Method and system for secure pairing of wireless devices

US 9,003,497 B2
Filed: 10/26/2010
Issued: 04/07/2015
Est. Priority Date: 10/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method for secure pairing of wireless devices, wherein a master device (A) is deployed in a network environment (2), said method comprising the steps of:

placing, within an operational area, a new device (B) to be securely integrated into said network environment (2), the master device (A) and the new device (B) having executed an unauthenticated key exchange with said master device (A),monitoring the operational area with a camera system, wherein said master device (A) has a security association (3) with the camera system (1) that monitors the operational area where said new wireless device (B) is placed,based on the exchanged key of the unauthenticated key exchange, said master device (A) and said new device (B) each computing a key confirmation code, wherein said camera system (1) learns said key confirmation code from said master device (A),said camera system (1) i) watching for devices transmitting said key confirmation code via a visual out-of-band channel (7) and ii) providing an image to said master device (A) of each said device identified by the camera system as having transmitted said key confirmation code, andfor each image of each said device identified by the camera system as having transmitted said key confirmation code, i) making an analysis of the image to determine whether the image is of the new device (B) that performed the unauthenticated exchanged key with the master device (A), and ii) based on said analysis and determination, making an authorization decision with respect to accepting each said device as the new device (B) of said network environment (2).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely pairing wireless devices, includes deploying a master device in a network environment, and a new device to be securely integrated into the network environment executes an unauthenticated key exchange with the master device. The master device has a security association with a camera system that monitors an operational area where the new device is placed, based on the exchanged key, the master device and the new device each compute a key confirmation code. The camera system learns the key confirmation code from the master device. The camera system watches for devices transmitting the key confirmation code and provides images of such identified devices to the master device, based on an analysis of an image of a device identified by the camera system, an authorization decision is made with respect to accepting the identified device as new device of the network environment.

2 Citations

View as Search Results

20 Claims

1. A method for secure pairing of wireless devices, wherein a master device (A) is deployed in a network environment (2), said method comprising the steps of:
- placing, within an operational area, a new device (B) to be securely integrated into said network environment (2), the master device (A) and the new device (B) having executed an unauthenticated key exchange with said master device (A),monitoring the operational area with a camera system, wherein said master device (A) has a security association (3) with the camera system (1) that monitors the operational area where said new wireless device (B) is placed,based on the exchanged key of the unauthenticated key exchange, said master device (A) and said new device (B) each computing a key confirmation code, wherein said camera system (1) learns said key confirmation code from said master device (A),said camera system (1) i) watching for devices transmitting said key confirmation code via a visual out-of-band channel (7) and ii) providing an image to said master device (A) of each said device identified by the camera system as having transmitted said key confirmation code, andfor each image of each said device identified by the camera system as having transmitted said key confirmation code, i) making an analysis of the image to determine whether the image is of the new device (B) that performed the unauthenticated exchanged key with the master device (A), and ii) based on said analysis and determination, making an authorization decision with respect to accepting each said device as the new device (B) of said network environment (2).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein, in said monitoring step, the operational area monitored by said camera system (1) is a plant, an office, or a home environment.
  - 3. The method according to claim 1, wherein said unauthenticated key exchange step between said new device (B) and said master device (A) is performed according to the Diffie-Hellmann protocol.
  - 4. The method according to claim 1, wherein said key confirmation code is computed by calculating a hash value of said exchanged key.
  - 5. The method according to claim 1, wherein said master device (A) transmits said key confirmation code to said camera system (1) via the existing security association (3).
  - 6. The method according to claim 1, wherein, in said step of making the analysis of the image to determine whether the image is of the new device (B) that performed the unauthenticated exchanged key with the master device (A), said camera system (1) uses pattern recognition for identifying, from said image, the device transmitting said key confirmation code.
  - 7. The method according to claim 1, wherein said pairing process is aborted in case said camera system (1) does not identify a new device transmitting said key confirmation code.
  - 8. The method according to claim 1, wherein the image taken by said camera system (1) of a device identified as transmitting said key confirmation code includes the surroundings of said device.
  - 9. The method according to claim 1, wherein said master device (A) displays the image taken by said camera system (1) of a device identified as transmitting said key confirmation code on a display (9) connected to said master device (A).
  - 10. The method according to claim 9, wherein said authorization decision with respect to accepting said identified device as new device (B) of said network environment (2) is made by an operator on said display (9).
  - 11. The method according to claim 1, wherein said authorization decision with respect to accepting said identified device as new device (B) of said network environment (2) is made on the basis of automatic image recognition using said image from the camera system.

12. A system for secure pairing of wireless devices, said system comprising:
- a master device (A) that is deployed in a network environment (2),a new device (B) to be securely integrated into said network environment (2) and configured to execute an unauthenticated key exchange with said master device (A),a camera system (1) having a security association (3) with said master device (A), wherein the camera system (1) i) monitors an operational area where said new wireless device (B) is placed, and ii) learns a key confirmation code computed by said master device (A) and said new device (B) based on said master device (A) and said new device (B) performing the unauthenticated exchanged key, andsaid new device comprising a visual out-of-band channel (7) employed to transmit said key confirmation code,wherein said camera system (1) is configured to watch for a device transmitting said key confirmation code and to provide an image to said master device (A) of the device identified by the camera system as having transmitted said key confirmation code, andwherein i) an analysis of the image of said device, identified by the camera system as having transmitted said key confirmation code, is made to determine whether the image is an image of the new device (B) that performed the unauthenticated exchanged key with the master device (A), and ii) based on said determination, an authorization decision is made with respect to accepting said identified device as the new device (B) of said network environment (2).
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system according to claim 12, wherein said camera system (1) includes one or more fixed cameras and/or one or more mobile cameras.
  - 14. The system according to claim 12, wherein said new device (B) is equipped with a light source (6), in particular an LED (8).
  - 15. The system according to claim 12, wherein said new device (B) is equipped with displays being configured to display one- or two-dimensional barcodes.
  - 16. The system according to claim 12, wherein said new device (B) is includes wireless sensors and/or actuators.
  - 17. The system according to claim 12, wherein said master device (A) is a server (4) that manages said network environment (2).
  - 18. The system according to claim 12, wherein said master device (A) is part of a remote control center of an industrial production site.
  - 19. The system according to claim 12, wherein said master device (A) is a portable communication device being equipped with a camera.
  - 20. The system according to claim 12, wherein said camera system is configured to use pattern recognition to perform i) the analysis of the image of said device, identified by the camera system as having transmitted said key confirmation code, to determine whether the image is the image of the new device (B) that performed the unauthenticated exchanged key with the master device (A), and ii) based on said determination, make the authorization decision with respect to accepting said identified device as the new device (B) of said network environment (2).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Europe Ltd (NEC Corporation)
Inventors
Bohli, Jens-Matthias, Ugus, Osman
Primary Examiner(s)
Rahman, Mohammad L

Application Number

US13/824,768
Publication Number

US 20130198816A1
Time in Patent Office

1,624 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/65   Environment-dependent, e.g....

H04W 12/77   Graphical identity

Method and system for secure pairing of wireless devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure pairing of wireless devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links