1. Field
This invention generally relates to data communications and security. More particularly, embodiments of the invention relate to mutual authentication of two communicating parties through password hash verification without revealing the password.
2. Background Information
Current wireless authentication through password verification systems suffer from two major deficiencies: high computational requirements and easy defeat by guessing.
Computationally intensive password based authentication protocols require the communicating devices to expend power beyond that required by sending and receiving messages. For example, the password-based authentication method specified for Bluetooth entails a recomputation of the hash and a reselection of the supporting nonces for the verification of each bit of the password. This requires that Bluetooth devices have adequate processors to complete these computations within the time allowed as well as adequate power supplies. This increases the size and cost of Bluetooth devices while limiting their useful lifetime between charges.
With electronic devices becoming smaller and more ubiquitous, there is a need for password based authentication protocols that are effective at preventing adversary attacks while requiring little power. Medical sensors, for example, must be very small to be both safe and effective. The size constraint limits processor and battery capacity, which in turn limits how long a device can be useful. The outputs from these sensors are used to determine treatment, and may in the future provide a feedback mechanism for automated treatments. With such devices, the inability to authenticate the identity of the device could have deadly consequences.