Method and device for communication security

摘要

A method of authenticating communication between a first and second device over an insecure communications network, in which the first device authenticates the second device using a communications protocol including a first communications phase through a first communications channel over the insecure communications network to establish a secure mode of communications between the first and second device, followed by a second communications phase of receiving information from the second device over a second communications channel, such as an empirical channel, and enabling a comparison between the information received from the second device with information generated by the first device thereby enabling authentication of the second device in the event of the information from both devices is consistent.

主权项

1. A computer-implemented method of authenticating a first device using a communications protocol, comprising:
establishing, by a second device, a secure mode of communications between the first and second devices through a first communications channel over an insecure communications network,
wherein the second device comprises at least one of a door lock, automatic garage door opener, remote car starter, sprinkler system, safety box, thermostat, safety detector, air conditioner, dishwasher, clothes dryer, freezer, refrigerator, kitchen stove, water heater, washing machine, microwave ovens, induction cooker, TV set, CD/DVD player, camcorder, still camera, digital clock, alarm clock, video game console, home cinema, or answering machine; receiving a public key from the first device, via the first communications channel; receiving, from the first device, a long hash of a hash key via the first communications channel; receiving, from the first device, the hash key under the public key, via the first communications channel; checking, by the second device, the received hash key to determine whether the received hash key produces the correct value for the long hash of the hash key; sending information of the second device to the first device, via the first communications channel, if the received hash key produces the correct value for the long hash of the hash key; receiving, by the second device, a digest value from the first device over a second communications channel, the digest value from the first device generated based at least upon information transmitted from the second device, wherein the second communication channel includes one or more connections via an ultrasonic channel; authenticating the first device by the second device if the received digest value is consistent with a calculated digest value by the second device, the second device configured to compare the received digest value with the calculated digest value, wherein the calculated digest value is determined, using a pseudo-random number generator (PRNG) of the second device, by steps comprising:
initializing a first memory store and a second memory store of the PRNG for storing strings of bits by shifting each of the lengths of bits in a predetermined manner;initializing the length of bits in each memory store with values functionally dependent on a key;storing a first length of pseudo-random bits in the first memory store; storing a second length of bits of digest information in the second memory store; andoperating on both the stored strings of bits in each of the first memory store and the second memory store to produce the calculated digest value; and in response to the received digest value from the first device being consistent with the calculated digest value on the second device, enabling the first device to send one or more instructions to control at least one function of the second device.