Method and apparatus for exclusively pairing wireless devices

US 6,772,331 B1
Filed: 05/21/1999
Issued: 08/03/2004
Est. Priority Date: 05/21/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for establishing a security relationship between a first device and a second device, said first and second devices each having an associated device certificate, each of said device certificates having a unique device identifier for said corresponding device, and a user of said second device having access to the unique device identifier of said first device, said method comprising the steps of:

initiating a pairing request from one of said devices to the other of said devices;

sending, from said first device, the device certificate of said first device to said second device;

cryptographically verifying, by said second device, said received device certificate of said first device;

outputting, at said second device, the device identifier of said first device contained in said first device certificate;

verifying, by said user and without accessing an intervening server, that said output device identifier contained in said first device certificate matches the unique identifier of said first device accessible by said user; and

, accepting, by said user, the association of said first device and said second device if said displayed device identifier is verified.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for enabling wireless devices to be paired or permanently associated by a user or a network administrator. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and associate the devices with eachother. This is extremely useful for associating a wireless headset with a telephone or associating a wireless mouse with a computer.

505 Citations

45 Claims

1. A method for establishing a security relationship between a first device and a second device, said first and second devices each having an associated device certificate, each of said device certificates having a unique device identifier for said corresponding device, and a user of said second device having access to the unique device identifier of said first device, said method comprising the steps of:
- initiating a pairing request from one of said devices to the other of said devices;
  
  sending, from said first device, the device certificate of said first device to said second device;
  
  cryptographically verifying, by said second device, said received device certificate of said first device;
  
  outputting, at said second device, the device identifier of said first device contained in said first device certificate;
  
  verifying, by said user and without accessing an intervening server, that said output device identifier contained in said first device certificate matches the unique identifier of said first device accessible by said user; and
  
  , accepting, by said user, the association of said first device and said second device if said displayed device identifier is verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 21, 22, 23, 24, 25, 27, 28)
- - 2. A method as claimed in claim 1 wherein said sending step is accomplished by establishing an authenticated secure session between said first device and said second device.
  - 3. A method as claimed in claim 1 wherein an indicator of the association of said first and said second device is placed in long-term storage.
  - 4. A method as claimed in claim 3 wherein said indicator is the device identifier.
  - 5. A method as claimed in claim 3 wherein said indicator is key material.
  - 6. A method as claimed in claim 1, 2, 3 or 4 wherein the initiating of said pairing request is accomplished by making an input selection on one of said devices.
  - 7. A method as claimed in claim 1, 2, 3 or 4 wherein the initiating of said pairing request is accomplished by one of said devices automatically detecting the other of said devices.
  - 8. A method as claimed in claim 7 wherein said automatic detection is accomplished by means of electromagnetic signal transmission from one of said devices and reception of said electromagnetic signal at the other of said devices.
  - 9. A method as claimed in claim 6 wherein said input selection is accomplished by depressing a button.
  - 10. A method as claimed in claim 6 wherein said input selection is accomplished by verbal command.
  - 11. A method as claimed in claim 1 wherein said acceptance of said associating is accomplished by making an input selection on said second device.
  - 12. A method as claimed in claim 8 wherein said input selection is accomplished by depressing a button.
  - 13. A method as claimed in claim 8 wherein said input selection is accomplished by verbal command.
  - 14. A method as claimed in claim 1 wherein said output means is a visual display.
  - 15. A method as claimed in claim 1 wherein said output means is auditory.
  - 21. A system as claimed in claim 15, 16, 17 or 18 wherein the initiating of said pairing request is accomplished by making an input selection on one of said devices.
  - 22. A system as claimed in claim 15, 16, 17 or 18 wherein the initiating of said pairing request is accomplished by one of said devices automatically detecting the other of said devices.
  - 23. A system as claimed in claim 22 wherein said automatic detection is accomplished by means of electromagnetic signal transmission from one of said devices and reception of said electromagnetic signal at the other of said devices.
  - 24. A system as claimed in claim 21 wherein said input selection is accomplished by depressing a button.
  - 25. A system as claimed in claim 21 wherein said input selection is accomplished by verbal command.
  - 27. A system as claimed in claim 23 wherein said input selection is accomplished by depressing a button.
  - 28. A system as claimed in claim 23 wherein said input selection is accomplished by verbal command.

16. A system for a user to establish a security relationship, said system comprising:
- a first device;
  
  a second device;
  
  a device certificate with each of said first and second devices, each of said device certificates having a unique device identifier for said corresponding device, and a user of said second device having access to the unique device identifier of said first device, wherein;
  
  one of said first and second devices initiates a pairing request to the other of said devices, and as a result of said pairing request, said first device sends said device certificate of said first device to said second device;
  
  wherein said second device cryptographically verifies said received device certificate of said first device, and outputs the device identifier of said first device contained in said first device certificate; and
  
  wherein said user verifies, without accessing an intervening server, that said unique output device identifier contained in said first device certificate matches the unique identifier of said first device accessible to said user and accepts the association of said first device and said second device if said displayed device identifier is verified.
- View Dependent Claims (17, 18, 19, 20, 26, 29, 30)
- - 17. A system as claimed in claim 16 wherein said sending is accomplished by establishing an authenticated secure session between said first device and said second device.
  - 18. A system as claimed in claim 16 wherein an indicator of the association of said first and said second device is placed in long-term storage.
  - 19. A system as claimed in claim 18 wherein said indicator is the device identifier.
  - 20. A system as claimed in claim 18 wherein said indicator is key material.
  - 26. A system as claimed in claim 16 wherein said acceptance of said associating is accomplished by making an input selection on said second device.
  - 29. A system as claimed in claim 16 wherein said output means is a visual display.
  - 30. A system as claimed in claim 16 wherein said output means is auditory.

31. A computer program product for establishing a security relationship between a first device and a second device, said first and second devices each having an associated device certificate, each of said device certificates having a unique device identifier for said corresponding device, and a user of said second device having access to the unique device identifier of said first device, said program product comprising:
- computer readable program code means of initiating a pairing request from one of said devices to the other of said devices;
  
  computer readable program code means of sending, from said first device, the device certificate of said first device to said second device;
  
  computer readable program code means of cryptographically verifying, by said second device said received device certificate of said first device;
  
  computer readable program code means of outputting, at said second device, the device identifier of said first device contained in said first device certificate;
  
  computer readable program code means of verifying, by said user and without accessing an intervening server, that said output device identifier contained in said first device certificate matches the unique identifier of said first device accessible by said user; and
  
  , computer readable program code means of accepting, by said user, the association of said first device and said second device if said displayed device identifier is verified.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 32. A computer program as claimed in claim 31 wherein said sending is accomplished by establishing an authenticated secure session between said first device and said second device.
  - 33. A computer program as claimed in claim 31 wherein an indicator of the association of said first and said second device is placed in long-term storage.
  - 34. A computer program as claimed in claim 33 wherein said indicator is the device identifier.
  - 35. A computer program as claimed in claim 33 wherein said indicator is key material.
  - 36. A computer program as claimed in claim 31, 32, 33 or 34 wherein the initiating of said pairing request is accomplished by making an input selection on one of said devices.
  - 37. A computer program as claimed in claim 31, 32, 33 or 34 wherein the initiating of said pairing request is accomplished by one of said devices automatically detecting the other of said devices.
  - 38. A computer program as claimed in claim 37 wherein said automatic detection is accomplished by means of electromagnetic signal transmission from one of said devices and reception of said electromagnetic signal at the other of said devices.
  - 39. A computer program as claimed in claim 36 wherein said input selection is accomplished by depressing a button.
  - 40. A computer program as claimed in claim 36 wherein said input selection is accomplished by verbal command.
  - 41. A computer program as claimed in claim 31 wherein said acceptance of said associating is accomplished by making an input selection on said second device.
  - 42. A computer program as claimed in claim 38 wherein said input selection is accomplished by depressing a button.
  - 43. A computer program as claimed in claim 38 wherein said input selection is accomplished by verbal command.
  - 44. A computer program as claimed in claim 31 wherein said output means is a visual display.
  - 45. A computer program as claimed in claim 31 wherein said output means is auditory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peters, Marcia Lambert, Hind, John Raithel
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Arani, Taghi

Application Number

US09/316,686
Time in Patent Office

1,901 Days
Field of Search

713/151, 713/178, 713/182, 713/200, 380/25, 380/21, 370/313, 707/9, 707/10
US Class Current

713/151
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2129   Authenticate client device ...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

Y10S 707/99939   Privileged access

Method and apparatus for exclusively pairing wireless devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

505 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for exclusively pairing wireless devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

505 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links