IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0177626
(2002-06-18)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
22 인용 특허 :
192 |
초록
▼
A key exchange protocol can be performed between components of a system, such as between a computer program being executed by the processor of a PC (or other computer system) and a peripheral. A peripheral with a user input capability and a very limited display capability, such as a keyboard or a mo
A key exchange protocol can be performed between components of a system, such as between a computer program being executed by the processor of a PC (or other computer system) and a peripheral. A peripheral with a user input capability and a very limited display capability, such as a keyboard or a mouse, may be used to confirm a key exchange between the system components in a way that requires the user to enter only small amounts of input data (e.g., keystrokes or mouse clicks). Security between components may be enhanced without having a negative impact on usability of the system. Embodiments of the present invention help to deter "man in the middle" attacks wherein an attacker gains control of a system component situated between certain communicating system components.
대표청구항
▼
What is claimed is: 1. A method of securely exchanging a symmetric key between first and second components of a system comprising: generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key
What is claimed is: 1. A method of securely exchanging a symmetric key between first and second components of a system comprising: generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component's asymmetric key pair; sending, by the first component, a first command, the first hash value, and the first component's public key to the second component; and generating, by the second component, the symmetric key, encrypting the symmetric key using the first component's public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command. 2. The method of claim 1, further comprising: causing display of the first nonce by the first component; accepting, by the second component, input of the displayed first nonce; and generating, by the second component, a third nonce, encrypting the third nonce with the symmetric key, generating a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and sending the second hash value to the first component. 3. The method of claim 2, further comprising: sending, by the first component, the second nonce to the second component; checking, by the second component, that the hash value of the first nonce, the second nonce, and the first component's public key matches the first hash value; activating, by the second component, a second trust indicator when the hash values match; and activating, by the second component, a third trust indicator when the hash values do not match. 4. The method of claim 3, further comprising: sending, by the second component, the third nonce to the first component; and checking, by the first component, that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value. 5. The method of claim 1, wherein the second component comprises a keyboard and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard. 6. The method of claim 1, wherein the second nonce comprises a predetermined number of randomly generated bits. 7. The method of claim 1, wherein the first command comprises a "reset-learn" command to put the second component into a "learn" mode, whereby input data received by the second component is not forwarded to the first component while the second component is in "learn" mode. 8. The method of claim 1, further comprising activating a first trust indicator on the second component after receiving the first command. 9. The method of claim 4, further comprising causing the display of a message indicating secure communications between the first and second components are enabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value. 10. The method of claim 4, further comprising causing the display of a message indicating secure communications between the first and second components are disabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce does not match the second hash value. 11. An article comprising: a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely exchanging a symmetric key between first and second components of a system, the instructions including generating, by the first component, an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the first component's asymmetric key pair; sending, by the first component, a first command, the first hash value, and the first component's public key to the second component; and generating, by the second component, the symmetric key, encrypting the symmetric key using the first component's public key, and sending the encrypted symmetric key to the first component, in response to receiving the first command. 12. The article of claim 11, further comprising instructions for causing display of the first nonce by the first component; accepting, by the second component, input of the displayed first nonce; and generating, by the second component, a third nonce, encrypting the third nonce with the symmetric key, generating a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and sending the second hash value to the first component. 13. The article of claim 12, further comprising instructions for sending, by the first component, the second nonce to the second component; checking, by the second component, that the hash value of the first nonce, the second nonce, and the first component's public key matches the first hash value; activating, by the second component, a second trust indicator when the hash values match; and activating, by the second component, a third trust indicator when the hash values do not match. 14. The article of claim 13, further comprising instructions for sending, by the second component, the third nonce to the first component; and checking, by the first component, that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value. 15. The article of claim 11, wherein the second component comprises a keyboard and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard. 16. The article of claim 11, wherein the second nonce comprises a predetermined number of randomly generated bits. 17. The article of claim 11, wherein the first command comprises a "reset-learn" command to put the second component into a "learn" mode, whereby input data received by the second component is not forwarded to the first component while the second component is in "learn" mode. 18. The article of claim 11, further comprising instructions for activating a first trust indicator on the second component after receiving the first command. 19. The article of claim 14, further comprising instructions for causing the display of a message indicating secure communications between the first and second components are enabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value. 20. The article of claim 14, further comprising instructions for causing the display of a message indicating secure communications between the first and second components are disabled when the hash value of the first nonce, the third nonce, and the encrypted third nonce does not match the second hash value. 21. A system comprising: a processor configured to generate an asymmetric key pair, a first nonce, a second nonce, and a first hash value of the first nonce, the second nonce, and a public key of the processor's asymmetric key pair, and to send a first command, the first hash value, and the processor's public key; and a peripheral coupled to the processor and configured to receive the first command, the first hash value, and the processor's public key, to generate a symmetric key, to encrypt the symmetric key using the processor's public key, and to send the encrypted symmetric key to the processor, in response to receiving the first command. 22. The system of claim 21, wherein the processor is further configured to cause the display of the first nonce by the processor, and the peripheral is further configured to accept input of the displayed first nonce, to generate a third nonce, to encrypt the third nonce with the symmetric key, to generate a second hash value of the first nonce, the third nonce, and the encrypted third nonce, and to send the second hash value to the processor. 23. The system of claim 22, wherein the processor is further configured to send the second nonce to the peripheral; and the peripheral comprises a second trust indicator and a third trust indicator and is further configured to check that the hash value of the first nonce, the second nonce, and the processor's public key matches the first hash value, to activate the second trust indicator when the hash values match; and to activate the third trust indicator when the hash values do not match. 24. The system of claim 23, wherein the peripheral is further configured to send the third nonce to the peripheral; and the processor is further configured to check that the hash value of the first nonce, the third nonce, and the encrypted third nonce matches the second hash value. 25. The system of claim 21, wherein the peripheral comprises a first trust indicator and is further configured to activate the first trust indicator after receiving the first command. 26. The system of claim 24, wherein the peripheral comprises a keyboard, and the trust indicators comprise colored light emitting diodes (LEDs). 27. The system of claim 24, wherein the peripheral comprises a keyboard, and the first nonce comprises a randomly generated first number of characters representing keys on the keyboard. 28. The system of claim 24, wherein the peripheral comprises a keyboard, and the trust indicators comprise audible tones. 29. The system of claim 24, wherein the peripheral further comprises a non-volatile memory to store the symmetric key.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.