Browse Prior Art Database

System and Method to Confirm Encryption Keys before Use

IP.com Disclosure Number: IPCOM000131874D
Publication Date: 2005-Nov-21
Document File: 2 page(s) / 9K

Publishing Venue

The IP.com Prior Art Database

Abstract

When two entities have established a shared secret between them, it can be used to protect communications between them. But if someone can impersonate one of the parties, it would be nice to confirm that they have possession of the secret before you being communications with them.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 61% of the total text.

ENCRYPTION KEY CONFIRMATION

System and Method to Confirm Encryption Keys before Use

Disclosed Anonymously

When two entities have established a shared secret between them, it can be used to protect communications between them. But if someone can impersonate one of the parties, it would be nice to confirm that they have possession of the secret before you being communications with them.

Specifically in the case of the Bluetooth Smart Card Reader, each protected transaction to the reader will begin with the Smart Card Password.  We don't want to have this accidentally sent to someone impersonating the reader.  Our invention helps alleviate that worry.

The basic idea is to do a challenge/response protocol before we begin the encrypted transaction.  This is only two packets in length, so it adds minimal overhead.  Assume that the shared secret between the reader and the device/PC is K.

1) The mobile device/computer generates a random challenge C and encrypts it with K(E_K(C)) and sends it to the reader.

2) The reader decrypts the challenge to recover C.  It then transforms it in some agreed upon way (such as reversing it, flipping every other bit, or something else) to arrive at C'. It then encrypts C' with K (E_K(C')) and sends the response back to the mobile device/computer.

3) The mobile device/computer decrypts the response and confirms that C' was the transformed version of C. If it passes, then the transaction continues as normal. If it fails, the mobile device/compute...