WO2022167061A1 - Method and system for pairing devices - Google Patents

Method and system for pairing devices Download PDF

Info

Publication number
WO2022167061A1
WO2022167061A1 PCT/EP2021/052466 EP2021052466W WO2022167061A1 WO 2022167061 A1 WO2022167061 A1 WO 2022167061A1 EP 2021052466 W EP2021052466 W EP 2021052466W WO 2022167061 A1 WO2022167061 A1 WO 2022167061A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
secret
secret key
encryption
basis
Prior art date
Application number
PCT/EP2021/052466
Other languages
French (fr)
Inventor
Sampo Sovio
Jan-Erik Ekberg
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2021/052466 priority Critical patent/WO2022167061A1/en
Publication of WO2022167061A1 publication Critical patent/WO2022167061A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Definitions

  • the present disclosure relates to a system and method for pairing devices.
  • the system and method described herein establish a shared cryptographic key between devices to enable secure communication.
  • Some smart devices are comparitively simple in design.
  • the smart functionality of the device is provided through a simple embedded circuit or a processor with limited power.
  • a smart lightbulb may have an adjustable brightness feature and a bluetooth interface so that the smart blub can be paired to a more complex device such as a smartphone.
  • a method for establishing a symmetric key comprises receiving, at a first device, a first public key of a first key pair and an encryption of a first key portion of a first secret key, under a second public key of a second key pair.
  • the first secret key comprises first and second key portions and corresponds to the secret key of the first key pair.
  • the method comprises accessing a second secret key securely stored on the first device where the second secret key corresponds to the secret key of the second key pair, decrypting the first key portion of the first secret key at the first device, on the basis of the second secret key, generating a symmetric key at the first device, encrypting the symmetric key under the first public key at the first device and communicating the encryption of the symmetric key and the first key portion of the first secret key from the first device to the second device.
  • a computing system comprising a memory and a processor communicatively coupled to the memory.
  • the memory includes program code which, when executed by the processor, provides instructions to access a first public key of a first key pair and an encryption, under a second public key of a second key pair, of a first key portion of a first secret key corresponding to the secret key of the first key pair, on the basis of data received at the computing system.
  • the first secret key comprises first and second key portions.
  • the code further provides instructions to access a second secret key securely stored on the computing system, the second secret key corresponding to the secret key of the second key pair, decrypt the first key portion of the first secret key at the first device, on the basis of the second secret key, generate a symmetric key, encrypt the symmetric key under the first public key at the first device and communicate the encryption of the symmetric key and the first key portion of the first secret key.
  • the apparatus comprises a read-only memory arranged to store a second key portion of a secret key comprising first and second key portions, the secret key corresponding to the secret key of a key pair comprising the secret key and a public key.
  • the apparatus is arranged to receive the first key portion and an encryption of a symmetric key under the public key, access the second key portion from the read-only memory, obtain the secret key on the basis of the first and second key portions and decrypt the symmetric key on the basis of the secret key.
  • a manufacturing method comprises providing a first computing device comprising a memory, generating a first cryptographic key, generating first and second key portions of the first cryptographic key and installing the second key portion in the memory of the first computing device.
  • the method comprises, at the second device, receiving the first key portion of the first secret key and the encryption of the symmetric key under the first public key, accessing the second key portion of the first secret key, obtaining the first secret key on the basis of the first and second key portions, and decrypting the symmetric key on the basis of the first secret key.
  • the method according to the first implementation establishes a shared symmetric key for enabling a pairing of the first and second device.
  • the method does not require the second device to store the first secret key to recover the symmetric key.
  • Multiple devices implementing the method may store the same value for a second key portion. This simplifies and reduces the manufacturing cost of these devices. Furthermore, this reduces the requirement of providing long term key storage on the second device further allowing a simplification of the design of the second device.
  • the method implicitly authenticates the first device to the second device as only a legitimate first device may have access to the second secret key to decrypt the first key portion.
  • accessing the first public key and encryption of the first key portion at the first device comprises receiving data via an out-of-band communication channel and accessing the first public key and encryption of the first key portion on the basis of the data.
  • receiving data via an out-of-band communication channel comprises scanning a machine-readable code and/or a radio-frequency identification tag, and/or receiving data via an ultrasound, short distance radio frequency, near-field and/or a low energy Bluetooth communication channel.
  • the method according to the third implementation form facilitates the retrieval of data to enable the establishment of a secure pairing between the first and second device.
  • the data comprises a uniform resource locator.
  • the method according to the fourth implementation form facilitates the retrieval of cryptographic key material from a remote location without having to provide a large amount of data across a low bandwidth communication channel.
  • the second secret key is securely stored in a trusted execution environment on the first device.
  • accessing the second key portion of the first secret key on the second device comprises retrieving the second key portion from read-only memory on the second device.
  • the method comprises generating the first key portion of the first secret key on the basis of the first secret key and the second key portion of the first secret key.
  • generating the first key portion of the first secret key comprises randomly generating the first secret key, generating a data value for the second key portion of the first secret key and determining the first key portion on the basis of the second key portion and the first secret key.
  • the method according to the eighth implementation form allows the same second key portion to be used across multiple devices without comprising the security of the first key portion and the key.
  • the first key portion is determined from the secret key and the second key portion. Therefore, if the key is chosen at random, for fixed second key portions across multiple devices, the resultant first key portion is random.
  • encryption of data is performed on the basis of the Elliptic Curve Integrated Encryption Scheme.
  • Figure 1 shows a schematic diagram of a group of devices, according to an example.
  • Figure 2A shows a schematic diagram of an apparatus for setting up a device for pairing with a device, according to an example.
  • Figure 2B shows a schematic diagram of an apparatus for pairing devices, according to an example.
  • Figure 3 is a block diagram of a method for establishing a symmetric key between a first and second device, according to an example.
  • FIG. 4 is a block diagram of a computing system that may be used for implementing the devices and methods disclosed herein.
  • FIG 1 is a simplified schematic diagram of a group 100 of electronic devices.
  • each one of the devices in the group 100 may be a personal device such as a smartphone, tablet or a smart wearable device such as a smartwatch.
  • one or more of the devices in the group 100 is a smart home device such as a smart TV, smart lightbulb, smart hub, or other kind of consumer electronics device.
  • the device 110 may be a user’s smartphone and each of the devices 120 - 150 may be other smart devices around the user’s home.
  • the device 110 is paired to the device 120.
  • a device is said to be paired to another device if the device is in communication with the other device via a wireless connection.
  • each of the devices 120 - 150 are capable of pairing with the device 110 through at least one method of wireless communication.
  • a connection may be any kind of wireless connection such as a wireless local area network (WLAN), Bluetooth, Wi-Fi, Near-field Communication (NFC) or similar.
  • WLAN wireless local area network
  • NFC Near-field Communication
  • the device 120 may be a smart lightbulb which is paired via Bluetooth with the smartphone device 110.
  • the owner of the device 110 controls the brightness smart lightbulb 120 via their device 110.
  • a secure connection protects the data that is transmitted between the devices, and prevents attacks, such as man in the middle attacks, which would otherwise render devices unsafe for use in the consumer market.
  • a secure connection may be provided through the use of cryptographic protocols such as authentication and encryption.
  • the functionality of the device 120 may be limited. In the aforementioned example of the smart lightbulb, it may be impossible to store a cryptographic key to provide a secure connection. It may also be impractical to manufacture a large number of smart lightbulbs with a unique longterm cryptographic key injected into the device during a manufacturing process. From a manufacturing perspective, it is preferable to design a process that produces smart lightbulbs that are identical, or as close to identical, in design as possible. Further design issues arise where additional functionality, such as authentication, is to be built into the device 120.
  • the methods and systems described herein provide a method of securely pairing devices.
  • the methods and system do not require one of the devices to store a long-term cryptographic key.
  • a secret key is split into two random portions.
  • One of the key portions is stored on one of the devices and the other key portion is provided on a tag in an encrypted form, which may be fixed to the device.
  • a further device scans the tag to retrieve the encrypted key portion. This device decrypts the key portion and generates a symmetric key.
  • the further device communicates an encryption of the new key under the corresponding public key of the original secret key, together with the decrypted key portion back to the first device.
  • the first device recovers the original secret key using the key portions and decrypts the symmetric key using the recovered secret key. Both devices can then communicate securely using the symmetric key.
  • the method described herein implicitly authenticates the further device.
  • the encryption of the key portion is provided in such a way that only a legitimate device reading the tag can obtain the key portion.
  • the secret key and key portion are generated in a way that allows the key portion stored on the device to be identical across a batch of the devices without compromising the security.
  • unknown secret keys and key portions provided to further devices are generated uniformly randomly and appear random even to an adversary that obtains the other key portion of the secret key.
  • FIG. 2A is a simplified schematic diagram showing an apparatus 200, for setting up a device for pairing with another device, according to an example.
  • a device 210 is shown.
  • the device 210 may be a smart device similar to examples of devices previously described.
  • the device 210 comprises a read-only memory 220.
  • the apparatus 200 shown in Figure 2A further comprises a server 230.
  • the device 210 is arranged to communicate with the server 230 during, for example, a set up phase or a final stage of a manufacturing process.
  • the server 230 generates a first key pair for a cryptographic encryption scheme:
  • the encryption scheme may be, for example, the Elliptic Curve Integrated Encryption Scheme (ECIES).
  • the secret key ski is an integer k selected from a range [1, . . , n - 1] and the public key pki is a point k x G i.e. k copies of the point G summed together, for some preselected base point G on an elliptic curve E.
  • the server 230 is arranged to split the secret key ski into two key portions (xi, X2).
  • a key portion is a data value related to a cryptographic key.
  • a key portion may be generated from securely splitting the key into a sum of values over the finite field.
  • a key may be split into two portions by first selecting a portion uniformly at random, then generating a further portion by subtracting the first portion from the key value.
  • the resulting portion is uniformly random.
  • a key pair comprises a point on an elliptic curve and a secret integer k, generated uniformly at random from a range [1, .. n - 1] ,
  • This technique may be applied to split keys into two key portions such that the second key portion X2 is fixed to the same value across a batch of devices without compromising security. This allows each of the devices in a batch to be manufactured identically.
  • the second key portion X2 may be injected into the device 210 and stored in the read-only memory 220. Each device may still have a unique secret key associated to it using this splitting method, without requiring long term storage of the unique secret key.
  • the server 230 generates a second key pair (pk2, sk2). According to examples described herein, the server 230 is arranged to generate an encryption C of the first key portion xi under the public key pk2 of the second key pair:
  • This encryption is made accessible to a device that wishes to pair with the device 210.
  • FIG 2B is a schematic diagram showing an apparatus 240 according to an example.
  • the same device 210 is shown together with a further device 250.
  • the further device 250 comprises a processor 260 and a memory 270 which is communicatively coupled to the processor 260.
  • the device 250 may be a smart device, such as a smartphone or smartwatch.
  • the device 250 is arranged to communicate with the device 210.
  • the communication between the devices 210 and 250 may be provided via appropriate interfaces (not shown in Figures 2A and 2B) in the devices.
  • the devices 210 and 250 may be arranged to communicate using Wi-Fi, Bluetooth, near-field communication or similar wireless communication and appropriate networking interfaces are provided in the devices.
  • the device 250 is further arranged to receive data via an out-of- band communication channel from the device 210.
  • the device 210 comprises a tag 280.
  • the tag 280 may be a machine-readable code such as a QR code, a radio-frequency identification (RFID) tag or similar.
  • RFID radio-frequency identification
  • the device 250 scans the tag 280 to receive data via an out-of-band channel in addition to receiving data over the main wireless communication link.
  • an out-of-band channel may be provided through ultrasound, short distance radio frequency, near-field and/or a low energy Bluetooth communication channel.
  • the encryption C may be encoded in the tag 280.
  • data may be provided in the tag 280 which provides data to recover the encryption C from the server 230.
  • the tag 280 may encode a uniform resource locator (URL) which provides a link to the encryption C.
  • URL uniform resource locator
  • the device 250 is arranged to store the second secret key sk2 securely in the memory 270.
  • the second secret key sk2 may be installed during a manufacturing process on the device 250.
  • the server 230 communicates the second key pair to the device 250 via a secure channel.
  • the processor 260 and memory 270 provide a trusted execution environment.
  • a trusted execution environment provides an isolated zone of execution in the device 250 which can be used to securely store and use a cryptographic key with a higher level of trust than the device as a whole.
  • the device 250 may also have dedicated logic or modules to perform cryptographic operations such as encryption securely.
  • the device 250 decrypts the encryption C to recover the key portion xi of the first secret key.
  • the device 250 is arranged to generate to a symmetric key K which is to be used to secure communication between the devices 210 and 250.
  • the device 250 then retrieves the first public key pki and encrypts the key K under the first public key pki .
  • the first public key pki is also provided to the device 250 via the out-of-band communication channel. In other cases, the device 250 retrieves the public pki from e.g. the server 230.
  • the device 250 communicates the encryption of the new key K to the device 210 together with the first key portion xi of the first secret key ski.
  • the first key portion xi is communicated in the clear. This does not compromise security since the key portion does not allow an adversary to obtain the full secret key. To do so would require the adversary to also obtain the key portion X2 on the device 210. However, an adversary who could obtain the key portion on the device 210 could also obtain a long term key on the device 210 using the same method and therefore an attack of this kind requires at least as much effort as storing a long term key on the device 210.
  • the device 210 receives the encryption of the symmetric key K and first key portion xi from the device 250 and accesses the second key portion X2 of the first secret key ski stored in the memory 220.
  • the device 210 is arranged to recover the first secret key ski which it uses to decrypt the encryption of the symmetric key K.
  • the devices 210 and 250 are then paired to each other to securely communicate using the key K.
  • the device 210 is arranged to wipe the key portion xi and the first secret key ski from memory once the devices 210 and 250 are paired. This ensures the device 210 does not need to store the key ski long term. Moreover, this prevents an adversary that obtains the device 210, from recovering the key portion X2 which may be the same for multiple devices. Moreover, only a legitimate device 250, which has access to the secret key sk2 which allows decryption of data received via the out-of-band channel, can decrypt the encryption C. Hence, the device 210 knows that the device 250 is an authenticate device and the device 210 does not need to perform a separate authentication session to authenticate the device 250.
  • Figure 3 is a block diagram showing a method 300 for establishing a symmetric key between a first and second device, according to an example.
  • the method 300 may be implemented on the apparatus and systems described herein.
  • the method 300 may be implemented on the device 250 shown in Figure 2B to establish a key with the device 210.
  • a first public key and an encryption of a first key portion of a first secret key, under a second public key is received at a first device.
  • the first secret key comprises first and second key portions and corresponds to the secret key of the first key pair.
  • the encryption may be received via an out-of-band communication channel as previously described.
  • a second secret key securely stored on the first device is accessed.
  • the second secret key corresponds to the secret key of the second key pair.
  • the second secret key may be stored in the memory 270.
  • the first key portion of the first secret key is decrypted at the first device, on the basis of the second secret key.
  • the first device then generates a symmetric key at block 340, and encrypts the symmetric key under the first public key at block 350.
  • these blocks are implemented in a trusted execution environment, or similar, on the device 250.
  • the encryption of the symmetric key and the first key portion of the first secret key is communicated from the first device to the second device.
  • the second device is arranged to receive the first key portion of the first secret key and the encryption of the symmetric key under the first public key.
  • the second device receives this data from the first device it accesses the second key portion of the first secret key, obtains the first secret key on the basis of the first and second key portions and decrypts the symmetric key on the basis of the first secret key.
  • the methods and system described herein establish a shared symmetric key for enabling secure communication between a first and second device.
  • the method does not require the second device to store long term key. Instead, the second device stores a key portion. When combined with data received from the first device, this allows the second device to recover the symmetric key. This allows multiple such devices to store the same value as a second key portion.
  • this method permits the production of simple devices without having to install a unique long term secret key into each device. This simplifies and reduces the manufacturing cost of these devices.
  • the method allows the second device to authenticate the first device. Only a legitimate first device may have access to a second secret key to decrypt the first key portion of the first secret key. Hence, on receiving the first key portion of the first secret key, the second device knows that the first device must be a legitimate device.
  • Examples in the present disclosure can be provided as methods, systems or machine-readable instructions, such as any combination of software, hardware, firmware or the like.
  • Such machine-readable instructions may be included on a computer readable storage medium (including but not limited to disc storage, CD-ROM, optical storage, etc.) having computer readable program codes therein or thereon.
  • the machine-readable instructions may, for example, be executed by a general-purpose computer, a special purpose computer, an embedded processor or processors of other programmable data processing devices to realize the functions described in the description and diagrams.
  • a processor or processing apparatus may execute the machine- readable instructions.
  • modules of apparatus may be implemented by a processor executing machine-readable instructions stored in a memory, or a processor operating in accordance with instructions embedded in logic circuitry.
  • the term 'processor' is to be interpreted broadly to include a CPU, processing unit, logic unit, or programmable gate set etc.
  • the methods and modules may all be performed by a single processor or divided amongst several processors.
  • Such machine-readable instructions may also be stored in a computer readable storage that can guide the computer or other programmable data processing devices to operate in a specific mode.
  • Such machine-readable instructions may also be loaded onto a computer or other programmable data processing devices, so that the computer or other programmable data processing devices perform a series of operations to produce computer-implemented processing, thus the instructions executed on the computer or other programmable devices provide an operation for realizing functions specified by flow(s) in the flow charts and/or block(s) in the block diagrams.
  • FIG. 4 is a block diagram of a computing system 400 that may be used for implementing the devices and methods disclosed herein. Specific devices may utilize all of the components shown or only a subset of the components, and levels of integration may vary from device to device. Furthermore, a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc.
  • the computing system 400 includes a processing unit 402.
  • the processing unit includes a central processing unit (CPU) 414, memory 408, and may further include a mass storage device 404, a video adapter 410, and an I/O interface 412 connected to a bus 420.
  • CPU central processing unit
  • memory 408 may further include a mass storage device 404, a video adapter 410, and an I/O interface 412 connected to a bus 420.
  • the bus 420 may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus, or a video bus.
  • the CPU 414 may comprise any type of electronic data processor.
  • the memory 408 may comprise any type of non-transitory system memory such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), or a combination thereof.
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous DRAM
  • ROM read-only memory
  • the memory 408 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs.
  • the mass storage 404 may comprise any type of non-transitory storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus 420.
  • the mass storage 404 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, or an optical disk drive.
  • the video adapter 410 and the I/O interface 412 provide interfaces to couple external input and output devices to the processing unit 402.
  • input and output devices include a display 418 coupled to the video adapter 410 and a mouse, keyboard, or printer 416 coupled to the I/O interface 412.
  • Other devices may be coupled to the processing unit 402, and additional or fewer interface cards may be utilized.
  • a serial interface such as Universal Serial Bus (USB) (not shown) may be used to provide an interface for an external device.
  • USB Universal Serial Bus
  • the processing unit 402 also includes one or more network interfaces 406, which may comprise wired links, such as an Ethernet cable, or wireless links to access nodes or different networks.
  • the network interfaces 406 allow the processing unit 402 to communicate with remote units via the networks.
  • the network interfaces 406 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas.
  • the processing unit 402 is coupled to a localarea network 422 or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, or remote storage facilities.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for establishing a symmetric key between a first and second device is described. The method comprises receiving, at the first device, a first public key of a first key pair and an encryption of a first key portion of a first secret key, under a second public key of a second key pair, the first secret key comprising first and second key portions and corresponding to the secret key of the first key pair, accessing a second secret key securely stored on the first device, the second secret key corresponding to the secret key of the second key pair, decrypting the first key portion of the first secret key at the first device, on the basis of the second secret key, generating a symmetric key at the first device, encrypting the symmetric key under the first public key at the first device and communicating the encryption of the symmetric key and the first key portion of the first secret key from the first device to the second device;

Description

METHOD AND SYSTEM FOR PAIRING DEVICES
TECHNICAL FIELD
The present disclosure relates to a system and method for pairing devices. In particular, the system and method described herein establish a shared cryptographic key between devices to enable secure communication.
BACKGROUND
In recent years smart devices such as smartphones have become ubiquitous. There is also increasing adoption of smart consumer electronics in the home such as smart hubs, smart TVs, lighting, and other kinds of devices. This adoption has also led to greater interconnectivity between devices. A user may pair devices together and control multiple devices in their home from their smartphone or smartwatch using Wi-Fi or bluetooth.
Some smart devices are comparitively simple in design. The smart functionality of the device is provided through a simple embedded circuit or a processor with limited power. For example, a smart lightbulb may have an adjustable brightness feature and a bluetooth interface so that the smart blub can be paired to a more complex device such as a smartphone.
SUMMARY
It is an object of the invention to provide a method for securely establishing a cryptographic key between two devices.
The foregoing and other objects are achieved by the features of the independent claims. Further implementation forms are apparent from the dependent claims, the description and the figures.
According to a first aspect, a method for establishing a symmetric key is provided. The method comprises receiving, at a first device, a first public key of a first key pair and an encryption of a first key portion of a first secret key, under a second public key of a second key pair. The first secret key comprises first and second key portions and corresponds to the secret key of the first key pair. The method comprises accessing a second secret key securely stored on the first device where the second secret key corresponds to the secret key of the second key pair, decrypting the first key portion of the first secret key at the first device, on the basis of the second secret key, generating a symmetric key at the first device, encrypting the symmetric key under the first public key at the first device and communicating the encryption of the symmetric key and the first key portion of the first secret key from the first device to the second device.
According to a second aspect a computing system is provided. The computing system comprises a memory and a processor communicatively coupled to the memory. The memory includes program code which, when executed by the processor, provides instructions to access a first public key of a first key pair and an encryption, under a second public key of a second key pair, of a first key portion of a first secret key corresponding to the secret key of the first key pair, on the basis of data received at the computing system. The first secret key comprises first and second key portions. The code further provides instructions to access a second secret key securely stored on the computing system, the second secret key corresponding to the secret key of the second key pair, decrypt the first key portion of the first secret key at the first device, on the basis of the second secret key, generate a symmetric key, encrypt the symmetric key under the first public key at the first device and communicate the encryption of the symmetric key and the first key portion of the first secret key.
According to a third aspect an apparatus is provided. The apparatus comprises a read-only memory arranged to store a second key portion of a secret key comprising first and second key portions, the secret key corresponding to the secret key of a key pair comprising the secret key and a public key. The apparatus is arranged to receive the first key portion and an encryption of a symmetric key under the public key, access the second key portion from the read-only memory, obtain the secret key on the basis of the first and second key portions and decrypt the symmetric key on the basis of the secret key.
According to a fourth aspect a manufacturing method is provided. The method comprises providing a first computing device comprising a memory, generating a first cryptographic key, generating first and second key portions of the first cryptographic key and installing the second key portion in the memory of the first computing device.
In a first implementation form the method comprises, at the second device, receiving the first key portion of the first secret key and the encryption of the symmetric key under the first public key, accessing the second key portion of the first secret key, obtaining the first secret key on the basis of the first and second key portions, and decrypting the symmetric key on the basis of the first secret key.
The method according to the first implementation establishes a shared symmetric key for enabling a pairing of the first and second device. The method does not require the second device to store the first secret key to recover the symmetric key. Multiple devices implementing the method may store the same value for a second key portion. This simplifies and reduces the manufacturing cost of these devices. Furthermore, this reduces the requirement of providing long term key storage on the second device further allowing a simplification of the design of the second device. Moreover, the method implicitly authenticates the first device to the second device as only a legitimate first device may have access to the second secret key to decrypt the first key portion.
In a second implementation form of the method, accessing the first public key and encryption of the first key portion at the first device comprises receiving data via an out-of-band communication channel and accessing the first public key and encryption of the first key portion on the basis of the data.
In a third implementation form of the method, receiving data via an out-of-band communication channel comprises scanning a machine-readable code and/or a radio-frequency identification tag, and/or receiving data via an ultrasound, short distance radio frequency, near-field and/or a low energy Bluetooth communication channel.
The method according to the third implementation form facilitates the retrieval of data to enable the establishment of a secure pairing between the first and second device.
In a fourth implementation form of the method the data comprises a uniform resource locator.
The method according to the fourth implementation form facilitates the retrieval of cryptographic key material from a remote location without having to provide a large amount of data across a low bandwidth communication channel.
In a fifth implementation form of the method the second secret key is securely stored in a trusted execution environment on the first device.
In a sixth implementation form of the method accessing the second key portion of the first secret key on the second device comprises retrieving the second key portion from read-only memory on the second device.
In a seventh implementation form the method comprises generating the first key portion of the first secret key on the basis of the first secret key and the second key portion of the first secret key. In an eighth implementation form of the method, generating the first key portion of the first secret key comprises randomly generating the first secret key, generating a data value for the second key portion of the first secret key and determining the first key portion on the basis of the second key portion and the first secret key.
The method according to the eighth implementation form allows the same second key portion to be used across multiple devices without comprising the security of the first key portion and the key. The first key portion is determined from the secret key and the second key portion. Therefore, if the key is chosen at random, for fixed second key portions across multiple devices, the resultant first key portion is random.
In a ninth implementation form of the method, encryption of data is performed on the basis of the Elliptic Curve Integrated Encryption Scheme.
These and other aspects of the invention will be apparent from and the embodiment(s) described below.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present disclosure, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
Figure 1 shows a schematic diagram of a group of devices, according to an example.
Figure 2A shows a schematic diagram of an apparatus for setting up a device for pairing with a device, according to an example.
Figure 2B shows a schematic diagram of an apparatus for pairing devices, according to an example.
Figure 3 is a block diagram of a method for establishing a symmetric key between a first and second device, according to an example.
Figure 4 is a block diagram of a computing system that may be used for implementing the devices and methods disclosed herein. DETAILED DESCRIPTION
Example embodiments are described below in sufficient detail to enable those of ordinary skill in the art to embody and implement the systems and processes herein described. It is important to understand that embodiments can be provided in many alternate forms and should not be construed as limited to the examples set forth herein.
Accordingly, while embodiments can be modified in various ways and take on various alternative forms, specific embodiments thereof are shown in the drawings and described in detail below as examples. There is no intent to limit to the particular forms disclosed. On the contrary, all modifications, equivalents, and alternatives falling within the scope of the appended claims should be included. Elements of the example embodiments are consistently denoted by the same reference numerals throughout the drawings and detailed description where appropriate.
The terminology used herein to describe embodiments is not intended to limit the scope. The articles “a,” “an,” and “the” are singular in that they have a single referent, however the use of the singular form in the present document should not preclude the presence of more than one referent. In other words, elements referred to in the singular can number one or more, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “includes,” and/or “including,” when used herein, specify the presence of stated features, items, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, items, steps, operations, elements, components, and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein are to be interpreted as is customary in the art. It will be further understood that terms in common usage should also be interpreted as is customary in the relevant art and not in an idealized or overly formal sense unless expressly so defined herein.
Figure 1 is a simplified schematic diagram of a group 100 of electronic devices. In the example shown in Figure 1 , each one of the devices in the group 100 may be a personal device such as a smartphone, tablet or a smart wearable device such as a smartwatch. According to other examples, one or more of the devices in the group 100 is a smart home device such as a smart TV, smart lightbulb, smart hub, or other kind of consumer electronics device. For example, the device 110 may be a user’s smartphone and each of the devices 120 - 150 may be other smart devices around the user’s home. In Figure 1 , the device 110 is paired to the device 120. Herein a device is said to be paired to another device if the device is in communication with the other device via a wireless connection. According to examples each of the devices 120 - 150 are capable of pairing with the device 110 through at least one method of wireless communication. Such a connection may be any kind of wireless connection such as a wireless local area network (WLAN), Bluetooth, Wi-Fi, Near-field Communication (NFC) or similar. In the example shown in Figure 1 , the device 120 may be a smart lightbulb which is paired via Bluetooth with the smartphone device 110. In examples, the owner of the device 110 controls the brightness smart lightbulb 120 via their device 110.
It is desirable to secure the connection between the device 110 and device 120. A secure connection protects the data that is transmitted between the devices, and prevents attacks, such as man in the middle attacks, which would otherwise render devices unsafe for use in the consumer market. According to examples, a secure connection may be provided through the use of cryptographic protocols such as authentication and encryption.
The functionality of the device 120 may be limited. In the aforementioned example of the smart lightbulb, it may be impossible to store a cryptographic key to provide a secure connection. It may also be impractical to manufacture a large number of smart lightbulbs with a unique longterm cryptographic key injected into the device during a manufacturing process. From a manufacturing perspective, it is preferable to design a process that produces smart lightbulbs that are identical, or as close to identical, in design as possible. Further design issues arise where additional functionality, such as authentication, is to be built into the device 120.
The methods and systems described herein provide a method of securely pairing devices. The methods and system do not require one of the devices to store a long-term cryptographic key.
According to examples, a secret key is split into two random portions. One of the key portions is stored on one of the devices and the other key portion is provided on a tag in an encrypted form, which may be fixed to the device. A further device scans the tag to retrieve the encrypted key portion. This device decrypts the key portion and generates a symmetric key. The further device communicates an encryption of the new key under the corresponding public key of the original secret key, together with the decrypted key portion back to the first device. The first device recovers the original secret key using the key portions and decrypts the symmetric key using the recovered secret key. Both devices can then communicate securely using the symmetric key. The method described herein implicitly authenticates the further device. In particular, the encryption of the key portion is provided in such a way that only a legitimate device reading the tag can obtain the key portion. Furthermore, the secret key and key portion are generated in a way that allows the key portion stored on the device to be identical across a batch of the devices without compromising the security. In particular, unknown secret keys and key portions provided to further devices are generated uniformly randomly and appear random even to an adversary that obtains the other key portion of the secret key.
Figure 2A is a simplified schematic diagram showing an apparatus 200, for setting up a device for pairing with another device, according to an example. In Figure 2A, a device 210 is shown. The device 210 may be a smart device similar to examples of devices previously described. In the example shown in Figure 2A the device 210 comprises a read-only memory 220. The apparatus 200 shown in Figure 2A, further comprises a server 230. The device 210 is arranged to communicate with the server 230 during, for example, a set up phase or a final stage of a manufacturing process.
According to examples described herein, the server 230 generates a first key pair for a cryptographic encryption scheme:
(pk^ ski)
The encryption scheme may be, for example, the Elliptic Curve Integrated Encryption Scheme (ECIES). In that case, the secret key ski is an integer k selected from a range [1, . . , n - 1] and the public key pki is a point k x G i.e. k copies of the point G summed together, for some preselected base point G on an elliptic curve E. The server 230 is arranged to split the secret key ski into two key portions (xi, X2). According to examples a key portion is a data value related to a cryptographic key. For example, in a traditional asymmetric scheme where the secret key comprises one or more data values selected at random from a finite field, a key portion may be generated from securely splitting the key into a sum of values over the finite field.
According to an example a key may be split into two portions by first selecting a portion uniformly at random, then generating a further portion by subtracting the first portion from the key value. The resulting portion is uniformly random. For example, in ECIES, a key pair comprises a point on an elliptic curve and a secret integer k, generated uniformly at random from a range [1, .. n - 1] , The key portions (xi, X2) are generated as follows: a value X2 is generated uniformly at random then the value xi = k - X2 is uniformly random, since k and X2 are uniformly random. This technique may be applied to split keys into two key portions such that the second key portion X2 is fixed to the same value across a batch of devices without compromising security. This allows each of the devices in a batch to be manufactured identically. The second key portion X2 may be injected into the device 210 and stored in the read-only memory 220. Each device may still have a unique secret key associated to it using this splitting method, without requiring long term storage of the unique secret key.
The server 230 generates a second key pair (pk2, sk2). According to examples described herein, the server 230 is arranged to generate an encryption C of the first key portion xi under the public key pk2 of the second key pair:
C = Enc(x1, pk2)
This encryption is made accessible to a device that wishes to pair with the device 210.
Figure 2B is a schematic diagram showing an apparatus 240 according to an example. In the apparatus 240 shown in Figure 2B, the same device 210 is shown together with a further device 250. The further device 250 comprises a processor 260 and a memory 270 which is communicatively coupled to the processor 260. The device 250 may be a smart device, such as a smartphone or smartwatch.
The device 250 is arranged to communicate with the device 210. The communication between the devices 210 and 250 may be provided via appropriate interfaces (not shown in Figures 2A and 2B) in the devices. For examples, the devices 210 and 250 may be arranged to communicate using Wi-Fi, Bluetooth, near-field communication or similar wireless communication and appropriate networking interfaces are provided in the devices.
In examples described herein the device 250 is further arranged to receive data via an out-of- band communication channel from the device 210. In the example shown in Figure 2B, the device 210 comprises a tag 280. The tag 280 may be a machine-readable code such as a QR code, a radio-frequency identification (RFID) tag or similar. The device 250 scans the tag 280 to receive data via an out-of-band channel in addition to receiving data over the main wireless communication link. In other examples, an out-of-band channel may be provided through ultrasound, short distance radio frequency, near-field and/or a low energy Bluetooth communication channel. According to examples, the device 250 is arranged to access the encryption C = Enc(xi, pk2) of the first key portion under the second public key by scanning the tag 280. The encryption C may be encoded in the tag 280. Alternatively data may be provided in the tag 280 which provides data to recover the encryption C from the server 230. For example, the tag 280 may encode a uniform resource locator (URL) which provides a link to the encryption C.
The device 250 is arranged to store the second secret key sk2 securely in the memory 270. The second secret key sk2 may be installed during a manufacturing process on the device 250. In some cases, the server 230 communicates the second key pair to the device 250 via a secure channel. According to examples described herein, the processor 260 and memory 270 provide a trusted execution environment. A trusted execution environment provides an isolated zone of execution in the device 250 which can be used to securely store and use a cryptographic key with a higher level of trust than the device as a whole. In some cases, the device 250 may also have dedicated logic or modules to perform cryptographic operations such as encryption securely.
Once the device 250 has received the encryption C via the out-of-band communication channel, the device 250 decrypts the encryption C to recover the key portion xi of the first secret key. The device 250 is arranged to generate to a symmetric key K which is to be used to secure communication between the devices 210 and 250. The device 250 then retrieves the first public key pki and encrypts the key K under the first public key pki . In some cases the first public key pki is also provided to the device 250 via the out-of-band communication channel. In other cases, the device 250 retrieves the public pki from e.g. the server 230.
The device 250 communicates the encryption of the new key K to the device 210 together with the first key portion xi of the first secret key ski. The first key portion xi is communicated in the clear. This does not compromise security since the key portion does not allow an adversary to obtain the full secret key. To do so would require the adversary to also obtain the key portion X2 on the device 210. However, an adversary who could obtain the key portion on the device 210 could also obtain a long term key on the device 210 using the same method and therefore an attack of this kind requires at least as much effort as storing a long term key on the device 210.
The device 210 receives the encryption of the symmetric key K and first key portion xi from the device 250 and accesses the second key portion X2 of the first secret key ski stored in the memory 220. The device 210 is arranged to recover the first secret key ski which it uses to decrypt the encryption of the symmetric key K. The devices 210 and 250 are then paired to each other to securely communicate using the key K.
In some examples the device 210 is arranged to wipe the key portion xi and the first secret key ski from memory once the devices 210 and 250 are paired. This ensures the device 210 does not need to store the key ski long term. Moreover, this prevents an adversary that obtains the device 210, from recovering the key portion X2 which may be the same for multiple devices. Moreover, only a legitimate device 250, which has access to the secret key sk2 which allows decryption of data received via the out-of-band channel, can decrypt the encryption C. Hence, the device 210 knows that the device 250 is an authenticate device and the device 210 does not need to perform a separate authentication session to authenticate the device 250.
Figure 3 is a block diagram showing a method 300 for establishing a symmetric key between a first and second device, according to an example. The method 300 may be implemented on the apparatus and systems described herein. In particular, the method 300 may be implemented on the device 250 shown in Figure 2B to establish a key with the device 210.
At block 310 a first public key and an encryption of a first key portion of a first secret key, under a second public key is received at a first device. According to examples, the first secret key comprises first and second key portions and corresponds to the secret key of the first key pair. The encryption may be received via an out-of-band communication channel as previously described.
At block 320, a second secret key securely stored on the first device is accessed. The second secret key corresponds to the secret key of the second key pair. When the method 320 is implemented on the device 250, the second secret key may be stored in the memory 270.
At block 330, the first key portion of the first secret key is decrypted at the first device, on the basis of the second secret key. The first device then generates a symmetric key at block 340, and encrypts the symmetric key under the first public key at block 350. According to examples, these blocks are implemented in a trusted execution environment, or similar, on the device 250.
At block 360, the encryption of the symmetric key and the first key portion of the first secret key is communicated from the first device to the second device. The second device is arranged to receive the first key portion of the first secret key and the encryption of the symmetric key under the first public key. When the second device receives this data from the first device it accesses the second key portion of the first secret key, obtains the first secret key on the basis of the first and second key portions and decrypts the symmetric key on the basis of the first secret key.
The methods and system described herein establish a shared symmetric key for enabling secure communication between a first and second device. The method does not require the second device to store long term key. Instead, the second device stores a key portion. When combined with data received from the first device, this allows the second device to recover the symmetric key. This allows multiple such devices to store the same value as a second key portion. In particular this method permits the production of simple devices without having to install a unique long term secret key into each device. This simplifies and reduces the manufacturing cost of these devices.
Moreover, the method allows the second device to authenticate the first device. Only a legitimate first device may have access to a second secret key to decrypt the first key portion of the first secret key. Hence, on receiving the first key portion of the first secret key, the second device knows that the first device must be a legitimate device.
Examples in the present disclosure can be provided as methods, systems or machine-readable instructions, such as any combination of software, hardware, firmware or the like. Such machine-readable instructions may be included on a computer readable storage medium (including but not limited to disc storage, CD-ROM, optical storage, etc.) having computer readable program codes therein or thereon.
The present disclosure is described with reference to flow charts and/or block diagrams of the method, devices and systems according to examples of the present disclosure. Although the flow diagrams described above show a specific order of execution, the order of execution may differ from that which is depicted. Blocks described in relation to one flow chart may be combined with those of another flow chart. In some examples, some blocks of the flow diagrams may not be necessary and/or additional blocks may be added. It shall be understood that each flow and/or block in the flow charts and/or block diagrams, as well as combinations of the flows and/or diagrams in the flow charts and/or block diagrams can be realized by machine readable instructions.
The machine-readable instructions may, for example, be executed by a general-purpose computer, a special purpose computer, an embedded processor or processors of other programmable data processing devices to realize the functions described in the description and diagrams. In particular, a processor or processing apparatus may execute the machine- readable instructions. Thus, modules of apparatus may be implemented by a processor executing machine-readable instructions stored in a memory, or a processor operating in accordance with instructions embedded in logic circuitry. The term 'processor' is to be interpreted broadly to include a CPU, processing unit, logic unit, or programmable gate set etc. The methods and modules may all be performed by a single processor or divided amongst several processors. Such machine-readable instructions may also be stored in a computer readable storage that can guide the computer or other programmable data processing devices to operate in a specific mode.
Such machine-readable instructions may also be loaded onto a computer or other programmable data processing devices, so that the computer or other programmable data processing devices perform a series of operations to produce computer-implemented processing, thus the instructions executed on the computer or other programmable devices provide an operation for realizing functions specified by flow(s) in the flow charts and/or block(s) in the block diagrams.
Figure 4 is a block diagram of a computing system 400 that may be used for implementing the devices and methods disclosed herein. Specific devices may utilize all of the components shown or only a subset of the components, and levels of integration may vary from device to device. Furthermore, a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc. The computing system 400 includes a processing unit 402. The processing unit includes a central processing unit (CPU) 414, memory 408, and may further include a mass storage device 404, a video adapter 410, and an I/O interface 412 connected to a bus 420.
The bus 420 may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus, or a video bus. The CPU 414 may comprise any type of electronic data processor. The memory 408 may comprise any type of non-transitory system memory such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), or a combination thereof. In an embodiment, the memory 408 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs.
The mass storage 404 may comprise any type of non-transitory storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus 420. The mass storage 404 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, or an optical disk drive.
The video adapter 410 and the I/O interface 412 provide interfaces to couple external input and output devices to the processing unit 402. As illustrated, examples of input and output devices include a display 418 coupled to the video adapter 410 and a mouse, keyboard, or printer 416 coupled to the I/O interface 412. Other devices may be coupled to the processing unit 402, and additional or fewer interface cards may be utilized. For example, a serial interface such as Universal Serial Bus (USB) (not shown) may be used to provide an interface for an external device.
The processing unit 402 also includes one or more network interfaces 406, which may comprise wired links, such as an Ethernet cable, or wireless links to access nodes or different networks. The network interfaces 406 allow the processing unit 402 to communicate with remote units via the networks. For example, the network interfaces 406 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas. In an embodiment, the processing unit 402 is coupled to a localarea network 422 or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, or remote storage facilities.
Although the present disclosure and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the disclosure as defined by the appended claims.
The present inventions can be embodied in other specific apparatus and/or methods. The described embodiments are to be considered in all respects as illustrative and not restrictive. In particular, the scope of the invention is indicated by the appended claims rather than by the description and figures herein. All changes that come within the meaning and range of equivalency of the claims are to be embraced within their scope.

Claims

1 . A method for establishing a symmetric key, comprising: receiving, at a first device, a first public key of a first key pair and an encryption of a first key portion of a first secret key, under a second public key of a second key pair, the first secret key comprising first and second key portions and corresponding to the secret key of the first key pair; accessing a second secret key securely stored on the first device, the second secret key corresponding to the secret key of the second key pair; decrypting the first key portion of the first secret key at the first device, on the basis of the second secret key; generating a symmetric key at the first device; encrypting the symmetric key under the first public key at the first device; and communicating the encryption of the symmetric key and the first key portion of the first secret key from the first device to a second device.
2. The method of claim 1 , comprising, at the second device: receiving the first key portion of the first secret key and the encryption of the symmetric key under the first public key; accessing the second key portion of the first secret key; obtaining the first secret key on the basis of the first and second key portions; and decrypting the symmetric key on the basis of the first secret key.
3. The method of claim 1 , wherein accessing the first public key and encryption of the first key portion at the first device comprises: receiving data via an out-of-band communication channel; and accessing the first public key and encryption of the first key portion on the basis of the data.
4. The method of claim 3, wherein receiving data via an out-of-band communication channel comprises scanning a machine-readable code and/or a radio-frequency identification tag, and/or receiving data via an ultrasound, short distance radio frequency, near-field and/or a low energy Bluetooth communication channel.
5. The method of claim 3, wherein the data comprises a uniform resource locator.
6. The method of claim 1 , wherein the second secret key is securely stored in a trusted execution environment on the first device.
7. The method of claim 2, wherein accessing the second key portion of the first secret key on the second device comprises retrieving the second key portion from read-only memory on the second device.
8. The method of claim 1 , comprising generating the first key portion of the first secret key on the basis of the first secret key and the second key portion of the first secret key.
9. The method of claim 8, wherein generating the first key portion of the first secret key comprises: randomly generating the first secret key; generating a data value for the second key portion of the first secret key; and determining the first key portion on the basis of the second key portion and the first secret key.
10. The method of claim 1 , wherein encryption of data is performed on the basis of the Elliptic Curve Integrated Encryption Scheme.
11. A computing system, comprising: a processor; and a memory communicatively coupled to the processor, the memory including program code which when executed by the at least one processor provides instructions to: access a first public key of a first key pair and an encryption, under a second public key of a second key pair, of a first key portion of a first secret key corresponding to the secret key of the first key pair on the basis of data received at the computing system, the first secret key comprising first and second key portions; access a second secret key securely stored on the computing system, the second secret key corresponding to the secret key of the second key pair; decrypt the first key portion of the first secret key at the first device, on the basis of the second secret key; generate a symmetric key; encrypt the symmetric key under the first public key at the first device; and communicate the encryption of the symmetric key and the first key portion of the first secret key.
12. The computing system of claim 11 , wherein the program code comprises instructions to access data received via an out-of-band communication channel.
13. The computing system of claim 12, wherein the program code comprises instructions to retrieve the first public key and encryption of the first key portion on the basis of a uniform resource locator received via the out-of-band communication channel.
14. The computing system of claim 11 , wherein the computing system comprises a trusted execution environment to securely store data on the computing system.
15. The computing system of claim 14, wherein the second secret key is stored in the trusted execution environment.
16. An apparatus, comprising: a read-only memory arranged to store a second key portion of a secret key comprising first and second key portions, the secret key corresponding to the secret key of a key pair comprising the secret key and a public key; wherein the apparatus is arranged to: receive the first key portion and an encryption of a symmetric key under the public key; access the second key portion from the read-only memory; obtain the secret key on the basis of the first and second key portions; and decrypt the symmetric key on the basis of the secret key.
17. A manufacturing method, comprising: providing a first computing device comprising a memory; generating a first cryptographic key; generating first and second key portions of the first cryptographic key; and installing the second key portion in the memory of the first computing device.
18. The manufacturing method of claim 17, comprising: providing a second computing device comprising a memory; generating a second cryptographic key; generating a first key portion of the second cryptographic key on the basis of the second cryptographic key and the second key portion of the first cryptographic key, such that the first key portion of the second cryptographic key combines with the second key portion of the first cryptographic key to form the second cryptographic key; and
16 installing the second key portion of the first cryptographic key in the memory of the second computing device.
17
PCT/EP2021/052466 2021-02-03 2021-02-03 Method and system for pairing devices WO2022167061A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/052466 WO2022167061A1 (en) 2021-02-03 2021-02-03 Method and system for pairing devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/052466 WO2022167061A1 (en) 2021-02-03 2021-02-03 Method and system for pairing devices

Publications (1)

Publication Number Publication Date
WO2022167061A1 true WO2022167061A1 (en) 2022-08-11

Family

ID=74556890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/052466 WO2022167061A1 (en) 2021-02-03 2021-02-03 Method and system for pairing devices

Country Status (1)

Country Link
WO (1) WO2022167061A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737419A (en) * 1994-11-09 1998-04-07 Bell Atlantic Network Services, Inc. Computer system for securing communications using split private key asymmetric cryptography
WO2006119184A2 (en) * 2005-05-04 2006-11-09 Tricipher, Inc. Protecting one-time-passwords against man-in-the-middle attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737419A (en) * 1994-11-09 1998-04-07 Bell Atlantic Network Services, Inc. Computer system for securing communications using split private key asymmetric cryptography
WO2006119184A2 (en) * 2005-05-04 2006-11-09 Tricipher, Inc. Protecting one-time-passwords against man-in-the-middle attacks

Similar Documents

Publication Publication Date Title
CN106664555B (en) Network-enabled device provisioning
US10694374B2 (en) Electronic network device
US10757571B2 (en) Internet of things device
JP4673890B2 (en) How to transfer a certification private key directly to a device using an online service
US8406735B2 (en) Method for pairing electronic equipment in a wireless network system
CN104094267B (en) Method, apparatus and system for secure sharing of media content from a source device
US11290262B2 (en) Method and devices for communicating securely between devices
JP2017518651A (en) Wireless communication connection establishment method and system
KR20180119201A (en) Electronic device for authentication system
US20090214037A1 (en) Methods and Apparatuses to Secure Data Transmission in RFID Systems Against Eavesdropping
WO2010097605A1 (en) Authentication method and apparatus using one time pads
WO2018122230A1 (en) Pseudo-random generation of matrices for a computational fuzzy extractor and method for authentication
US11128455B2 (en) Data encryption method and system using device authentication key
CN102571804A (en) Internet of things center first login method based on product identification code
CN110225028B (en) Distributed anti-counterfeiting system and method thereof
TWI422241B (en) Spectrum authorization and related communications methods and apparatus
US20070005966A1 (en) Derivation of a shared keystream from a shared secret
CN104618380A (en) Secret key update method suitable for internet of things
US20190238347A1 (en) Generating an authentication result by using a secure base key
WO2018122235A1 (en) Reverse computational fuzzy extractor and method for authentication
WO2022167061A1 (en) Method and system for pairing devices
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
KR101808313B1 (en) Method of encrypting data
WO2019032580A1 (en) Apparatus and method for encapsulation of profile certificate private keys or other data
JP2015070498A (en) Key exchange system, key exchange device, key exchange method and program

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21703644

Country of ref document: EP

Kind code of ref document: A1