Method, apparatus, and program product for securely presenting situation information

US 7,454,619 B2
Filed: 09/05/2003
Issued: 11/18/2008
Est. Priority Date: 06/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating secure communication between two networked devices, comprising:

establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping;

wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and

wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel;

prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves;

exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel;

exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and

verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device;

providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive subject matter information responsive to said provisioning information;

receiving said subject matter information;

verifying said subject matter information with said provisioning information; and

presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Citations

27 Claims

1. A method for facilitating secure communication between two networked devices, comprising:
- establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping;
  
  wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and
  
  wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel;
  
  prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves;
  
  exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel;
  
  exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and
  
  verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device;
  
  providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive subject matter information responsive to said provisioning information;
  
  receiving said subject matter information;
  
  verifying said subject matter information with said provisioning information; and
  
  presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 25)
- - 2. The method of claim 1, wherein the step of providing further comprises:
    - exchanging key commitment information over said preferred channel between said provisioning device and said situation notification device;
      
      receiving a public key by said situation notification device;
      
      verifying said public key with said key commitment information; and
      
      receiving a credential authorized by a credential issuing authority.
  - 3. The method of claim 1, wherein said preferred channel is a location-limited channel.
  - 4. The method of claim 1, wherein said preferred channel uses a telephone switching system.
  - 5. The method of claim 1, wherein subject matter information is received using an antenna, a telephone line, a local area network, a wide area network, a wireless network, or a broadcast network.
  - 6. The method of claim 1, wherein said situation notification device is a computer, a television, a radio, a telephone, a push to talk device, a pager, a clock, a thermostat, a network appliance, or a home appliance.
  - 7. The method of claim 1, further comprising forwarding said subject matter information.
  - 8. The method of claim 1, wherein said subject matter information is alarm information.
  - 25. The method of claim 1, wherein said preferred channel has a demonstrative identification property and an authenticity property.

9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to present subject matter information, the method comprising steps of:
- establishing communication between a situation notification device and a provisioning device over a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping;
  
  wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and
  
  wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel;
  
  prior to establishing the communication, pre-authenticating the situation notification device to ensure that the situation notification device has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves;
  
  exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel;
  
  exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and
  
  verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device;
  
  providing provisioning information to said situation notification device over said preferred channel, wherein said situation notification device is automatically configured to receive said subject matter information responsive to said provisioning information;
  
  receiving said subject matter information;
  
  verifying said subject matter information with said provisioning information; and
  
  presenting said subject matter information to a user of the situation notification device responsive to the step of verifying, wherein the step of verifying ensures that the subject matter information is genuine.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 26)
- - 10. The computer-readable storage medium of claim 9, wherein the step of providing further comprises:
    - exchanging key commitment information over said preferred channel between said provisioning device and said situation notification device;
      
      receiving a public key by said situation notification device;
      
      verifying said public key with said key commitment information; and
      
      receiving a credential authorized by a credential issuing authority.
  - 11. The computer-readable storage medium of claim 9, wherein said preferred channel is a location-limited channel.
  - 12. The computer-readable storage medium of claim 9, wherein said preferred channel uses a telephone switching system.
  - 13. The computer-readable storage medium of claim 9, wherein subject matter information is received using an antenna, a telephone line, a local area network, a wide area network, a wireless network, or a broadcast network.
  - 14. The computer-readable storage medium of claim 9, wherein said situation notification device is a computer, a television, a radio, a telephone, a push to talk device, a pager, a clock, a thermostat, a network appliance, or a home appliance.
  - 15. The computer-readable storage medium of claim 9, further comprising forwarding said subject matter information.
  - 16. The computer-readable storage medium of claim 9, wherein said subject matter information is alarm information.
  - 26. The computer-readable storage medium of claim 9, wherein said preferred channel has a demonstrative identification property and an authenticity property.

17. An apparatus comprising:
- at least one port configured to establish a preferred channel, wherein the preferred channel is bidirectional, location-limited, has a demonstrative identification property and an authenticity property, and does not require being resistant to eavesdropping;
  
  wherein the demonstrative identification property allows a human operator to be aware of which devices are communicating with each other based on physical proximity; and
  
  wherein the authenticity property makes it difficult or impossible for attacking devices to tamper with or alter messages transmitted in the preferred channel, or to insert false information into the preferred channel without being detected by legitimate participants communicating via the preferred channel;
  
  a first communication mechanism configured to receive provisioning information over said preferred channel, whereby the apparatus is configured to be able to receive subject matter information responsive to said provisioning information,wherein the port is further configured to pre-authenticate the first communication mechanism prior to receiving the provisioning information to ensure that the first communication mechanism has physical access to the preferred channel, wherein pre-authenticating the situation notification device involves;
  
  exchanging key commitment information between the provisioning device and the situation notification device over the bidirectional preferred channel;
  
  exchanging keys between the provisioning device and the situation notification device over a bidirectional channel which does not have to be the preferred channel; and
  
  verifying the received keys using the received key commitment information on both the provisioning device and the situation notification device;
  
  a second communication mechanism configured to receive said subject matter information subsequent to operation of the first communication mechanism;
  
  a verification mechanism configured to verify said subject mailer information with said provisioning information; and
  
  a presentation mechanism configured to present said subject matter information to a user of the situation notification device responsive to the verification mechanism, wherein the step of verifying ensures that the subject matter information is genuine.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 27)
- - 18. The apparatus of claim 17, wherein the first communication mechanism further comprises:
    - a key commitment receiver mechanism configured to receive key commitment information through said at leastone port;
      
      a key receiver mechanism configured to receive a public key;
      
      a pre-authentication mechanism configured to verify said public key with said key commitment information; and
      
      a credential provisioning mechanism configured to be able to automatically provide a credential authorized by a credential issuing authority responsive to the pre-authentication mechanism.
  - 19. The apparatus of claim 17, wherein said preferred channel is a location-limited channel.
  - 20. The apparatus of claim 17, wherein said preferred channel uses a telephone switching system.
  - 21. The apparatus of claim 17, wherein subject matter information is received using an antenna, a telephone line, a local area network, a wide area network, a wireless network, or a broadcast network.
  - 22. The apparatus of claim 17, wherein the apparatus is within a computer, a television, a radio, a telephone, a push to talk device, a pager, a clock, a thermostat, a network appliance, or a home appliance.
  - 23. The apparatus of claim 17, further comprising a forwarding mechanism configured to forward said subject matter information.
  - 24. The apparatus of claim 17, wherein said subject matter information is alarm information.
  - 27. The apparatus of claim 17, wherein said preferred channel has a demonstrative identification property and an authenticity property.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xerox Corporation (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Smetters, Diana K., Balfanz, Dirk, Durfee, Glenn E., Grinter, Rebecca E., Stewart, Paul J., Wong, Hao-Chi
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Lemma, Samson B

Application Number

US10/656,439
Publication Number

US 20040268119A1
Time in Patent Office

1,901 Days
Field of Search

713/150, 713155-156, 713/171, 380/277, 380/278.282
US Class Current

713/171
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/18   using different networks or...

H04L 9/00   Cryptographic mechanisms or...

Method, apparatus, and program product for securely presenting situation information

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus, and program product for securely presenting situation information

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links