Great research starts with great data.

Learn More
More >
Patent Analysis of

Method and device for generating a secret key

Updated Time 12 June 2019

Patent Registration Data

Publication Number

US10003586

Application Number

US15/156647

Application Date

17 May 2016

Publication Date

19 June 2018

Current Assignee

ROBERT BOSCH GMBH

Original Assignee (Applicant)

ROBERT BOSCH GMBH

International Classification

H04L9/00,H04L9/08,H04L29/06,H04L29/08

Cooperative Classification

H04L63/062,H04L9/0866,H04L63/0428,H04L67/10,H04L2209/34

Inventor

GUILLAUME, RENE,HUTH, CHRISTOPHER

Patent Images

This patent contains figures and images illustrating the invention and its embodiment.

US10003586 Method generating 1 US10003586 Method generating 2
See all images <>

Abstract

A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, wherein the first communication node obtains a first sample by a measurement of the communication channel, the first communication node performs a quantization of the first sample, the first communication node performs a matching of the quantized sample with the second communication node via the communication channel, during the matching, the first communication node obtains and quantizes a second sample by a second measurement of the communication channel and the communication nodes obtain the key from the samples by a privacy amplification.

Read more

Claims

1. A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the method comprising: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining, by the communication nodes, the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample; following the decoding, transmitting, by the second communication node, a confirmation via the communication channel to the first communication node; and in response to the confirmation, transmitting, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.

2. The method as recited in claim 1, further comprising: obtaining and quantizing, by the first communication node, additional samples over multiple iterations; comparing, by the first communication node, a number of samples following the matching to a specified minimum number, wherein the privacy amplification occurs only when a minimum number has been reached.

3. The method as recited in claim 1, wherein the parity information is buffered in each iteration over a specified period of time that is dependent on a coherence time of the communication channel.

4. The method as recited in claim 2, further comprising: when the minimum number is reached, validating, by the first communication node and the second communication node, using a one-way hash function, via the communication channel.

5. A non-transitory machine-readable storage medium storing a computer program for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the computer program, when executed by a processor, causing the processor to perform: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample; following the decoding, transmitting, by the second communication node, a confirmation via the communication channel to the first communication node; and in response to the confirmation, transmitting, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.

6. A device configured to generate a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the device configured to: obtain a first sample by a measurement of the communication channel; perform a quantization of the first sample; perform a matching of the quantized sample with the second communication node via the communication channel; obtain and quantize a second sample, during the matching, by a second measurement of the communication channel; obtain the key from the samples by a privacy amplification; encode an item of parity information of the respective sample in a first iteration following the quantization; transmit by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decode, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample; following the decoding, transmit, by the second communication node, a confirmation via the communication channel to the first communication node; and in response to the confirmation, transmit, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.

7. A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the method comprising: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining, by the communication nodes, the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample, and encoding the parity information of the second sample following the quantization; and in response to a ready signal, transmitting, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.

8. A non-transitory machine-readable storage medium storing a computer program for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the computer program, when executed by a processor, causing the processor to perform: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample, and encoding the parity information of the second sample following the quantization; and in response to a ready signal, transmitting, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.

9. A device configured to generate a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the device configured to: obtain a first sample by a measurement of the communication channel; perform a quantization of the first sample; perform a matching of the quantized sample with the second communication node via the communication channel; obtain and quantize a second sample, during the matching, by a second measurement of the communication channel; obtain the key from the samples by a privacy amplification; encode an item of parity information of the respective sample in a first iteration following the quantization; transmit by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decode, by the second communication node, the parity information of the first sample, and encode the parity information of the second sample following the quantization; and in response to a ready signal, transmit, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.

Read more

Claim Tree

  • 1
    1. A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the method comprising:
    • obtaining, by the first communication node, a first sample by a measurement of the communication channel
    • performing, by the first communication node, a quantization of the first sample
    • performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel
    • obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel
    • obtaining, by the communication nodes, the key from the samples by a privacy amplification
    • encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization
    • transmitting, by the first communication node, the parity information to the second communication node via the communication channel
    • in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample
    • following the decoding, transmitting, by the second communication node, a confirmation via the communication channel to the first communication node
    • and in response to the confirmation, transmitting, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.
    • 2. The method as recited in claim 1, further comprising:
      • obtaining and quantizing, by the first communication node, additional samples over multiple iterations
      • comparing, by the first communication node, a number of samples following the matching to a specified minimum number, wherein the privacy amplification occurs only when a minimum number has been reached.
    • 3. The method as recited in claim 1, wherein
      • the parity information is buffered in each iteration over a specified period of time that is dependent on a coherence time of the communication channel.
  • 5
    5. A non-transitory machine-readable storage medium storing a computer program for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the computer program, when executed by a processor, causing the processor to perform: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample; following the decoding, transmitting, by the second communication node, a confirmation via the communication channel to the first communication node; and in response to the confirmation, transmitting, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.
  • 6
    6. A device configured to generate a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the device configured to: obtain a first sample by a measurement of the communication channel; perform a quantization of the first sample; perform a matching of the quantized sample with the second communication node via the communication channel; obtain and quantize a second sample, during the matching, by a second measurement of the communication channel; obtain the key from the samples by a privacy amplification; encode an item of parity information of the respective sample in a first iteration following the quantization; transmit by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decode, by the second communication node, the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample; following the decoding, transmit, by the second communication node, a confirmation via the communication channel to the first communication node; and in response to the confirmation, transmit, by the first communication node, the parity information of the second sample via the communication channel to the second communication node.
  • 7
    7. A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the method comprising:
    • obtaining, by the first communication node, a first sample by a measurement of the communication channel
    • performing, by the first communication node, a quantization of the first sample
    • performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel
    • obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel
    • obtaining, by the communication nodes, the key from the samples by a privacy amplification
    • encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization
    • transmitting, by the first communication node, the parity information to the second communication node via the communication channel
    • in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample, and encoding the parity information of the second sample following the quantization
    • and in response to a ready signal, transmitting, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.
  • 8
    8. A non-transitory machine-readable storage medium storing a computer program for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the computer program, when executed by a processor, causing the processor to perform: obtaining, by the first communication node, a first sample by a measurement of the communication channel; performing, by the first communication node, a quantization of the first sample; performing, by the first communication node, a matching of the quantized sample with the second communication node via the communication channel; obtaining and quantizing, by the first communication node, a second sample, during the matching, by a second measurement of the communication channel; obtaining the key from the samples by a privacy amplification; encoding, by the first communication node, an item of parity information of the respective sample in a first iteration following the quantization; transmitting, by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decoding, by the second communication node, the parity information of the first sample, and encoding the parity information of the second sample following the quantization; and in response to a ready signal, transmitting, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.
  • 9
    9. A device configured to generate a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, the device configured to: obtain a first sample by a measurement of the communication channel; perform a quantization of the first sample; perform a matching of the quantized sample with the second communication node via the communication channel; obtain and quantize a second sample, during the matching, by a second measurement of the communication channel; obtain the key from the samples by a privacy amplification; encode an item of parity information of the respective sample in a first iteration following the quantization; transmit by the first communication node, the parity information to the second communication node via the communication channel; in a second iteration following the first iteration, decode, by the second communication node, the parity information of the first sample, and encode the parity information of the second sample following the quantization; and in response to a ready signal, transmit, by the second communication node, the parity information of the second sample via the communication channel to the first communication node.
See all independent claims <>

Description

CROSS REFERENCE

The present application claims the benefit under 35 U.S.C. § 119 of German Patent Application No. DE 102015210537.7 filed on Jun. 9, 2015, which is expressly incorporated herein by reference in its entirety.

FIELD

The present invention relates to a method for generating a secret key. The present invention furthermore relates to a corresponding device, to a corresponding computer program and to a corresponding storage medium.

BACKGROUND INFORMATION

A symmetric cryptosystem is a cryptosystem in which, in contrast to an asymmetric cryptosystem, all involved (legitimate) subscribers use the same key. The use of one and the same key for encrypting and decrypting data, for calculating and verifying message authentication codes, etc. requires that prior to every encrypted exchange the key itself must first be distributed. Since the security of the entire method depends on keeping the key secret, however, traditional approaches usually provide for keys to be exchanged via a secure channel. This may occur in particular by a manual introduction of the keys into the respective subscribers, for example by inputting a password, from which the key itself may then be derived.

The exchange of keys via insecure channels, by contrast, still represents a challenge for one skilled in the art, which is known in cryptography as the “key distribution problem.” The related art offers approaches toward solving this problem such as the known Diffie-Hellman key exchange or so-called hybrid encryption methods, which allow for the exchange of symmetric keys by including asymmetric protocols.

Recently, however, cryptosystems are increasingly being discussed, which shift the problem of establishing the key from the application layer of the OSI reference model to its bit transmission layer (physical layer, PHY). Such approaches are implemented in the still new field of cyberphysical systems, which are characterized by the focused use of wireless and thus inherently insecure communication channels.

Corresponding methods provide for each of the subscribing parties to derive a key from the physical properties of the channel connecting them in such a way that the keys thus generated match without requiring a transmission of concrete parts of the key. U.S. Pat. No. 7,942,324 B1 describes such a method in exemplary fashion.

A weak point of such methods is their susceptibility to noise effects, interferences and other local disturbances. Deviations of the measuring times or measuring frequencies on the part of the subscribed nodes at times also impair the reciprocity of the channel. Such imponderables may require a time-consuming matching of the keys generated on both sides.

SUMMARY

The present invention provides a method for generating a secret key, a corresponding device, a corresponding computer program and a corresponding storage medium according to the independent claims.

One advantage of this approach lies in the fact that it includes an interactive matching that is more efficient with respect to its energy consumption, which is largely determined by the expended transmission energy.

For this purpose, according to the present invention, the additional communication expenditure caused by matching protocols is used for additional channel estimation, without excluding the actual channel measurement.

Ultimately, the measure of secret key material of the key generation protocol produced per transmitted message is increased and thus the total number of transmissions is reduced.

For this purpose, the measurement of the communication channel or of a property dependent on this channel is interleaved with the matching process. By utilizing the additional communication expenditure of matching protocols, it is possible to perform additional channel probing. Thus, at best, a designated channel measurement is no longer required, which is possibly not usable for other functionality.

Advantageous developments of the present invention include, for example, a provision for the first communication node to obtain and quantize additional samples via multiple iterations until a specified minimum number of samples is reached. The iterative design of this protocol makes it possible to calculate exactly whether another transmission-receiving step—as far as successfully generated key material is concerned—is necessary, which offers the possibility of saving energy by a reduced number of required transmissions.

According to another aspect, there may be a provision for the first communication node to encode an item of parity information of the respective sample in a first iteration following the quantization and to transmit the parity information via the communication channel to the second communication node. It is thus possible to calculate the parity information using any matching schema.

According to another aspect, there may be a provision for the parity information to be buffered for a specified period of time that is in particular dependent on a coherence time of the communication channel in order to obtain less correlated samples.

According to another aspect, there may be a provision for the second communication node, in a second iteration following the first iteration, to decode the parity information of the first sample following the quantization, while the first communication node encodes the parity information of the second sample, then to transmit a confirmation via the communication channel to the first communication node, and for the first communication node, in response to the confirmation, to transmit the parity information of the second sample via the communication channel to the second communication node. It is thus possible to assign tasks that are more computationally intensive such as decoding to the more powerful communication partner. Here it must be noted that, depending on the variant of the encoding or matching schema, the encoding and decoding normally do not have the same computing time requirement. In a heterogeneous installation, for example having a star topology, in which the central node is formed by a powerful base station, which communicates with one or multiple resource-limited sensor nodes, this specific embodiment of the present invention makes it possible for one node always to perform the encoding and the other node always to perform the decoding. It is thus possible for the protocol to be adapted to the computational limits of a specific system.

Since some systems, for example in homogeneous installations, nonetheless do not have such limitations or even assume a more balanced computational complexity, there may be, according to another aspect, a provision for the second communication node to decode the parity information of the first sample in a second iteration following the first iteration, to encode the parity information of the second sample following the quantization, and to transmit, in response to a ready signal, the parity information of the second sample via the communication channel to the first communication node.

Due to a higher number of transmissions, interactive matching protocols have the reputation of being time-consuming for resource-limited devices. The novel schema utilizes these additional transmissions in a practical manner and consequently makes these potentially more effective protocols acceptable for such devices. According to another aspect, therefore, a corresponding device may be provided that is designed to implement a method according to the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the present invention are shown in the figures and are explained in more detail below.

FIG. 1 shows a flow chart of a method according to a first specific embodiment

FIG. 2 shows in schematic fashion, a control unit according to a second specific embodiment.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

FIG. 1 illustrates in simplified fashion the extension of the key generation process in accordance with the present invention. Following the first acquisition of a sample m0 by measurement 11 of the channel, an item of parity information is calculated using any desired matching schema and is transmitted by the first communication node—in the following: “Alice”—to the second communication node—in the following: “Bob”—, where it is buffered for a certain time. Subsequently, a second sample m1 is obtained, as is conventionally done in connection with the channel measurement. Alice then calculates the parity information of m1, while Bob decodes m0 with the aid of the previous parity information. After some time has passed—again in order to influence the correlation of successive channel probes—, Bob confirms the successful decoding and Alice responds by transmitting the previously calculated parity information m1. These messages are now used in order to probe the channel anew so as to obtain m2. This is possible if the transmitted packets contain some parts such as packet headers that are known to the receiver. The process is continued until the required quantity of samples is reached. The match of the generated sequences mAlice=m0|m1| . . . |mx and mBob=m0|m1| . . . |mx may be confirmed for example by exchanging the functional values of a hash function.

According to an alternative schema, the encoding and decoding are performed by only one node—for example Bob—and are performed by the other node—Alice—in the next iteration.

This method 10 may be implemented for example in software or in hardware or in a mixed form of software and hardware for example in a control unit 20, as illustrated in the schematic representation of FIG. 2.

Read more
PatSnap Solutions

Great research starts with great data.

Use the most comprehensive innovation intelligence platform to maximise ROI on research.

Learn More

Patent Valuation

$

Reveal the value <>

35.0/100 Score

Market Attractiveness

It shows from an IP point of view how many competitors are active and innovations are made in the different technical fields of the company. On a company level, the market attractiveness is often also an indicator of how diversified a company is. Here we look into the commercial relevance of the market.

49.0/100 Score

Market Coverage

It shows the sizes of the market that is covered with the IP and in how many countries the IP guarantees protection. It reflects a market size that is potentially addressable with the invented technology/formulation with a legal protection which also includes a freedom to operate. Here we look into the size of the impacted market.

73.04/100 Score

Technology Quality

It shows the degree of innovation that can be derived from a company’s IP. Here we look into ease of detection, ability to design around and significance of the patented feature to the product/service.

46.0/100 Score

Assignee Score

It takes the R&D behavior of the company itself into account that results in IP. During the invention phase, larger companies are considered to assign a higher R&D budget on a certain technology field, these companies have a better influence on their market, on what is marketable and what might lead to a standard.

20.0/100 Score

Legal Score

It shows the legal strength of IP in terms of its degree of protecting effect. Here we look into claim scope, claim breadth, claim quality, stability and priority.

Citation

Patents Cited in This Cited by
Title Current Assignee Application Date Publication Date
Method and system for deriving an encryption key using joint randomness not shared by others INTERDIGITAL TECHNOLOGY CORPORATION 23 December 2005 15 March 2007
Method and system for generating a secret key from joint randomness INTERDIGITAL TECHNOLOGY CORPORATION 19 December 2006 03 January 2012
Method for communicating between a reader and a wireless identification marker, associated reader and marker MORPHO 30 March 2006 17 May 2011
Secret key generation MASSACHUSETTS INSTITUTE OF TECHNOLOGY 21 December 2010 21 June 2012
Generation of perfectly secret keys in wireless communication networks INTERDIGITAL TECHNOLOGY CORPORATION 26 January 2006 02 August 2007
See full citation <>

More Patents & Intellectual Property

PatSnap Solutions

PatSnap solutions are used by R&D teams, legal and IP professionals, those in business intelligence and strategic planning roles and by research staff at academic institutions globally.

PatSnap Solutions
Search & Analyze
The widest range of IP search tools makes getting the right answers and asking the right questions easier than ever. One click analysis extracts meaningful information on competitors and technology trends from IP data.
Business Intelligence
Gain powerful insights into future technology changes, market shifts and competitor strategies.
Workflow
Manage IP-related processes across multiple teams and departments with integrated collaboration and workflow tools.
Contact Sales
Clsoe
US10003586 Method generating 1 US10003586 Method generating 2