Secure and efficient domain key distribution for device registration

US 8,504,836 B2
Filed: 12/29/2008
Issued: 08/06/2013
Est. Priority Date: 12/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method of transferring a domain key between a first device and a second device in a network, the method comprising:

verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates;

receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;

determining a second random number at the first device;

sending the second random number from the first device to the second device;

generating a Personal Identification Number (PIN) at the first device;

in response to generating the PIN, outputting instructions, by the first device, that instruct a user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;

generating a session key from the first random number, the second random number, and the PIN; and

sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.

66 Citations

View as Search Results

20 Claims

1. A method of transferring a domain key between a first device and a second device in a network, the method comprising:
- verifying the second device is an authorized device through certificates, wherein the second device verifies the first device is an authorized device though the certificates;
  
  receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;
  
  determining a second random number at the first device;
  
  sending the second random number from the first device to the second device;
  
  generating a Personal Identification Number (PIN) at the first device;
  
  in response to generating the PIN, outputting instructions, by the first device, that instruct a user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;
  
  generating a session key from the first random number, the second random number, and the PIN; and
  
  sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - allowing one of the first device or the second device to join a domain of the second device or the first device, respectively, and if the second device generates a same session key as the first device, the second device is operable to use the session key to encrypt and decrypt the domain key from the first device.
  - 3. The method of claim 1, wherein the second device uses a manually-entered PIN to verify the first device or the second device is an authorized device, wherein the first device or the second device is introduced to the network.
  - 4. The method of claim 1, wherein verifying the second device and the first device are authorized devices comprises:
    - exchanging certificates between the first and second device to verify the second device and the first device are authorized devices.
  - 5. The method of claim 1, wherein the first random number received from the second device is encrypted using a public key of the first device, and the method further comprises:
    - decrypting the first random number for use in session key generation.
  - 6. The method of claim 1, wherein sending the second random number from the first device to the second device further comprises:
    - encrypting the second random number using a public key of the first device; and
      
      sending the encrypted second random number to the second device, wherein the second device decrypts the second random number using a private key of the second device to generate the session key.
  - 7. The method of claim 1, wherein the PIN is a random value.
  - 8. The method of claim 1, wherein the PIN is a previously assigned non-random value.
  - 9. The method of claim 7, wherein determining the PIN further comprises:
    - determining the PIN from random data received from the second device.
  - 10. The method of claim 1, wherein the PIN is manually entered in the second device, and the manually-entered PIN is used by the second device to generate the session key.
  - 11. The method of claim 1, wherein the first device and the second device comprise a sink device and a source device or two source devices in a Wireless Home Digital Interface (WHDI) network.
  - 12. The method of claim 1, wherein the first device and the second device comprise two source devices in a Wireless Home Digital Interface (WHDI) network.

13. A non-transitory computer readable storage medium storing at least one computer program that when executed performs a method of transferring a domain key during a device registration between a first device and a second device in a network, the method comprising:
- verifying the second device is an authorized device through an exchange of certificates, wherein the second device verifies the first device is an authorized device though the exchange of certificates;
  
  receiving, at the first device, a first random number from the second device, wherein the first random number is encrypted;
  
  determining a second random number at the first device;
  
  sending the second random number from the first device to the second device;
  
  generating a Personal Identification Number (PIN) at the first device;
  
  in response to generating the PIN, outputting instructions, by the first device, that instruct a instructing user entry of the PIN in the second device, wherein the PIN is generated and the instructions are output after the verifying;
  
  generating a session key from the first random number, the second random number, and the PIN; and
  
  sending the domain key encrypted with the session key from the first device to the second device or receiving the domain key encrypted with the session key from the second device to the first device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory computer readable storage medium of claim 13, the method further comprises:
    - allowing one of the first device or the second device to join a domain of the second device or the first device, respectively, and if the second device generates a same session key as the first device, the second device is operable to use the session key to encrypt and decrypt the domain key from the first device.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the second device uses a manually-entered PIN in the second device to verify the first device or the second device is an authorized device, wherein the first device or the second device is introduced to the network.
  - 16. The non-transitory computer readable storage medium of claim 13, wherein the method of verifying the second device and the first device are authorized devices further comprises:
    - exchanging certificates between the first and second device to verify the second device and the first device are authorized devices.
  - 17. The non-transitory computer readable storage medium of claim 13, wherein the first random number received from the second device is encrypted using a public key of the first device, and the method further comprises:
    - decrypting the first random number for use in session key generation.
  - 18. The non-transitory computer readable storage medium of claim 13, wherein the method of sending the second random number from the first device to the second device further comprises:
    - encrypting the second random number using a public key of the first device; and
      
      sending the encrypted second random number to the second device, wherein the second device decrypts the second random number using a private key of the second device to generate the session key.
  - 19. The non-transitory computer readable storage medium of claim 13, wherein the method of determining the PIN further comprises:
    - determining the PIN from random data received from the second device.

20. A device configured to communicate with a new device in a wireless network, the device comprising:
- an interface configured to wirelessly transfer a domain key to the new device, wherein the domain key is encrypted at the device and is decrypted at the new device;
  
  a processor configured to;
  
  verifying the new device is an authorized device through an exchange of certificates, wherein the new device verifies the device is an authorized device though the exchange of certificates,receiving a first random number from the new device, wherein the first random number is encrypted,determining a second random number,sending the second random number to the new device,randomly generate a PIN,in response to generating the PIN, outputting instructions that instruct a user entry of the PIN in the new device, wherein the PIN is generated and the instructions are output after the verifying,derive a session key of the device from the first random number, the second random number, and the PIN, andexchange the session key of the device with a session key of the new device, and verify the session key of the new device,send the domain key encrypted with the session key to the new device or receiving the domain key encrypted with the session key from the new device;
  
  anda data storage storing the PIN, the session keys and the domain key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola Mobility LLC (Lenovo Group Ltd.)
Inventors
Zhang, Jiang, Medvinsky, Alexander
Primary Examiner(s)
KIM, TAE K

Application Number

US12/344,997
Publication Number

US 20100169646A1
Time in Patent Office

1,681 Days
Field of Search

713168-172, 713182-185, 380/277, 380/255, 380259-262, 380/270, 726 2- 10, 726 26- 29, 709223-229
US Class Current

713/169
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/104   Grouping of entities

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/3263   involving certificates, e.g...

H04N 21/43615   Interfacing a Home Network,...

H04N 21/43637   involving a wireless protoc...

H04N 21/4408   involving video stream encr...

Secure and efficient domain key distribution for device registration

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and efficient domain key distribution for device registration

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links