Method and apparatus of ensuring security of communication in home network

US 8,464,055 B2
Filed: 01/30/2009
Issued: 06/11/2013
Est. Priority Date: 01/31/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of enabling secure communication between a control apparatus and a controlled apparatus in a home network, the method comprising:

receiving an identifier of the controlled apparatus through a user interface of the control apparatus;

performing an authentication with the controlled apparatus by establishing, by a processor, a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a protocol using the identifier of the controlled apparatus;

generating a private key;

sharing the private key with the controlled apparatus via the registration SAC to register the control apparatus in the controlled apparatus;

recording the identifier of the controlled apparatus in an identifier list of the control apparatus; and

synchronizing the identifier list of the control apparatus with the controlled apparatus via the registration SAC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method and apparatus to ensuring communication security between a control apparatus and a controlled apparatus in a home network. The control apparatus in the home network establishes a registration Secure Authenticated Channel (SAC) with the controlled apparatus by using a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol implemented by using a Product Identification Number (PIN) of the controlled apparatus input from a user, shares a private key with the controlled apparatus via the registration SAC, and uses services of the controlled apparatus via a service SAC established by using the TLS-PSK protocol implemented by using the shared private key to easily implement a framework ensuring communication security in the home network.

48 Citations

View as Search Results

17 Claims

1. A method of enabling secure communication between a control apparatus and a controlled apparatus in a home network, the method comprising:
- receiving an identifier of the controlled apparatus through a user interface of the control apparatus;
  
  performing an authentication with the controlled apparatus by establishing, by a processor, a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a protocol using the identifier of the controlled apparatus;
  
  generating a private key;
  
  sharing the private key with the controlled apparatus via the registration SAC to register the control apparatus in the controlled apparatus;
  
  recording the identifier of the controlled apparatus in an identifier list of the control apparatus; and
  
  synchronizing the identifier list of the control apparatus with the controlled apparatus via the registration SAC.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the protocol is a Transport Layer Security Pre-Shared Key ciphersuites (TLS-PSK) protocol.
  - 3. The method according to claim 2, wherein the identifier is a Product Identification Number (PIN).
  - 4. The method of claim 3, further comprising establishing a service SAC with the controlled apparatus by using the TLS-PSK protocol implemented by using the shared private key when the controlled apparatus is discovered again after the registering is performed.
  - 5. The method of claim 2, wherein the establishing of the SAC includes implementing the TLS-PSK protocol by using a TLS session resumption protocol using a value arbitrarily generated by the control apparatus as a session identifier, a ClientHello message of the TLS session resumption protocol including information indicating that the TLS-PSK protocol to be used is implemented by using the TLS session resumption protocol.
  - 6. The method of claim 4, wherein synchronizing the PIN list further comprises transmitting PINs of controlled apparatuses, in which the control apparatus is registered, to the controlled apparatus via the registration SAC established using the private key, and receiving PINs stored in the controlled apparatus from the controlled apparatus,wherein the establishing of the registration SAC by using the PIN includes determining whether the PIN of the controlled apparatus exists in the PIN list of the control apparatus when the controlled apparatus is discovered and as a result of the determining, when the PIN of the controlled apparatus does not exist in the PIN list, requesting the PIN of the controlled apparatus via a user interface when the PIN of the controlled apparatus is determined to not exist in the PIN list of the control apparatus.
  - 7. The method of claim 1, further comprising deleting the private key from the control apparatus according to a command input via a user interface.
  - 8. The method of claim 4, further comprising deleting at least one private key from among private keys stored in the controlled apparatus via the service SAC established using the private key, according to a command input via a user interface.
  - 9. The method of claim 1, wherein the identifier of the controlled apparatus is given at the time of manufacture.
  - 10. A non-transitory computer-readable recording medium having recorded thereon a computer program to cause a computer to execute the method of claim 1.

11. An apparatus enabling secure communication between a control apparatus and a controlled apparatus in a home network, the apparatus comprising:
- a processor comprising;
  
  a user interface unit receiving a Product Identification Number (PIN) that is an identifier given to the controlled apparatus at the time of manufacture;
  
  a register channel establishing unit performing an authentication with the controlled apparatus by establishing a registration Secure Authenticated Channel (SAC) with the controlled apparatus through a TLS-PSK protocol using the PIN;
  
  a register performing unit generating a private key, sharing the private key with the controlled apparatus via the registration SAC to registering the control apparatus in the controlled apparatus; and
  
  a PIN list synchronization unit recording the PIN in a PIN list of the control apparatus and synchronizing the PIN list of the control apparatus with the controlled apparatus via the registration SAC.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The apparatus of claim 11, further comprising a service channel establishing unit establishing a service SAC with the controlled apparatus through the TLS-PSK protocol using the private key when the controlled apparatus is discovered again after the registering is performed.
  - 13. The apparatus of claim 11, wherein the register channel establishing unit implements the TLS-PSK protocol by using a TLS session resumption protocol using a value arbitrarily generated by the control apparatus as a session identifier (ID), a ClientHello message of the TLS session resumption protocol including information indicating that the TLS-PSK protocol to be used is implemented by using the TLS session resumption protocol.
  - 14. The apparatus of claim 13, wherein an identifier of the control apparatus and/or the identifier of the controlled apparatus is used as the session ID.
  - 15. The apparatus of claim 12, wherein the PIN list synchronization unit further comprises:
    - transmitting PINs of controlled apparatuses, in which the control apparatus is registered, to the controlled apparatus via the service SAC established using the private key, and receiving PINs stored in the controlled apparatus from the controlled apparatuswherein the register channel establishing unit includes a PIN scan unit determining whether the PIN of the controlled apparatus exists in the PIN list of the control apparatus when the controlled apparatus is discovered and a PIN input unit requesting the PIN of the controlled apparatus via a user interface when the PIN of the controlled apparatus is determined to not exist in the PIN list of the control apparatus.
  - 16. The apparatus of claim 11, further comprising a controlled apparatus revoke unit deleting the private key from the control apparatus according to a command input via a user interface.
  - 17. The apparatus of claim 11, further comprising a control apparatus revoke unit deleting at least one private key from among private keys stored in the controlled apparatus via the service SAC established using the private key, according to a command input via a user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Kim, Hyoung-shick, Lee, Joo-yeol
Primary Examiner(s)
LaForgia, Christian

Application Number

US12/320,656
Publication Number

US 20090198998A1
Time in Patent Office

1,593 Days
Field of Search

709220-222, 709/225, 709227-229, 709/248, 713/168, 726/6, 726/7, 726/21
US Class Current

713/168
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 63/061   for key exchange, e.g. in p...

H04L 63/166   at the transport layer

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3226   using a predetermined code,...

Method and apparatus of ensuring security of communication in home network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of ensuring security of communication in home network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links