WO2004098145A1 - Securite dans un reseau de communication - Google Patents

Securite dans un reseau de communication Download PDF

Info

Publication number
WO2004098145A1
WO2004098145A1 PCT/EP2004/003671 EP2004003671W WO2004098145A1 WO 2004098145 A1 WO2004098145 A1 WO 2004098145A1 EP 2004003671 W EP2004003671 W EP 2004003671W WO 2004098145 A1 WO2004098145 A1 WO 2004098145A1
Authority
WO
WIPO (PCT)
Prior art keywords
communications
key
devices
communications device
security association
Prior art date
Application number
PCT/EP2004/003671
Other languages
English (en)
Inventor
Christian Gehrmann
Mauritz Joakim Persson
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP03388027A external-priority patent/EP1473899A1/fr
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to US10/554,946 priority Critical patent/US20070055877A1/en
Priority to JP2006505024A priority patent/JP2006526314A/ja
Publication of WO2004098145A1 publication Critical patent/WO2004098145A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/76Group identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/16Interfaces between hierarchically similar devices
    • H04W92/18Interfaces between hierarchically similar devices between terminal devices

Definitions

  • the present invention relates to the establishment of secured peer-to-peer communication between communications devices.
  • An ad hoc network may constitute dynamic wide area connectivity in situations such as military operations, rescue and recovery operations, and remote construction sites.
  • An ad hoc network may also constitute local area connectivity in situations such as temporary conference sites, home networks and robot networks.
  • An ad hoc network may also constitute personal area networks in situations such as interconnected accessories, ad hoc conference table and games.
  • the nodes may consist of e.g. mobile phones, laptops, television sets, washing machines, or the like.
  • Bluetooth is a well-known technology that enables the establishment of ad- hoc networks.
  • technologies upon which ad-hoc networks may be based include wireless LAN technology, e.g. IEEE 802.11 b.
  • wireless LAN technology e.g. IEEE 802.11 b.
  • IEEE 802.11 b In many situations, e.g. in military operations or business conferences when the communication between the nodes comprises secrets, it is very important that the communication services are secure. In general a secure communications service should provide the possibility of creating security associations between the different communications devices.
  • a security association between communications devices comprises a shared secret between the devices or shared trusted keys, thereby providing a mechanism to obtain a trust relation between two devices.
  • the shared secret or the shared trusted keys may be combined with other information, e.g. information a bout a trusted third party.
  • both devices store the same secret key, which is used to encrypt and decrypt the messages communicated between the devices.
  • the sending device may rely on that a message encrypted with the symmetric key can only be read by a receiver knowing the symmetric key.
  • the receiver may rely on that a message that can successfully be decrypted with the symmetric key originates from a sender who knows the symmetric key and that the message has not been tampered with during transmission.
  • symmetric-key based security associations include the security associations described in the Bluetooth specification ("The Specification of the Bluetooth System, Core, Baseband Specification", version 1.1 , December 2000, by the Bluetooth Special Interest Group) and the security associations used in the IP Security Protocol (IPsec).
  • Bluetooth The Specification of the Bluetooth System, Core, Baseband Specification", version 1.1 , December 2000, by the Bluetooth Special Interest Group
  • IPsec IP Security Protocol
  • PKI public key infrastructure
  • two corresponding, so-called asymmetric, keys are used to protect information.
  • Information which is encrypted with one of the two keys can be decrypted only with the other key.
  • either of the two keys can be used to encrypt and the other to decrypt.
  • one key must be used only for encryption and the other for decryption.
  • One important feature of PKI systems is that it is computationally unfeasible to use knowledge of one of the keys to deduce the other key.
  • each of the systems possesses a set of two such keys. One of the keys is maintained private while the other is freely published.
  • a sender encrypts a message with the recipient's public key, only the intended recipient can decrypt the message, since only the recipient is in possession of the private key corresponding to the published public key. If the sender, before performing the above encryption, first encrypts the message with the senders private key, the recipient, upon performing first a decryption, using the recipient's private key, then a decryption on the result, using the sender's public key, is assured not only of privacy but of authentication since only the sender could have encrypted a message such that the sender's public key successfully decrypts it.
  • Public key infrastructures provide for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
  • the sender of a message may be authenticated using the certificate and the public key included in the certificate. This is possible, if the receiver trusts the party who has issued and securely signed the certificate, i.e. the so-called Certificate Authority (CA).
  • CA Certificate Authority
  • the public key in the certificate may be used directly or indirectly for key exchange purposes. Certificates in turn may also be authenticated by another certificate, thereby creating a hierarchy of certificates, a so-called certificate chain.
  • Examples of public key security mechanisms include the Diffie-Hellman key exchange, RSA encryption/decryption and Elliptic Curve public key techniques.
  • the creation of a security association between two communications devices may be performed in several ways: For example, a user may enter a secret value into the two devices.
  • the devices may be equipped with a secret key and a unique identity during manufacturing or as a part of a personalisation process; the secret key may be stored in some other device or network server.
  • the devices are equipped with respective sets of trusted public keys during manufacturing or as a part of a personalisation process; all certificates or chain of certificates signed with a secret key corresponding to a public key of the set of trusted public keys are trusted by the corresponding device, and security associations are created based on trusted certificates.
  • Bluetooth security associations between two devices are created by a so-called pairing or bonding procedure during which a user is asked to enter the same secret passkey or PIN into both devices. Based on this passkey, the two devices perform a key exchange resulting in a shared secret, the so-called link key, which is stored in both devices.
  • first and second communications devices determine whether the first and second communications devices have a common security association in their respective sets of established security associations; - if the first and the second communications device have determined a common security association, protecting said communications link between the first and second communications device based on the determined common security association; otherwise establishing a new security association between the first and second communications devices, and protecting the communications link based on the new security association;
  • the two communications devices when two communications devices are connected for the first time via a communications link, they determine whether they have a previously established securi ity association in common; if such a previously established security associat :ion exists, it is used as a basis for protecting the communications ink between the two devices; otherwise a new security association, preferably a shared secret, is established based on a key exchange protocol to protect the communications link.
  • the key- exchange protocol is password authenticated and requires a user to enter a password in at least one of the devices. The two devices then exchange key data related to their respective previously established security associations, thereby extending or propagating these previously security associations to the corresponding other device.
  • a mechanism which allows each device to establish a security association with other devices and to propagate its security associations to the other device, i.e. the security mechanism is independent of the presence of any master device, certificate server, or the like.
  • an efficient and secure method of trust delegation i.e. a mechanism for the propagation of security associations among devices, e.g. devices of a personal area network, via new pairings among those devices.
  • the number of pairings which require user interaction may be reduced.
  • the method according to the invention reduces the number of pairings which require user interaction to a number between n-1 and n(n-1 )/2, depending on the order in which the devices are paired.
  • the protection of the communications link between the two devices based on the determined common security association may include any suitable cryptographic mechanism.
  • the two devices perform an authenticated key exchange, i.e. a protocol assuring to the communicating parties that they know each other's true identities and providing them with a shared secret key known only to them.
  • the authenticated key exchange is performed based on the determined common security association, i.e. the common security association is used to provide the assurance that the parties know each other's true identities.
  • the shared secret key is subsequently used to provide privacy, data integrity, or both.
  • the step of establishing a new security association between the first and second communications devices comprises receiving a user-input by at least one of the first and second communications devices, the user-input indicating whether the corresponding other communications device is a trusted device; and wherein the step of extending said set of previously established security association is only performed if the received user-input has indicated the corresponding other communications device to be a trusted device.
  • the propagation of security associations is limited to trusted devices, i.e. the propagation to new devices is dependant on a user approval, thereby preventing a propagation of security associations in an un-controllable manner and, thus, increasing the security of the system.
  • the user-input may be received in any suitable form, e.g. via a keyboard or any other input device, e.g. in response to prompting the user for an approval.
  • the user input may be part of a customisation setting of the device providing certain rules as to which devices or types of devices to trust.
  • each previously established security association of the set of previously established s ecurity associations of one of the first and second communications devices is stored in relation to a group identifier identifying a predetermined group of communications devices; and wherein the step of extending the previously established security associations is limited to previously established security associations related to a predetermined group identifier.
  • the propagation of security associations may be limited to a certain context, e.g. a certain service, a certain type of devices, etc. This limitation further increases the security of the method as the propagation of security associations is prevented to continue unlimited without user-control.
  • a single communications device may have independent groups of security associations which should not be mixed.
  • a device may have security associations with devices on a local wireless LAN, e.g. computers and other devices at a company. In connection with a business conference, the device may establish another group of security associations with other devices participating in the business conference, but the security association related to the local wireless LAN should not be extended to the other participants of the business conference.
  • a flexible and secure mechanism is provided.
  • the keys intended to be propagated to other devices will also be referred to as trusted keys.
  • the present invention can be implemented in different ways including the method described above and in the following, a communications system, and further product means, each yielding one or more of the benefits and advantages described in connection with the first-mentioned method, and each having one or more preferred embodiments corresponding to the preferred embodiments described in connection with the first-mentioned method and disclosed in the dependant claims.
  • a communications device facilitating peer-to-peer communication with other such communications devices of a communications system
  • the communications device comprising storage means for storing a set of previously established security associations between the corresponding communications device and other communications devices; communications means for communicating via a communications link with another communications device; and processing means adapted to perform the following steps
  • the communications device has determined a common security association, protecting the communications link based on the determined common security association; otherwise establishing a new security association with the another communications device, and protecting the communications link based on the new security association;
  • the term communications device is intended to comprise any electronic equipment comprising communications means for communicating with other such communications devices in a wired or wireless manner.
  • the term communications device comprises all portable radio communication equipment and other handheld or portable communications devices.
  • portable radio communication equipment includes all equipment such as mobile telephones, pagers, communicators, i.e. electronic organisers, smart phones, personal digital assistants (PDAs), handheld computers, portable computers, laptops, or the like.
  • the term communications means is intended to comprise any circuit or device allowing the transmission and reception of data via a wired or wireless communications link to/from another communications device.
  • the communications means may include a radio transmitter and receiver.
  • Further examples of communications means include transmitters/receivers using other wireless technology, such as infrared communications, or the like.
  • the term storage means is intended to comprise any suitable arrangement or device for data storage, for example an electrically erasable programmable read only memory (EEPROM), flash memory, erasable programmable read only memory (EPROM), a random access memory (RAM), magnetic storage, such as a hard disk, or the like.
  • the storage means may be an integrated part of the electronic device, or it may be connected to said device, e.g. removably inserted.
  • the storage means may be a removable storage medium, e.g. a memory card, a PCMCIA card, a smart card, or the like.
  • processing means is intended to comprise any suitably programmed general- or special-purpose programmable microprocessors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), Programmable Logic Arrays (PLA), Field Programmable Gate Arrays (FPGA), etc., or a combination thereof.
  • DSP Digital Signal Processors
  • ASIC Application Specific Integrated Circuits
  • PDA Programmable Logic Arrays
  • FPGA Field Programmable Gate Arrays
  • the features of the method described above and in the following may be implemented in software and carried out in a processing means caused by the execution of computer-executable instructions.
  • the instructions may be program code means loaded in a memory, such as a RAM, from a storage medium, such as a ROM, flash memory, EPROM, EEPROM, or the like, or from another computer via a computer network.
  • a memory such as a RAM
  • a storage medium such as a ROM, flash memory, EPROM, EEPROM, or the like
  • the described features may be implemented by hardwired circuitry instead of software or in combination with software.
  • fig. 1 shows a block diagram of a co mmunications device
  • fig. 2 shows a flow diagram illustrating the establishment of a secured peer- to-peer communications link between two communications devices using symmetric-key based security associations
  • figs. 3a-e illustrate an example of the method of fig. 2 in a scenario with four devices
  • fig. 4 illustrates the establishment of a secured peer-to-peer communications link between two communications devices using public-key based security associations
  • figs. 5a-e illustrate a first example of a pairing scenario for pairing five communications devices.
  • figs. 6a-f illustrate a second example of a pairing scenario for pairing five communications devices.
  • Fig. 1 shows a block diagram of a communications device.
  • the communications device 101 comprises a processing unit 102, a radio communications unit 103 connected to the processing unit, and a storage medium 104 connected to the processing unit.
  • the radio communications unit 1 O3 transmits the data received from the processing unit 102 via the radio channel 105 employed by the communications network, and receives data from the radio channel and forwards them to the processing unit.
  • the radio communications unit 103 may be based on the Bluetooth technology and transmit/receive in the ISM band at 2.45 GHz.
  • the communications network is a Bluetooth piconet.
  • the processing unit 102 processes the data received from other devices and the data to be sent to other devices according to the functionality implemented by the communications device.
  • the processing unit is suitably programmed to perform the security functions described below, such as performing a key exchange with another device, performing an authenticated key exchange with another device, protecting the data communicated to/from other devices, e.g. integrity protection, encryption, authentication, etc., and the propagation of security associations to other devices.
  • the storage medium 104 e.g. an EPROM, EEPROM, flash memory, a hard disk, or the like, has stored thereon a set of security associations, e.g. as a list of private keys or a list of public keys.
  • the set may be suitably indexed, and each entry may comprise additional information, e.g. a group identifier, a validity period, or the like.
  • the communications device may comprise further components which have been omitted in the schematic block diagram of fig. 1.
  • the communications device may further comprises an automatic gain control (AGC) unit connected to the receiver, a decoder, an encoder, or the like.
  • AGC automatic gain control
  • Fig. 2 shows a flow diagram illustrating the establishment of a secured peer- to-peer communications link betvween two communications devices using symmetric-key based security associations.
  • the flow diagram 200 comprises two columns 222 and 223, eac h column representing one of the two communications devices A and B 1hat communicate with each other. Boxes representing steps performed by a device A are placed in column 222 while boxes representing steps performed by device B are placed in column 223. Boxes representing steps performed by both devices cooperatively cover both columns.
  • Each of the communications devices A and B comprises an internal database of trusted private keys. Since these keys may be distributed to a number of trusted devices, as described below, these private keys will also be referred to as (trusted) group keys.
  • the databases 214 and 215 each comprise a list of trusted group key records, where each record includes a group key index and a trusted group key corresponding to the index.
  • the trusted group keys stored in database 214 of device A are denoted
  • the trusted group keys stored in database 215 of device B are denoted K B ⁇ , ...,K B . and the corresponding indices are denoted B1 ,...,BM.
  • each device may be pre- configured with at least one key index and a corresponding group key. Alternatively, the device is shipped with no pre-configured keys. It is further understood that the devices may have stored further keys for other purposes.
  • the present method applies to a dedicated set of trusted group keys KAI,.. -,KAN and K B I, ...,K B , respectively, which are intended to be propagated to other trusted devices as a part of the present method.
  • the keys K A ⁇ K A N and K B ⁇ , ...,K B may be stored in dedicated databases, respectively, or otherwise separated from other keys. Alternatively, they may be stored in a database together with other keys, where the trusted group keys intended for the present method are marked as trusted keys intended for the present method. As mentioned above, each of the trusted group keys may be related to a group identifier identifying a specific context, e.g. group o devices, services, or the like, and where the propagation of the corresponding key is limited to that context.
  • the key indices may be chosen at random from a predetermined index space.
  • the index space is selected large enough to reduce the probability of two different secret keys having the same index.
  • the indices may be selected from a 48-bit index space. It is noted, however, that uniqueness is not a strict requirement for the indices, as they are only used to identify common group keys. If two different keys are erroneously indicated as a common key due to a conflict of their indices, the subsequent establishment of security functions, such as encryption, based on these keys will fail. Hence, in this case an alternative key may be identified or, a manual pairing may be performed.
  • the communications devices are assumed to be capable of communicating with each other via a wired or wireless communications medium, e.g. a cable, a radio channel or any other suitable technology.
  • the devices may communicate using a Bluetooth air interface.
  • device A sends the list of key indices A1 ,...,AN stored in the database 214 of device A to device B.
  • step 202 device B compares the received list of indices with the indices B1 ,...,BM stored in database 215 of device B. If device B identifies a common index, denoted IC, i.e. if there is an IC e ⁇ A1 ,...,AN ⁇ n ⁇ B1....BM ⁇ , the process continues at step 203, otherwise the process continues at step 205. If device B identifies more than one common key index, an arbitrary one of the common indices is selected. In step 203, i.e. if a common index IC was identified in step 202, device B sends the common index IC to device A.
  • IC common index
  • the two devices perform an authenticated key exchange resulting in a shared secret.
  • the authentication is based on the common trusted group key K
  • the authenticated key exchange may be performed according to any suitable known authenticated key exchange process.
  • the authenticated key exchange is performed according to the Bluetooth specification, where the common group key K
  • Other examples of authenticated key exchanges include an authenticated Diffie-Hellman key exchange.
  • step 205 i.e. if no common key index was identified in step 202, the device B informs device A that no common key index was identified, e.g. by sending a corresponding response message or by sending a request for manual pairing.
  • a key exchange is performed resulting in a shared secret.
  • the key exchange is initiated by device A, e.g. by sending a request for performing a pairing of the two devices.
  • the user is prompted for acceptance and, depending on the user's input, the request for pairing is accepted or rejected. If device B rejects the request, the process is terminated; otherwise, a pairing process including a key exchange is performed by the two devices.
  • a user interaction is requested by the devices. For example, the user(s) in control of the devices is/are asked to enter a passcode in both devices.
  • a passcode is generated by one device and displayed to the user, and the user is asked to enter the generated passcode into the other device.
  • the key exchange may be performed according to any suitable known password-based key exchange process.
  • the key exchange is performed according to the Bluetooth specification ("The Specification of the Bluetooth System, Core, Baseband Specification", ibid.).
  • the user is asked whether the devices A and B should proceed with the exchange of their respective security associations, i.e. whether the respective other device is regarded as a highly trusted device (step 212). If the user rejects the exchange of security associations, the process is completed, i.e. in this case, the two devices are paired and have established a shared secret, but without extending their previously established security associations to the respective other device.
  • the established shared secret may be used to protect the subsequent communication between the two devices, e.g. by establishing encryption and/or integrity protection and/or the like.
  • the exchange of security association may be limited to a certain group of security associations.
  • each group key record further comprises a group identifier
  • the user may be asked to enter or select from a list one or more group identifiers. Subsequently, only security associations of the selected group identifiers are exchanged. If the user accepts the exchange of at least some security associations after completion of the key exchange step, the process continues at step 207.
  • step 207 i.e. once a shared secret is established between the devices, either by an authenticated key exchange in step 204 authenticated by an existing common key K
  • the encryption may be based on any suitable encryption algorithm, such as SAFER+, AES, DES, RC5, Bluetooth E0, GSM A5/3, etc.
  • the communication between the devices is further integrity protected.
  • step 208 device B sends a list of trusted group keys and corresponding indices stored in the database 215 to device A.
  • device B may send only indices and corresponding keys from database 215 with indices different from those previously received, thereby reducing the required communications resources. If the set of trusted group keys was limited to only comprise group keys related to one or more certain group identifier, only keys related to the selected group identifiers) are sent. If device B has no trusted group keys stored in its database 215, e.g. because the device was shipped without any key and has not previously exchanged trusted keys with another device, device B generates a group key and a corresponding index. For example, both the key and the index may be generated randomly from suitable respective spaces.
  • step 209 device A updates the I ist of trusted keys in database 214 with the received list of keys and corresponding indices.
  • step 210 device A sends a list of its trusted keys and corresponding indices stored in the database 214 to device A.
  • device A sends only indices and corresponding keys from database 214 with indices different from those received from device B, thereby reducing the required communications resources.
  • step 211 device B updates the list of trusted keys in database 215 with the received list of keys and corresponding indices.
  • steps 208- 211 may be changed, e.g. such that device A sends its list of group keys first, before receiving the corresponding list of device B.
  • Figs. 3a-e illustrate an example of the method of fig..2 in a scenario with four communications devices.
  • one or more users wish to establish security associations among four communications devices A, B, C, and D, generally designated 301, 302, 303, and 304, respectively.
  • Fig. 3a illustrates the initial situation.
  • Fig. 3b illustrates a first pairing step between devices 301 and 302.
  • Devices 301 and 302 are connected for the first time and none of the devices has stored a group key. Hence, they perform a manual pairing based on a PIN or password entered into both devices, as illustrated by arrow 305.
  • the user(s) of both devices indicate(s) to the respective device via a suitable user-input that this pairing is a pairing with a highly trusted device, i.e. the user(s) initiate(s) the exchange of group keys.
  • one of the devices (device 301 ) generates a trusted group key Kn with index 11 , and sends the generated key and index to the other device (device 302), as indicated by arrow 306. Both devices store the trusted group key Kn and the corresponding index 11 in their respective databases.
  • Fig. 3c illustrates the situation during a subsequent connection of devices 303 and 304.
  • devices 303 and 304 are connected for the first time, and none of the devices has stored a group key. Hence, they perform a manual pairing based on a PIN or password entered into both devices, as illustrated by arrow 307.
  • the user(s) of both devices indicate(s) to the respective device via a suitable user-input that this pairing is a pairing with a highly trusted device, i.e. the user(s) initiate(s) the exchange of group keys.
  • one of the devices (device 303) generates a trusted group key K
  • Fig. 3d illustrates the situation during a subsequent connection of devices 301 and 303.
  • the devices 301 and 303 are connected with each other for the first time. Since device 301 has already stored the trusted key Kn, it sends the corresponding index 11 to device 303, as illustrated by arrow 309. Since device 303 does not have a key with index 11 stored in its database, it replies with a request for pairing (arrow 310).
  • the devices perform a manual pairing based on a PIN or password entered into the two devices, as indicated by arrow 311.
  • the user(s) of both devices indicate(s) to the respective device via a suitable user-input that this pairing is a pairing with a highly trusted device, i.e. the user(s) initiate(s) the exchange of group keys.
  • device 301 After authentication and switching to encryption, device 301 sends its list of trusted group keys, i.e. key Kn and corresponding index 11 , to device 303 (arrow 312).
  • device 303 replies with its list of trusted group keys, i.e. key K t2 and corresponding index 12 (arrow 313). Both devices store the respective new key in their respective databases.
  • Fig. 3e illustrates the situation during a subsequent connection of devices 301 and 304.
  • the devices 301 and 304 are connected with each other for the first time.
  • Device 301 sends its list of group key indices, i.e. indices 11 and 12, to device 304, as illustrated by arrow 314.
  • Device 304 has a key with index 12 stored in its database and replies with the key index 12 (arrow 315), thereby requesting an authenticated key exchange using the common key with index 12.
  • the devices perform an authenticated key exchange based on the common key K
  • the devices exchange their respective list of group keys:
  • Device 301 sends the trusted group key Kn and the corresponding index 11 to device 304 (arrow 317).
  • Device 301 does not need to send the key K
  • Device 304 stores the received key Kn and the corresponding index 11 in its database.
  • Device 304 does not have any additional keys stored in its database that are not already known to device 301. Hence, no key is sent from device 304 to device 301.
  • Fig. 4 shows a flow diagram illustrating the establishment of a secured peer- to-peer communications link between two communications devices using public-key based security associations.
  • the flow diagram 400 comprises two columns 422 and 423, each column representing one of the two communications devices A and B, as described above.
  • Each of the communications devices A and B comprise an internal database of trusted public keys and certificates certifying the trusted public keys.
  • the databases 414 and 415 each comprise lists of records, each record comprising a trusted public key and a corresponding chain of certificates.
  • the public keys stored in database 414 of device A are denoted KAI, - - ..K A N
  • the corresponding chains of certificates are denoted C A ⁇ , ⁇ -., CAN.
  • C A ⁇ denotes a chain of one or more certificates linking the trusted public key KAI to the public key of device A, and so forth.
  • the public keys stored in database 415 of device B are denoted K B ⁇ , ...,KB .
  • the database 414 comprises at least one public and private key K A ,PU and KA,PR, respectively, with a corresponding self-signed certificate.
  • the database 415 of device B comprises at least one public and private key K BI PU and K B ,PR, respectively, with a corresponding self-signed certificate.
  • each device may be pre-configured with at least one public and private key and a self signed certificate where at least one of the public-private key pairs has signing capabilities. It is further understood that the devices may have stored further keys or certificates for other purposes.
  • the present method applies to a dedicated set of trusted public keys K A ⁇ , ...,K A N and KBI ,
  • each public key may be related to a group identifier as described above.
  • the communications devices are assumed to be capable of communicating with each other via a wired or wireless communications medium, e.g. a cable, a radio channel, or any other suitable wireless technology.
  • a wired or wireless communications medium e.g. a cable, a radio channel, or any other suitable wireless technology.
  • the devices may communicate using a Bluetooth air interface.
  • device A sends a list of hash values H A I,...,H A N corresponding to the public keys KAI, -..,KAN stored in the database 414 of device A to device B.
  • the hash values HAI H A N may be stored in the database 414 as pre-calculated values in relation to the corresponding keys. Alternatively, device A may calculate the hash values from the stored keys prior to sending them.
  • the hash values may be calculated based on any suitable known hash function, e.g. SHA-1 or MD5.
  • SHA-1 e.g. SHA-1 or MD5.
  • a hash function for hash table lookup should be fast, and it should cause as few collisions as possible, i.e. few cases in which different keys result in the same hash value. It is noted, however, that if two different keys are erroneously indicated as a common key due to a conflict of their hash values, the subsequent establishment of security functions, such as encryption, based on these keys will fail. Hence, in this case an alternative key may be identified or, a manual pairing may be performed.
  • step 402 device B compares the received list of hashes with the hashes of the keys KBI , ...,K B M stored in database 415 of device B. If device B identifies a common hash value, if there is a H c e ⁇ H A I, ...H A N ⁇ n ⁇ HASH(K B I),...,HASH(KBM) ⁇ , the process continues at step 403, otherwise the process continues at step 405. If device B identifies more than one common hash value, an arbitrary one of the common hash values is selected.
  • step 403 i.e. if a common hash value He was identified in step 402, device B sends the common hash value He to device A.
  • the common public key corresponding to the hash value He will be denoted Kc.
  • the two devices perform an authenticated key exchange resulting in a shared secret.
  • the authentication is based on a certificate or public key that can be chained to the common public key Kc, i.e. the public key Kc is used as a public root key of a certificate chain.
  • the authenticated key exchange may be performed according to any suitable known authenticated key exchange process based on a public key or certificate, e.g. IKEv2 or TLS : .
  • step 405 i.e. if no common hash value was identified in step 402, the device B informs device A that no common hash value was identified, e.g. by sending a corresponding response message or a request for a manual pairing.
  • a key exchange is performed resulting in a shared secret.
  • the key exchange may be initiated by device A, e.g. by sending a request for performing a pairing of the two devices.
  • the user is prompted for acceptance and depending on the user's input, the request for pairing is accepted or rejected. If device B rejects the request, the process is terminated; otherwise, a pairing process including a key exchange is performed by the two devices.
  • a user interaction is requested by the devices. For example, the user(s) in control of the devices is/are asked to enter a passcode in both devices.
  • a passcode is generated by one device and displayed to the user, and the user is asked to enter the generated passcode into the other device.
  • the key exchange may be performed according to any suitable known password-based key exchange process. In one embodiment, the key exchange is performed according to the Bluetooth specification ("The Specification of the Bluetooth System, Core, Baseband Specification", ibid.).
  • the user is asked whether the devices A and B should proceed with the exchange of their respective security associations, i.e. whether the respective other device is regarded as a highly trusted device (step 416). If the user rejects the exchange of security associations, the process is completed, i.e. in this case, the two devices are paired and have established a shared secret, but without extending their previously established security associations to the respective other device.
  • the established shared secret may be used to protect the subsequent communication between the two devices, e.g. by establishing encryption and/or integrity protection and/or the like.
  • the exchange of security association may be limited to a certain group of security associations.
  • each public key record further comprises a group identifier
  • the user may be asked to enter or select from a list one or more group identifiers. Subsequently, only security associations of the selected group identifiers are exchanged. If the user accepts the exchange of at least some security associations after completion of the key exchange step, the process continues at step 407.
  • step 407 i.e. once a shared secret is established between the devices, either by an authenticated key exchange in step 404 authenticated on the basis of an existing common key Kc, or a passcode-based key-exchange in step 406 involving a user interaction, the devices switch to an encrypted connection using the agreed shared secret.
  • the encryption may be based on any suitable encryption algorithm, such as E0 of Bluetooth1.1 or AES.
  • the communication between the devices is further integrity protected.
  • step 408 device B sends its own public key KB.PU or a self-signed certificate to device A.
  • step 409 device A receives th e public key of device B.
  • Device A may choose to sign the public key of device B using its own private key.
  • step 410 device A sends a list of trusted public keys KAI....,KAN stored in the database 414, and corresponding certificates or certificate chains C' A ⁇ CA to device B.
  • the certificates/certificate chains C'AI, ...,C' A N correspond to the certificates/certificate chains CAI C N stored in database
  • device A sends its own public key K A ,pu or self-signed certificate to device B. Since device A has previously received a list of hash values from device B, in one embodiment, device A may send only public keys from database 414 with hashes different from those previously received. If there are no difference in the two sets of trusted keys, device A may choose not to send any keys at all. If the set of trusted public keys was limited to only comprise keys related to one or more certain group identifier, only keys related to the selected group identifiers) are sent.
  • device A will make its own public key, a root key, and only send this key (or this key in a self-signed certificate) and the certificate that certifies the public key of device B against the root key to device B.
  • step 411 device B receives the list of public keys and certificates/certificate chains from device A, and device B updates its list of trusted public keys and certificates that certify its own public key against the trusted keys.
  • Device B may choose to sign the public key of device A using its own private key.
  • step 412 device B sends a list of trusted public keys KBI, ...,KBM stored in the database 415 and corresponding certificates/certificate chains
  • device B may send only public keys from database 415 with hashes different from those previously received. If there are no difference in the two sets of trusted keys, device B may choose not to send any keys at all. If the set of trusted public keys was limited to only comprise keys related to one or more certain group identifier, only keys related to the selected group identifiers) are sent.
  • step 413 device A receives the list of public keys and certificates/certificate chains from device B.
  • Device A updates the list of trusted public keys and list of certificates that certify its own public key against the trusted keys.
  • the method described above reduces the number of pairings which require user interaction to a number between n-1 and n(n-1)/2, depending on the order in which the devices are paired. In the following, this will be illustrated in connection with two examples of pairing scenarios for pairing five communications devices.
  • Figs. 5a-e illustrate a first example of a pairing scenario for pairing five communications devices.
  • one or more users wish to establish security associations among five communications devices A, B, C, D, and E, generally designated 501 , 502, 503, 504, and 505, respectively.
  • Fig. 5a illustrates the initial situation.
  • none of the devices 501-505 is pre-configured with any group keys, i.e. none of the devices has any group keys stored in their respective lists of group keys.
  • Fig. 5b illustrates a first pairing step between devices 501 and 502.
  • Devices 501 and 502 are connected for the first time. Since none of the devices has stored a group key, they perform a manual pairing based on a PIN or password as described above and as illustrated by the dotted line 506. After authentication and the switching to encryption, one of the devices generates a trusted group key Ki and sends the generated key to the other device. Both devices store the trusted group key Ki in their respective databases. It is understood that, in some embodiments, the key Ki is stored in connection with a corresponding index, as described above.
  • Fig. 5c illustrates the situation after a subsequent connection of devices 501 and 503. Since the devices 501 and 503 do not have a common key, they perform a manual pairing based on a PIN or password entered into the two devices as indicated by dotted line 507. After authentication and switching to encryption, device 501 sends its list of trusted group keys, i.e. key Ki, to device 503 where the key Ki is stored.
  • key Ki trusted group keys
  • Fig. 5d illustrates the situation after a subsequent connection of devices 501 and 505. Again, devices 501 and 505 perform a manual pairing as indicated by dotted line 508, and device 501 sends its trusted group key Ki to device 505 where the key Ki is stored.
  • Fig. 5e illustrates the situation after a subsequent connection of devices 501 and 504. Again, devices 501 and 504 perform a manual pairing as indicated by dotted line 509, and device 501 sends its trusted group key Ki to device 504 where the key Ki is stored.
  • Figs. 6a-f illustrate a second example of a pairing scenario for pairing the above five communications devices. Again, it is assumed that one or more users wish to establish security associations among the five communications devices A, B, C, D s and E.
  • Fig. 6a illustrates the initial situation where none of the devices 501-505 is pre-configured with any group keys.
  • Fig. 6b illustrates a first pairing step between devices 501 and 502 including a manual pairing based on a PIN or password as described above and as illustrated by the dotted line 606. This pairing step and the subsequent exchange of security associations result in a key Ki stored in both devices.
  • Fig. 6c illustrates the situation after a subsequent pairing step between devices 503 and 504. Since none of the devices has stored a group key, they perform a manual pairing based on a PIN or password as illustrated by the dotted line 607. After authentication and the switching to encryption, one of the devices generates a trusted group key K 2 and sends the generated key to the other device. Both devices store the trusted group key K 2 in their respective databases.
  • Fig. 6d illustrates the situation after a subsequent connection of devices 501 and 505. Again, devices 501 and 505 perform a manual pairing as indicated by dotted line 608, and device 501 sends its trusted group key K-i to device 505 where the key Ki is stored.
  • Fig. 6e illustrates the situation after a subsequent connection of devices 504 and 505.
  • device 504 has only stored key K 2
  • device 505 has only stored key K-i.
  • the devices do not have a common key, and they perform a manual pairing as indicated by dotted line 609.
  • the devices exchange their respective keys Ki and K 2 .
  • both keys Ki and K 2 are now stored in both devices 504 and 505.
  • fig. 6f illustrates the situation after a subsequent connection of devices 502 and 503.
  • device 502 has only stored key Ki
  • device 503 has only stored key K 2 .
  • the devices do not have a common key, and they perform a manual pairing as indicated by dotted line 610.
  • the devices exchange their respective keys Ki and K 2 .
  • both keys Ki and K 2 are now stored in both devices 502 and 503.
  • two devices may exchange their respective list of group keys more than once. For example, when two devices that have previously exchanged their lists of group keys are connected again in a subsequent session, they may exchange their respective lists of trusted group keys again.
  • one or both of the devices may have extended their respective lists of group keys due to pairings with one or more other devices. These extensions may be propagated to the corresponding other one of the two devices when they are connected again, thereby improving the efficiency of the key distribution and the probability that there is at least one common security association available if one of the devices connects to a new device for the first time.
  • the devices exchange their lists of security associations every time they are connected, and they extend their respective lists with new security associations, if any, from the list of the respective other device.
  • the term "comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.

Abstract

L'invention concerne une méthode permettant d'établir une communication sécurisée entre homologues, entre deux dispositifs de communication. Chaque dispositif de communication présente un ensemble correspondant d'associations sécurisées préalablement établies stockées avec d'autres dispositifs de communication. La méthode de l'invention consiste à déterminer si les deux dispositifs de communication présentent une association sécurisée commune dans leur ensemble correspondant d'associations sécurisées établies. Si les dispositifs ont déterminé une association sécurisée commune, la méthode consiste à protéger la liaison de communication entre les deux dispositifs de communication, en fonction de l'association sécurisée commune déterminée. Sinon, l'invention consiste à établir une nouvelle association sécurisée entre les deux dispositif de communication, et à protéger la liaison de communication en fonction de la nouvelle association sécurisée; et à étendre les ensembles d'associations sécurisées préalablement établies des deux dispositifs de communication à l'autre dispositif de communication correspondant en échangeant des données-clés correspondantes.
PCT/EP2004/003671 2003-04-28 2004-04-06 Securite dans un reseau de communication WO2004098145A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/554,946 US20070055877A1 (en) 2003-04-28 2004-04-06 Security in a communication network
JP2006505024A JP2006526314A (ja) 2003-04-28 2004-04-06 通信ネットワークにおけるセキュリティ

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP03388027A EP1473899A1 (fr) 2003-04-28 2003-04-28 Sécurité dans un reseau
EP03388027.9 2003-04-28
US46747603P 2003-05-02 2003-05-02
US60/467,476 2003-05-02

Publications (1)

Publication Number Publication Date
WO2004098145A1 true WO2004098145A1 (fr) 2004-11-11

Family

ID=33420605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/003671 WO2004098145A1 (fr) 2003-04-28 2004-04-06 Securite dans un reseau de communication

Country Status (3)

Country Link
JP (1) JP2006526314A (fr)
KR (1) KR20060027311A (fr)
WO (1) WO2004098145A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014063083A1 (fr) * 2012-10-19 2014-04-24 Qualcomm Incorporated Procédés et appareil pour fournir un agrément de clé assisté par un réseau, pour des communications p2p
US9398046B2 (en) 2008-03-06 2016-07-19 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
CN110971401A (zh) * 2019-11-19 2020-04-07 武汉大学 一种基于交叉互锁机制的认证密钥协商方法及其实施装置

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7778422B2 (en) * 2004-02-27 2010-08-17 Microsoft Corporation Security associations for devices
JP4701706B2 (ja) * 2004-12-22 2011-06-15 富士ゼロックス株式会社 情報処理装置、方法、及びプログラム
US7739513B2 (en) * 2005-02-22 2010-06-15 Sony Corporation Secure device authentication
KR100898341B1 (ko) * 2006-12-06 2009-05-20 한국전자통신연구원 P2p 네트워크에서 피어간 간접 신뢰 바인딩 형성 방법

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092201A (en) * 1997-10-24 2000-07-18 Entrust Technologies Method and apparatus for extending secure communication operations via a shared list
EP1102430A1 (fr) * 1999-10-27 2001-05-23 Telefonaktiebolaget Lm Ericsson Procédé et agencement dans un réseau ad hoc
US20020178361A1 (en) * 2001-05-24 2002-11-28 International Business Machines Corporation System and method for dynamically determining CRL locations and access methods
EP1289227A2 (fr) * 2001-09-03 2003-03-05 Siemens Aktiengesellschaft Procédé, système et ordinateur pour négocier une association de sécurité au niveau de la couche d'application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092201A (en) * 1997-10-24 2000-07-18 Entrust Technologies Method and apparatus for extending secure communication operations via a shared list
EP1102430A1 (fr) * 1999-10-27 2001-05-23 Telefonaktiebolaget Lm Ericsson Procédé et agencement dans un réseau ad hoc
US20020178361A1 (en) * 2001-05-24 2002-11-28 International Business Machines Corporation System and method for dynamically determining CRL locations and access methods
EP1289227A2 (fr) * 2001-09-03 2003-03-05 Siemens Aktiengesellschaft Procédé, système et ordinateur pour négocier une association de sécurité au niveau de la couche d'application

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9398046B2 (en) 2008-03-06 2016-07-19 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
WO2014063083A1 (fr) * 2012-10-19 2014-04-24 Qualcomm Incorporated Procédés et appareil pour fournir un agrément de clé assisté par un réseau, pour des communications p2p
US8873757B2 (en) 2012-10-19 2014-10-28 Qualcom Incorporated Methods and apparatus for providing network-assisted key agreement for D2D communications
KR20150061007A (ko) * 2012-10-19 2015-06-03 퀄컴 인코포레이티드 P2p 통신들을 위해 네트워크-보조 키 동의를 제공하기 위한 방법들 및 장치
CN104737516A (zh) * 2012-10-19 2015-06-24 高通股份有限公司 为p2p通信提供网络辅助式密钥协定的方法和装置
KR101589237B1 (ko) 2012-10-19 2016-01-28 퀄컴 인코포레이티드 P2p 통신들을 위해 네트워크-보조 키 동의를 제공하기 위한 방법들 및 장치
CN104737516B (zh) * 2012-10-19 2018-04-06 高通股份有限公司 为p2p通信提供网络辅助式密钥协定的方法和装置
CN110971401A (zh) * 2019-11-19 2020-04-07 武汉大学 一种基于交叉互锁机制的认证密钥协商方法及其实施装置
CN110971401B (zh) * 2019-11-19 2021-10-22 武汉大学 一种基于交叉互锁机制的认证密钥协商方法及其实施装置

Also Published As

Publication number Publication date
JP2006526314A (ja) 2006-11-16
KR20060027311A (ko) 2006-03-27

Similar Documents

Publication Publication Date Title
EP1473899A1 (fr) Sécurité dans un reseau
US7793103B2 (en) Ad-hoc network key management
US8156337B2 (en) Systems and methods for authenticating communications in a network medium
KR100983050B1 (ko) 네트워크 엔티티들 사이에서 데이터 협정을 인증하기 위한시스템, 방법 및 컴퓨터 프로그램 제품
CN107800539B (zh) 认证方法、认证装置和认证系统
EP1536609B1 (fr) Systèmes et méthodes d'authentification des communications dans un réseau
TW478269B (en) Method and apparatus for initializing mobile wireless devices
CN101822082B (zh) 用于uicc和终端之间安全信道化的技术
EP1226680B1 (fr) Procede et systeme pour reseau de communication
EP2082525B1 (fr) Procédé et appareil d'authentification mutuelle
US20110271334A1 (en) Method, system, and device for implementing device addition in wi-fi device to device network
CN1929371B (zh) 用户和外围设备协商共享密钥的方法
Mirzadeh et al. Secure device pairing: A survey
JP2010158030A (ja) セキュア通信をイニシャライズし、装置を排他的にペアリングする方法、コンピュータ・プログラムおよび装置
Gehrmann et al. Enhancements to Bluetooth baseband security
CN105706390A (zh) 在无线直接通信网络中使用非对称密钥进行身份识别的方法和装置
Noh et al. Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks
US7751569B2 (en) Group admission control apparatus and methods
Gehrmann et al. The personal CA-PKI for a personal area network
WO2004098145A1 (fr) Securite dans un reseau de communication
GB2411801A (en) Establishing secure connections in ad-hoc wireless networks in blind trust situations
Madhusudhan et al. An efficient and secure user authentication scheme with anonymity in global mobility networks
Liu et al. Efficient and anonymous authentication with succinct multi-subscription credential in SAGVN
EP1343342B1 (fr) Protection de sécurité pour la communication des données
WO2008004174A2 (fr) Procédé d'établissement d'une voie sécurisée authentifiée

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006505024

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 4855/DELNP/2005

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1020057020435

Country of ref document: KR

Ref document number: 20048113521

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 1020057020435

Country of ref document: KR

122 Ep: pct application non-entry in european phase
WWE Wipo information: entry into national phase

Ref document number: 2007055877

Country of ref document: US

Ref document number: 10554946

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 10554946

Country of ref document: US