Method and system for authentication between electronic devices with minimal user intervention

US 20070214356A1
Filed: 03/01/2007
Published: 09/13/2007
Est. Priority Date: 03/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authentication between electronic devices in a network, comprising the steps of:

storing user information in a first device in the network;

binding ownership of a second device to the user;

connecting the second device to the network; and

performing authentication by verifying the ownership of the second device utilizing the user information in the first device, thereby establishing trust between the first device and the second device for communication therebetween.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authentication between electronic devices with reduced user intervention is provided. An authentication process for electronic devices (e.g., CE devices) establishes ownership for secure communication, with reduced user involvement. Device ownership trust establishment allows secured/authenticated communication between electronic devices. The process binds a device to an owner such that the authentication only verifies the authenticity of a device, and verifies the ownership of the device to ensure authentication. This ensures that a device is a valid device that has not been tampered with, and ensures a device has a trusted owner. Ownership binding to a device can be verified and established by trusted third parties without user intervention.

Citations

36 Claims

1. A method for authentication between electronic devices in a network, comprising the steps of:
- storing user information in a first device in the network;
  
  binding ownership of a second device to the user;
  
  connecting the second device to the network; and
  
  performing authentication by verifying the ownership of the second device utilizing the user information in the first device, thereby establishing trust between the first device and the second device for communication therebetween.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein performing authentication further includes the step of verifying ownership binding for the second device via a trusted entity.
  - 3. The method of claim 2 wherein binding ownership of the second device includes:
    - during acquisition of the second device by a user purchaser, using device identification and purchaser information in obtaining approval for acquisition of the second device; and
      
      upon approval for acquisition and upon purchaser permission, performing registration in a registration entity by;
      
      generating an authentication key pair and a temporary certificate for the second device; and
      
      associating the purchaser information with a preinstalled secret code in the second device, for later retrieval by the second device and using the secret code as the device identification.
  - 4. The method of claim 3 wherein during acquisition the purchaser provides credit information, such that obtaining approval for the acquisition includes providing the credit information to a creditor entity for verification of purchase.
  - 5. The method of claim 4 further comprising the steps of:
    - upon verification, the credit entity providing purchaser information including purchaser identification; and
      
      utilizing the provided purchaser identification and device information in associating the purchaser information with the second device.
  - 6. The method of claim 5 wherein performing authentication when the second device is connected to the network, further includes the steps of:
    - sending the secret code of the second device to the registration entity;
      
      the registration entity using the secret code to find and send said a temporary certificate and authentication key to the second device; and
      
      the second device communicating with the first device wherein the first device verifies a certificate of the second device, and the second device verifies a certificate of the first device, such that if both certificates are not verified the authentication fails.
  - 7. The method of claim 6 further comprising the step of:
    - if both certificates are verified, then the first device extracts purchaser information from the temporary certificate of the second device and verifies the extracted purchaser information with user information stored in the first device.
  - 8. The method of claim 7 further including the steps of:
    - verifying if purchaser information matches the stored user information; and
      
      if purchaser information matches the stored user information, then establishing ownership trust in the network between the first device and the second device for further information communication therebetween.
  - 9. The method of claim 8 further including the steps of:
    - if purchaser information matches the stored user information, then;
      
      the first device further generating a public/private key pair and issuing a permanent certificate for the second device;
      
      the first device encrypting the public/private key pair and the permanent certificate for the second device, using the temporary device public key on the first device; and
      
      the second device decrypting the public/private key pair and the permanent certificate for the second device, using the temporary private key;
      
      wherein the permanent certificate and the public/private key are used for communication with other devices in the network.
  - 10. The method of claim 9 wherein the first device comprises a gateway and the second device comprises an electronic device.
  - 11. The method of claim 3 wherein the registration entity comprises a registration server of the manufacturer of the second device.
  - 12. The method of claim 3 wherein during acquisition the purchaser provides checking information, such that obtaining approval for the acquisition further includes providing the payment funds information to a banking entity for verification of purchase.

13. A method for authenticating communication between electronic devices connected in a network, comprising the steps of:
- storing user information on a first device in the network;
  
  binding ownership of a second device to the user;
  
  connecting the second device to the network; and
  
  performing authentication by verifying ownership of the second device, thereby establishing ownership trust in the network between the first device and the second device for communication therebetween;
  
  wherein performing authentication further includes the second device multicasting its presence in the network, and the user approving trust establishment in the network, whereby ownership trust in the network is established between the first device and the second device for further communication therebetween.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 wherein the user approving trust establishment further includes the user checking the status of the network on the first device via a remote console, and based on the multicast, the user approving trust establishment to inform the first device that the second device is a trusted device.
  - 15. The method of claim 14 further comprising the step of:
    - upon the user approving trust establishment, the first device issuing a certificate and a private/public key pair for the second device.

16. A method for authenticating communication between electronic devices connected in a network, comprising the steps of:
- storing user information on a first device in the network;
  
  binding ownership of a second device to the user;
  
  connecting the second device to the network; and
  
  performing authentication by verifying the ownership of the second device, thereby establishing ownership trust in the network between the first device and the second device for communication therebetween;
  
  wherein performing authentication further includes the second device receiving user information from the user, and the second device registering the user information with a registration entity.

17. A system for authentication between electronic devices in a network, comprising:
- a first device configured to store user information in a network;
  
  an ownership binder configured to bind ownership of a second device to the user; and
  
  an authenticator configured to perform authentication by verifying ownership of the second device utilizing the user information in the first device, and establish trust between the first device and the second device for communication therebetween.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The system of claim 17 wherein the authenticator is further configured to perform authentication by verifying ownership binding for the second device via a trusted entity.
  - 19. The system of claim 18 wherein the ownership binder is configured such that:
    - during acquisition of the second device by a user purchaser, the ownership binder uses device identification and purchaser information to obtain approval for acquisition of the second device; and
      
      upon approval for acquisition and upon purchaser permission, the ownership binder performs registration in a registration entity by generating an authentication key pair and a temporary certificate for the second device, and associating the purchaser information with a preinstalled secret code in the second device, for later retrieval by the second device and using the secret code as the device identification.
  - 20. The system of claim 19 wherein during acquisition the purchaser provides credit information, such that the ownership binder is configured to obtain approval for the acquisition by providing the credit information to a creditor entity for verification of purchase.
  - 21. The system of claim 20 wherein upon verification, the credit entity provides purchaser information including purchaser identification, and the ownership binder is configured to utilize the provided purchaser identification and device information in associating the purchaser information with the second device.
  - 22. The system of claim 21 wherein:
    - the authenticator is further configured to authenticate the second device when the second is connected to the network, by sending the secret code of the second device to the registration entity for the registration entity to utilize the secret in finding and sending back said temporary certificate and authentication key to the second device;
      
      the second device is configured to communicate with the first device;
      
      the first device is configured to verify a certificate of the second device; and
      
      the second device is further configured to verify a certificate of the first device, such that if both certificates are not verified, the authenticator fails the authentication.
  - 23. The system of claim 22 wherein the authenticator is further configured such that, if both certificates are verified, then the first device extracts purchaser information from the temporary certificate of the second device and verifies the extracted purchaser information with user information stored in the first device.
  - 24. The system of claim 23 wherein the authenticator is further configured to verify if the purchaser information matches the stored user information, and if the purchaser information matches the stored user information, then the authenticator establishes ownership trust in the network between the first device and the second device for further information communication therebetween.
  - 25. The system of claim 24 wherein:
    - the authenticator is further configured such that, if the purchaser information matches the stored user information, then the first device generates a public/private key pair and issues a permanent certificate for the second device;
      
      the first device is configured to encrypt the public/private key pair and the permanent certificate for the second device, using the temporary device public key on the first device; and
      
      the second device is configured to decrypt the public/private key pair and the permanent certificate for the second device, using the temporary private key;
      
      wherein the permanent certificate and the public/private key pair are used for communication with other devices in the network.
  - 26. The system of claim 25 wherein the first device comprises a gateway and the second device comprises an electronic device.
  - 27. The system of claim 19 wherein the registration entity comprises a registration server of the manufacturer of the second device.
  - 28. The system of claim 19 wherein during acquisition the purchaser provides checking information, such that the ownership binder is further configured to obtain approval for the acquisition by providing the payment funds information to a banking entity for verification of a purchase.

29. An electronic device for authentication with other devices in a network including a first device containing user information, comprising:
- an ownership binder configured to bind ownership of the electronic second device to the user; and
  
  an authenticator configured to perform authentication by verifying ownership of the electronic device utilizing the user information in the first device, and establish trust between the first device and the electronic device for communication therebetween.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The electronic device of claim 29 wherein the authenticator is further configured to perform authentication by verifying ownership binding for the electronic device via a trusted entity.
  - 31. The electronic device of claim 30 wherein:
    - the authenticator is further configured to authenticate the electronic device when the electronic device is connected to the network, by sending a secret code in the electronic device to a registration entity for the registration entity to utilize the secret in finding and sending back a temporary certificate and authentication key to the electronic device;
      
      the electronic device is configured to communicate with the first device, such that the first device verifies a certificate of the electronic device; and
      
      the electronic device is further configured to verify a certificate of the first device, such that if both certificates are not verified, the authenticator fails the authentication.
  - 32. The electronic device of claim 31 wherein the authenticator is further configured such that, if both certificates are verified, then the first device extracts the purchaser information from the temporary certificate of the electronic device and verifies the extracted purchaser information with user information stored in the first device.
  - 33. The electronic device of claim 32 wherein the authenticator is further configured such that to verify if the purchaser information matches the stored user information, and if the purchaser information matches the stored user information, then establishing ownership trust in the network between the first device and the electronic device for further information communication therebetween.
  - 34. The electronic device of claim 33 wherein:
    - if the purchaser information matches the stored user information, then the first device generates a public/private key pair and issues a permanent certificate for the electronic device, and encrypts the public/private key pair and the permanent certificate for the electronic device, using the temporary device public key on the first device; and
      
      the second device is configured to decrypt the public/private key pair and the permanent certificate for the electronic device, using the temporary private key;
      
      wherein the permanent certificate and the public/private key pair are used for communication with other devices in the network.
  - 35. The electronic device of claim 34 wherein the first device comprises a gateway.
  - 36. The electronic device of claim 35 wherein the registration entity comprises a registration server of the manufacturer of the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Messer, Alan, Cheng, Doreen, Song, Yu

Granted Patent

US 8,452,961 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0823 using certificates cryptogr...

Method and system for authentication between electronic devices with minimal user intervention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authentication between electronic devices with minimal user intervention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links