Method and apparatus for authenticating a network device

US 8,375,207 B2
Filed: 08/12/2008
Issued: 02/12/2013
Est. Priority Date: 08/21/2007
Status: Active Grant

First Claim

Patent Images

1. A trust centre for a wireless personal area network arranged to perform authentication of communication devices joining the wireless personal area network;

the trust centre being operatively coupled to a security server, which is arranged to store a plurality of communication device keys associated with communication devices known to the network;

the trust centre being further arranged;

upon a new communication device joining the wireless personal area network, to request from the security server a communication device key associated with the joining communication device for a purpose of authenticating the joining communication device;

to perform mutual authentication between the trust centre and the joining communication device by sending to the joining communication device a challenge encrypted with the communication device key for the joining communication device and to receive from the joining communication device a further encrypted challenge sent in response to the encrypted challenge from the trust centre;

to generate a link key for use by an authenticated device that has performed the mutual authentication with the trust centre and for which a mutual link with another authenticated device has been requested, wherein the trust centre verifies that the request originates from a previously authenticated device, and upon verification sends a verification response to the authenticated device; and

to send the link key in encrypted form to the authenticated device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trust center for a wireless personal area network is arranged to perform authentication of communication devices joining the network. The trust center is operatively coupled to a security server, which is arranged to store communication device keys. The trust center is further arranged, upon a new communication device joining the network, to request from the security server a communication device key of the joining communication device for the purpose of authenticating the joining communication device.

21 Citations

View as Search Results

26 Claims

1. A trust centre for a wireless personal area network arranged to perform authentication of communication devices joining the wireless personal area network;
- the trust centre being operatively coupled to a security server, which is arranged to store a plurality of communication device keys associated with communication devices known to the network;
  
  the trust centre being further arranged;
  
  upon a new communication device joining the wireless personal area network, to request from the security server a communication device key associated with the joining communication device for a purpose of authenticating the joining communication device;
  
  to perform mutual authentication between the trust centre and the joining communication device by sending to the joining communication device a challenge encrypted with the communication device key for the joining communication device and to receive from the joining communication device a further encrypted challenge sent in response to the encrypted challenge from the trust centre;
  
  to generate a link key for use by an authenticated device that has performed the mutual authentication with the trust centre and for which a mutual link with another authenticated device has been requested, wherein the trust centre verifies that the request originates from a previously authenticated device, and upon verification sends a verification response to the authenticated device; and
  
  to send the link key in encrypted form to the authenticated device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The trust centre of claim 1 wherein the trust centre requests a communication device master key from the security server by sending a Master Key Request Command comprising information that identifies the joining communication device.
  - 3. The trust centre of claim 2 wherein the Master Key Request Command comprises an address of the joining communication device.
  - 4. The trust centre of claim 1 wherein the encrypted challenge received from the joining communication device is encrypted with a device key of the trust centre.
  - 5. The trust centre of claim 1 wherein the trust centre is arranged to perform symmetric-key key establishment with the joining communication device, upon authentication of the joining communication device.
  - 6. The trust centre of claim 5 wherein the trust centre is further arranged to send a network key to the joining communication device after having performed symmetric-key key establishment.
  - 7. The trust centre of claim 1 wherein the verification request comprises a device master key of the communication device, and is encrypted with a trust centre link key.
  - 8. The trust centre of claim 7 wherein the verification request further comprises an address of a second communication device.
  - 9. The trust centre of claim 8 wherein the verification request is encrypted with symmetric communication key associated with both the trust centre and the communication device.
  - 10. The trust centre of claim 1 wherein the link key provided within the verification response is for symmetric-key key establishment between the communication device and a further communication device, and is encrypted with a trust centre link key.
  - 11. The trust centre of claim 1, wherein the security server being arranged to store a plurality of communication device keys, and to receive a request for a communication device key from the trust centre;
    - the security server being further arranged to receive communication device configuration information comprising a device key for that communication device.
  - 12. The security server of claim 11 wherein the configuration information further comprises a network address for that communication device.
  - 13. The security server of claim 11 wherein the security server comprises logic for receiving a request for a communication device key from the trust centre in a form of a Master Key Request Command comprising information identifying the communication device.
  - 14. The security server of claim 13 wherein the Master Key Request Command comprises a network address of the joining communication device.
  - 15. The security server of claim 13 wherein the security server responds to requests for communication device keys from the trust centre in a form of a Master Key Response Command comprising a master key for the communication device.
  - 16. The security server of claim 11 wherein the security server comprises a configuration interface via which the security server receives device configuration information.
  - 17. The security server of claim 16 wherein the configuration interface is arranged to be operatively coupled to a personal computing device by way of a universal serial bus or a wireless connection.
  - 18. The security server of claim 16 wherein the configuration interface comprises a user interface via which a user is able to manually provide or manage configuration information for network devices.
  - 19. The security server of claim 11 wherein the security server comprises a memory element arranged to store configuration information comprising communication device keys for registered communication devices.
  - 20. The security server of claim 11 wherein, upon registration of a communication device with the security server, the security server assigns a communication device key to that communication device.
  - 21. The security server of claim 20 wherein, upon registration of a communication device with the security server, the communication device provides a communication device key for that communication device to the security server.

22. A method of operation for use in a wireless personal area network comprising:
- joining, by a plurality of communication devices, the wireless personal area network and requesting authentication from a trust centre of the network;
  
  requesting, by the trust centre, from a security server a communication device key associated with at least one of the plurality of joining communication devices;
  
  performing, by the trust centre and the at least one of the plurality of joining communication devices, mutual authentication by the trust centre sending to the at least one of the plurality of joining communication devices a challenge encrypted with the communication device key and receiving from the at least one of the plurality of joining communication devices a further encrypted challenge sent in response to the encrypted challenge from the trust centre;
  
  the trust centre generating a link key for use by an authenticated device that has performed the mutual authentication with the trust centre and for which a mutual link with another authenticated device has been requested, wherein the trust centre verifies that the request originates from a previously authenticated device, and upon verification sends a verification response to the authenticated device; and
  
  the trust centre sending the link key in encrypted form to the authenticated device.

23. A wireless personal area network comprising:
- each of a plurality of communication devices joining the wireless personal area network and requesting authentication from a trust centre of the network;
  
  the trust centre requesting from a security server a device key associated with each joining device;
  
  the trust centre and each joining device performing mutual authentication by the trust centre sending to the joining device a challenge encrypted with the device key and receiving from the joining device a further encrypted challenge sent in response to the encrypted challenge from the trust centre;
  
  the trust centre generating a link key for use by an authenticated device that has performed mutual authentication with the trust centre and for which a mutual link with another authenticated device has been requested, wherein the trust centre verifies authentication and upon verification sends a verification response to the authenticated device; and
  
  the trust centre sending the link key in encrypted form to the authenticated device.
- View Dependent Claims (24, 25, 26)
- - 24. The wireless personal area network of claim 23 wherein the trust centre requests a communication device key from the security server by sending a Master Key Request Command comprising information that identifies the joining communication device.
  - 25. The wireless personal area network of claim 23 wherein the trust centre receives from a joining communication device a challenge that is encrypted with a communication device key of the trust centre.
  - 26. The wireless personal area network of claim 23 wherein the trust centre receives from the joining communication device an encrypted challenge of the joining communication device concatenated with the encrypted challenge sent by the trust centre.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
Dangoor, Yehezkel, Granovsky, Yuri
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Desrosiers, Evans

Application Number

US12/674,303
Publication Number

US 20120124373A1
Time in Patent Office

1,645 Days
Field of Search

713150-174, 713182-186, 713189-193, 713/202, 726 2- 8, 380 44- 47, 380 28- 30, 380255-286
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/3271   using challenge-response

H04W 12/50   Secure pairing of devices

Method and apparatus for authenticating a network device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating a network device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links