| 摘要 |
The present invention provides a secure method for establishing cryptographic keys based on a Diffie-Hellman type of key exchange that can be used by two parties (devices, entities, etc.) to secure their in-between communications. The method uses commitments and older secrets for creating a sense of "continuity" with older attempts of communication (session/key continuity). The computation of the common Diffie-Hellman key is performed only after successful authentications take place. Then, the two parties verify the common secret using some secondary channel, such as for example, voice verification. In addition to the above, a warning indicator is provided that warns users if a common secret was discovered by the protocol using some appropriate interface. If users have interacted in the past, they should share common secrets. If this is not the case, a person-in-the-middle attack is taking place even if authentication values happen to match. Overall, the previous measures reduce the danger of attcks thus creating an effective and secure method for communication between two parties. |
