Method and system for authentication between electronic devices with minimal user intervention

US 8,452,961 B2
Filed: 03/01/2007
Issued: 05/28/2013
Est. Priority Date: 03/07/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authentication between electronic devices in a home network including a first device storing personal identity information for at least one user of the home network, comprising:

1) generating a binding associating purchaser information, a secret device code, and certificate information for a newly purchased second device prior to installation of the second device in the home network, including;

receiving purchaser information from a credit entity in response to a sale of the second device;

receiving a pre-determined device identification information for the second device obtained at the point of sale of the second device;

binding ownership of the second device to the user via an external registration entity using the purchaser information from the credit entity and the pre-determined device identification information from the second device obtained by a device ownership manager;

wherein binding ownership of the second device includes;

associating the purchaser information with a secret code associated with the pre-determined device identification for the second device and generating temporary certificate information for the second device including personal identification information for the purchaser of the second device; and

2) providing, after the second device is installed in the home network, the temporary certificate information to the second device for the second device to authenticate itself with the home network, including;

receiving a request from the second device installed in the home network, the request providing the secret code of the second device; and

in response to the request from the second device returning a reply to the home network that includes the temporary certificate information to permit an authentication of the second device within the home network based on matching purchaser identification information in the temporary certificate with the previously stored personal identity information of the first device trusted by the home network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authentication between electronic devices with reduced user intervention is provided. An authentication process for electronic devices (e.g., CE devices) establishes ownership for secure communication, with reduced user involvement. Device ownership trust establishment allows secured/authenticated communication between electronic devices. The process binds a device to an owner such that the authentication only verifies the authenticity of a device, and verifies the ownership of the device to ensure authentication. This ensures that a device is a valid device that has not been tampered with, and ensures a device has a trusted owner. Ownership binding to a device can be verified and established by trusted third parties without user intervention.

Citations

16 Claims

1. A method for authentication between electronic devices in a home network including a first device storing personal identity information for at least one user of the home network, comprising:
- 1) generating a binding associating purchaser information, a secret device code, and certificate information for a newly purchased second device prior to installation of the second device in the home network, including;
  
  receiving purchaser information from a credit entity in response to a sale of the second device;
  
  receiving a pre-determined device identification information for the second device obtained at the point of sale of the second device;
  
  binding ownership of the second device to the user via an external registration entity using the purchaser information from the credit entity and the pre-determined device identification information from the second device obtained by a device ownership manager;
  
  wherein binding ownership of the second device includes;
  
  associating the purchaser information with a secret code associated with the pre-determined device identification for the second device and generating temporary certificate information for the second device including personal identification information for the purchaser of the second device; and
  
  2) providing, after the second device is installed in the home network, the temporary certificate information to the second device for the second device to authenticate itself with the home network, including;
  
  receiving a request from the second device installed in the home network, the request providing the secret code of the second device; and
  
  in response to the request from the second device returning a reply to the home network that includes the temporary certificate information to permit an authentication of the second device within the home network based on matching purchaser identification information in the temporary certificate with the previously stored personal identity information of the first device trusted by the home network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein binding ownership of the second device includes:
    - during acquisition of the second device by a user purchaser, using device identification and purchaser information in obtaining approval for acquisition of the second device; and
      
      upon approval for acquisition and upon purchaser permission, performing registration in the external registration entity by;
      
      generating an authentication key pair and the temporary certificate for the second device; and
      
      associating the purchaser information with a preinstalled secret code in the second device, for later retrieval by the second device and using the secret code as the device identification.
  - 3. The method of claim 2 wherein the external registration entity comprises a registration server of the manufacturer of the second device.
  - 4. The method of claim 2 wherein during acquisition the purchaser provides bank checking information, such that obtaining approval for the acquisition further includes providing the payment funds information to a banking entity for verification of purchase.
  - 5. The method of claim 1 wherein during acquisition the purchaser provides credit information, such that obtaining approval for the acquisition includes providing the credit information to a creditor entity for verification of purchase.
  - 6. The method of claim 5 further comprising:
    - upon verification, the credit entity providing purchaser information including purchaser identification; and
      
      utilizing the provided purchaser identification and device information in associating the purchaser information with the second device.
  - 7. The method of claim 6 wherein performing authentication when the second device is connected to the network, further includes:
    - sending the secret code of the second device to the external registration entity;
      
      the external registration entity using the secret code to find and send said a temporary certificate and authentication key to the second device; and
      
      the second device communicating with the first device wherein the first device verifies a certificate of the second device, and the second device verifies a certificate of the first device, such that if both certificates are not verified the authentication fails.
  - 8. The method of claim 7 further comprising:
    - if both certificates are verified, then the first device extracts purchaser information from the temporary certificate of the second device and verifies the extracted purchaser information with user information stored in the first device.
  - 9. The method of claim 8 further including:
    - verifying if purchaser information matches the stored user information; and
      
      if purchaser information matches the stored user information, then establishing ownership trust in the network between the first device and the second device for further information communication therebetween.
  - 10. The method of claim 9 further including:
    - if purchaser information matches the stored user information, then;
      
      the first device further generating a public/private key pair and issuing a permanent certificate for the second device;
      
      the first device encrypting the public/private key pair and the permanent certificate for the second device, using the temporary device public key on the first device; and
      
      the second device decrypting the public/private key pair and the permanent certificate for the second device, using the temporary private key;
      
      wherein the permanent certificate and the public/private key are used for communication with other devices in the network.
  - 11. The method of claim 10 wherein the first device comprises a gateway and the second device comprises an electronic device.
  - 12. The method of claim 1, wherein the user information is stored in the first device via a remote console.
  - 13. The method of claim 1, further comprising establishing ownership between the first device and the user based on the stored user information.
  - 14. The method of claim 1, wherein registration of the second device is completed at time of purchasing based on user information from a credit entity and second device information preinstalled on the second device.
  - 15. The method of claim 14, wherein the second device is registered with the registration entity upon powering up a first time in the local network.
  - 16. The method of claim 1, further comprising:
    - establishing trust between the first device and a third device for communication between the third device and the second device based on a purchaser of the third device matching family member information stored on the first device, wherein the first device trusts the third device and generates a public/private key pair for the third device to communicate with the second device, and the third device and the second device exchange information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Song, Yu, Cheng, Doreen, Messer, Alan
Primary Examiner(s)
Popham, Jeffrey D
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US11/713,522
Publication Number

US 20070214356A1
Time in Patent Office

2,280 Days
Field of Search

726/5
US Class Current

713/170
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0823 using certificates cryptogr...

Method and system for authentication between electronic devices with minimal user intervention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authentication between electronic devices with minimal user intervention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links