EchoCast ChirpLock descendant filing · crypto-gating layer

ChirpLock · drawing set · v1.0

Part I · Cover Docket · Abstract · v1.0 skeleton

U.S. Provisional Patent Application · Drawing set

Appl. No. —

Sheets 5

Rev. B · v1.0

Title · Method for gating cryptographic decryption on an acoustic time-of-flight challenge-response within a shared physical room

Inventor · J. H. Kim

Internal · ChirpLock · descendant of EchoCast

Filing target · bundled with EchoCast parent

Classification (proposed) · H04L 9/32 · G06F 21/35

About this Descendant filing · v1.0 skeleton Bundled with EchoCast spec

Descendant draft on top of the EchoCast ultrasonic-protocol specification (see /echocast for the parent). v1.0 novelty statement (2026-05-18, after expert critique): ChirpLock applies acoustic co-presence timing not merely as an authentication factor, but as a local cryptographic release condition: the host withholds AEAD decryption or content-key unwrapping unless a paired device returns a MAC-authenticated acoustic response within a host-measured, empirically calibrated timing budget. Unlike ambient-audio or acoustic 2FA systems — Sound-Proof (USENIX '15) admits or denies authentication; Proximity-Proof (MobiCom '18) gates login admission with inaudible-acoustic ranging — the disclosed gate keeps the ciphertext or wrapped content key unusable until the measured acoustic round satisfies both cryptographic validity and timing constraints. This is a narrower and more defensible novelty position than "acoustic distance bounding," which is well-trodden territory back to Brands & Chaum 1993 and Hancke & Kuhn 2005; ChirpLock's protocol uses packet-level chirp-and-MAC round-trip timing rather than rapid bit-exchange and is therefore better characterised as an acoustic round-trip co-presence timing gate rather than strict distance bounding.

Abstract of the disclosure Cover-sheet boilerplate v1.0

A system and method gate cryptographic decryption of an encrypted payload or wrapped content key on the successful completion of an acoustic co-presence timing gate — an inaudible-chirp nonce-and-MAC round-trip — between a host device and a paired device. The host generates a per-session nonce, transmits it via an inaudible ultrasonic chirp in the 18–22 kHz band, and starts a host-clock timer. The paired device, upon decoding the nonce, computes an HMAC over the nonce using a previously-established pairing key and emits the resulting tag via a return chirp. The host verifies the tag, measures the elapsed round-trip τ, and withholds an AEAD key-unwrapping operation (or equivalent content-key derivation / decryption-oracle invocation) until both (a) tag validity and (b) τ below a calibrated ceiling τ_max pass. τ_max is selected by empirical calibration to admit expected same-room acoustic propagation plus device-processing latency while rejecting relay paths whose audio I/O, buffering, and network-transit latency exceed the calibrated margin; the disclosure does not claim categorical exclusion of network-bridged attackers, only rejection in tested configurations. The long-term pairing key is stored only in a hardware-backed keystore (e.g. Secure Enclave, StrongBox, TPM); successful rounds derive ephemeral content-decryption keys that are erased after use.

Field

H04L 9/32 · authn / authz

Distinguished from

Proximity-Proof (Han et al. MobiCom '18) — closest art · inaudible-acoustic 2FA + acoustic ranging; gates login admission, not AEAD key release
Brands & Chaum (1993) — RF distance-bounding for auth
Hancke & Kuhn (2005) — RF distance-bounding refinement; rapid-bit-exchange ≠ this packet-timing gate
Sound-Proof (USENIX '15) — ambient-audio 2FA, not decryption gate
US9680827B2 (Venafi) — geo-fenced key validity; broader gating-of-crypto-on-physical-condition
Apple AirDrop — BLE + peer-to-peer Wi-Fi; no acoustic ToF, no decryption-release gate

Index of sheets Tap a row to jump 5 sheets

Sheet 1 FIG. 1 Same-room challenge-response · floorplan 100
Sheet 2 FIG. 2 Two-lane protocol timing diagram 300
Sheet 3 FIG. 3 Block diagram · crypto + acoustic stacks 400
Sheet 4 FIG. 4 Threat model · relay / man-in-the-room 500
Sheet 5 FIG. 5 Prior-art comparison matrix 600

Drawing convention Symbol vocabulary across all figures

Line styles

forward chirp · challenge from host

response chirp · HMAC tag from paired device

τ_max ceiling · inventive timing budget

room / host-device boundary

out-of-scope · remote attacker zone

Numeral convention

100sroom boundary (FIG. 1)
200sphysical devices & signals (FIG. 1)
300sprotocol-timing events (FIG. 2)
400sblock-diagram boundaries (FIG. 3)
500sthreat-model boundaries (FIG. 4)
600sprior-art comparison (FIG. 5)

Glyphs

host device · laptop A (FIG. 1 · 202)

paired device · phone B (FIG. 1 · 204)

chirp wavefront · 18 kHz nonce or tag (FIG. 1 · 206, 208)

gated cipher · the inventive lock (FIG. 1 · 210)

blocked relay · attacker fails timing (FIG. 4)

protocol-block frame · timing event (FIG. 2)

Part II · Drawings FIG. 1 – 5 · Sheets 1 – 5

Sheet 1 / 5 Representative FIG. 1 · Same-room challenge-response · floorplan 100

FIG. 1

Sheet 2 / 5 FIG. 2 · Two-lane protocol timing diagram 300

FIG. 2

Sheet 3 / 5 FIG. 3 · Block diagram · crypto + acoustic stacks 400

FIG. 3

Sheet 4 / 5 FIG. 4 · Threat model · relay / man-in-the-room 500

FIG. 4

Sheet 5 / 5 FIG. 5 · Prior-art comparison matrix · ChirpLock novelty positioning 600

FIG. 5

Part III · Specification Field · Summary · Detail · Alternatives

Field of the invention IPC classification (proposed) per MPEP § 608.01(d)

The present disclosure relates to gating the cryptographic decryption of an encrypted payload on the successful completion of an acoustic time-of-flight (ToF) challenge-response between two co-located devices. More particularly, it relates to a system in which the ciphertext remains opaque until both (a) a configured HMAC tag is verified and (b) an elapsed round-trip time on an inaudible chirp channel is measured to lie below a sub-100 ms ceiling that excludes any network-bridged adversary.

IPC

H04L 9/32 · authentication / authz
H04L 9/08 · key management
G06F 21/35 · hw-token auth

Adjacent

H04W 12/00 · wireless security
H04R 3/00 · audio circuit

Background of invention Prior-art context

Distance-bounding protocols were introduced by Brands & Chaum (1993) using RF round-trip timing for authentication, refined by Hancke & Kuhn (2005), and extended to ultrasonic and acoustic channels in NDSS / CCS / USENIX Security work from 2017 through 2019. All such systems use round-trip timing to authenticate that a counter-party is within a bounded distance. Sound-Proof (Karapanos et al., USENIX Security 2015) uses ambient-audio similarity to verify same-room co-presence for second-factor authentication.

The disclosed system extends this primitive in a previously-unclaimed direction: gating cryptographic decryption of payload data on the result of the time-of-flight challenge-response, rather than gating authentication or session establishment. The cipher remains opaque until the same-room timing budget is met — an attacker who breaks the authentication layer still cannot read the payload without satisfying the timing-bound.

The disclosed system shares its acoustic protocol stack with the EchoCast parent application (see /echocast), and may be implemented as an additional cryptographic-gating layer atop the EchoCast device-presence protocol.

Summary of the invention per 37 CFR § 1.73

A host device (202) and a paired device (204) share a previously-established symmetric key k. To decrypt a payload, host (202) generates a per-session nonce (302), transmits the nonce via an inaudible chirp (304) above 18 kHz, and starts a timer. Paired device (204), upon decoding the nonce, computes HMAC(k, n) (306) and returns the tag by emitting a return chirp (308). Host verifies (310) the HMAC and gates decryption on the conjunction of (a) tag validity and (b) elapsed time τ less than a configured ceiling τ_max (e.g., 100 ms).

Per-session key derivation is performed after a successful round so no shared secret is persisted in plaintext across sessions. The protocol does not rely on a clock at the paired device; only the host's clock is timing-critical.

Brief description of drawings Sheets 1 – 5

FIG. 1A floorplan view of room 102 containing host device A 202 and paired device B 204, with the challenge wavefront 206 and response wavefront 208 illustrated; gated cipher 210 sits between.
FIG. 2The two-lane (A · host 202, B · paired 204) challenge-response timing diagram with timing-faithful block positions: nonce 302 at t = 0; forward chirp 304 traversing in-air for ≈ 30 ms; HMAC 306 computed on B; response chirp 308 traversing in-air for another ≈ 30 ms; verify 310 on A. τ_max budget ceiling 312 at 100 ms; total elapsed Δt 314 ≈ 95 ms (head-room ≈ 5 ms). Linear time axis with 20-ms tick spacing.
FIG. 3The crypto + acoustic block diagrams of device A 402 and device B 404, sharing the in-air ultrasonic channel as their sole signaling path.
FIG. 4The threat model showing legitimate room 502 versus remote room 504; a network relay attack incurs ≥ 60 ms additional latency, exceeding τ_max and failing verification.
FIG. 5Prior-art comparison matrix 602–624; ChirpLock 624 is the unique row gating decryption with acoustic time-of-flight, per-session rekey, and relay resistance.

Detailed description of the invention Embodiments & alternatives per MPEP § 608.01

The host device 202 and paired device 204 may comprise, in some embodiments, two commodity consumer devices (a laptop and a smartphone, respectively); in some embodiments, a desktop and a wearable; in some embodiments, two IoT devices sharing a previously-bonded symmetric key. The shared key k is established out-of-band (e.g., during a one-time on-device pairing ceremony) and stored in a hardware-backed key store on each device.

The forward and return chirps 304 / 308 are encoded in the 18–22 kHz near-ultrasonic band per the EchoCast parent disclosure. In some embodiments the chirp uses BFSK; in some embodiments OFDM with a small constellation; in some embodiments a Costas-array chirp for robustness against narrowband interferers. Acoustic Integrity Codes (Putz et al., WiSec 2020) may be applied as a PHY-layer authenticity layer atop the chirp.

The HMAC engine 306 uses a standard MAC primitive (HMAC-SHA-256 per RFC 2104; Bellare, Canetti & Krawczyk CRYPTO 1996); on contemporary mobile silicon, HMAC-SHA-256 over a 128-bit nonce executes in well under a millisecond — the dominant per-round latency in step 306 comes from OS audio-pipeline scheduling, chirp-decode windowing, and response-emission scheduling rather than from the MAC computation itself. Per-session content-decryption keys derived following a successful round are produced via HKDF (Krawczyk CRYPTO 2010; RFC 5869), keyed on the pairing key, the nonce, the transcript hash, and the measured τ; forward secrecy is not provided by HKDF alone — HKDF is a key-derivation function, not a forward-secrecy mechanism. Forward-secrecy embodiments additionally mix in an ephemeral Diffie-Hellman share exchanged on the acoustic channel, OR advance the pairing key by a one-way ratchet with secure deletion of the prior key; absent one of those constructions, a post-compromise adversary holding the pairing key plus a recorded session transcript can recompute the session key.

The payload decryption itself is performed using an authenticated encryption with associated data (AEAD) construction; in some embodiments AES-GCM (NIST SP 800-38D); in some embodiments ChaCha20-Poly1305 (RFC 8439). The AEAD release is gated on the conjunction of HMAC validity and τ < τ_max; in some embodiments the gate is a hardware-enforced barrier via the host platform's secure element.

The ceiling τ_max is configurable and is selected by empirical calibration on the deployment hardware, not asserted as a fixed numerical bound. Calibration measures, on the specific host audio I/O stack and paired-device audio I/O stack, the same-room round-trip latency budget comprising: chirp emission duration on each device (≈ 30 ms each in the disclosed embodiment); OS audio path latency (capture + playout, varies materially across devices and OS versions); chirp decode window; HMAC compute (negligible on contemporary silicon); and acoustic propagation (≈ 8.7 ms one-way at 3 m). The calibrated τ_max is set with a margin chosen to admit observed same-room rounds with high probability while rejecting relay paths whose audio I/O, buffering, and network-transit overhead exceed that margin. This disclosure does not claim categorical exclusion of network-bridged attackers — low-latency audio capture, low-jitter LAN relays, and aggressive playout buffering can in principle fit under tight ceilings on some hardware. Empirical relay-attack timing bounds (Francillon, Danev & Čapkun NDSS 2011; Choi et al. Sound-Proximity 2018) inform the relative budget; symbolic-protocol analysis suitable for Tamarin / ProVerif (Mauw et al. IEEE S&P 2018) is contemplated as an enabling appendix.

Acoustic eavesdropping (Halevi & Saxena IEEE TIFS 2013; SonarSnoop 2018) cannot recover the shared key k because no key material traverses the acoustic channel — only nonce and HMAC tag. The 18–22 kHz band is a known covert-channel medium (Guri et al. MOSQUITO 2018; LISNR Radius; Sonos near-ultrasonic; Google Nest Hub ultrasound sensing) and ChirpLock's use of the band is therefore feasibility-proven on contemporary commodity hardware.

Alternative embodiments Claim-scope broadening per MPEP § 608.01(g)

Carrier substrate. In some embodiments the acoustic chirp is replaced by an alternate physical-layer carrier whose time-of-flight remains measurable at room scale: ultra-wideband (UWB per IEEE 802.15.4z HRP, e.g. Singh et al. NDSS 2019); visible-light Li-Fi pulses; modulated infrared. The decryption-gating mechanism and τ_max constraint are independent of the carrier.
MAC primitive. In some embodiments HMAC-SHA-256 is replaced by HMAC-SHA-3, KMAC, or a post-quantum MAC (e.g., based on NIST-standardised hash-based signatures).
AEAD primitive. In some embodiments AES-GCM is used; in some embodiments ChaCha20-Poly1305; in some embodiments a streaming-AEAD variant for large payloads.
Multi-device quorum. In some embodiments more than two devices participate, and the gate is satisfied only when a threshold k-of-n of paired devices each complete their own ToF round — a same-room quorum analogous to FIDO Hybrid (caBLE) but with measured-ToF rather than asserted BLE proximity.
Per-session content-key derivation. In some embodiments derivation is keyed on (pairing-key, nonce); in some embodiments on (pairing-key, nonce, transcript-hash, τ) to bind the derivation to the measured ToF. Forward secrecy embodiments additionally mix in an ephemeral Diffie-Hellman component exchanged in-band on the acoustic channel, OR advance the pairing key via a one-way ratchet with secure deletion of the prior key — HKDF alone does not provide forward secrecy.
Frequency-hopping carrier. In some embodiments the chirp center frequency is randomized per session within the 18–22 kHz band to defeat narrowband relay/jamming and to resist the emission-hopping side-channel literature (NoiseHopper CCS 2019, follow-ons).
Hardware embodiment. In some embodiments the host device's verification and gate-release are enforced by a hardware secure element (Apple Secure Enclave / Android StrongBox / TPM 2.0) such that AEAD release is impossible without a passing ToF round even under host-OS compromise.

Part IV · Claims 6 total · 1 indep · 4 dep · 1 apparatus

Claims 1 independent · 5 dependent · 1 apparatus Draft v1.0

What is claimed is:

1. A computer-implemented method for gating an AEAD key-unwrapping operation, content-key derivation, or decryption-oracle invocation on a measured acoustic round-trip co-presence timing condition, comprising:

(a)generating, at a first device (202), a per-session nonce (302);
(b)emitting, from said first device, an inaudible acoustic signal (304) encoding said nonce, and recording an emission time t₀ at said first device;
(c)receiving, at said first device, an inaudible acoustic response signal (308) from a second device (204), said response signal encoding a tag T;
(d)computing an elapsed time τ between t₀ and the reception of said response signal, said elapsed time being measured (rather than asserted) at the first device's clock;
(e)verifying that T equals HMAC(k, n) for a pairing key k held in a hardware-backed keystore (e.g. Secure Enclave, StrongBox, TPM), and that τ < τ_max for a calibrated ceiling τ_max selected by empirical calibration to reject relay paths whose audio I/O, buffering, and network-transit latency exceed the same-room margin observed in calibration; and
(f)withholding, in the negative case, an AEAD key-unwrapping operation, content-key derivation, or decryption-oracle invocation, such that the first device does not obtain plaintext or a usable content-decryption key unless both said HMAC verification and said host-measured timing condition pass.

2. The method of claim 1, wherein said inaudible acoustic signal is encoded in the band 18–22 kHz per the chirp specification of the EchoCast parent disclosure.

3. The method of claim 1, wherein τ_max is selected by empirical calibration across the host audio I/O stack, paired-device audio I/O stack, and the expected acoustic propagation across an intended same-room geometry; cited relay-attack timing bounds (Francillon, Danev & Čapkun NDSS 2011) inform the relative budget for non-acoustic transit but do not establish a categorical bound — no fixed numerical τ_max is claimed as exclusive.

4. The method of claim 1, wherein per-session content-decryption keys are derived following a successful round using HKDF (Krawczyk CRYPTO 2010; RFC 5869) keyed on the pairing key, the nonce, the transcript hash, and the measured τ; and wherein, in embodiments seeking forward secrecy against future pairing-key compromise, the derivation additionally mixes in an ephemeral Diffie-Hellman share exchanged in-band on the acoustic channel, OR an embodiment in which the pairing key is advanced by a one-way ratchet with secure deletion of the prior key (RFC 5869 alone is a KDF, not a forward-secrecy mechanism).

5. The method of claim 1, wherein the AEAD release operation of step (f) is enforced by a hardware secure element of the first device, such that the decryption oracle is unavailable to host-OS software absent a passing time-of-flight round and a valid HMAC tag.

6. The method of claim 1, wherein a relay device physically located within the same acoustic room as the first and second devices is outside the disclosed remote-relay threat model and is treated as requiring physical access to the protected environment.

7. A first device (202), comprising:

(a)an acoustic transducer for emitting inaudible chirps and a microphone for receiving the same;
(b)one or more processors implementing nonce generation, HMAC verification, and a high-resolution clock; and
(c)a non-transitory memory storing instructions to perform the method of any of claims 1 – 6.

Claims · 7 total · 1 independent · 5 dependent · 1 apparatus

Claim · figure support chart Each claim element → supporting figures & reference numerals Patent-prosecution aid

Claim	Key element	Supporting figures & numerals
1(a)	per-session nonce at first device	FIG. 1 · 202 · FIG. 2 · 302 · FIG. 3 · 402
1(b)	inaudible acoustic chirp emission + t₀	FIG. 1 · 206 · FIG. 2 · 304
1(c)	response signal containing tag T	FIG. 1 · 208 · FIG. 2 · 306, 308
1(d)	measured (not asserted) elapsed time τ	FIG. 2 · 314 (Δt bracket) · FIG. 5 · 616 vs 624 (measured vs asserted)
1(e)	HMAC over key in hardware keystore + τ < calibrated τ_max	FIG. 2 · 310, 312 · FIG. 4 · 502, 504
1(f)	AEAD key-unwrap / content-key derivation withheld	FIG. 1 · 210 (gated cipher) · FIG. 5 · 624
2	18–22 kHz band per EchoCast parent	FIG. 2 · 304, 308 · EchoCast parent FIG. 13
3	τ_max calibrated per-deployment (no fixed numerical bound)	FIG. 2 · 312, 314 · FIG. 4 · 504
4	HKDF key derivation; forward secrecy via ephemeral DH or one-way ratchet	FIG. 3 · 402 (cipher · gated, nonce gen + clock)
5	hardware secure-element enforcement	FIG. 3 · 402 (verify HMAC + τ)
6	in-room relay outside threat model (requires physical access)	FIG. 4 · threat-model panel
7	apparatus · transducer + processor + memory	FIG. 3 · 402, 404

Part V · Appendices Prior-art bibliography

Prior-art bibliography Selected; not exhaustive

Brands, S. and Chaum, D. Distance-Bounding Protocols. EUROCRYPT 1993.
Hancke, G. P. and Kuhn, M. G. An RFID Distance Bounding Protocol. SecureComm 2005.
Sastry, N., Shankar, U., Wagner, D. Secure Verification of Location Claims. WiSe 2003.
Halevi, T. and Saxena, N. Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing. IEEE TIFS 2013.
Roeschlin, M. et al. NoiseHopper: Emission Hopping Ultrasound Side Channel. CCS 2019.
Kim, J. H. EchoCast: System and Method for Migrating an Audio Rendering Session via Inaudible Ultrasonic Signals. Provisional draft v0.9 (parent application).

Part VI · Execution Version · v1.0 · Skeleton

Version history Draft · not filed

v0.12026-02-22 · Skeleton draft. Descendant of EchoCast spec.
v1.02026-05-18 · Expert-critique pass. Acknowledged factual errors in the v0.1 draft and applied corrections:
1. separated chirp-duration / OS-audio-latency / acoustic-propagation in FIG. 2 (previously conflated as "≈30 ms in-air");
2. demoted τ_max from "100 ms ceiling that excludes any practical network-bridged attacker" to a calibrated ceiling rejecting relay paths in tested configurations only — no categorical claim;
3. reframed as "acoustic round-trip co-presence timing gate" rather than strict "distance bounding" (Hancke & Kuhn distinguish packet-timing from rapid-bit-exchange; ChirpLock uses the former);
4. corrected "no shared secret is persisted" to acknowledge a long-term pairing key in a hardware-backed keystore;
5. removed HKDF-based forward-secrecy overclaim — HKDF alone is a KDF, not a forward-secrecy mechanism, so forward-secrecy embodiments now explicitly require ephemeral DH or one-way ratchet;
6. added Proximity-Proof (Han et al. MobiCom '18) as closest art on inaudible-acoustic 2FA + ranging (replaced DoubleEcho row 614 in FIG. 5) and tightened novelty against it (login admission vs AEAD key release);
7. corrected AirDrop characterization from "same-network" to BLE + Apple peer-to-peer Wi-Fi;
8. acknowledged US9680827B2 / US20150271156A1 (Venafi) geo-fenced key material as broader gating-of-crypto-on-physical-condition art;
9. narrowed claim 1 from generic "decryption gating" to AEAD key-unwrap / content-key derivation / decryption-oracle invocation explicitly;
10. renumbered claims (added in-room-relay-outside-threat-model as new dependent claim 6, apparatus is now claim 7);
11. softened claim 3 from a fixed 100 ms bound to a per-deployment calibrated τ_max.

Bundled-filing strategy: this descendant cites the EchoCast parent specification by reference, shares the acoustic chirp protocol of FIG. 13 in /echocast, and adds one narrow claim group (the decryption gating mechanic). Promotion to a full provisional draft is conditioned on the one-day round-trip timing experiment described in the project's working notes.

/chirplock · v1.0 · drawing-stage · child of /echocast

Index