As automated communication between devices on networks becomes more and more ubiquitous, the need grows for the automation of transactions of ever greater complexity. This, in turn, calls for the solution of ever more problems in the field of network communication protocols.
One such class of problems relates to the establishment of mutual recognition and security associations between entities that are initially unaware of each others' presence on a network. We refer to a generalized problem of that class as the “hotel discovery problem” due to the following analogy:
A visitor arrives at the airport, intending to reach his destination hotel in the city of arrival. Although the visitor is supposed to reach a specific destination, and although the destination hotel is expecting him, the visitor is ignorant of the identity of the destination hotel. The hotel, of course, must deal with many visitors. The visitor can visit one or more destinations and introduce himself in the hope that one of the visited hotels is his destination and will recognize him. However, such a process may not be feasible if there are many candidate hotels. Therefore, the problem is to find an efficient method of finding the correct hotel with minimal or no third-party assistance. The desired solution must assure the security of the visitor by finding him the right hotel, and must assure the security of the hotel by admitting only the visitors it is expecting.
Surprisingly, the problem outlined above, with various modifications, is applicable to multiple automated communications environments involving client entities or devices (with or without human interfaces) and destination networks or server entities.
For example, a homeowner buys a remotely readable utility meter at a retail center, and installs it in his home. The utility meter needs to discover the utility Website that it will report to, and the utility company needs to discover that the meter has gone on-line. To assure the privacy of the homeowner and to prevent abuse, a security association needs to be established between the utility meter and the utility Website. Conventionally, these operations would be performed through third-party intervention. What has been lacking, until now, is an automated method that can perform the necessary discovery and authentication with little or no on-line assistance from third parties.