Method and apparatus of ensuring security of communication in home network

US 20090198998A1
Filed: 01/30/2009
Published: 08/06/2009
Est. Priority Date: 01/31/2008
Status: Active Grant

First Claim

Patent Images

11. An apparatus enabling secure communication between a control apparatus and a controlled apparatus in a home network, the apparatus comprising:

a register channel establishing unit establishing a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a TLS-PSK protocol using a Product Identification Number (PIN) that is an identifier given to the controlled apparatus at time of manufacture; and

a register performing unit generating a private key, sharing the private key with the controlled apparatus via the registration SAC to registering the control apparatus in the controlled apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method and apparatus to ensuring communication security between a control apparatus and a controlled apparatus in a home network. The control apparatus in the home network establishes a registration Secure Authenticated Channel (SAC) with the controlled apparatus by using a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol implemented by using a Product Identification Number (PIN) of the controlled apparatus input from a user, shares a private key with the controlled apparatus via the registration SAC, and uses services of the controlled apparatus via a service SAC established by using the TLS-PSK protocol implemented by using the shared private key to easily implement a framework ensuring communication security in the home network.

48 Citations

View as Search Results

16 Claims

11. An apparatus enabling secure communication between a control apparatus and a controlled apparatus in a home network, the apparatus comprising:
- a register channel establishing unit establishing a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a TLS-PSK protocol using a Product Identification Number (PIN) that is an identifier given to the controlled apparatus at time of manufacture; and
  
  a register performing unit generating a private key, sharing the private key with the controlled apparatus via the registration SAC to registering the control apparatus in the controlled apparatus.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16)
- - 1. A method of enabling secure communication between a control apparatus and a controlled apparatus in a home network, the method comprising:
    - establishing a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a protocol using an identifier of the controlled apparatus;
      
      generating a private key; and
      
      sharing the private key with the controlled apparatus via the registration SAC to register the control apparatus in the controlled apparatus.
  - 2. The method according to claim 1, wherein the protocol is a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol.
  - 3. The method according to claim 2, wherein the identifier is a Product Identification Number (PIN).
  - 4. The method of claim 3, further comprising establishing a service SAC with the controlled apparatus by using the TLS-PSK protocol implemented by using the shared private key when the controlled apparatus is discovered again after the registering is performed.
  - 5. The method of claim 2, wherein the establishing of the SAC includes implementing the TLS-PSK protocol by using a TLS session resumption protocol using a value arbitrarily generated by the control apparatus as a session identifier, a ClientHello message of the TLS session resumption protocol including information indicating that the TLS-PSK protocol to be used is implemented by using the TLS session resumption protocol.
  - 6. The method of claim 4, further comprising transmitting PINs of controlled apparatuses, in which the control apparatus is registered, to the controlled apparatus via the registration SAC established using the private key, and receiving PINs stored in the controlled apparatus from the controlled apparatus to synchronize a PIN list of the control apparatus with the controlled apparatus,wherein the establishing of the registration SAC by using the PIN includes determining whether the PIN of the controlled apparatus exists in the PIN list of the control apparatus when the controlled apparatus is discovered and as a result of the determining, when the PIN of the controlled apparatus does not exist in the PIN list, requesting the PIN of the controlled apparatus via a user interface when the PIN of the controlled apparatus is determined to not exist in the PIN list of the control apparatus.
  - 7. The method of claim 1, further comprising deleting the private key from the control apparatus according to a command input via a user interface.
  - 8. The method of claim 4, further comprising deleting at least one private key from among private keys stored in the controlled apparatus via the service SAC established using the private key, according to a command input via a user interface.
  - 9. The method of claim 1, wherein the identifier of the controlled apparatus is given at the time of manufacture.
  - 10. A recording medium having recorded thereon a computer program to cause a computer to execute the method of claim 1.
  - 12. The apparatus of claim 11, further comprising a service channel establishing unit establishing a service SAC with the controlled apparatus through the TLS-PSK protocol using the private key when the controlled apparatus is discovered again after the registering is performed.
  - 13. The apparatus of claim 11, wherein the register channel establishing unit implements the TLS-PSK protocol by using a TLS session resumption protocol using a value arbitrarily generated by the control apparatus as a session identifier (ID), a ClientHello message of the TLS session resumption protocol including information indicating that the TLS-PSK protocol to be used is implemented by using the TLS session resumption protocol.
  - 14. The apparatus of claim 13, wherein an identifier of the control apparatus and/or the identifier of the controlled apparatus is used as the session ID.
  - 15. The apparatus of claim 12, further comprising a PIN list synchronization unit transmitting PINs of controlled apparatuses, in which the control apparatus is registered, to the controlled apparatus via the service SAC established using the private key, and receiving PINs stored in the controlled apparatus from the controlled apparatus to synchronize a PIN list of the control apparatus with the controlled apparatus,wherein the register channel establishing unit includes a PIN scan unit determining whether the PIN of the controlled apparatus exists in the PIN list of the control apparatus when the controlled apparatus is discovered and a PIN input unit requesting the PIN of the controlled apparatus via a user interface when the PIN of the controlled apparatus is determined to not exist in the PIN list of the control apparatus.
  - 16. The apparatus of claim 11, further comprising a controlled apparatus revoke unit deleting the private key from the control apparatus according to a command input via a user interface.

16-1. The apparatus of claim 11, further comprising a control apparatus revoke unit deleting at least one private key from among private keys stored in the controlled apparatus via the service SAC established using the private key, according to a command input via a user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Joo-yeol, Kim, Hyoung-shick

Granted Patent

US 8,464,055 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 63/061   for key exchange, e.g. in p...

H04L 63/166   at the transport layer

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3226   using a predetermined code,...

Method and apparatus of ensuring security of communication in home network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of ensuring security of communication in home network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links