METHOD TO AUTHENTICATE TWO DEVICES TO ESTABLISH A SECURE CHANNEL

摘要

The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

主权项

1. Method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority,
said method comprising the preliminary step of providing each device from each group with a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, each authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups; said method further comprising the steps of, when two devices from different groups initiate a communication, for each of the two devices, sending a group identifier to the other device, receiving a group identifier from the other device, selecting the authentication token stored for the other group, preparing and sending to the other device the corresponding cipher to the other device, receiving a cipher from the other device, decrypting the received cipher using the stored group secret key to get the random number, deducing a session key from the random number, establishing a secure channel using said session key, generating a new authentication token for its own group from a new random number using the group secret key, sending the new authentication token to the other device over the established secure channel, receiving, from the other device over the established secure channel, a new authentication token for the group of this other device.