Patent Application
20140365760
The invention relates to communication equipment which provides secure communication and comprises a user interface device and a communication device that are interconnected via a data link. Furthermore, the invention relates to a method for the purpose of providing secure communication with the communication equipment, to the user interface device, and to a computer program for the purpose of providing secure communication with the communication equipment.
In many cases there is a need for communication equipment whose functionality is distributed to two or more separate devices that are interconnected with a short-range data link. One of the devices of the communication equipment is often a communication device capable of providing connections to external communications networks and another of the devices is often a user interface device which may comprise for example a microphone and an earpiece and which is connected to the communication device via the short-range data link. For example, the communication equipment can be a mobile radio set where the communication device is a radio device suitable for long-range radio connections and the user interface device can be, for example, a headset which is wirelessly connected to the radio device via a short-range radio link. In order to provide secure communication, it is not sufficient that only the above-mentioned long-range radio connections are encrypted, but the encryption is needed in the short-range radio link too. The short-range radio link can be, for example but not necessary, a Bluetooth® radio link.
Publication EP2106169 discloses communication equipment where the user interface device is a headset and the communication device is a radio device suitable for long-range radio connections. In the long-range radio connections, a cryptographic algorithm in combination with a key to encrypt and decrypt information is employed. The short-range radio link between the headset and the radio device is secured with the aid of a recorded list of random-like bits that are copied to both the radio device and the headset. In both the radio device and the headset, the random-like bits of the recorded list are combined in an exclusive OR-gate with digital data carrying audio information. Thus, for example the information transferred from the headset to the radio device gets encrypted in the headset and decrypted in the radio device. The recorder list of the random-like bits can be formed, for example, by feeding naturally or artificially produced noise into the cryptographic algorithm and by storing the resulting bits in a memory.
In many cases, the user interface device comprises not only means for converting voice to digital data and vice versa but also a user interface for receiving commands which control the operation of the whole communication equipment. The user interface may comprise, for example, a push-to-talk button and/or a keyboard. In order to achieve a sufficient immunity to denial-of-service “DoS” attacks, it is important that also the event data that represents the commands received via the user interface is appropriately encrypted. In cases where the event data is not properly encrypted, certain types of jamming signal might cause for example the communication device to believe that e.g. the push-to-talk button of the user interface device is being continuously pressed or that it is never pressed. This would naturally disturb or even prevent the operation of the communication equipment.
The obvious solution to the above-described problem is to implement the short-range data link between the user interface device and the communication device with transceivers which support a suitable cryptographic algorithm so as to encrypt the whole data stream transferred over the short-range data link. In conjunction with many commercially available transceivers, e.g. secured Bluetooth® transceivers, the inconvenience related to this approach is that replacing the cryptographic algorithm with another cryptographic algorithm requires replacing the transceiver with another transceiver. Therefore, it is challenging to provide such user interface devices, e.g. remote speaker-microphones, and communication devices which are flexible to support different cryptographic algorithms. Hence, it is challenging to achieve interoperability between, for example, remote speaker-microphones and radio devices made by different vendors.
The following presents a simplified summary in order to provide a basic understanding of some aspects of various invention embodiments. The summary is not an extensive overview of the invention. It is neither intended to identify key or critical elements of the invention nor to delineate the scope of the invention. The following summary merely presents some concepts of the invention in a simplified form as a prelude to a more detailed description of exemplifying embodiments of the invention.
In accordance with the first aspect of the invention, there is provided a new user interface device suitable for being a part of communication equipment whose functionality is distributed to separate devices interconnected with a data link. The user interface device according to the invention comprises:
The first digital data stream can be, for example but not necessarily, digital output data of an audio coder. As the encryption is done after the combining of the event data to the first digital data stream, both the event data and the first digital data stream are encrypted. This provides protection against eavesdropping directed to the first digital data stream that may represent, for example, audio information and against attacks against the event data that represents the command actions of the user. On the other hand, the encryption is carried out with the processor before the digital data stream is supplied to the transmitter. Hence, there is no need to use a transmitter which is arranged to support a cryptographic algorithm. The processor is arranged to encrypt the second digital data stream in accordance with the cryptographic control data that is accessible to the processor. Hence, the user interface device can be configured to support different cryptographic algorithms by loading appropriate cryptographic control data that defines the cryptographic algorithm and keys needed for encrypting the second digital data stream. The cryptographic control data can be part of a library of cryptographic control data, and the processor can be arranged to select an appropriate part of the library with the aid of one or more control parameters. In this case, the user interface device can be easily configured to support any of those cryptographic algorithms which are defined in the library.
In accordance with the second aspect of the invention, there is provided new communication equipment whose functionality is distributed to a user interface device according to the invention and to a communication device which is interconnected to the user interface device via a data link. The communication device of the communication equipment comprises:
In accordance with the third aspect of the invention, there is provided a new method for providing secure communication between a user interface device of communication equipment and a communication device of the communication equipment. The method according to the invention comprises the following actions in the user interface device:
In accordance with the forth aspect of the invention, there is provided a new computer program for providing secure communication between a user interface device of communication equipment and a communication device of the communication equipment. The computer program comprises computer executable instructions for controlling a programmable processor of the user interface device to:
A computer program product according to the invention comprises a computer readable medium, e.g. a Compact Disc, encoded with the above-mentioned computer executable instructions.
Various exemplifying embodiments of the invention both as to constructions and to methods of operation, together with additional objects and advantages thereof, will be best understood from the following description of the exemplifying embodiments when read in connection with the accompanying drawings.
The exemplifying embodiments of the invention presented in this document are not to be interpreted to pose limitations to the applicability of the appended claims. The verb “to comprise” is used in this document as an open limitation that neither excludes nor requires the existence of also unrecited features. The features recited in depending claims are mutually freely combinable unless otherwise explicitly stated.
Embodiments of the invention presented in the sense of examples and their advantages are explained in greater detail below with reference to the accompanying drawings, in which
a and 2b show communication equipments according to embodiments of the invention, and
The user interface device 101 comprises a user interface 102 for receiving command actions from a user of the communication equipment. The user interface may comprise for example a push-to-talk button 111 and/or a keyboard. The user interface device 101 comprises a processor 104 arranged to receive a first digital data stream 131 that represents a digital output signal of an audio coder 107. The audio coder 107 produces the first digital data stream by converting, into a digital form, a first analog signal that represents an analog output signal of a microphone 109. The processor 104 is preferably arranged to carry out certain pre-processing actions directed to the first digital data stream. These pre-processing actions may comprise, for example, coding the first digital data stream to a desired compression format and packetizing the first digital data stream for a suitable block size for further operations. In
The processor 104 is arranged to combine the digital event data with the first digital data stream so as to form a second digital data stream 132 that contains both the first digital data stream and the digital event data. The second digital data stream can be for example a stream of data packets so that the payload of each data packet contains part of the first digital data stream and the header or trailer of each data packet contains part of the event data. For example, the header of each data packet of the second digital data stream 132 may express the status of the push-to-talk button 111 and/or the most recent keystrokes directed to the keyboard, and the payload of each data packet may contain digitized audio, video or audio-video information. In
The processor 104 is arranged to encrypt the second digital data stream so as to form a third digital data stream 133 in accordance with cryptographic control data accessible to the processor. The cryptographic control data may comprise one or more sets of processor executable instructions, i.e. one or more program codes, defining one or more cryptographic algorithms. Furthermore, the cryptographic control data may comprise required configuration parameters, e.g. encryption/decryption keys, of the one or more cryptographic algorithms. The one or more cryptographic algorithms can be for example DES (Data Encryption Standard), AES (Advanced Encryption Standard), IDEA (International Data Encryption Algorithm), Blowfish, Twofish, and/or triple-DES. In
The processor 104 is arranged to deliver the encrypted digital data stream to a transmitter 105 of the user interface device 101. Depending on the transmission protocol being used in the short-range radio link between the user interface device and the communication device 112, the processor 104 can be arranged to process the digital data stream to be transmitted with transmission protocol-related actions. In
The communication device 112 of the communication equipment comprises a first receiver 113 for receiving the third digital data stream from the user interface device 101 via the short-range radio link. The communication device 112 comprises a processor 114 arranged to decrypt the third digital data stream so as to regenerate the second digital data stream and to separate the digital event data and the first digital data stream from the regenerated second digital data stream. The communication device 112 comprises a first transmitter 115 for transmitting information carried by the first digital data stream to a communications network 123 that can be e.g. a cellular radio network and that is presented as a cross-hatched cloud in
In communication equipment according to an embodiment of the invention, the communication device 112 comprises a second receiver 117 for receiving digital information from the communications network 123. The processor 114 of the communication device is arranged to encrypt the digital information received from the communications network in accordance with the cryptographic control data accessible to the processor 114 so as to form a fourth digital data stream. The cryptographic control data is the same as which is used in the user interface device 101 and it can be stored in a memory element 124 or in the processor 114. The communication device comprises a second transmitter 116 for transmitting the fourth digital data stream to the user interface device 101 via the short-range radio link. The user interface device 101 comprises a receiver 106 for receiving the fourth digital data stream 134 from the communication device 112 via the short-range radio data link. The processor 104 of the user interface device is arranged to decrypt the fourth digital data stream in accordance with the cryptographic control data accessible to the processor 104 so as to form a fifth digital data stream 135 and to output the fifth digital data stream. The user interface device 101 comprises an audio decoder 108 connected to the processor 104 and arranged to convert the fifth digital data stream to a second analog signal. The user interface device further comprises a speaker element 110 or an earpiece for converting the second analog signal to voice. The communication equipment according to this embodiment of the invention is capable of providing bidirectional communication. In an exemplifying embodiment of the invention, the transmitter 115 and the receiver 117 of the communication device 112 are arranged to provide signaling functionalities so as to enable dialed connections to a public switched telephone network “PSTN” so that the dialing is carried out in accordance with the digital event data received from the user interface device 101.
The transmitter 105 and the receiver 106 of the user terminal device 101, and, correspondingly, the transmitter 116 and the receiver 113 of the communication device 112 can be, for example, arranged to provide the short-range radio link on one or more Industrial, Scientific, and Medical “ISM”-radio bands defined by the ITU-R specifications 5.138, 5.150, and 5.280 of the Radio Regulations. The short-range radio link can be, for example, a Bluetooth® radio link operating at 2.45 GHz center frequency, a High Performance Radio LAN “HiperLAN” radio link operating at 5.8 GHz center frequency, a IEEE 802.11/WiFi radio link operating at 2.45 or 5.8 GHz center frequency, or IEEE 802.15.4, ZigBee radio link operating at 915 MHz or 2.45 GHz center frequency.
In the exemplifying case shown on
a and 2b show communication equipments according to embodiments of the invention. The communication equipment shown in
A method according to an embodiment of the invention further comprises the following actions in the communication device of the communication equipment:
A method according to an embodiment of the invention further comprises the following actions so as to enable bidirectional communication:
A computer program according to an embodiment of the invention comprises software modules for providing secure communication between a user interface device of communication equipment and a communication device of the communication equipment. The software modules comprise computer executable instructions for controlling a programmable processor of the user interface device to:
In a computer program according to an embodiment of the invention, the software modules further comprise computer executable instructions for controlling a programmable processor of the communication device to:
The software modules can be, for example, subroutines and functions generated with a suitable programming language.
A computer program product according to an embodiment of the invention comprises a non-volatile computer readable medium, e.g. a compact disc (“CD”), encoded with a computer program according to an embodiment of the invention.
A signal according to an embodiment of the invention is encoded to carry information defining a computer program according to an embodiment of the invention.
The specific examples provided in the description given above should not be construed as limiting. Therefore, the invention is not limited merely to the embodiments described above.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/FI2011/050961 | 11/1/2011 | WO | 00 | 7/9/2014 |
