SECURE WIRELESS LINK BETWEEN TWO DEVICES USING PROBES
First Claim
1. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:
- receiving, by the accessory, a first probe from a controller, the first probe indicating that the controller is searching for an accessory with which to pair;
sending, by the accessory, a second probe to the controller in response to the first probe;
establishing, by the accessory, a shared secret with the controller, wherein establishing the shared secret includes exchanging public keys with the controller using a plurality of additional probes including at least a third probe sent by the accessory and a fourth probe received by the accessory;
validating, by the accessory, that the shared secret is shared by the controller;
generating, by the accessory, a further cryptographic key using the shared secret;
receiving, by the accessory, a fifth probe from the controller, the fifth probe containing an encrypted message; and
decrypting the encrypted message using the further cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure wireless communication link (pairing) between two devices can be established using cleartext wireless transmissions between devices not joined to a network (“probes”). One device can broadcast a first probe indicating that it is seeking to establish a pairing. The other device can respond with a second probe, and the two devices can establish a shared secret, e.g., by exchanging further information using additional probes. Thereafter, either device can send a message to the other by encrypting the message using a cryptographic key derived from the shared secret; encrypted messages can also be sent within probes. The receiving device can extract an encrypted message from a probe and decrypt it using the cryptographic key. The encrypted message can include credentials usable by the receiving device to join a wireless network.
135 Citations
25 Claims
-
1. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:
-
receiving, by the accessory, a first probe from a controller, the first probe indicating that the controller is searching for an accessory with which to pair; sending, by the accessory, a second probe to the controller in response to the first probe; establishing, by the accessory, a shared secret with the controller, wherein establishing the shared secret includes exchanging public keys with the controller using a plurality of additional probes including at least a third probe sent by the accessory and a fourth probe received by the accessory; validating, by the accessory, that the shared secret is shared by the controller; generating, by the accessory, a further cryptographic key using the shared secret; receiving, by the accessory, a fifth probe from the controller, the fifth probe containing an encrypted message; and decrypting the encrypted message using the further cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An accessory comprising:
-
a wireless interface; and a processor coupled to the wireless interface, the processor being configured to; receive, via the wireless interface, a browsing probe request sent by a controller, the browsing probe indicating that the controller is available for pairing; send, via the wireless interface, an identifying probe response in response to the browsing probe request, the identifying probe response including accessory identifying information; establishing a pairing with the controller; receive from the controller via the wireless interface a credential associated with a wireless network, wherein the credential is received as an encrypted information element in a further probe request received from the controller; and use the credential to join the wireless network. - View Dependent Claims (8, 9, 10)
-
-
11. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:
-
broadcasting, by the controller, a first probe, the first probe indicating that the controller is browsing for an accessory with which to pair; receiving, by the controller, a second probe from an accessory, the second probe including identifying information for the accessory; establishing, by the controller, a shared secret with the accessory; validating, by the controller, that the shared secret is shared by the accessory; generating, by the controller, a further cryptographic key using the shared secret; encrypting, by the controller, a message using the further cryptographic key; and sending, by the controller, a third probe to the accessory, the third probe including the encrypted message. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A controller comprising:
-
a wireless interface; a user interface; and a processor coupled to the wireless interface and the user interface, the processor being configured to; detect a first probe from an accessory via the wireless interface, the first probe including accessory-identifying information; communicate via the user interface to confirm that the accessory should joined a wireless network; communicate with the accessory via the wireless interface to establish a pairing, wherein establishing the pairing includes exchanging information with the accessory using a plurality of additional probes, the plurality of additional probes including a third probe received by the controller and a fourth probe sent by the controller, and obtaining confirmation of a shared secret via the user interface; and send a credential associated with the wireless network to the accessory via the wireless interface subsequently to establishing the pairing, wherein the credential is sent in an encrypted message included in a fifth probe. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A controller comprising:
-
a wireless interface; a user interface; and a processor coupled to the wireless interface and the user interface, the processor being configured to; detect a first probe from an accessory via the wireless interface, the first probe including accessory-identifying information; communicate via the user interface to confirm that the accessory should join a wireless network, including receiving an accessory password via the user interface; communicate with the accessory via the wireless interface to establish a pairing, wherein establishing the pairing includes exchanging information with the accessory using a plurality of additional probes including at least a third probe received by the controller and a fourth probe sent by the controller, the exchanged information including password authentication information based on the accessory password; and send a credential associated with the wireless network to the accessory via the wireless interface subsequently to establishing the pairing, wherein the credential is sent in an encrypted message included in a fifth probe. - View Dependent Claims (24, 25)
-
Specification