摘要 |
It is disclosed a method and a constrained resource device (502, 70, 90) for establishing a secret first key between a client device (506) and the constrained resource device. The invention also relates to a method and an authorization server (504, 60, 80) for enabling establishing a secret first key between a client device (506) and the constrained resource device. Based on a secret second key shared (508) between the constrained RD and the AS, the secret first key shared between the constrained resource device and the client device can be established. Devices having constrained resources cannot use protocols with which additional messages are required to share a secure identity. Embodiments of the present invention have the advantage that a secret identity can be established within an authentication protocol and that no additional messages are required to establish the secret identity. |
主权项 |
1. A method for enabling establishment of a secret first key shared between a constrained resource device, RD, (502, 70, 90) and a client device (506), the method being performed in an authorization server, AS, (504, 60, 80) having a secret second key shared with the constrained RD, where the AS is associated with the client device, the method comprising:
receiving (32, 510) from the client device a request for a secret first key shared between the constrained RD and the client device, determining (34, 512) an identifier of the request, based on the request received from the client device; generating (36, 514) the secret first key based on said identifier of the request and the secret second key, wherein the secret first key is associated with the identifier of the request; and sending (38, 516) to the client device the identifier of the request and the generated secret first key, thereby enabling the client device to generate a digital signature to be used in communication with the constrained RD, enabling the establishment of the secret first key shared between the constrained RD and the client device. |