Method for sharing a link key in a ZigBee network and a communication system therefor

US 8,295,489 B2
Filed: 12/04/2008
Issued: 10/23/2012
Est. Priority Date: 12/04/2007
Status: Expired due to Fees

First Claim

Patent Images

1. An end device for sharing a link key in a personal area network generated by a coordinator, the end device comprising:

a communication module for sending an access request to a trust center, and receiving a public key from the trust center;

a key generator for generating an arbitrary key; and

a key calculator for encrypting the arbitrary key using the received public key,wherein the communication module receives a link key encrypted with the arbitrary key from the trust center, and the key calculator decodes the link key using the arbitrary key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system and method for securely and efficiently sharing a link key for security and authentication in a ZigBee network. Upon receipt of an access request from an end device, a trust center sends a public key to the end device, and upon receipt of the public key, the end device encrypts an arbitrary key using the public key, and sends the encrypted arbitrary key to the trust center. The trust center generates a link key using the arbitrary key, and sends the link key to the end device.

16 Citations

View as Search Results

24 Claims

1. An end device for sharing a link key in a personal area network generated by a coordinator, the end device comprising:
- a communication module for sending an access request to a trust center, and receiving a public key from the trust center;
  
  a key generator for generating an arbitrary key; and
  
  a key calculator for encrypting the arbitrary key using the received public key,wherein the communication module receives a link key encrypted with the arbitrary key from the trust center, and the key calculator decodes the link key using the arbitrary key.

2. A trust center connected with a personal area network generated by a coordinator for sharing a link key, the trust center comprising:
- a memory for storing a public key and a private key corresponding to the public key;
  
  a communication module for sending the public key to an end device when an access request is received from the end device, and receiving an encrypted arbitrary key from the end device;
  
  a key calculator for decoding the arbitrary key encrypted with the public key using the private key; and
  
  a key generator for generating the link key for the end device using the decoded arbitrary key.
- View Dependent Claims (3)
- - 3. The trust center of claim 2, wherein the key calculator encrypts the generated link key using the decoded arbitrary key and a communication module sends the encrypted link key to the end device.

4. A method for sharing a link key by an end device in a personal area network generated by a coordinator, the method comprising:
- sending an access request to a trust center;
  
  receiving a public key from the trust center;
  
  generating an arbitrary key, and encrypting the arbitrary key using the public key;
  
  sending the encrypted arbitrary key to the trust center;
  
  receiving an encrypted link key from the trust center; and
  
  decoding the encrypted link key using the arbitrary key.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4, further comprising:
    - receiving a first link key from the trust center;
      
      generating a hash function using the received first link key;
      
      encrypting a second authentication data using the generated hash function;
      
      transmitting a first authentication data and the encrypted second authentication data to the trust center;
      
      receiving another second authentication data from the trust center;
      
      determining whether the received another second authentication data is identical to the second authentication data;
      
      when the received another second authentication data is identical to the second authentication data, sending an authentication confirm response to the trust center;
      
      receiving a second link key and a network key from the trust center; and
      
      performing a communication using the received second link key and the received network key.
  - 6. The method of claim 5, wherein encrypting the second authentication data comprises:
    - encrypting the second authentication data using the hash function to generate first hash data; and
      
      encrypting the second authentication data using the first hash data to generate second hash data.
  - 7. The method of claim 5, wherein encrypting the hash function using second authentication data comprises:
    - encrypting the second authentication data using the first link key and a CCM* (Enhanced counter with Cipher Block Chaining-Message Authentication Code (CBC-MAC) mode of operation).
  - 8. The method of claim 5, further comprising:
    - when the received another second authentication data is not identical to the second authentication data, closing a connection to the trust center.

9. A method for sharing a link key by a trust center in a personal area network, the method comprising:
- receiving an access request from an end device;
  
  sending a stored public key to the end device;
  
  receiving an arbitrary key encrypted with the public key from the end device;
  
  decoding the encrypted arbitrary key using a private key associated with the public key;
  
  generating a link key using the decoded arbitrary key;
  
  encrypting the generated link key using the decoded arbitrary key; and
  
  sending the encrypted link key to the end device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, further comprising:
    - receiving first authentication data for the end device and encrypted second authentication data;
      
      determining if the end device is an authorized user, depending on the first authentication data and the encrypted second authentication data; and
      
      when the end device is an authorized user, generating a new link key and a network key, and sending the new link key and the network key to the end device.
  - 11. The method of claim 10, further comprising:
    - closing a connection to the end device when the end device is not the authorized user.
  - 12. The method of claim 10, wherein the first authentication data is a phone number or a serial number of the end device.
  - 13. The method of claim 10, wherein the second authentication data is a Mobile Identification Number (MIN) of the end device.
  - 14. The method of claim 10, wherein determining if the end device is the authorized user comprises:
    - determining if the first authentication data has been received from the end device;
      
      when the first authentication data has been received, determining if the received first authentication data is identical to stored first authentication data;
      
      when the received first authentication data is identical to the stored first authentication data, determining if the encrypted second authentication data has been received from the end device;
      
      when the encrypted second authentication data has been received, decoding the encrypted second authentication data;
      
      determining if the decoded second authentication data is identical to stored second authentication data; and
      
      when the decoded second authentication data is identical to the stored second authentication data, transmitting the stored second authentication data to the end device.
  - 15. The method of claim 14, further comprising:
    - closing a connection to the end device when the first authentication data is not received.
  - 16. The method of claim 14, further comprising:
    - closing a connection to the end device when the received first authentication data is not identical to the stored first authentication data.
  - 17. The method of claim 14, further comprising:
    - when the encrypted second authentication data is not received, notifying the end device that the end device has been registered.
  - 18. The method of claim 14, further comprising:
    - when the decoded second authentication data is not identical to the stored second authentication data, closing a connection to the end device.
  - 19. The method of claim 10, further comprising:
    - receiving an authentication confirm response from the end device before generating the new link key and the network key.

20. A trust center connected with a personal area network for sharing a link key, the trust center comprising:
- a key generator for generating the link key and a network key;
  
  a key calculator for encrypting the link key and the network key generated by the key generator, and decoding encrypted keys received from an end device;
  
  a communication module for performing communication with the end device in the personal area network; and
  
  a controller for controlling to send a stored public key to the end device upon receipt of an access request from the end device, to receive an encrypted arbitrary key using the public key from the end device, to decode the encrypted arbitrary key using a stored private key corresponding to the public key, to generate a link key using the decoded arbitrary key, to encrypt the generated link key using the decoded arbitrary key, and to send the encrypted link key to the end device.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The trust center of claim 20, wherein the controller controls to receive first authentication data and encrypted second authentication data for the end device from the end device, to determine whether the end device is an authorized user depending on the first authentication data and the encrypted second authentication data, to generate a new link key and a network key when the end device is an authorized user, and to send the new link key and the network key to the end device.
  - 22. The trust center of claim 21, wherein the controller controls to close a connection to the end device when the end device is not the authorized user according to the result of the determination.
  - 23. The trust center of claim 21, wherein the first authentication data is a phone number or a serial number of the end device.
  - 24. The trust center of claim 21, wherein the second authentication data is a Mobile Identification Number (MIN) of the end device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Sung, Yeul-Tak, Han, Young-Seop, Kim, Jae-Ho
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US12/328,170
Publication Number

US 20090177889A1
Time in Patent Office

1,419 Days
Field of Search

None
US Class Current

380/278
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0844   with user authentication or...

Method for sharing a link key in a ZigBee network and a communication system therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method for sharing a link key in a ZigBee network and a communication system therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links