摘要 |
A method (200) of establishing a secure connection (213) between a master device (101) and a slave device (102), sharing at least a first communication channel, is provided. The method comprises transmitting (201) an identifier IDM of the master device over the first communication channel, generating (202) a proof-of-possession XS of a key KS, using KS IDM, and a first identifier I DSi of the slave device, generating (202) a key MKS using IDM, I DSi, and KS storing (204) MKS, and transmitting (203) I DSi and XS to the master device. The method further comprises transmitting (205) IDSi, XS and IDM, to a bootstrapping server, acquiring (206) KS using IDSi, and generating (207) a proof-of-possession XB of KS using KS, IDM, and IDSi. The method further comprises, if XB and XS are identical (208), generating (210) a key MKB using IDM, I DSi, and KS, and transmitting (211) MKB to the master device where it is stored (212). Optionally, I DSi and XS may be transmitted (203) to the master device over a second, preferably location-limited, communication channel, such as audio or video. |