In wireless communication, such as Wi-Fi known from the IEEE 802.11 documents, devices need to be paired in order to set up a secure connection, for examples as described in the document “Wi-Fi Protected Access (WPA), Enhanced Security Implementation Based on IEEE P802.11i standard, Version 3.1, August, 2004, by the Wi-Fi Alliance” available via www.wi-fi.org. Although the invention is further elucidated using the Wi-Fi system, it is noted that the invention may similarly be applied in other wireless communication systems, such as Bluetooth (see e.g. BLUETOOTH SPECIFICATION, Core Package version 2.1+EDR, issued: 26 Jul. 2007).
Wi-Fi connections are protected for confidentiality and integrity by cryptographic means, using technologies such as WPA2. The security in WPA2 can be based on two systems. The first one is Pre-Shared Key mode (PSK, also known as Personal mode) and is designed for home and small office networks. The second one relies on the use of an 802.1X authentication server and is designed for enterprise networks.
In PSK mode, all devices that communicate with each other share a 256 bit key, which is also called the ‘Passphrase’. Wi-Fi Simple Configuration (a.k.a. Wi-Fi Protected set-up), known from the document “Wi-Fi Simple Configuration, Technical Specification, Version 2.0.2, 2011”, also from the Wi-Fi Alliance, is a standard that allows a first device that knows the Passphrase, e.g. a Wireless LAN Access Point, to send it to a second device in a secure way, without the user having to enter the Passphrase in the second device. Instead, the user may for example push a button on both devices within a limited time, or enter an 8-digit PIN that is listed on the first device in the second device, in order to receive a passphrase. This typically involves a user action, i.e. a so-called user pairing action.
US2010/0153727 describes enhanced security for direct link communications between multiple wireless devices, which exchange nonces that are used for generating a common nonce. A group identification information element is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key from the group identification information element to match devices as part of a key agreement group. Group keys are also generated based on the common nonce. So a secure group of devices for direct link communication is created.