Generation of self-certified identity for efficient access control list management

US 8,600,058 B2
Filed: 03/27/2009
Issued: 12/03/2013
Est. Priority Date: 03/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for registering a new device to a control point in a home network, the method comprising:

generating a first self-certified control point device identification at the control point, the self-certified control point device identification uniquely identifying the control point, wherein a pseudo-random function uses a control point device identification name and a generated pseudo-random number for inputs for generating the first self-certified control point device identification; and

sending a secure message to the new device containing the first self-certified control point device identification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a first embodiment of the present invention, a method for registering a new device to a control point in a home network is provided, the method comprising: generating a first self-certified identification at the control point, the generation using a pseudo-random generated number and using an identification of the control point; and sending a secure message to the new device containing the first self-certified identification.

14 Citations

View as Search Results

20 Claims

1. A method for registering a new device to a control point in a home network, the method comprising:
- generating a first self-certified control point device identification at the control point, the self-certified control point device identification uniquely identifying the control point, wherein a pseudo-random function uses a control point device identification name and a generated pseudo-random number for inputs for generating the first self-certified control point device identification; and
  
  sending a secure message to the new device containing the first self-certified control point device identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving a discovery request from the new device; and
      
      responding to the discovery request with the first self-certified control point device identification of the control point.
  - 3. The method of claim 1, wherein the home network is a Universal Plug and Play (UPnP) network.
  - 4. The method of claim 1, further comprising:
    - receiving a pin number from the new device;
      
      using pre-shared transport layer security to authenticate the new device using the pin number as input for the pre-shared transport layer security authentication process;
      
      generating, by the control point and the new device, a shared secret between the control point and the new device; and
      
      sending a group secret to the new device.
  - 5. The method of claim 4, further comprising:
    - storing, by the control point, an identification of the new device along with the shared secret in a table; and
      
      storing, by the new device, the first self-certified control point device identification, the shared secret and the group secret.
  - 6. The method of claim 1, further comprising presenting the first self-certified control point device identification to an old device in the home network, permitting the control point to copy access control list (ACL) entries from the old device.
  - 7. The method of claim 6, further comprising:
    - generating a second self-certified control point device identification at the control point, wherein the pseudo-random function uses the control point device identification name and another generated pseudo-random number as inputs for generating the second self-certified control point device identification; and
      
      multicasting the second self-certified control point device identification to a group of devices including the new device but excluding the old device.
  - 8. The method of claim 4, wherein the first self-certified control point device identification is broadcast to all devices managed by the control point using the group secret.
  - 9. The method of claim 1, further comprising:
    - receiving, by the new device, a list of available control points using a universal plug and play (UPnP) discovery; and
      
      selecting the control point from the list of available control points.
  - 10. The method of claim 9, further comprising:
    - entering a personal identification number (pin) number for the new device; and
      
      authenticating, by the control point and the new device using a pre-shared transport layer security using the pin as a shared secret between the control point and the new device.

11. A method for copying access control list entries from a first device in a home network to a second device in a home network, the method comprising:
- sending a request to access the access control list (ACL) entries from a control point to the first device, the request including a self-certified control point device identification of the control point, the self-certified control point device identification uniquely identifying the control point, wherein the self-certified control point device identification is generated by using a pseudo-random function that uses a generated pseudo-random number and a device identification name as inputs;
  
  accessing the ACL entries on the first device after the first device authenticates the self-certified control point device identification;
  
  sending a request to access an ACL from the control point to the second device, the request including the self-certified control point device identification; and
  
  copying the ACL entries from the first device to the second device after the second device authenticates the self-certified control point device identification.
- View Dependent Claims (12)
- - 12. The method of claim 11, further comprising removing the first device from a group by generating a new self-certified control point device identification at the control point but not sending the new self-certified control point device identification to the first device.

13. A control point in a home network, the control point comprising:
- means for generating a first self-certified control point device identification at the control point, the self-certified control point device identification uniquely identifying the control point, wherein a pseudo-random function uses a pseudo-random generated number and a device identification name of the control point as inputs for generating the first self-certified control point device identification; and
  
  means for sending a secure message to the new device containing the first self-certified control point device identification.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The control point of claim 13, further comprising:
    - means for receiving a pin number from the new device;
      
      means for using pre-shared transport layer security to authenticate the new device using the pin number as input for the pre-shared transport layer security authentication process;
      
      means for generating a shared secret, by the control point and the new device, between the control point and the new device; and
      
      means for sending a group secret to the new device.
  - 15. The control point of claim 14, further comprising:
    - means for storing, by the control point, an identification of the new device along with the shared secret in a table, wherein the new device stores the first self-certified control point device identification, the shared secret and the group secret.
  - 16. The control point of claim 13, further comprising means for presenting the first self-certified control point device identification to an old device in the home network, permitting the control point to copy access control list (ACL) entries from the old device.
  - 17. The control point of claim 16, further comprising:
    - means for generating a second self-certified control point device identification at the control point, wherein the pseudo-random function uses another pseudo-random generated number and the control point device identification name as inputs for generating the second self-certified control point identification; and
      
      means for multicasting the second self-certified control point device identification to a group of devices including the new device but excluding the old device.

18. A control point in a home network, the control point comprising:
- means for sending a request to access the access control list (ACL) entries from the control point to the first device, the request including a self-certified control point device identification, the self-certified control point device identification uniquely identifying the control point, wherein the self-certified control point device identification is generated by a pseudo-random function that uses a pseudo-random generated number and a device identification name of the control point as inputs for generating the self-certified control point device identification;
  
  means for accessing the ACL entries on the first device after the first device authenticates the self-certified control point device identification;
  
  means for sending a request to access an ACL from a control point to the second device, the request including the self-certified control point device identification of the control point;
  
  means for copying the ACL entries from the first device to the second device after the second device authenticates the self-certified control point device identification.

19. A program storage device readable by a machine, tangibly embodying a set of computer instructions executable by the machine to perform a method for registering a new device to a control point in a home network, the method comprising:
- generating a first self-certified control point device identification at the control point, the self-certified control point device identification uniquely identifying the control point, wherein a pseudo-random function uses a pseudo-random generated number and a device identification name of the control point as inputs for generating the first self-certified control point device identification; and
  
  sending a secure message to the new device containing the first self-certified control point device identification.

20. A program storage device readable by a machine, tangibly embodying a set of computer instructions executable by the machine to perform a method for copying access control list entries from a first device in a home network to a second device in a home network, the method comprising:
- sending a request to access the access control list (ACL) entries from a control point to the first device, the request including a self-certified control point device identification, the self-certified control point device identification uniquely identifying the control point, wherein the self-certified control point device identification is generated by a pseudo-random function that uses a pseudo-random generated number and a device identification name of the control point as inputs;
  
  accessing the ACL entries on the first device after the first device authenticates the self-certified control point device identification;
  
  sending a request to access an ACL from a control point to the second device, the request including the self-certified control point device identification of the control point; and
  
  copying the ACL entries from the first device to the second device after the second device authenticates the self-certified control point device identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Verma, Sanjeev
Primary Examiner(s)
Reza, Mohammad W

Application Number

US12/413,280
Publication Number

US 20100251348A1
Time in Patent Office

1,712 Days
Field of Search

380/268, 380/270, 726/2, 726/5, 726/10, 726/19, 713/150, 713/155, 713/159, 713/175
US Class Current

380/268
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2103   Challenge-response

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/065   for group communications cr...

H04L 63/102   Entity profiles

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Generation of self-certified identity for efficient access control list management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Generation of self-certified identity for efficient access control list management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links