Secure pairing for wired or wireless communications devices

US 8,813,188 B2
Filed: 08/31/2005
Issued: 08/19/2014
Est. Priority Date: 09/08/2004
Status: Active Grant

First Claim

Patent Images

1. A method of pairing a host/trusted device and a peripheral device, the method comprising:

sending a beacon signal from the host/trusted device seeking a nearby peripheral device including an identifier of the host/trusted device;

the peripheral device detecting the beacon signal and entering a beacon detect sub-state of a link initialization state;

the peripheral device replying to the beacon signal with an announcement including identification and entering an announced sub-state;

mutually authenticating the host/trusted device and the peripheral device-and obtaining from said peripheral device a device identification relating to said peripheral device identification by associating its printed serial number to the peripheral device'"'"'s public key and receiving at said peripheral device a device identification relating to said host/trusted device identification;

the first and second device checking their respective paired device databases to determine whether they are already paired with the respective other device;

upon determining that the first and second device are not already paired with the respective other device by checking their respective paired device databases, the host/trusted device requesting a pairing procedure with the peripheral device, the pairing procedure comprising;

a) the host/trusted device sending a pairing request signal to the peripheral device,b) the host/trusted and peripheral device entering into their respective pairing states,c) the peripheral device returning a pairing started signal to the host/trusted device,d) the peripheral device providing a visual indication to a user that pairing is in process,e) the peripheral device entering into a trusted mode in which it will not engage in a pairing procedure with any device other than the first device;

f)the host/trusted device displaying to a user a device identification of the peripheral trusted device,g) the user comparing the displayed device identification displayed on the host/trusted device with the device identification physically written on the peripheral device;

h) the user sending a pairing confirm signal via the first device to the peripheral device in the case where the user confirms that the displayed device identification of the peripheral device matches the device identification written on the peripheral device,i) the peripheral trusted device sending a pairing acknowledge signal to the host/trusted device; and

j) pairing the host/trusted device and the peripheral device;

wherein said pairing procedure is terminated if not completed within a pre-determined set time period.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Pairing is achieved between a host communications device and a peripheral communications device, in order to establish an ad hoc wireless or wired network. A device identification, relating uniquely to the peripheral device, is displayed on the host device. In order to accept the pairing, the user confirms that the device identification displayed on the host device matches that printed on the peripheral device, and then completes the pairing procedure by pressing a key on the peripheral device, or, if Near Field Communication (NFC) techniques are implemented in the devices, by placing the peripheral device in contact with, or sufficiently close to, the host device. Thus, secure pairing is achieved, without requiring a complex user interface on the peripheral device.

18 Citations

View as Search Results

48 Claims

1. A method of pairing a host/trusted device and a peripheral device, the method comprising:
- sending a beacon signal from the host/trusted device seeking a nearby peripheral device including an identifier of the host/trusted device;
  
  the peripheral device detecting the beacon signal and entering a beacon detect sub-state of a link initialization state;
  
  the peripheral device replying to the beacon signal with an announcement including identification and entering an announced sub-state;
  
  mutually authenticating the host/trusted device and the peripheral device-and obtaining from said peripheral device a device identification relating to said peripheral device identification by associating its printed serial number to the peripheral device'"'"'s public key and receiving at said peripheral device a device identification relating to said host/trusted device identification;
  
  the first and second device checking their respective paired device databases to determine whether they are already paired with the respective other device;
  
  upon determining that the first and second device are not already paired with the respective other device by checking their respective paired device databases, the host/trusted device requesting a pairing procedure with the peripheral device, the pairing procedure comprising;
  
  a) the host/trusted device sending a pairing request signal to the peripheral device,b) the host/trusted and peripheral device entering into their respective pairing states,c) the peripheral device returning a pairing started signal to the host/trusted device,d) the peripheral device providing a visual indication to a user that pairing is in process,e) the peripheral device entering into a trusted mode in which it will not engage in a pairing procedure with any device other than the first device;
  
  f)the host/trusted device displaying to a user a device identification of the peripheral trusted device,g) the user comparing the displayed device identification displayed on the host/trusted device with the device identification physically written on the peripheral device;
  
  h) the user sending a pairing confirm signal via the first device to the peripheral device in the case where the user confirms that the displayed device identification of the peripheral device matches the device identification written on the peripheral device,i) the peripheral trusted device sending a pairing acknowledge signal to the host/trusted device; and
  
  j) pairing the host/trusted device and the peripheral device;
  
  wherein said pairing procedure is terminated if not completed within a pre-determined set time period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A method as claimed in claim 1, wherein the step of obtaining a device identification from the host/trusted device comprises a user reading a device identification printed on the host/trusted device;
    - and wherein the step of comparing comprises a user visually comparing the device identification relating to the host/trusted device that is displayed on said peripheral device and said device identification printed on the host/trusted device.
  - 3. A method as claimed in claim 1, wherein the step of obtaining a device identification from the host/trusted device comprises:
    - activating a short range radio link between the host/trusted device and the peripheral device; and
      
      transmitting the device identification of the host/trusted device to the peripheral device.
  - 4. A method as claimed in claim 3, wherein the step of activating the short range radio link comprises physically touching the second device to the host/trusted device.
  - 5. A method as claimed in claim 3, wherein the short range radio link uses a Near Field Communication protocol.
  - 6. A method as claimed in claim 3, wherein the device identification of the host/trusted device is stored in a RFID tag.
  - 7. A method as claimed in claim 1, wherein the step of activating the short range radio link comprises moving the second device close to the host/trusted device.
  - 8. A method as claimed in claim 1, wherein the host/trusted device and the peripheral device:
    - establish a common secret key after or during the mutual authentication;
      
      use the shared common secret key to ensure the authenticity and sequencing of subsequent messages between the host/trusted device and the peripheral device.
  - 9. A method as claimed in claim 1, wherein the pairing acceptance comprises a single keypress on the host/trusted device.
  - 10. A method as claimed in claim 1, further comprising, after putting the host/trusted device into the trusted mode, notifying the peripheral device that the host/trusted device will pair exclusively with the peripheral device while host/trusted device is in the trusted mode.
  - 11. A method as claimed in claim 1, the method further comprising:
    - in response to receiving said request to pair the host/trusted device and peripheral device, transmitting a beacon signal from said peripheral device, wherein said beacon signal indicates the identification of said peripheral device; and
      
      in response to receiving said beacon signal from said peripheral device, transmitting a response signal from said host/trusted device.
  - 12. A method as claimed in claim 11, wherein the identification of said peripheral device in said beacon signal is unique.
  - 13. A method as claimed in claim 12, wherein said unique identification of said peripheral device can be directly computed from the said peripheral device authentication.
  - 14. A method as claimed in claim 11, further comprising generating said identification of said peripheral device by means of a random process.
  - 15. A method as claimed in any preceding claim, the method further comprising after authenticating said host/trusted device, indicating on said host/trusted device that said host/trusted device is in a pairing procedure.
  - 16. A method as claimed in claim 15, comprising indicating on said host/trusted device that said host/trusted device is in a pairing procedure, by means of a light on said host/trusted device.
  - 17. A method as claimed in claim 1, wherein said device identification uniquely identifies said host/trusted device.
  - 18. A method as claimed in claim 17, comprising generating said identification of said host/trusted device by means of a random process.
  - 19. A method as claimed in claim 17, wherein said device identification can be directly computed from the said host/trusted device authentication.
  - 20. A method as claimed in claim 1, further comprising establishing a secure ad hoc wireless communications network between said host/trusted and second devices.
  - 21. A method as claimed in claim 20, comprising establishing a wireless USB connection between said host/trusted and second devices.

22. A peripheral communications device, comprising:
- means for detecting a beacon signal and entering a beacon detect sub-state of a link initialization state;
  
  means for replying to the beacon signal including an identifier of a host/trusted device, with an announcement including an identification and entering an announced sub-state;
  
  means for authenticating the peripheral device to a host/trusted device by associating the peripheral device printed serial number to the peripheral device'"'"'s public key, and transmitting a peripheral device identification to said host/trusted device;
  
  means for authenticating the said host/trusted device to the peripheral device, and receiving said host/trusted device identification;
  
  means for checking a paired device database to determine if said peripheral communication device is already paired with the host/trusted device;
  
  upon determining that the peripheral communications device is not already paired with the host/trusted device;
  
  means for putting the peripheral device into a trusted mode in which it will not engage in a pairing procedure with any device other than said host/trusted device;
  
  means for determining if said peripheral device has been placed in said trusted mode within a predetermined set time period;
  
  means for receiving a pairing acceptance input from a user and for confirming pairing with said host device in response to the pairing acceptance input.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 23. A peripheral device as claimed in claim 22, wherein the peripheral device further comprises a second means for transmitting the peripheral device identification to the host/trusted device, the second means using a short range radio link.
  - 24. A peripheral device as claimed in claim 23, wherein the short range radio link uses a Near Field Communication protocol.
  - 25. A peripheral device as claimed in claim 23, wherein the second means comprises a RFID tag.
  - 26. A peripheral device as claimed in claim 22, wherein said peripheral device further comprises:
    - means for establishing a common secret key with said host/trusted device after or during the authentication with the said host/trusted device;
      
      means for producing messages with the said secret key whose authenticity, integrity and sequencing can be verified by the said host/trusted device;
      
      means for verifying the authenticity, integrity and sequencing of the messages produced by the hosts/trusted device with the said secret key.
  - 27. A peripheral device as claimed in claim 22, wherein said peripheral device identification uniquely identifies said peripheral device.
  - 28. A peripheral device as claimed in claim 22, wherein said peripheral device identification is a result of a random process.
  - 29. A peripheral device as claimed in claim 28, wherein said random process will only generate the same peripheral device identification twice with negligible probability.
  - 30. A peripheral device as claimed in claim 22, the peripheral device comprising means for receiving a beacon signal from said host/trusted device, and transmitting a response signal.
  - 31. A peripheral device as claimed in claim 22, the peripheral device comprising means for indicating that said host/trusted device is in a pairing procedure, after completing said authentication.
  - 32. A peripheral device as claimed in claim 31, wherein said means for indicating comprises a light on said peripheral device.
  - 33. A peripheral device as claimed in claim 22, adapted for establishing a wireless USB connection with said host/trusted device.
  - 34. A peripheral device as claimed in claim 22, adapted for establishing an Internet Protocol connection with said host/trusted device.
  - 35. A peripheral device as claimed in claim 22, wherein the pairing acceptance input from a user comprises a single keypress.

36. A host communications device, comprising:
- means for receiving a request to pair said host device with a peripheral device;
  
  means for authenticating the peripheral device based in part on the public keys of the host and peripheral devices, and obtaining from said peripheral device a device identification relating to said peripheral device;
  
  means for authenticating to the peripheral device and transmitting a host device identification to said peripheral device;
  
  means for checking a host communications paired device database to determine if said host communications device is already paired with the peripheral device;
  
  upon determining that the host communications device is not already paired with the peripheral device;
  
  means for obtaining a device identification relating to a trusted device; and
  
  means for comparing the device identification relating to the peripheral device and the device identification relating to the trusted device;
  
  means for pairing the host and peripheral devices in the event that the device identification relating to the peripheral device and the device identification relating to the trusted device match, and in response to the receipt of a pairing confirmation from the peripheral device, andmeans for determining if said pairing is completed within a predetermined set time period.

37. A host communications device, comprising:
- means for sending a beacon signal to a nearby peripheral device, said beacon signal including an identifier of the host device;
  
  means for receiving a request to pair said host device with a peripheral device;
  
  means for authenticating the peripheral device using the peripheral device'"'"'s public key and obtaining from said peripheral device a device identification relating to said peripheral device;
  
  means for authenticating to the peripheral device and transmitting a host device identification to said peripheral device;
  
  means for checking a host communications paired device database to determine if said host communications device is already paired with the peripheral device;
  
  upon determining that the host communications device is not already paired with the peripheral device;
  
  means for displaying the device identification relating to said peripheral device; and
  
  means for pairing the host and peripheral communications devices in response to the receipt of a pairing confirmation from the peripheral device and a host pairing acceptance from the user entered into the host device, andmeans for determining if said pairing is completed within a predetermined set time period.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 38. A host device as claimed in claim 37, wherein the means for obtaining comprises a means for establishing a short range radio link with the peripheral device.
  - 39. A host device as claimed in claim 38, wherein the short range radio link uses a Near Field Communication protocol.
  - 40. A host device as claimed in claim 37, wherein said host device further comprises:
    - means for establishing a common secret key with said peripheral device after or during the authentication with the said peripheral device;
      
      means for producing messages with the said secret key whose authenticity, integrity and sequencing can be verified by the said peripheral device;
      
      means for verifying the authenticity, integrity and sequencing of the messages produces by the peripheral device with the said secret key.
  - 41. A host device as claimed in claim 37, wherein in response to receiving said request to pair the host and peripheral devices, said host device is adapted to transmit a beacon signal, wherein said beacon signal indicates the identification of said host device.
  - 42. A host device as claimed in claim 37, wherein said device identification uniquely identifies said peripheral device.
  - 43. A host device as claimed in one of claim 37, wherein said peripheral device identification is a result of a random process.
  - 44. A host device as claimed in claim 43, wherein said random process will only generate the same peripheral device identification twice with negligible probability.
  - 45. A host device as claimed in claim 37, wherein said host device identification uniquely identifies said host device.
  - 46. A host device as claimed in claim 37, adapted for establishing a secure wireless USB connection with said peripheral device.
  - 47. A host device as claimed in claim 37, adapted for establishing an Internet Protocol connection with said peripheral device.
  - 48. A host device as claimed in claim 37, wherein the host device comprises a delegator device and a delegatee device, wherein the delegator device is adapted to forward a request to pair said host device with a peripheral device to the delegatee device, and wherein the delegatee device is adapted to perform at least a part of the pairing procedure on behalf of the delegator device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Signify Holding B.V. (Signify N.V.)
Original Assignee
Koninklijke Philips N.V.
Inventors
Vauclair, Marc, Serret Avila, Javier, Etienne, Lionel Georges, Teuwen, Philippe
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US11/574,758
Publication Number

US 20080320587A1
Time in Patent Office

3,275 Days
Field of Search

726/3, 726/17, 726/5
US Class Current

726/3
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 9/32   including means for verifyi...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 4/21   for social networking appli...

Secure pairing for wired or wireless communications devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Secure pairing for wired or wireless communications devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links