi-Sung Laih Image public key generation method
WO2006081122A2 (en) * 2005-01-27 2006-08-03 Interdigital Technology Corporation Method and system for deriving an encryption key using joint randomness not shared by others
DE102005033228A1 (en) * 2005-07-15 2007-01-25 Siemens Ag Data transmission securing method for use in communication system, involves generating private and public keys based on biometric characteristic data and coding data with private key or notching data, which is to be verified with public key
US7177426B1 (en) * 2000-10-11 2007-02-13 Digital Authentication Technologies, Inc. Electronic file protection using location

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW541814B (en) * 2000-06-05 2003-07-11 Yang-Han Li Communication system with environmental dynamic encryption

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6002770A (en) * 1995-07-28 1999-12-14 Mytec Technologies Inc. Method for secure data transmission between remote stations
US7177426B1 (en) * 2000-10-11 2007-02-13 Digital Authentication Technologies, Inc. Electronic file protection using location
US20040086115A1 (en) * 2002-11-06 2004-05-06 Chi-Sung Laih Image public key generation method
WO2006081122A2 (en) * 2005-01-27 2006-08-03 Interdigital Technology Corporation Method and system for deriving an encryption key using joint randomness not shared by others
DE102005033228A1 (en) * 2005-07-15 2007-01-25 Siemens Ag Data transmission securing method for use in communication system, involves generating private and public keys based on biometric characteristic data and coding data with private key or notching data, which is to be verified with public key

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8433537B2 (en) 2007-09-07 2013-04-30 Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno Identifying mobile devices
EP2226965A1 (en) * 2009-03-04 2010-09-08 Nederlandse Organisatie voor toegepast -natuurwetenschappelijk onderzoek TNO Method for generating cryptographic keys.
AU2010266760B2 (en) * 2009-07-03 2014-04-10 Kelisec Ab Method for generating an encryption/decryption key
WO2011002412A1 (en) * 2009-07-03 2011-01-06 Uraeus Communications Systems Ab Method for generating an encryption/decryption key
US8433066B2 (en) 2009-07-03 2013-04-30 Kelisec Ab Method for generating an encryption/decryption key
EA019411B1 (en) * 2009-07-03 2014-03-31 Келисек Аб Method for generating an encryption/decryption key
US20120300923A1 (en) * 2011-05-24 2012-11-29 Empire Technology Development Llc Encryption using real-world objects
KR101497386B1 (en) * 2011-05-24 2015-03-02 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 Encryption using real-world objects
JP2014512154A (en) * 2011-05-24 2014-05-19 エンパイア テクノロジー ディベロップメント エルエルシー Encryption using real world objects
CN103621128A (en) * 2011-06-29 2014-03-05 英特尔公司 Secure context-based computing
WO2013003642A2 (en) 2011-06-29 2013-01-03 Intel Corporation Secure context-based computing
EP2727390A4 (en) * 2011-06-29 2015-03-18 Intel Corp Secure context-based computing
US9307564B2 (en) 2012-05-18 2016-04-05 Qualcomm Incorporated Automatic device-to-device connection control by environmental information
WO2013173848A3 (en) * 2012-05-18 2014-03-27 Qualcomm Incorporated Automatic device-to-device connection control by environmental information
US9253633B2 (en) * 2012-12-20 2016-02-02 Telefonaktiebolaget L M Ericsson (Publ) Method and mobile device for generating a data authentication key
WO2014179334A1 (en) * 2013-04-29 2014-11-06 Qualcomm Incorporated Selectively authenticating a group of devices as being in a shared environment based on locally captured ambient sound
WO2015181434A1 (en) * 2014-05-26 2015-12-03 Nokia Technologies Oy Management of cryptographic keys
US10574441B2 (en) 2014-05-26 2020-02-25 Nokia Technologies Oy Management of cryptographic keys
WO2016020679A1 (en) * 2014-08-08 2016-02-11 Apply Mobile Limited Improvements in and relating to random number generation apparatus
WO2016023796A1 (en) * 2014-08-12 2016-02-18 Robert Bosch Gmbh System and method for shared key agreement over untrusted communication channels
WO2019086969A1 (en) * 2017-11-01 2019-05-09 Abb Schweiz Ag Condition monitoring device and method for secure communication
US20220085995A1 (en) * 2018-11-27 2022-03-17 Microsoft Technology Licensing, Llc Trusted execution based on environmental factors
US11962694B2 (en) * 2018-11-27 2024-04-16 Microsoft Technology Licensing, Llc Key pair generation based on environmental factors
WO2023094397A1 (en) * 2021-11-24 2023-06-01 T.J. Smith And Nephew, Limited Device communication management in user activity monitoring systems

Also Published As

Publication number Publication date
GB0705342D0 (en) 2007-04-25
GB2447674B (en) 2011-08-03

Similar Documents

Publication Publication Date Title
GB2447674A (en) Using environmental data to generate a cryptographic key
Mayrhofer et al. Shake well before use: Intuitive and secure pairing of mobile devices
Jin et al. Magpairing: Pairing smartphones in close proximity using magnetometers
EP1926335B1 (en) Wireless device monitoring system
US20090167487A1 (en) Secure association between devices
US10021079B2 (en) Security system, method, and apparatus
US20080195866A1 (en) System and method for human assisted secure information exchange
KR20070105826A (en) System providing public key authentication and the same method
EP3501195A1 (en) Secure authentication of devices without server assistance or pre-shared credentials
US9565173B2 (en) Systems and methods for establishing trusted, secure communications from a mobile device to a multi-function device
US9949122B2 (en) Challenge-response-test image to phone for secure pairing
US20200012801A1 (en) Method for synchronous generation of random numbers for the purpose of cryptographic processing
Saxena et al. Authentication technologies for the blind or visually impaired
KR101031450B1 (en) Secure association between devices
US10311594B2 (en) Method for verifying positions of a plurality of monitoring devices
Nguyen et al. Pattern-based alignment of audio data for ad hoc secure device pairing
Liu et al. Secure pairing with wearable devices by using ambient sound and light
Sigg Context-based security: State of the art, open research topics and a case study
Jin et al. MagPairing: Exploiting magnetometers for pairing smartphones in close proximity
Shi et al. iShake: Imitation-resistant secure pairing of smart devices via shaking
JP2020088638A (en) Verification device and verification method
Shang et al. AudioKey: a usable device pairing system using audio signals on smartwatches
FR3083627A1 (en) METHOD FOR SECURE TRANSMISSION OF CRYPTOGRAPHIC DATA
JP2006332903A (en) Key acquisition apparatus, key providing apparatus, key exchange system, and key exchange method
Gu et al. Toauth: Towards automatic near field authentication for smartphones

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20130820

732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20131010 AND 20131016

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20190321