SECURE WIRELESS LINK BETWEEN TWO DEVICES USING PROBES

US 20120054493A1
Filed: 08/30/2010
Published: 03/01/2012
Est. Priority Date: 08/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:

receiving, by the accessory, a first probe from a controller, the first probe indicating that the controller is searching for an accessory with which to pair;

sending, by the accessory, a second probe to the controller in response to the first probe;

establishing, by the accessory, a shared secret with the controller, wherein establishing the shared secret includes exchanging public keys with the controller using a plurality of additional probes including at least a third probe sent by the accessory and a fourth probe received by the accessory;

validating, by the accessory, that the shared secret is shared by the controller;

generating, by the accessory, a further cryptographic key using the shared secret;

receiving, by the accessory, a fifth probe from the controller, the fifth probe containing an encrypted message; and

decrypting the encrypted message using the further cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure wireless communication link (pairing) between two devices can be established using cleartext wireless transmissions between devices not joined to a network (“probes”). One device can broadcast a first probe indicating that it is seeking to establish a pairing. The other device can respond with a second probe, and the two devices can establish a shared secret, e.g., by exchanging further information using additional probes. Thereafter, either device can send a message to the other by encrypting the message using a cryptographic key derived from the shared secret; encrypted messages can also be sent within probes. The receiving device can extract an encrypted message from a probe and decrypt it using the cryptographic key. The encrypted message can include credentials usable by the receiving device to join a wireless network.

135 Citations

25 Claims

1. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:
- receiving, by the accessory, a first probe from a controller, the first probe indicating that the controller is searching for an accessory with which to pair;
  
  sending, by the accessory, a second probe to the controller in response to the first probe;
  
  establishing, by the accessory, a shared secret with the controller, wherein establishing the shared secret includes exchanging public keys with the controller using a plurality of additional probes including at least a third probe sent by the accessory and a fourth probe received by the accessory;
  
  validating, by the accessory, that the shared secret is shared by the controller;
  
  generating, by the accessory, a further cryptographic key using the shared secret;
  
  receiving, by the accessory, a fifth probe from the controller, the fifth probe containing an encrypted message; and
  
  decrypting the encrypted message using the further cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein establishing, by the accessory, a shared secret with the controller includes:
    - receiving, from the controller, the fourth probe, the fourth probe including a controller public key;
      
      generating, by the accessory, an accessory private key and an accessory public key;
      
      sending to the controller, by the accessory, the third probe, the third probe including the accessory public key; and
      
      computing a shared secret based on the controller public key and the accessory public key.
  - 3. The method of claim 2 wherein validating, by the accessory, that the shared secret is shared by the controller includes:
    - computing, by the accessory, a passcode from the shared secret; and
      
      presenting, by the accessory, the passcode to a user.
  - 4. The method of claim 1 wherein establishing, by the accessory, a shared secret with the controller includes:
    - using, by the accessory, a fixed password to generate an accessory public key;
      
      generating, by the accessory, a random salt;
      
      sending to the controller, by the accessory, the third probe, the third probe including the accessory public key and the random salt;
      
      receiving, by the accessory, the fourth probe from the controller, the fourth probe including a controller public key and a controller response based on the random salt; and
      
      computing, by the accessory, a shared secret using the controller public key, the controller private key, and the random salt.
  - 5. The method of claim 4 wherein validating, by the accessory, that the shared secret is shared by the controller includes:
    - verifying, by the accessory, the controller response using the shared secret;
      
      computing, by the accessory, an accessory response using the shared secret; and
      
      sending to the controller, by the accessory, a sixth probe, the sixth probe including the accessory response.
  - 6. The method of claim 1 wherein the encrypted message includes a credential associated with a wireless network having an access point, the method further comprising:
    - transmitting to the access point, by the accessory, a request to join the wireless network, the request being based at least in part on the credential.

7. An accessory comprising:
- a wireless interface; and
  
  a processor coupled to the wireless interface, the processor being configured to;
  
  receive, via the wireless interface, a browsing probe request sent by a controller, the browsing probe indicating that the controller is available for pairing;
  
  send, via the wireless interface, an identifying probe response in response to the browsing probe request, the identifying probe response including accessory identifying information;
  
  establishing a pairing with the controller;
  
  receive from the controller via the wireless interface a credential associated with a wireless network, wherein the credential is received as an encrypted information element in a further probe request received from the controller; and
  
  use the credential to join the wireless network.
- View Dependent Claims (8, 9, 10)
- - 8. The accessory of claim 7 wherein each of the browsing probe requests and the further probe request comprises a probe request frame compliant with an IEEE 802.11 family standard and the identifying probe responses is a probe response frame compliant with the IEEE 802.11 family standard.
  - 9. The accessory of claim 7 further comprising:
    - a speaker,wherein the processor is further configured to;
      
      receive, via the wireless network, streamed audio data from the controller, wherein the receiving occurs subsequently to joining the wireless network;
      
      convert the streamed audio data to an analog signal; and
      
      drive the speaker using the analog signal.
  - 10. The accessory of claim 7 further comprising:
    - a printing element,wherein the processor is further configured to;
      
      receive, via the wireless network, data from the controller, wherein the receiving occurs subsequently to joining the wireless network; and
      
      drive the printing element to generate a printout in response to the data.

11. A method for establishing a wireless communication link between an accessory and a controller, the method comprising:
- broadcasting, by the controller, a first probe, the first probe indicating that the controller is browsing for an accessory with which to pair;
  
  receiving, by the controller, a second probe from an accessory, the second probe including identifying information for the accessory;
  
  establishing, by the controller, a shared secret with the accessory;
  
  validating, by the controller, that the shared secret is shared by the accessory;
  
  generating, by the controller, a further cryptographic key using the shared secret;
  
  encrypting, by the controller, a message using the further cryptographic key; and
  
  sending, by the controller, a third probe to the accessory, the third probe including the encrypted message.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11 wherein establishing the shared secret includes exchanging public keys with the accessory using a plurality of additional probes including a fourth probe received by the controller and a fifth probe sent by the controller.
  - 13. The method of claim 11 wherein the first probe includes a public key of the controller and the second probe includes a public key of the accessory and wherein establishing the shared secret includes:
    - extracting, by the controller, the public key of the accessory from the second probe; and
      
      computing a secret based on the public key of the accessory and the public key of the controller.
  - 14. The method of claim 11 wherein the encrypted message includes a credential usable by the accessory to join a wireless network.
  - 15. The method of claim 14 further comprising:
    - subsequently to sending the encrypted message that includes the credential, communicating, by the controller, with the accessory via the wireless network.
  - 16. The method of claim 15 wherein communicating with the accessory via the wireless network includes streaming media content to the accessory via the wireless network.
  - 17. The method of claim 11 further comprising:
    - receiving, by the controller, a sixth probe from the accessory, the sixth probe including another encrypted message; and
      
      decrypting, by the controller, the other encrypted message using the further cryptographic key.

18. A controller comprising:
- a wireless interface;
  
  a user interface; and
  
  a processor coupled to the wireless interface and the user interface, the processor being configured to;
  
  detect a first probe from an accessory via the wireless interface, the first probe including accessory-identifying information;
  
  communicate via the user interface to confirm that the accessory should joined a wireless network;
  
  communicate with the accessory via the wireless interface to establish a pairing, wherein establishing the pairing includes exchanging information with the accessory using a plurality of additional probes, the plurality of additional probes including a third probe received by the controller and a fourth probe sent by the controller, and obtaining confirmation of a shared secret via the user interface; and
  
  send a credential associated with the wireless network to the accessory via the wireless interface subsequently to establishing the pairing, wherein the credential is sent in an encrypted message included in a fifth probe.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The controller of claim 18 wherein the processor is further configured such that communicating via the user interface to confirm that the accessory should join the wireless network includes:
    - extracting from the first probe the accessory-identifying information;
      
      presenting at least a portion of the extracted accessory-identifying information to a user via the user interface; and
      
      receiving, via the user interface, a confirmation that the accessory should join the wireless network.
  - 20. The controller of claim 18 wherein the processor is further configured such that communicating with the accessory via the wireless interface to establish the pairing includes:
    - generating, by the controller, a controller public key;
      
      sending, by the controller, the fourth probe to the accessory, the fourth probe including the controller public key;
      
      receiving, by the controller, the third probe, the third probe including an accessory public key;
      
      computing, by the controller, the shared secret based at least in part on the controller public key and the accessory public key;
      
      computing, by the controller, a passcode from the shared secret;
      
      presenting, by the controller, the passcode to a user via the user interface;
      
      receiving, by the controller, confirmation via the user interface that the passcode matches a passcode computed by the accessory; and
      
      computing a further encryption key using the shared secret, wherein the further encryption key is used to encrypt the credential.
  - 21. The controller of claim 18 wherein the processor is further configured to:
    - confirm, subsequently to sending the credential, that the accessory has joined the wireless network; and
      
      send data to the accessory via the wireless network after confirming that the accessory has joined the wireless network.
  - 22. The controller of claim 18 wherein each of the probes comprises a probe request frame or probe response frame compliant with an IEEE 802.11 family standard.

23. A controller comprising:
- a wireless interface;
  
  a user interface; and
  
  a processor coupled to the wireless interface and the user interface, the processor being configured to;
  
  detect a first probe from an accessory via the wireless interface, the first probe including accessory-identifying information;
  
  communicate via the user interface to confirm that the accessory should join a wireless network, including receiving an accessory password via the user interface;
  
  communicate with the accessory via the wireless interface to establish a pairing, wherein establishing the pairing includes exchanging information with the accessory using a plurality of additional probes including at least a third probe received by the controller and a fourth probe sent by the controller, the exchanged information including password authentication information based on the accessory password; and
  
  send a credential associated with the wireless network to the accessory via the wireless interface subsequently to establishing the pairing, wherein the credential is sent in an encrypted message included in a fifth probe.
- View Dependent Claims (24, 25)
- - 24. The controller of claim 23 wherein the processor is further configured such that communicating via the user interface includes:
    - extracting, from the first probe, the accessory-identifying information; and
      
      presenting at least a portion of the extracted accessory-identifying information to a user via the user interface.
  - 25. The controller of claim 24 wherein the processor is further configured such that communicating via the user interface further includes:
    - extracting, from the first probe, password location information indicating a location where an accessory password is findable by the user; and
      
      presenting a password prompt to the user, the password prompt including a location indicator based on the password location information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Bradley, Bob

Granted Patent

US 8,464,061 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 8/005   Discovery of network device...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/18   Self-organising networks, e...

SECURE WIRELESS LINK BETWEEN TWO DEVICES USING PROBES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

135 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE WIRELESS LINK BETWEEN TWO DEVICES USING PROBES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links