METHODS FOR CREATING SECRET KEYS BASED UPON ONE OR MORE SHARED CHARACTERISTICS AND SYSTEMS THEREOF

[0001] This application claims the benefit of U.S. Provisional Patent

Application Serial No. 60/790,654, filed April 10, 2007, which is hereby incorporated by reference in its entirety.

FIELD OF THE INVENTION

[0002] The present invention generally relates to systems and methods for cryptographic communications and, more particularly, to systems and methods for simultaneously and independently generating at least one secret key used for encryption and message integrity checking upon data sent between two electronic devices based on measurements of one or more common or shared characteristics of the devices.

BACKGROUND

[0003] A recurring problem in symmetric cryptography is the distribution of secret keys. Secret keys are required for symmetric encryption and decryption of messages transmitted over an insecure medium, such as over a wireless radio link or over the Internet. In electronic communications, secret keys are also used to provide a secure integrity check that ensures messages have not been modified during transmission. In addition, electronic communication systems also routinely use knowledge of secret keys to demonstrate proof of identity (authentication).

[0004] Unfortunately, it is problematic to distribute a secret key over a communication channel before that communication channel has been secured. The paradox is that the communication channel cannot be secured until the secret key has been distributed - this is the "chicken and egg" problem for symmetric encryption systems. Two methods are in common commercial use for avoiding this problem.

[0005] The first commonly-used method of solving the key distribution problem is to switch to a public-key encryption system and avoid the distribution of secret keys. Each party in a public-key communication scheme has two keys: a

public key that may be widely known and a private key that is known only to the appropriate party. To communicate with another party, the transmitting party need only have knowledge of the recipient's public key. The recipient is responsible for keeping its private key safe. Public-key cryptography partially solves the initial key distribution problem that plague symmetric encryption algorithms, but the algorithms used for public-key encryption and decryption are computationally intensive. It is not uncommon to see a public-key algorithm operate 100 times slower than a symmetric key algorithm. Public-key algorithms also have limitations on the size of each transmitted message, while these limitations are not generally found in symmetric encryption algorithms.

[0006] The second commonly-used method of solving the key distribution problem is to have the communication parties jointly agree upon a secret key without transmitting the secret key over the insecure communication channel. Several algorithms are available and in wide use in commercially-available electronic communication systems today. Most of these algorithms are based upon the infeasibility of performing some types of mathematical operations, such as computing the discrete logarithm of a very large number containing hundreds of digits. In other words, the strength of the key agreement algorithm rests upon the assumption that it is computationally infeasible for an attacker to bypass the algorithm. Because the algorithms are mathematically-based, the possibility exists that a simpler solution may exist, some day be discovered, and be employed. This outcome would negate the effectiveness of the algorithm and thus this method.

SUMMARY

[0007] A method for generating one or more keys in accordance with embodiments of the present invention includes obtaining at two or more devices data based on movement of at least one of the devices with the respect to the other device. One or more keys are generated based on the obtained data at each of the devices for use in securing communications between the devices. The one or more keys at each of the devices are substantially the same.

[0008] A system for generating one or more keys in accordance with other embodiments of the present invention includes a data acquisition system and a key generation system. The data acquisition system at each of two or more devices obtains data based on movement of at least one of the devices with the respect to the other device. The key generation system generates one or more keys based on the obtained data from each of the data acquisition systems for use in securing communications between the devices. The one or more keys at each of the devices are substantially the same.

[0009] A method for securing communications by independently generating one or more keys in accordance with other embodiments of the present invention includes obtaining data based on one or more shared characteristics between two or more devices. One or more keys are generated based on the obtained data on the one or more shared characteristic independently at one or more of the devices. The one or more generated keys are used for securing communications without transmitting the one or more generated keys between the devices.

[0010] A system for securing communications by independently generating one or more keys in accordance with other embodiments of the present invention includes one or more data acquisition systems, a key generation system, and one or more communication systems. The data acquisition systems obtain data based on one or more shared characteristics between two or more devices. The key generation system generates one or more keys based on the obtained data on the one or more shared characteristic independently at one or more of the devices. The communication systems use one or more of the generated keys for securing communications without transmitting the one or more generated keys between the devices.

[0011] In accordance with other embodiments of the present invention, identical sequences of keying material are created which are suitable for the establishment of a secure data communication channel based upon a common property of the communicating devices, such as the shared distance or velocity between them. The bits for the key are generated from a plurality of distance or

velocity measurements which after averaging and filtering the distance and/or velocity data, a number of measurements equal to a number of desired key bits are generated. By way of example, a common number of key bits is 128 so to generate those key bits a sufficient number of discrete distance or velocity measurements are required that yield 128 random bits. The measurement data is converted to an integer data type and optionally is converted from binary coding to Gray coding. Next, a bit is selected from each integer that is not influenced by measurement noise and is measurably random value is used as a key bit. A string of such key bits are selected from the measurements to be used as the secret key. Since the measurement setup and the process employed to generate the key bits is common to the devices, the devices will independently arrive at the same secret key.

[0012] Accordingly, the present invention provides an effective and secure method and system for simultaneously and independently generating one or more secret keys for encrypting and decrypting data sent between devices based on measurements of one or more common or shared characteristics. The present invention also is an effective and secure method for simultaneously and independently generating one or more secret keys that provide for secure message integrity checks on data transmitted between devices. These generated secret keys can be used in standard cryptographically-secure communication schemes.

BRIEF DESCRIPTION OF THE DRAWINGS

[0013] FIG. 1 is a top view of a system for independently generating one or more keys at two or more devices in accordance with embodiments of the present invention;

[0014] FIG. 2A is a top-view of the fixed position device enclosed in an opaque housing in another system for generating one or more keys in accordance with other embodiments of the present invention;

[0015] FIG. 2B is a side-view of the fixed position device enclosed in an opaque housing shown in FIG. 2A;

[0016] FIG. 3 is a top-view of the fixed position device enclosed in an opaque housing and adjustable with a cam system another system for generating one or more keys in accordance with other embodiments of the present invention;

[0017] FIG. 4 is a top-view of the fixed position device enclosed in an opaque housing and adjustable with an actuator in another system for generating one or more keys in accordance with other embodiments of the present invention;

[0018] FIG. 5 is a flowchart of a method for independently generating one or more keys at two or more devices in accordance with other embodiments of the present invention;

[0019] FIG. 6 is a timing diagram of the emissions of the fixed position device and the non- fixed position device;

[0020] FIG. 7A is a perspective view of a fixed position device and a non- fixed position device illustrating their orientations and emissions;

[0021] FIG. 7B is a perspective view of the fixed position device and the non- fixed position device illustrating an emission and back-reflection while the non- fixed position device is in motion;

[0022] FIG. 8 A is a graph of distance between the fixed position device and the non- fixed position device as a function of time during a single swipe or pass;

[0023] FIG. 8B is a graph of distance between the fixed position device and the non- fixed position device as a function of time during a double swipe or pass;

[0024] FIG. 9 is a table of intermediate data used to generate bits from which the secret key is generated; and

[0025] FIG.10 is a table of bits with regions of noisy bits, measurably random bits, deterministic non-random bits, and zero bits.

DETAILED DESCRIPTION

[0026] A system 11(1) for generating one or more secret keys in accordance with embodiments of the present invention is illustrated in FIG. 1. The system includes a fixed position device 10 with a transmission system 13, a reception system 15, and a processing system 17 and a non- fixed position or mobile device 50 with a transmission system 51, a reception system 53, and a processing system 55, although the system 11(1) can include other types and numbers of components, devices, and/or systems configured in other manners. Accordingly, the present invention provides an effective and secure method and system for simultaneously and independently generating key material suitable for securing data sent between devices based on measurements of one or more common or shared characteristics.

[0027] Referring more specifically to FIG. 1, the fixed position device 10 is a system that generates one or more secret keys independently and substantially simultaneously with the non- fixed position device 50 based on distance measurements between the fixed position device 10 and the non- fixed position device 50, although other types and numbers of systems and devices which measure other characteristics, such as distance, velocity, pseudo velocity, acceleration, or pseudo acceleration, could be used. Since the structure and operation of systems which could be used to obtain a plurality of measurements of a shared characteristic between devices 10 and 50, such as distance or velocity, are well known to those or ordinary skill in the art, they will not be described in detail herein. By way of example only, a system for obtaining a plurality of distance measurements to a target which could be used herein is disclosed in US Patent No. 7,202,941, which herein incorporated by reference in its entirety.

[0028] In this particular embodiment, the fixed position device 10 is a point-of-sale (POS) terminal, although other types and numbers of devices could be used, such as a desktop computer, and the devices could be mobile. Additionally, in this particular embodiment the emissions used by the fixed position device 10 to measure distance are optical, although other types and numbers of emissions could be used. The fixed position device 10 includes a

housing 22 with a surface 12 which has a reflecting element 16, although the housing 22 could have other shapes and configurations. The reflecting element 16 is a white diffuse reflector and material on the surface 12 surrounding the reflecting element 16 is absorptive, although other types and numbers of reflecting elements and adjacent materials on surface 12 could be used and the reflecting element is optional. The reflecting element 16 also has beaded retroreflectors or prism-based retroreflectors which help with optical gain, although again other types and numbers of reflecting elements could be used and the reflecting element is optional.

[0029] The transmission system 13 includes an energy emitter 14, a driver

19, a clock system 21, and a burst waveform generator 23 which generates and transmits the burst waveform emission 20 towards the non- fixed position device 50 for generating the bits of the keys and for communications between devices 10 and 50, although other types and numbers of transmission systems with other types and numbers of systems and components. In this particular embodiment, the energy emitter 14 is a set of LEDs or laser diodes which transmit optical radiation, although other types and numbers of energy emitters could be used which emit in other emissions in other frequencies of electromagnetic energy, such as RF, in which case energy emitter 14 is an antenna. By way of example only, other types of emissions which could be used are acoustic, magnetic, electrostatic, or a hybrid of two or more of these. If electromagnetic energy is used, the carrier can be either in the radio frequency (RF) portion of the spectrum or in the millimeter- wave (MMW), microwave, infrared (IR), visible, or ultraviolet (UV) energy. In this particular embodiment, the burst waveform generator 23 is coupled to the processing system 17 and the clock system 21 and generates the burst waveform emission 20 which is transmitted to the driver 19 and output by the energy emitter

20, although other configurations with other numbers and types of components could be used. The energy emitter 14 transmits the emission in a defined envelope or cone 20 to reduce the probability of interception, although other types and numbers of emission paths could be used.

[0030] The reception system 15 includes the receiver 18, an amplifier 25, a sampling system 27, and a filtering system 29 which receives signals for

generating the bits of the keys and for communications between devices 10 and 50, although other types and numbers of reception systems with other types and numbers of systems and components and which receive other types and numbers of emissions could be used. In this particular embodiment, the receiver 18 is coupled to an amplifier 25 and receives the detected emission which is amplified by the amplifier 25. The amplified emission is sampled by the sampling system 27 and then is optionally filtered by filtering system 29 before transmission to the processing system 17. In this particular embodiment, the receiver 18 comprises PN, PIN, or APD photodiodes to receive the electromagnetic radiation in the optical spectrum, although other types and numbers of receiving elements and other types of emissions could be received. By way of example only, if the radiation is RF, then the receiver 18 will be an antenna. Although a separate transmission system 13 and reception system 15 are shown, other types and numbers of communication systems can be used for functions, such as the generation of the secret keys and for communications, such as a transceiver system.

[0031] The processing system 17 is coupled to and controls the operations of the transmission system 13 and the reception system 15, although other types and numbers of processing systems coupled to other types and numbers of systems could be used. The processing system 17 includes a processing unit and a memory along with an operator interface 31 and a display 33, although the processing system 17 can have other numbers and types of devices and components and the devices components can be in other locations and configurations. The memory stores programmed instructions and data for generating one or more secret keys as described and illustrated herein, including: converting obtained measurement data, such as distance, velocity, or pseudo velocity with respect to time, into one or more parameters, such as distance, velocity, pseudo velocity, acceleration, or pseudo acceleration; determine if a sufficient amount of the data has been obtained for averaging; determines if distance measurements are less than a distance threshold; determining if the obtained data is less than a data threshold for generating one or more keys; averaging one or more portions of the obtained data; converting the obtained data

into a plurality of binary numbers; selecting at least one bit from at least a portion of the binary numbers to generate one or more keys; determining a first set of least significant bits in the binary numbers with noise above a noise threshold; determining a second set of most significant bits in the binary numbers which are not measurably random; determining a third set of one or more bits in each of the binary numbers which are measurably random; identifying a presence of one of the devices with respect to another one of the devices; determining if there is adequate signal strength for the obtaining the data; and synchronizing the systems before each of the data acquisition systems obtains the data, although other types and numbers of instructions and data can be stored and executed and some or all of these instructions and data may be stored elsewhere. A variety of different types of memory storage devices, such as a random access memory (RAM), a read only memory (ROM) or a floppy disk, hard disk, CD ROM, or other computer readable medium which is read from and/or written to by a magnetic, optical, or other reading and/or writing system coupled to the processing unit, can be used for the memory.

[0032] The operator interface 31 is used to input data, such as information to complete a transaction, although other types of data could be input. The operator interface 31 comprises a keyboard, although other types and numbers of operator interfaces can be used. The display 33 is used to show data and information to the user, such as a transaction status and result, although other types of data and information could be displayed and other manners of providing the information can be used. The display 33 comprises a display screen, such as an LCD screen by way of example only, although other types and numbers of displays could be used. In this particular embodiment, the operator interface 31 and display 33 are shown separate from the processing system 17, although other configurations can be used, such as having the operator interface 31 and display 33 as part of the processing system 17.

[0033] The non-fixed position device 50 also is a system that generates one or more secret keys independently and substantially simultaneously with the fixed position device 10 based on distance measurements between the fixed position device 10 and the non- fixed position device 50, although other types and

numbers of systems and devices which measure other characteristics, such as distance, velocity, pseudo velocity, acceleration, or pseudo acceleration, could be used. Again, since the structure and operation of systems which could be used to obtain a plurality of measurements of a shared characteristic between devices 10 and 50, such as distance or velocity, are well known to those or ordinary skill in the art, they will not be described in detail herein. By way of example only, a system for obtaining a plurality of distance measurements to a target which could be used herein is disclosed in US Patent No. 7,202,941, which herein incorporated by reference in its entirety.

[0034] The non-fixed position device 50 is a cell phone, although other types and numbers of devices could be used, such as a mobile handset, personal digital assistant (PDA), or other portable electronic device, and the devices could have a fixed position. Additionally, in this particular embodiment the emissions used by the non-fixed position device 50 to measure distance are optical, although other types and numbers of emissions could be used. The non- fixed position device 50 includes a housing 59 with a surface 74 which has a reflecting element 56, although the housing 59 could have other shapes and configurations. The reflecting element 56 is a white diffuse reflector and material on the surface 74 surrounding the reflecting element 16 is absorptive, although other types and numbers of reflecting elements and adjacent materials on surface 74 could be used and the reflecting element is optional. The reflecting element 56 also has beaded retroreflectors or prism-based retroreflectors which help with optical gain, although again other types and numbers of reflecting elements could be used and the reflecting element is optional.

[0035] The transmission system 51 includes an energy emitter 58, a driver

61, a clock system 63, and a burst waveform generator 65 which generates and transmits the burst waveform emission 60 towards the fixed position device 10 for generating the bits of the keys and for communications between devices 10 and 50, although other types and numbers of transmission systems with other types and numbers of systems and components. In this particular embodiment, the energy emitter 58 is a set of LEDs or laser diodes which transmit optical radiation, although other types and numbers of energy emitters could be used which emit in

other emissions in other frequencies of electromagnetic energy, such as RF, in which case energy emitter 58 is an antenna. By way of example only, other types of emissions which could be used are acoustic, magnetic, electrostatic, or a hybrid of two or more of these. If electromagnetic energy is used, the carrier can be either in the radio frequency (RF) portion of the spectrum or in the millimeter- wave (MMW), microwave, infrared (IR), visible, or ultraviolet (UV) energy. In this particular embodiment, the burst waveform generator 63 is coupled to the processing system 55 and the clock system 61 and generates the burst waveform emission 60 which is transmitted to the driver 61 and output by the energy emitter 58, although other configurations with other numbers and types of components could be used. The energy emitter 58 transmits the emission in a defined envelope or cone 60 to reduce the probability of interception, although other types and numbers of emission paths could be used.

[0036] The reception system 53 includes the receiver 72, an amplifier 65, a sampling system 67, and a filtering system 69 which receives signals for generating the bits of the keys and for communications between devices 10 and 50, although other types and numbers of reception systems with other types and numbers of systems and components and which receive other types and numbers of emissions could be used. In this particular embodiment, the receiver 72 is coupled to an amplifier 65 and receives the detected emission which is amplified by the amplifier 65. The amplified emission is sampled by the sampling system 67 and then is optionally filtered by filtering system 69 before transmission to the processing system 55. In this particular embodiment, the receiver 72 comprises PN, PIN, or APD photodiodes to receive the electromagnetic radiation in the optical spectrum, although other types and numbers of receiving elements and other types of emissions could be received. By way of example only, if the radiation is RF, then the receiver 18 will be an antenna. Although a separate transmission system 51 and reception system 53 are shown, other types and numbers of communication systems can be used for functions, such as the generation of the secret keys and for communications between the devices 10 and 50, such as a transceiver system.

[0037] The processing system 55 is coupled to and controls the operations of the transmission system 51 and the reception system 53, although other types and numbers of processing systems coupled to other types and numbers of systems could be used. The processing system 55 includes a processing unit and a memory along with an operator interface 71 and a display 73, although the processing system 55 can have other numbers and types of devices and components and the devices components can be in other locations and configurations. The memory stores programmed instructions and data for generating one or more secret keys as described and illustrated herein, including: converting obtained measurement data, such as distance, velocity, or pseudo velocity with respect to time, into one or more parameters, such as distance, velocity, pseudo velocity, acceleration, or pseudo acceleration; determine if a sufficient amount of the data has been obtained for averaging; determines if distance measurements are less than a distance threshold; determining if the obtained data is less than a data threshold for generating one or more keys; averaging one or more portions of the obtained data; converting the obtained data into a plurality of binary numbers; selecting at least one bit from at least a portion of the binary numbers to generate one or more keys; determining a first set of least significant bits in the binary numbers with noise above a noise threshold; determining a second set of most significant bits in the binary numbers which are not measurably random; determining a third set of one or more bits in each of the binary numbers which are measurably random; identifying a presence of one of the devices with respect to another one of the devices; determining if there is adequate signal strength for the obtaining the data; and synchronizing the systems before each of the data acquisition systems obtains the data, although other types and numbers of instructions and data can be stored and executed and some or all of these instructions and data may be stored elsewhere. A variety of different types of memory storage devices, such as a random access memory (RAM), a read only memory (ROM) or a floppy disk, hard disk, CD ROM, or other computer readable medium which is read from and/or written to by a magnetic, optical, or other reading and/or writing system coupled to the processing unit, can be used for the memory.

[0038] The operator interface 71 is used to input data, such as information to complete a transaction, although other types of data could be input. The operator interface 71 comprises a keyboard, although other types and numbers of operator interfaces can be used. The display 73 is used to show data and information to the user, such as a transaction status and result, although other types of data and information could be displayed and other manners of providing the information can be used. The display 73 comprises a display screen, such as an LCD screen by way of example only, although other types and numbers of displays could be used. In this particular embodiment, the operator interface 71 and display 73 are shown separate from the processing system 55, although other configurations can be used, such as having the operator interface 71 and display 73 as part of the processing system 55.

[0039] Although in this particular embodiment, the system 11(1) comprises the fixed position device 10 and the non- fixed position device 50 are shown, the system 11(1) could comprise other types and numbers of devices in other configurations. By way of example only, multiple fixed position devices 10 and multiple non-fixed position devices 50 could be arranged in a network configuration over which secure digital information is transmitted using the one or more secret keys generated in accordance with the present invention.

[0040] Although an exemplary fixed position device 10 and a non- fixed position device 50 are described and illustrated herein, at least portions of these devices, such as processing systems 17 and 55, can be implemented on any suitable computer system or computing device, programmable logic device, application specific integrated circuit, and the like. It is to be understood that the devices and systems of the embodiments described herein are for exemplary purposes, as many variations of the specific components, hardware and software used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s).

[0041] Furthermore, at least portions of each of the devices of the exemplary embodiments may be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors,

micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments, as described and illustrated herein, and as will be appreciated by those skilled in the computer and software arts.

[0042] In addition, two or more computing systems or devices can be substituted for at least portions of the devices in any embodiment of the exemplary embodiments. Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of at least portions of the devices. The exemplary embodiments may also be implemented on computer system or systems that extend across any suitable network using any suitable interface mechanisms and communications technologies, including by way of example only telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, and combinations thereof.

[0043] At least portions of the exemplary embodiments may also be embodied as a computer readable medium having instructions stored thereon for managing windows within an Internet browser window, as described herein, which when executed by a processor, cause the processor to carry out the steps necessary to implement at least portions of the methods of the exemplary embodiments, as described and illustrated.

[0044] Another system 11(2) for generating one or more secret keys in accordance with other embodiments of the present invention is illustrated in FIGS. 2 A and 2B. System 11(2) is the same as system 11(1) except as described herein. In system 11(2), the fixed position device 10 is enclosed in an opaque housing 110 which has a window 112, although the opaque housing 110 with the window 112 can be used with other devices, such as with non-fixed position device 50. The window 112 in the opaque housing is positioned so the energy emitter 14 and the receiver 16 can emit and receive emissions, although other types of at least partially transparent covers or openings could be used. With the opaque housing

110, the fixed position device 10 can still operatively communicate with non- fixed position device 50, while at the same time the surface 12 of device 10 is blocked from view from those trying to independently measure the swipe profile between fixed position device 10 and non-fixed position device 50. The processing system 17 has stored data on the distance between the surface 12 and the energy emitter 14 and the receiver 18, although other manners for obtaining this distance can be used.

[0045] Another system 11(3) for generating one or more secret keys in accordance with other embodiments of the present invention is illustrated in FIG.

3. System 11(3) is the same as system 11(2) except as described herein. In system 11(3), the fixed position device 10 also is enclosed in the opaque housing 110 with the window 112 as described with reference to FIGS. 2A and 2B, although the opaque housing 110 is optional. Additionally, a cam system 116 is coupled to the fixed position device 10, although other types and numbers of cam systems or other movement systems can be used. When the cam system 116 is rotated in the direction of arrow 120, the cam system 116 causes the fixed position device 10 to move longitudinally in the direction of arrow 118, although the cam system 116 can be positioned to move the fixed position device 110 in other directions. For example, the cam system 116 could be coupled to a side of fixed position device 10 perpendicular to the connection side illustrated in FIG. 3 which will laterally move the fixed position device 10. In another example, two or three cams systems can simultaneously be used to move the fixed position device 10 in two or three different axis, respectively. The rotation of the cam system 116 is at continuous constant velocity, although the cam system 116 can be rotated in other manners, such as randomly, periodically, pseudo-randomly, or with a chaotic velocity. The cam system 116 operation is controlled and monitored by the processing system 17 so that the processing system 17 can accurately determine the distance between the energy emitter 14 and receiver 18 and the window 112.

[0046] Another system 11(4) for generating one or more secret keys in accordance with other embodiments of the present invention is illustrated in FIG.

4. System 11(4) is the same as system 11(2) except as described herein. In system 11(4), the fixed position device 10 again is enclosed in an opaque housing

110 with a window 112 as described with reference to FIGS. 2A and 2B, although the opaque housing 110 is optional. Additionally, an actuator system 120 which a driving shaft 124 is coupled to the fixed position device 10, although other types and numbers of actuator systems or other movement systems can be used. When the actuator system 122 is engaged, the actuator system drives the shaft 124 to longitudinally move the fixed position device 10, although the actuator system 122 can be positioned to move the fixed position device 110 in other directions. For example, the actuator system 122 could be placed on a side of the fixed position device 10 perpendicular to the connection side illustrated in FIG. 4 which will move the fixed position device 10 laterally. In another example, two or three actuator systems 122 can be simultaneously used to cause the fixed position device 10 to move in two or three axis, respectively. The movement of the actuator system 122 is periodic, although other movements of the actuator system 122 can be used, such as randomly, pseudo-randomly, or with a chaotic motion. The actuator system 122 operation is controlled and monitored by the processing system 17 so that the processing system 17 can accurately determine the distance between the energy emitter 14 and receiver 18 and the window 112.

[0047] A method for generating one or more keys will now be described with reference to FIGS. 1-10. The present invention generates bits for a secret key substantially simultaneously between devices 10 and 50 based upon the common distance between them. The key bits are not communicated between the two devices, but are independently generated and are identical. In particular for these embodiments of the present invention, a flowchart of a method for generating one or more secret keys is illustrated in FIG. 5 and a timing diagram of emissions is illustrated in FIG. 6 for the fixed position device 10 (referred to as "Fixed Station Emission) in this example and for the non-fixed position device 50 (referred to as, "Digital Lobe Emission") in this example.

[0048] In step 80, the fixed position device 10 using energy emitter 14 in the transmission system 13 periodically sends out a probe signal to identify the presence of a non-fixed position device 50, although other manners for identifying the presence of device 50 with respect to device 10 can be used, the probe signal can be sent in other manners, such as randomly, and the device 50 could send

probe signals to identify the presence of the device 10. When the probe signal strikes a reflector 56 on a surface 74 of a non-fixed position device 50, at least a portion of the probe signal may be reflected back towards the receiver 18 in the reception system 15, although other manners for signaling the presence of the non-fixed position device 50, such as having the non-fixed position device 50 transmit a new signal using the energy emitter 58 in the transmission system 51 upon receipt of a probe signal by the receiver 72 in the reception system 53.

[0049] The probe signal and/or the response to the probe signal may need to be enabled by a user at one of the devices 10 or 50. This enabling can be accomplished by the act of entering in a password, PIN number, voice activation, by activating a switch, or by the use of a biometric characteristic of the user such as a thumb or fingerprint scan, or eye-scan, although other authentication techniques could be used.

[0050] In step 82, the fixed position device 10 using receiver 18 in reception system 15 monitors for a reflected probe signal, although the receiver 18 could monitor for other types of signals, such as a new response signal to a probe signal. If a reply to probe signal is not received, then the No branch is taken back to step 80. If a reply to probe signal is received, then the Yes branch is taken to step 83.

[0051] In step 83, the processing system 17 determines if the signal strength of the reply to the probe signal is adequate by comparing the amplitude of the reply signal to a threshold stored in memory in processing system 17, although other manners for determining if there is adequate signal strength can be used and other ways of obtaining the threshold can be used. In this particular embodiment, the processing system 17 determines the amplitude of the reply signal using a Discrete Fourier Transform, although other manner for determining the amplitude or signal strength can be used. With some locations and positions of the fixed position device 10 with respect to the non- fixed position device 50, the signal strength may not be adequate to obtain suitable measurements of one or more shared characteristics, such as the distance between the devices 10 and 50 over a period of time or the velocity of one or more of the devices 10 and 50 over a

period of time. By way of example, if the surfaces 12 and 74 of devices 10 and 50, respectively, are not substantially facing one another, the emission cone 20 and 60 from one or both devices 10 or 50 may not illuminate or poorly illuminate, the opposing surfaces, particularly the reflector 16 or 56, or a receiver 18 or 72. If the signal strength does not exceed the threshold, then the No branch is taken back to step 80. If the signal strength does exceed the threshold, then the Yes branch is taken back to step 84.

[0052] In step 84, the fixed position device 10 and the non- fixed position device 50 conduct a handshake and synchronization. As illustrated in FIG. 6, the handshake and synchronization operations are fairly short and are followed by several burst emissions described below. Since techniques for handshaking and synchronization between devices are well known to those of ordinary skill in the art, they will not be described in detail herein.

[0053] In step 86, the separation distance between devices 10 and 50 is measured by each of the devices 10 and 50 over a period of time during one or more swipes or passes as illustrated in FIGS. 1 and 6-8B, although other types and numbers of shared characteristics between the devices 10 and 50 could be measured, such as velocity. By way of example, device 50 will emit energy from energy emitter 58 directed at the surface 12 of device 10 including the reflector 16 which will backscatter energy 62 towards the surface 74 including receiver 72 of device 50 as illustrated in FIG. 7B. Alternately, when device 50 is not actively measuring the separation distance 30 or change in distance, then energy emitter 14 of device 10 will emit energy directed at the surface 74 of device 50 including the reflector 56 which will backscatter energy towards the surface 12 including receiver 18 of device 10. Accordingly, in this example the burst emissions alternate between the devices 10 and 50, and are used for measuring the distance 30 or velocity between the devices 10 and 50 during the swipe. As illustrated by this example, the devices 10 and 50 need to be arranged in a geometry where the surfaces 12 and 74 are substantially facing each other, although other manners for obtaining the measurements in other orientations could be used.

[0054] Although in this example the energies are sequentially emitted, other methods can be used. For example, if the energies emitted by the devices 10 and 50 are different, such as electromagnetic energy of differing wavelengths, then devices 10 and 50 can emit energy simultaneously to measure the swipe profile or exchange data, so long as adequate filtering is provided at the receiver of 10 and 50 to prevent the reception of the emission of the opposing device.

[0055] Typically, a burst comprises a periodic amplitude-modulated emission from the energy emitters 14 and 58 in devices 10 and 50, respectively. The modulation waveform during the burst can be sinusoidal, square wave, or any other periodic waveform, although other types of emissions could be used.

[0056] To determine the distance 30 between the devices 10 and 50, the processing systems 17 and 55 using data from the energy emitters 14 and 58 and the receivers 18 and 72 in devices 10 and 50, respectively, look at the change in phase between the emitted signal and the received signal. The distance 30 can be computed by the processing system 17 and 55 using the formula d=λ(δφ)/4π, where d is the distance 30, λ is the wavelength of the modulation frequency (e.g., λ=6 meters for a modulation frequency of 50MHz), and δφ is the phase shift between the received and transmitted signals. The phase shift measurement can be performed with conventional quadrature detection methods, or by methods and systems taught in US Patent No. 7,202,941, which is herein incorporated by reference in its entirety. If one of the embodiments in FIGS 2A-4 is used, then the processing systems 17 and 55 take into account the additional and possibly varying distance between surface 12 and window 112 when determining distance or other shared characteristics.

[0057] Although distance measurements are illustrated in this example, measurements of other shared characteristics between the devices 10 and 50 can be taken. For example, the relative velocity of device 50 with respect to device 10 can be measured by directly measuring the Doppler shift of the received echo in processing system 17. Alternately, the burst can be truncated such that only one half-cycle of modulation is transmitted, which is a pulse, whose round-trip travel time can be determined with conventional pulse-time-of- flight distance measuring

methods. In this case the distance 30 is d=ct/2, where c is the speed of light, and t is the round-trip propagation time. Note that d is proportional to the round-trip time t, and the value oft can be used as a proxy for d.

[0058] Additionally, although in these particular embodiments the methods of measuring distance or velocity described herein entail measuring the round-trip time of flight of energy from the emitting device, to the reflecting device, and back to the emitting device, other techniques can be used. For example, a unidirectional technique for measuring distance or velocity in which the measuring energy flows from one device to another and not back to the originating device, can have lower implementation costs and a simplified electronic architecture and processing algorithm, although certain requirements on the electronic components in these devices may exist, such as high stability in the electronic clocks.

[0059] As illustrated in FIGS. 7B, 8A, and 8B, the non-fixed position device 50 moves along in swiping motion along a direction of arrow 70 by fixed position device 10, although the device 10 could move with respect to device 50 or both devices 10 and 50 could be moving. This unique change in position for each swipe or pass of device 50 by device 10, results in a changing separation distance 30 between devices 10 and 50 which is used for generation of one or more secret keys. This single swipe in which device 50 moves past device 10 just once will in general have a varying distance between the devices such that the start and end distances of the swipe are greater than a mid-swipe distance. This change in distance over time also results in a varying velocity between the devices 50 and 10 as well. Although device 50 is shown moving and device 10 is fixed, other configurations can be used, such as having both devices moving with respect to each other.

[0060] Although one swipe or pass as illustrated in FIG. 8A, other numbers of swipes or passes could be used to capture measurement data and provide even greater security, such as the double swipe or pass illustrated in FIG. 8B. Although no two swipes will be identical, owing to the user-induced variations of motion of the device 50, the double-pass swipe has the advantage

over a single swipe because the path signature will be more unique will produce a more robust set of bits for generating the one or more secret keys.

[0061] In step 88, the processing systems 17 and 55 in devices 10 and 50, respectively, determine if enough measurements of the distance 30 between devices 10 and 50 as device travels along the path 70 have been obtained to average, although other shared characteristics could be measured and averaged. Typically, in most distance and/or velocity measuring devices that operate in an open medium, such as air or free space, stray and ambient signals, such as radio frequency interference in the RF spectrum, or stray light in the visible spectrum, will create electronic noise that reduces the precision of the distance or velocity measurement. To offset this problem, the distance or velocity measurements can be made over multiple bursts which are then averaged together to improve the measurement precision. This can result in several thousand bursts being transmitted by the energy emitters 14 and 58 in each of the device 10 and 50, respectively, during a swipe of device 50 by device 10.

[0062] By way of example only, a typical burst modulation frequency is

50MHz, and typically there are 50 cycles of this modulation per burst, such that each burst lasts lμs. Given that one distance or velocity measurement can occur during one burst and that in 0.5 seconds there can be 250,000 bursts for each of the devices 10 and 50, then 250,000 measurements can be made in 0.5 seconds. If 250 key bits are needed, then sets of 1,000 measurements can be averaged together by the processing systems 17 and 55 in the devices 10 and 50, respectively, to improve the precision of the measurement. As explained in greater detail herein, since one key bit is later obtained from each averaged measurement, greater precision for each average measurement for each of the devices 10 and 50 results in greater precision on each of the key bits.

[0063] Accordingly, if in step 88 the processing systems 17 and 55 in devices 10 and 50, respectively, determine enough measurements of the distance 30 between devices 10 and 50 have not been obtained to average, then the No branch is taken back to step 86 where additional distance measurements are taken, although again other shared characteristics between the devices 10 and 50 could

be measured. If in step 88 the processing systems 17 and 55 in devices 10 and 50, respectively, determine enough measurements of the distance 30 between devices 10 and 50 have been obtained to average, then the Yes branch is taken to step 89.

[0064] In step 89, the processing systems 17 and 55 in devices 10 and 50, respectively, determine if one or more of the averaged distance measurements are less than a predetermined threshold distance. This step is optional and provides a safeguard to prevent long-distance swipes or passes of a device 50 with respect to a device 10 which are impractical and typically arise from a person trying to surreptitiously exchange data with one of the devices 10 or 50. For most applications the maximum distance 30, as shown in FIG. 7B, between the fixed position device 10 and a non- fixed position device 50 is less than ten to twelve inches (300mm), although other distances could be used and these distances are stored in memory in the processing systems 17 and 55, respectively. Distances 30 in excess of this predetermined threshold would be immediately invalidated by the processing systems 17 and 55, respectively.

[0065] Accordingly, if the processing systems 17 and 55 in devices 10 and 50, respectively, determine one or more of the averaged distance measurements is not less than a threshold distance, then the No branch is taken back to step 80 where the process starts over. If the processing systems 17 and 55 in devices 10 and 50, respectively, determine the averaged distance measurements are each less than a threshold distance, then the Yes branch is taken back to step 90, although other numbers of measurements which are below the distance threshold could be used, such requiring as ninety percent of the measurements below the distance threshold.

[0066] In step 90, the processing systems 17 and 55 in devices 10 and 50, respectively, determine if enough averaged distance measurement data has been obtained to generate 128 key bits, although other numbers of key bits with other requirements for obtained data could be used. Typically, the sequence of key bits required by many popular encryption methods is 128 bits, although again other numbers of key bits could be used depending on the desired degree of data security, such as 256 bits. If the processing systems 17 and 55 in devices 10 and

50, respectively, determine enough averaged distance measurement data has not been obtained to generate 128 key bits, then the No branch is taken back to step 86 to obtain additional distance measurements. If the processing systems 17 and 55 in devices 10 and 50, respectively, determine enough averaged distance measurement data has been obtained to generate 128 key bits, then the Yes branch is taken to step 92.

[0067] In step 92, the processing systems 17 and 55 in devices 10 and 50, respectively, convert the averaged distance measurements to velocity or pseudo velocity, although other conversions could be performed, such as converting velocity to acceleration or pseudo acceleration. Velocity or pseudo velocity readings are used because most PTOF and phase-measuring distance measurements have a non-zero distance offset that varies from unit to unit. This offset makes it difficult for two devices 10 and 50 to measure the same distances, thus resulting in different bits for the secret key. However, the computation of velocity, being a time rate of change of distance, inherently subtracts out the offset such that the "velocity offset" is zero. As a result, bits generated from the velocity readings obtained from the averaged distance measurements for the devices 10 and 50 will be identical. Although velocity is used, other converted parameters could be used, such as acceleration or pseudo acceleration obtained from velocity measurements or distance measurements could be used to generate the bits for the one or more keys if the offset issue is addressed.

[0068] The velocity is computed by the processing systems 17 and 55 in devices 10 and 50, respectively, as the difference between two sequential distance measurements divided by the time between them. The resulting velocity is used to generate a key bit as explained in greater detail below. This division operation, in which the change in distances is divided by a constant differential time value, performed by the processing systems 17 and 55 in devices 10 and 50, respectively, is essentially a scaling operation since the differential time value is a constant. Since the change in distance between two sequential distance measurements can be small, not much larger than the residual noise level still present after the averaging process, the processing systems 17 and 55 in devices 10 and 50, respectively, select distance measurements whose differential values are more

likely to be greater. By way of example only, the processing systems 17 and 55 in devices 10 and 50, respectively, may select one averaged distance measurement obtained at the start of a swipe and one averaged distance measurement obtained at the middle of a swipe, for a single-swipe system. Alternately, with a double- swipe or pass where 128 key bits are desired, the processing systems 17 and 55 in devices 10 and 50, respectively, may select the start of the first swipe (measurement 0), the end of the first swipe (measurement 64) which is also the start of the second swipe, as well as the end of the end of the second swipe (measurement 128). The shortest distances are likely to be in the middle of the two swipes (measurements 32 and 96). Therefore, the maximum difference in distances is likely to be obtained when the distances are 32 measurements apart. Using non-sequential distances in the velocity computation will result in a quantity hereafter referred to as a pseudo-velocity (or pseudo velocity). Alternatively, it may also be desirable to generate 128 key bits for encryption and another 128 bits for message integrity checks.

[0069] Similarly, changes in velocity, or pseudo velocity, can result in an acceleration quantity which also can be used by the processing systems 17 and 55 in devices 10 and 50, respectively, to generate the bits for the one or more secret keys. The velocity or pseudo velocity values used in the computation by the processing systems 17 and 55 in devices 10 and 50, respectively, can be adjacent values, giving rise to acceleration or they can be non-adjacent and result in a pseudo-acceleration quantity.

[0070] In step 94, after a number of pseudo velocity readings are converted from the distance measurements, the pseudo velocity readings can be further filtered to reduce any residual noise effects by the filtering systems 29 and 69 in devices 10 and 50, respectively. With the optional filtering, the one or more keys generated in one device 10 are even more likely to match the one or more keys generated by the other device. In this particular embodiment, the filtering is a low-pass filter, such as a "box-car" average which is essentially a convolution function with unity coefficients, an HR (infinite impulse response) or FIR (finite impulse response), whose width and coefficients can be determined, such that a desired filter function can be generated, although other types and numbers of

fϊlters could be used. Since the structure and operation of filtering systems are well known to those of ordinary skill in the art, they will not be described in detail here.

[0071] In step 96, the processing systems 17 and 55 in devices 10 and 50, respectively, a bit from each pseudo velocity is selected to generated the secret key, although other numbers of bits could be selected from other types and numbers of converted measurements, such as selecting a bit from an acceleration or pseudo acceleration reading. An example of the generation of bits for the one or more secret keys by the processing systems 17 and 55 in devices 10 and 50, respectively, will now be described with reference to FIGS. 9 and 10.

[0072] Referring more specifically, to FIG. 9, the processing systems 17 and 55 in devices 10 and 50, respectively, converts the averaged and filtered distance measurements into the columns in this table. Column 49 denotes the particular number of the averaged and filtered distance measurement, column 48 is the averaged distance (in millimeters), column 47 is the pseudo velocity in floating point format, column 46 is the pseudo velocity converted to a binary integer value, and column 45 is the binary format of the binary integer value of each of the pseudo velocity readings.

[0073] Referring more specifically to FIG. 10, the binary format of the binary integer value of each of the pseudo velocity readings is illustrated. In this particular embodiment, the processing systems 17 and 55 in devices 10 and 50, respectively, determine that the bits fall into four different categories based on stored data which identifies which columns are measurably random and unaffected by noise based on the number of bits and sample sizes, although other manners for separating the bits into other numbers and types of categories can be used. The least significant bits in the columns in section 55 are dominated by random noise that survived the filtering and averaging processes and are likely to be different between the devices 10 and 50. At the other extreme, the most significant bits in the column in section 52 are all zero, resulting from a relatively low velocity between the devices 10 and 50. In this example, the bits in group 52 are not measurably random and cannot be used for generating the one or more

keys. Next, the columns in section 53 are bits that are both zero and one, but are still not measurably random as they have strong serial correlation and thus cannot be used for generating the one or more secret keys. Next, the columns in section 54 lie above the noise, are non-correlated and measurably random, and are known to both devices 10 and 50. Next, the processing systems 17 and 55 in devices 10 and 50, respectively, selects the bits from one or more of these columns to generate the one or more secret keys. By way of example, if this section 54 is three columns wide, such as in columns eight, nine, and ten, then one or more of can be used. In this example, the bits in column nine are selected by the processing systems 17 and 55 in devices 10 and 50, respectively, to generate the one or more secret keys, although two or more columns could be selected. Accordingly, the bits in column nine for both devices 10 and 50 will be independently developed without transmitting the secret key or keys between the devices 10 and 50 and the secret key or keys will be identical at devices 10 and 50. In this example, the bits in column nine can now be used by the devices 10 and 50 as the secret key for applications, such as encrypting and decrypting data sent between devices 10 and 50 or providing for secure message integrity checks on data transmitted between devices 10 and 50 in manners well know to those of ordinary skill in the art.

[0074] Accordingly, as illustrated herein the present invention provides an effective and secure method and system for simultaneously and independently generating one or more secret keys for encrypting and decrypting data sent between devices based on measurements of one or more common or shared characteristics. The present invention also is an effective and secure method for simultaneously and independently generating one or more secret keys that provide for secure message integrity checks on data transmitted between devices. These generated secret keys can be used in standard cryptographically-secure communication schemes

[0075] Having thus described the basic concept of the invention, it will be rather apparent to those skilled in the art that the foregoing detailed disclosure is intended to be presented by way of example only, and is not limiting. Various alterations, improvements, and modifications will occur and are intended to those

skilled in the art, though not expressly stated herein. These alterations, improvements, and modifications are intended to be suggested hereby, and are within the spirit and scope of the invention. Additionally, the recited order of processing elements or sequences, or the use of numbers, letters, or other designations therefore, is not intended to limit the claimed processes to any order except as may be specified in the claims. Accordingly, the invention is limited only by the following claims and equivalents thereto.