Securing a computing device accessory

US 9,948,636 B2
Filed: 04/24/2017
Issued: 04/17/2018
Est. Priority Date: 02/01/2013
Status: Active Grant

First Claim

Patent Images

1. At an accessory device, a method of authenticating pairing between a host device and the accessory device, the method comprising:

establishing a connection with the host device;

sending information including a security chip certificate to the host device;

receiving a pairing certificate from the host device, the pairing certificate encrypted via a private key of a remote pairing service, wherein the pairing certificate includes a pairing public key and a digest of the security chip certificate, signed via the private key of the remote pairing service;

decrypting the pairing certificate using a public key of the remote pairing service;

verifying the information in the pairing certificate; and

if the host device is verified, then completing pairing between the host device and the accessory device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

Citations

20 Claims

1. At an accessory device, a method of authenticating pairing between a host device and the accessory device, the method comprising:
- establishing a connection with the host device;
  
  sending information including a security chip certificate to the host device;
  
  receiving a pairing certificate from the host device, the pairing certificate encrypted via a private key of a remote pairing service, wherein the pairing certificate includes a pairing public key and a digest of the security chip certificate, signed via the private key of the remote pairing service;
  
  decrypting the pairing certificate using a public key of the remote pairing service;
  
  verifying the information in the pairing certificate; and
  
  if the host device is verified, then completing pairing between the host device and the accessory device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising, after completing pairing, sending an unlock instruction from a security chip on the accessory device to a security hardware module on a system on a chip (SOC) on the accessory device.
  - 3. The method of claim 2, further comprising conducting an authentication process between the security chip and the SOC after sending the unlock instruction, and then unlocking the accessory device after conducting the authentication process.
  - 4. The method of claim 3, wherein the authentication process between the security chip and the SOC comprises an authentication process between a security hardware module on the SOC and the security chip.
  - 5. The method of claim 3, wherein the authentication process between the security chip and the SOC further comprises generating a random number at the SOC, encrypting the random number, receiving the random number at the security chip, decrypting the random number, performing an operation on the random number to form a new value, and encrypting the new value.
  - 6. The method of claim 5, wherein the authentication process between the security chip and the SOC further comprises receiving the new value at the SOC, performing an inverse operation on the new value to obtain an original value, comparing the new value to the original value, and if the new value matches the original value, unlocking the SOC.
  - 7. The method of claim 6, wherein the authentication process between the security chip and the SOC further comprises confirming that the new value is received from outside of the SOC before performing the inverse operation on the new value.
  - 8. The method of claim 1, wherein completing pairing between the host device and the accessory device comprises receiving an encrypted pre-master secret from the host device, and decrypting the pre-master secret to derive a master secret from the pre-master secret.
  - 9. The method of claim 1, wherein completing pairing between the host device and the accessory device further comprises receiving a verification message from the host device, and verifying the verification message with the public key of the remote pairing service.

10. An accessory device, comprising:
- one or more sensors;
  
  a security chip;
  
  a system on a chip (SOC);
  
  a logic subsystem;
  
  a storage subsystem comprising instructions executable by the logic subsystem to;
  
  establish a connection with a host device;
  
  send information including a security chip certificate to the host device;
  
  receive a pairing certificate from the host device, the pairing certificate encrypted via a private key of a remote pairing service,wherein the pairing certificate includes a pairing public key and a digest of the security chip certificate, signed via the private key of the remote pairing service;
  
  decrypt the pairing certificate using a public key of the remote pairing service;
  
  verify the information in the pairing certificate; and
  
  if the host device is verified, then complete pairing between the host device and the accessory device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The accessory device of claim 10, wherein the instructions are further executable to, after completing pairing, send an unlock instruction from a security chip on the accessory device to a security hardware module on the SOC.
  - 12. The accessory device of claim 11, wherein the instructions are further executable to conduct an authentication process between the security chip and the SOC after sending the unlock instruction, and then unlock the accessory device after conducting the authentication process.
  - 13. The accessory device of claim 12, wherein the authentication process between the security chip and the SOC comprises an authentication process between a security hardware module on the SOC and the security chip.
  - 14. The accessory device of claim 12, wherein the instructions are executable to conduct the authentication process between the security chip and the SOC by generating a random number at the SOC, encrypting the random number, receiving the random number at the security chip, decrypting the random number, performing an operation on the random number to form a new value, encrypting the new value, receiving the new value at the SOC, performing an inverse operation on the new value to obtain an original value, comparing the new value to the original value, and if the new value matches the original value, unlocking the SOC.
  - 15. The accessory device of claim 10, wherein the instructions are executable to complete pairing between the host device and the accessory device by receiving an encrypted pre-master secret from the host device, and decrypting the pre-master secret to derive a master secret from the pre-master secret.
  - 16. The accessory device of claim 10, wherein the instructions are further executable to complete pairing between the host device and the accessory device by receiving a verification message from the host device signed with a pairing private key obtained by the host device, and verifying the verification message with a corresponding public key.

17. An accessory device, comprising:
- a security chip; and
  
  a system on a chip (SOC) in communication with the security chip, the SOC comprising a security hardware module, wherein the accessory device includes instructions executable to perform an unlocking process during pairing with a host device bysending information including a security chip certificate to the host device;
  
  receiving a pairing certificate from the host device, the pairing certificate encrypted via a private key of a remote pairing service,wherein the pairing certificate includes a pairing public key and a digest of the security chip certificate, signed via the private key of the remote pairing service;
  
  decrypting the pairing certificate using a public key of the remote pairing service;
  
  verifying the information in the pairing certificate; and
  
  if the host device is verified, then unlocking the accessory device bysending an unlock request from the security chip to the SOC,receiving the unlock request at the SOC, and requesting the security hardware module of the SOC to generate a challenge message,generating and encrypting the challenge message at the security hardware module of the SOC for sending to security chip,receiving the challenge message at security chip, decrypting the challenge message, performing an operation on the challenge message to form a new message, and encrypting the new message for sending to the security hardware module of the SOC,receiving the new message at the security hardware module, decrypting the new message, performing an inverse operation on the new message to obtain and original message, compare the new message to the original message, andunlock the accessory device if comparison of the new message to the original message is correct.
- View Dependent Claims (18, 19, 20)
- - 18. The accessory device of claim 17, wherein the SOC further comprises firmware configured to communicate between the security chip and the security hardware module of the SOC.
  - 19. The accessory device of claim 17, wherein the security hardware module on the SOC is configured to confirm the new message is received from outside of the SOC before decrypting the new message.
  - 20. The accessory device of claim 17, wherein the challenge message comprises a random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Krishnamurthy, Harish, Zhu, Ming, Nielsen, Kurt Torben, Morris, Matthew
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US15/495,543
Publication Number

US 20170230356A1
Time in Patent Office

358 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/7807   System on chip, i.e. comput...

H04L 2209/64   Self-signed certificates

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/32   including means for verifyi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Securing a computing device accessory

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing a computing device accessory

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links