Secure wireless ranging

US 10,567,428 B2
Filed: 07/10/2018
Issued: 02/18/2020
Est. Priority Date: 05/27/2016
Status: Active Grant

First Claim

Patent Images

1. A method for performing secure wireless ranging, comprising:

initiating a handshake process between a first wireless communication device and a second wireless communication device;

collecting first measurement data at the first wireless communication device;

encrypting the first measurement data using an initialization vector and a transient key to produce first encrypted measurement data;

transmitting the first encrypted measurement data from the first wireless device to the second wireless communication device;

receiving second encrypted measurement data from the second wireless communication device at the first wireless communication device;

collecting third measurement data at the first wireless communication device;

monotonically increasing the initialization vector to produce an updated initialization vector;

encrypting the third measurement data using the updated initialization vector and the transient key to produce third encrypted measurement data; and

determining a separation distance between the first and second wireless communication devices using the first, second, and third encrypted measurement data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments for securely determining a separation distance between wireless communication devices is provided. These embodiments include receiving a measurement request and a first random identifier from a first wireless communication device at a second wireless communication device. The embodiments also includes deriving a transient key using the first random identifier, a second random identifier (generated by the second device), and a pre-shared key. The first and second random identifiers, the pre-shared key, and the transient key derived therefrom are shared between the first and second devices, but are not known to any other devices. The embodiments further include encrypting measurement data exchanged between the two devices using the transient key, and using the encrypted measurement data to calculate and verify a separation distance between the devices. The embodiments thus prevent dishonest wireless communication devices from intercepting communications and spoofing a location of one of the two honest devices.

16 Citations

19 Claims

1. A method for performing secure wireless ranging, comprising:
- initiating a handshake process between a first wireless communication device and a second wireless communication device;
  
  collecting first measurement data at the first wireless communication device;
  
  encrypting the first measurement data using an initialization vector and a transient key to produce first encrypted measurement data;
  
  transmitting the first encrypted measurement data from the first wireless device to the second wireless communication device;
  
  receiving second encrypted measurement data from the second wireless communication device at the first wireless communication device;
  
  collecting third measurement data at the first wireless communication device;
  
  monotonically increasing the initialization vector to produce an updated initialization vector;
  
  encrypting the third measurement data using the updated initialization vector and the transient key to produce third encrypted measurement data; and
  
  determining a separation distance between the first and second wireless communication devices using the first, second, and third encrypted measurement data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the initiating the handshake process includes:
    - receiving, at the first wireless communication device, a first random identifier and a measurement request from the second wireless communication device;
      
      generating a second random identifier at the first wireless communication device;
      
      deriving the transient key using the first random identifier, the second random identifier, and a pre-shared key, wherein the transient key comprises a first subsection, a second subsection, and a third subsection;
      
      generating a first sounding symbol at the first wireless communication device;
      
      encrypting the first sounding symbol using the first subsection of the transient key to produce a first protected sounding symbol;
      
      transmitting the first protected sounding symbol from the first wireless communication device to the second wireless communication device;
      
      receiving a second protected sounding symbol from the second wireless device at the first wireless communication device;
      
      decrypting, by the first wireless communication device, the received second protected sounding symbol; and
      
      determining, at the first wireless communication device, whether the decrypted second protected sounding symbol matches the second subsection of the transient key.
  - 3. The method of claim 2, wherein the initiating the handshake process is performed only once.
  - 4. The method of claim 1, wherein the initialization vector, and the method for increasing the initialization vector, is known to both the first and second wireless communication devices.
  - 5. The method of claim 1, wherein the encrypting the first measurement data includes combining the initialization vector with the transient key such that a first sequence of bits is used to encrypt the first measurement data, and wherein the encrypting the third measurement data includes combining the initialization vector with the transient key such that a second sequence of bits is used to encrypt the third measurement data.
  - 6. The method of claim 1, further comprising, at least one of:
    - averaging, by the first wireless communication device, the first and third measurement data to avoid erroneous measurements; and
      
      applying a confidence factor, by the first wireless communication device, to the first and third measurement data to avoid erroneous measurements.
  - 7. The method of claim 1, further comprising:
    - concatenating the initialization vector with the transient key to derive a pseudo random function.
  - 8. The method of claim 7,wherein the encrypting the first measurement data further comprises combining the pseudo random function with the first measurement data using an XOR function to produce the first encrypted measurement data;
    - andwherein the encrypting the third measurement data further comprises combining the pseudo random function with the third measurement data using an XOR function to produce the third encrypted measurement data.
  - 9. The method of claim 2, wherein the pre-shared key is a shared password that is known to both first and second wireless communication devices.
  - 10. The method of claim 9, wherein the pre-shared key is incrementally updated, and wherein both the first and second wireless communication devices know a scheme for updating the pre-shared key.

11. A wireless communication device, comprising:
- a wireless interface configured to;
  
  initiate a one-time only handshake process with a second wireless communication device;
  
  a hardware processor configured to;
  
  collect first measurement data, andencrypt the first measurement data using a transient key to produce first encrypted measurement data, wherein the first measurement data is encrypted by combining an initialization vector with the transient key such that a first sequence of bits is used to encrypt the first measurement data;
  
  wherein the wireless interface is further configured to;
  
  transmit the first encrypted measurement data to the second wireless communication device, andreceive second encrypted measurement data from the second wireless communication device,wherein the hardware processor is further configured to;
  
  collect third measurement data,monotonically increase the initialization vector to produce an updated initialization vector;
  
  encrypt the third measurement data using the transient key to produce third encrypted measurement data, wherein the third measurement data is encrypted by combining the updated initialization vector with the transient key such that a second sequence of bits is used to encrypt the third measurement data, anddetermine a separation distance from the second wireless communication device using the first, second, and third encrypted measurement data; and
  
  memory, coupled to the hardware processor, configured to store the transient key, the initialization vector, the first, second, and third measurement data, and a set of instructions for execution by the hardware processor.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The wireless communication device of claim 11, wherein the transient key is valid only for a single communication session with the second wireless communication device.
  - 13. The wireless communication device of claim 11, wherein the memory is further configured to store a pre-shared key, wherein the pre-shared key is an identifier associated with a cloud-based account, and wherein both wireless communication devices belong to the cloud-based account.
  - 14. The wireless communication device of claim 11, wherein the hardware processor is further configured to:
    - determine whether the second wireless communication device is outside of a communication area associated with the wireless communication device based on the determined separation distance; and
      
      prevent a transmission of additional measurement data to the second wireless communication device when the second wireless communication device is determined to be outside of the communication area.
  - 15. The wireless communication device of claim 11, wherein the memory is configured to be accessible to the second wireless communication device when the one-time only handshake process is successfully completed, and when the second wireless communication device is determined to be within a communication area associated with the wireless communication device based on the determined separation distance.

16. A secure wireless communication system, comprising:
- a first wireless communication device, having a first processor, a wireless interface, and memory; and
  
  a second wireless communication device, having a second processor, a wireless interface, and memory,wherein the first wireless communication device is configured to;
  
  initiate a handshake process with the second wireless communication device,collect first measurement data,encrypt the first measurement data using a transient key to produce first encrypted measurement data, wherein the first measurement data is encrypted by combining an initialization vector with the transient key such that a first sequence of bits is used to encrypt the first measurement data,transmit the first encrypted measurement data to the second wireless communication device,collect third measurement data, andencrypt the third measurement data using the transient key to produce third encrypted measurement data, wherein the third measurement data is encrypted by combining the initialization vector with the transient key such that a third sequence of bits is used to encrypt the third measurement data, andwherein the second wireless communication device is configured to;
  
  complete the handshake process with the first wireless communication device,collect second measurement data,encrypt the second measurement data using a transient key to produce second encrypted measurement data, wherein the second measurement data is encrypted by combining the initialization vector with the transient key such that a second sequence of bits is used to encrypt the second measurement data, andtransmit the second encrypted measurement data to the first wireless communication device, andwherein the first wireless communication device is further configured to;
  
  determine a separation distance from the second wireless communication device using the first, second, and third encrypted measurement data.
- View Dependent Claims (17, 18, 19)
- - 17. The secure wireless communication system of claim 16, wherein the first wireless communication device is at least one of a cellphone or a smartwatch, and wherein the second wireless communication device is a computer.
  - 18. The secure wireless communication system of claim 16, wherein the second wireless communication device is further configured to calculate a separation distance from the first wireless communication device using the first, second, and third encrypted measurement data.
  - 19. The secure wireless communication system of claim 16, wherein the transient key is derived using a pre-shared key, wherein the pre-shared key is stored in the memory of the first wireless communication device and in the memory of the second wireless communication device, and wherein both the first and second wireless communication device are further configured to incrementally update the pre-shared key using a same scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Chhabra, Kapil, Kasten, Welly
Primary Examiner(s)
Lemma, Samson B

Application Number

US16/031,459
Publication Number

US 20180332075A1
Time in Patent Office

588 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G01S 11/02   using radio waves G01S19/00...

G01S 5/0244   Accuracy or reliability of ...

G01S 5/0289   of multiple transceivers, e...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0435   wherein the sending and rec...

H04L 63/1466   Active attacks involving in...

H04L 67/52   specially adapted for the l...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/33   using wearable devices, e.g...

H04W 12/64   using geofenced areas

H04W 4/80   Services using short range ...

H04W 64/003   locating network equipment

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

Secure wireless ranging

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure wireless ranging

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links