Authenticating a multiple interface device on an enumerated bus

US 8,561,207 B2
Filed: 08/20/2010
Issued: 10/15/2013
Est. Priority Date: 08/20/2010
Status: Active Grant

First Claim

Patent Images

1. A method of operating a host device, the method comprising, by the host device:

receiving from an universal serial bus (USB) accessory device coupled to the host device, enumeration information identifying a plurality of interfaces supported by the USB accessory device, the plurality of interfaces including a master interface that has one or more associated attributes, each attribute having a predetermined value, wherein the master interface is defined for USB accessories designed to be used with the host device;

determining that the enumeration information indicates presence of the predetermined value for each of the one or more attributes associated with the master interface;

obtaining authentication information from the USB accessory device in accordance with a protocol associated with the master interface, the authentication information including a digital certificate;

extracting the digital certificate from the authentication information;

validating the digital certificate;

enabling the USB accessory device for use with the host device based on the validation;

determining an authorization level for the USB accessory device;

determining one or more interfaces, from the plurality of interfaces, associated with the authorization level;

enabling only the one or more interfaces; and

permitting communication with the USB accessory device using only the one or more interfaces.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a multiple interface accessory device is provided. The method includes receiving enumeration information identifying the multiple interfaces supported by the accessory. The enumeration information includes information about a master interface supported by the accessory. A host device obtains authentication information from the accessory in accordance with a protocol associated with the master interface. Based on the authentication information, the host device determines whether the accessory is authorized to communicate with the host device. In the event that the accessory is authorized, the host device permits communication with the accessory using one or more of the multiple interfaces supported by the accessory.

34 Citations

View as Search Results

19 Claims

1. A method of operating a host device, the method comprising, by the host device:
- receiving from an universal serial bus (USB) accessory device coupled to the host device, enumeration information identifying a plurality of interfaces supported by the USB accessory device, the plurality of interfaces including a master interface that has one or more associated attributes, each attribute having a predetermined value, wherein the master interface is defined for USB accessories designed to be used with the host device;
  
  determining that the enumeration information indicates presence of the predetermined value for each of the one or more attributes associated with the master interface;
  
  obtaining authentication information from the USB accessory device in accordance with a protocol associated with the master interface, the authentication information including a digital certificate;
  
  extracting the digital certificate from the authentication information;
  
  validating the digital certificate;
  
  enabling the USB accessory device for use with the host device based on the validation;
  
  determining an authorization level for the USB accessory device;
  
  determining one or more interfaces, from the plurality of interfaces, associated with the authorization level;
  
  enabling only the one or more interfaces; and
  
  permitting communication with the USB accessory device using only the one or more interfaces.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein, in the event that the plurality of interfaces does not include the master interface, ignoring subsequent communication from the accessory device.
  - 3. The method of claim 1 further comprising:
    - if it is determined that the accessory device does not support the master interface, ignoring subsequent communication from the accessory device.
  - 4. The method of claim 1 wherein the plurality of attributes include an interface class, an interface sub-class, an interface protocol, and an interface string identifier.
  - 5. The method of claim 1 further comprising:
    - verifying that the enumeration information includes the plurality of attributes associated with the master interface; and
      
      verifying whether each of the plurality of attributes has the predetermined value.
  - 6. The method of claim 1 wherein, receiving the enumeration information comprises receiving the enumeration information via a transport, the transport comprising a Universal Serial Bus (USB) communication protocol.
  - 7. The method of claim 6 wherein, the transport comprises a Bluetooth communication protocol.

8. A computer-readable non-transitory storage medium storing a plurality of instructions that when executed by a processor in a host device, cause the processor to perform a method for authenticating an accessory device, the method comprising:
- receiving, from the accessory device, enumeration information for a plurality of interfaces of the accessory device, the plurality of interfaces including a master interface;
  
  determining that the enumeration information includes identification information for the master interface;
  
  the identification information including one or more predetermined values for one or more attributes associated with the master interface, wherein the master interface is defined for accessory devices designed to be used with the host device;
  
  obtaining authentication information from the accessory device in accordance with a protocol associated with the master interface;
  
  extracting a digital certificate from the authentication information;
  
  validating the digital certificate;
  
  enabling the accessory device for use with the host device based on validation;
  
  determining an authorization level for the accessory device from a plurality of authorization levels, each authorization level in the plurality of authorization levels being associated with a subset of interfaces from the plurality of interfaces;
  
  determining one or more interfaces, from the plurality of interfaces, to be enabled based on the authorization level of the accessory device;
  
  enabling the one or more interfaces; and
  
  permitting communication with the accessory device using only the enabled one or more interfaces, wherein the one or more interfaces includes at least one interface other than the master interface.
- View Dependent Claims (9, 10, 11)
- - 9. The computer-readable non-transitory storage medium of claim 8 further comprising:
    - obtaining a public key associated with the accessory device; and
      
      validating the digital certificate using the public key.
  - 10. The computer-readable non-transitory storage medium of claim 8 wherein the one or more attributes include an interface class, an interface sub-class, an interface protocol, or a string name associated with the master interface.
  - 11. The computer-readable non-transitory storage medium of claim 8 wherein the plurality of interfaces comprises a set of interfaces supported by the host device but are not enabled for use with the host device based on the authorization level.

12. A host device comprising:
- a processor; and
  
  a memory device coupled to the processor,wherein the processor is configured to;
  
  receive from an universal serial bus (USB) accessory device coupled to the host device, enumeration information identifying a plurality of interfaces supported by the USB accessory device, the plurality of interfaces including a master interface that has one or more associated attributes, each attribute having a predetermined value, wherein the master interface is defined for USB accessories designed to be used with the host device;
  
  determine that the enumeration information indicates presence of the predetermined value for each of the one or more attributes associated with the master interface;
  
  obtain authentication information from the USB accessory device in accordance with a protocol associated with the master interface, wherein the authentication information includes a digital certificate;
  
  extract the digital certificate from the authentication information;
  
  validate the digital certificate;
  
  enable the USB accessory device for use with the host device based on the validation;
  
  determine an authorization level for the USB accessory device;
  
  determine one or more interfaces, from the plurality of interfaces, associated with the authorization level;
  
  enable only the one or more interfaces; and
  
  permit communication with the USB accessory device using only the one or more interfaces.
- View Dependent Claims (13, 14)
- - 13. The host device of claim 12 wherein the one or more attributes comprises an interface class, an interface sub-class, an interface protocol, or a string name associated with the master interface.
  - 14. The hose device of claim 12 wherein plurality of interfaces supported by the USB accessory device include a set of interfaces that are not enabled for use with the USB accessory device based on the authorization level of the USB accessory device.

15. A method for operating an universal serial bus (USB) accessory device, the method comprising:
- providing, to a host device, (i) a list of one or more interfaces supported by the accessory device and (ii) information about a master interface supported by the accessory device, the master interface having a plurality of attributes associated with it and wherein each of the plurality of attributes has a predetermined value, wherein the master interface is defined for any accessory that is designed to be used with the host device;
  
  providing, to the host device, the predetermined value for each attribute associated with the master interface;
  
  receiving a request from the host device to provide authentication information via a protocol associated with the master interface;
  
  providing the authentication information, using the protocol, in response to the request from the host device, wherein the authentication information includes a digital certificate;
  
  receiving an authentication confirmation message from the host device and information indicating enablement of a first interface from the one or more interfaces, wherein the first interface is enabled based on an authorization level of the accessory device, wherein the authorization level is part of a plurality of authorization levels and wherein each authorization level in the plurality of authorization levels has a set of interfaces associated with it; and
  
  communicating with the host device using only the first interface.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15 wherein the USB accessory device communicates with the host device using a communication protocol associated with the master interface.
  - 17. The method of claim 15 wherein the request for providing the authentication information includes a random number generated by the host device.
  - 18. The method of claim 15 wherein the authentication information comprises one of a device identifier or a version indicator.
  - 19. The method of claim 15 wherein the list of one or more interfaces is provided as part of a USB enumeration process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Chinn, Paul William, Yepez, Roberto G., Dalal, Anand
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
SARKER, SANCHIT K

Application Number

US12/860,841
Publication Number

US 20120047368A1
Time in Patent Office

1,152 Days
Field of Search

726/27, 710/32
US Class Current

726/27
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 2221/2129   Authenticate client device ...

Authenticating a multiple interface device on an enumerated bus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a multiple interface device on an enumerated bus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links