Patent Grant
8452961
The present invention relates to communication between electronic devices, and in particular, to communication between consumer electronic (CE) devices.
The proliferation of the Internet has inspired numerous smart-home electronic applications in such areas as home security, communication, entertainment, healthcare, as well as sharing rich digital assets with families and friends anywhere around the globe.
Increasingly, however, damaging security attacks and privacy invasions have raised the degree of urgency for protecting the security of networked electronic devices. This includes home networked electronic devices such as CE devices, and the privacy of the information stored on such devices.
For networked electronic devices in a home, providing security involves performing authentication by verifying the identity of a party who is attempting to access home devices, services and/or information. Authentication between two electronic devices involves verifying that both devices posses a shared secret and, therefore, can trust each other. Once authenticated, the devices can establish a trust relationship.
Conventional authentication mechanisms can be categorized into two methods: shared secret based authentication and certification based authentication. A shared secret is a method that requires a pre-defined secret to be distributed among devices such that when authentication is required among them, the secret is exchanged. A shared secret may be distributed by a courier, by email and by direct phone call. The difficulty of a shared secret is that securely distributing the secret is a difficult problem and there is no satisfactory, automatic way of distributing the secret without malicious interception.
The home network environment poses more difficulties. The most common case a user encounters is the Wired Equivalent Privacy (WEP) key set-up for wireless access points (APs). To set up a WEP key for a wireless AP, a user is required to input the WEP key to the wireless AP via a computer terminal. At a later time, if the user wishes to set-up a wireless device that can connect to the wireless AP, the user must input the same WEP key to the wireless device. In other words, the user is required to distribute the secret (WEP key) among the wireless AP and wireless devices. This typically requires the user to use a keyboard which is not commonly provided by CE devices.
As a result, a variety of methods have been proposed in an attempt to avoid such issues. One example is a challenge/response scheme that requires a challenger to encrypt a randomly generated challenge with a shared secret key, and send it to the responder. The responder decrypts the challenge using the shared secret key, and sends back the response that is also encrypted with the shared secret key.
Another common way of authentication is to use public key infrastructure (PKI), which provides a certificate authority (CA) that all entities (devices, persons, organizations, etc.) trust. The CA generates certificates for entities, wherein a certificate includes the Distinguished Name (DN) of the entity and the public key of the entity. A public and private key are created simultaneously by the CA. The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet.
For example, entity A can use its private key to decrypt a message that has been encrypted by entity B using entity A's public key, wherein entity B can find entity A's public key from a public directory. Thus, if entity A sends a message to entity B, then entity B can find the public key (but not the private key) of entity A from a central administrator, and encrypt a message to entity A using entity A's public key. When entity A receives the message, entity A decrypts it with entity A's private key.
In addition to encrypting messages (which ensures privacy), entity A can authenticate itself to entity B (so that entity B knows that it is really entity A that sent the message), by using entity A's private key to sign the message. When entity B receives it, entity B can use the public key of entity A to verify it. When entity A tries to authenticate entity B, entity A asks for entity B's certificate. If the verification process succeeds, entity A is sure that entity B is what it claims to be.
The PKI approach has wide commercial applications, for example, on the Web using the HTTPS protocol. This is because a service provider can bind its name with the certificate when it applies for the certificate from the CA. For a home electronic device, however, the binding of its owner and application for the certificate for the device is a tedious and potentially costly step because the CA most likely charges a fee for the certificate and must perform a time consuming verification of the owner and device information. The transfer of such devices among different owners further complicates and lengthens the certificate issuing problem. There is, therefore, a need for a method and system for simplified secure communication between electronic devices.
The present invention provides a method and system for authentication between electronic devices with reduced user intervention. In one implementation, an authentication process is provided for electronic devices (e.g., CE devices) for establishing ownership in secure communication, with reduced user involvement. A process for device ownership trust establishment is provided that allows secured/authenticated communication between electronic devices (e.g., CE devices), requiring essentially minimal user intervention.
A device is bound to an owner such that the authentication only verifies the authenticity of a device, and verifies the ownership of the device to ensure authentication. Such authentication ensures a device is a valid device that has not been tampered with, and ensures a device has a trusted owner.
The ownership binding to a device can be verified and established by trusted third parties without user intervention. Only under rare circumstance is user intervention required. After the ownership is established and the device is connected to a network, a newly purchased device then establishes trust with the devices already in the network, again without the need for user intervention.
These and other features, aspects and advantages of the present invention will become understood with reference to the following description, appended claims and accompanying figures.
The present invention provides a method and system for authentication between electronic devices with reduced user intervention. In one implementation, an authentication process is provided for electronic devices (e.g., CE devices) for establishing ownership in secure communication, with reduced user involvement. A process for device ownership trust establishment is provided that allows secured/authenticated communication between electronic devices (e.g., CE devices), requiring essentially minimal user intervention.
Unlike conventional approaches, the present invention binds a device to an owner such that the authentication only verifies the authenticity of a device, and verifies the ownership of the device to ensure authentication. Such authentication ensures a device is a valid device that has not been tampered with, and ensures a device has a trusted owner. Unlike conventional approaches, according to the present invention the ownership binding to a device can be verified and established by trusted third parties without user intervention. Only under rare circumstance is user intervention required. Example implementations and variations of an authentication system and method according to the present invention are now described.
Increasingly, consumers use credit cards for purchases, including CE device purchases. Before issuing a credit card to a user, a credit card company proceeds with a rigorous background and an identity check of the applicant consumer. The personal information collected from an applicant includes name, address, telephone, email address, birth date, social security number (SSN), etc. Some consumers also use checks to pay for purchases. As with credit cards, a bank also requires an applicant to provide name, address, email address, telephone, birth date and a SSN to open accounts.
Using a credit card or a check for purchasing CE devices presents an opportunity to bind a CE device with the owner. In one example, it is assumed that the manufacturer of a device generates a secret (code) and stores the secret in a secured area, e.g., a secured ROM in the device. The secret is also stored in a secured server at the manufacturer's site, e.g., the registration server for the purchased products. This secret will be used for the device to identify itself whenever the device attempts to access services from the manufacturer after the device is purchased. Typically the device should use a secure link such as secure sockets layer (SSL) to identify itself.
Initially, when the home network is being established, the home owner has purchased the GW 100, and uses a secured remote terminal (e.g., a PC 21 with a SSL connection) to upload family information to the GW 100. The family information includes family member's names, email addresses for each family member, etc. This information is stored in a secured storage on the GW 100, and the GW 100 further contains a permanent certificate issued by its manufacturer (e.g.,
According to the present invention, the purchaser's identity information is stored on the GW 100. Then, the purchaser's identity is verified, and the ownership is established between the purchaser and the device. Further, trust is established between the newly purchased device and the devices already in the network by establishing trust with the GW 100 of the network.
Referring to
The device registration is now completed and the purchaser 101 is bound to the device 102. The purchaser 101 then connects the purchased device 102 to his home network and powers on the device 102. The flowchart of
Though the term family member is used herein, any person already listed in the personal identity information 100B can be involved. Further, though the examples herein utilize a home network, the present invention is applicable for any group whose members have established trust with a network that connects the devices that have established trust among themselves.
The present invention takes into account that not all purchases are through credit cards or checks. Consumers sometimes prefer paying cash, or during a purchase, they do not wish to register devices automatically. In such situations, user intervention is required to establish trust between a device and an existing home GW. If a user has not registered the device during the purchase, then when the device contacts the manufacturer's server, it cannot obtain the registration information back. This is in contrast to the aforementioned trust establishment procedure. In this case the device multicasts its presence in the home network. The owner can check the status of his/her home network on the GW via a remote console, such as a browser on a PC. When using the remote console the user finds that the new device is trying to connect to the home network, the user can simply click “Yes” on the trust establishment user interface to inform the GW that the new device is trusted and is one of the approved devices for the home network. The gateway can then proceed to issue a homemade certificate for the new device. The new device uses the GW 100's public key (obtained from the GW's permanent certificate) to establish a symmetric key, and uses the symmetric key to decrypt the GW's generated public/private key pair and certificate from the GW 100, and therefore, establishes a trust between the GW 100 and the new device.
Another alternative is that when a new device is connected into a home network, the home network can use a remote console, such as a browser on a PC to input user information into the device, and the device then registers the user information to the manufacturer's registration server to obtain a temporary certificate and private/public key pair. In this case, it is also required that the device provides a software capability and interface to enable a user to specify this information and use it for the registration. For example, the device can provide a remote user interface (UI) for the specification and capabilities to accept the user input from a network.
Further, an owner may transfer such a device to another user. To erase user information from the device, the owner can simply push a button, e.g., a “factory reset” button, on the device before transferring the device. The new owner of the device then sets-up the ownership of the device by using the procedures described further above. The secret code remains the same since it is stored in a secured ROM in the device.
As is known to those skilled in the art, the aforementioned example architectures described above, according to the present invention, can be implemented in many ways, such as program instructions for execution by a processor, as logic circuits, as an application specific integrated circuit, as firmware, etc.
The present invention has been described in considerable detail with reference to certain preferred versions thereof; however, other versions are possible. Therefore, the spirit and scope of the appended claims should not be limited to the description of the preferred versions contained herein.
This application claims priority from U.S. Provisional Patent Application Ser. No. 60/780,397, filed Mar. 7, 2006, incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5911143 | Deinhart et al. | Jun 1999 | A |
| 6073242 | Hardy et al. | Jun 2000 | A |
| 6202066 | Barkley et al. | Mar 2001 | B1 |
| 6269405 | Dutcher et al. | Jul 2001 | B1 |
| 6269406 | Dutcher et al. | Jul 2001 | B1 |
| 6311205 | Dutcher et al. | Oct 2001 | B1 |
| 6357010 | Viets et al. | Mar 2002 | B1 |
| 6434607 | Haverstock et al. | Aug 2002 | B1 |
| 6442695 | Dutcher et al. | Aug 2002 | B1 |
| 6453353 | Win et al. | Sep 2002 | B1 |
| 6574736 | Andrews | Jun 2003 | B1 |
| 6640307 | Viets et al. | Oct 2003 | B2 |
| 6651096 | Gai et al. | Nov 2003 | B1 |
| 6654794 | French | Nov 2003 | B1 |
| 6665303 | Saito et al. | Dec 2003 | B1 |
| 6948076 | Saito | Sep 2005 | B2 |
| 6970127 | Rakib et al. | Nov 2005 | B2 |
| 7081830 | Shimba et al. | Jul 2006 | B2 |
| 7225263 | Clymer et al. | May 2007 | B1 |
| 7325057 | Cho et al. | Jan 2008 | B2 |
| 7380271 | Moran et al. | May 2008 | B2 |
| 7421740 | Fey et al. | Sep 2008 | B2 |
| 7424475 | Ishii et al. | Sep 2008 | B2 |
| 7437755 | Farino et al. | Oct 2008 | B2 |
| 7478094 | Ho et al. | Jan 2009 | B2 |
| 7536709 | Shitano | May 2009 | B2 |
| 7580877 | Argenbright | Aug 2009 | B1 |
| 7688791 | Fujita | Mar 2010 | B2 |
| 7715412 | Afshar et al. | May 2010 | B2 |
| 20010033554 | Ayyagari | Oct 2001 | A1 |
| 20010034745 | Ishii et al. | Oct 2001 | A1 |
| 20020078161 | Cheng | Jun 2002 | A1 |
| 20020103850 | Moyer | Aug 2002 | A1 |
| 20020112045 | Nirkhe et al. | Aug 2002 | A1 |
| 20030055792 | Kinoshita et al. | Mar 2003 | A1 |
| 20030084311 | Merrien et al. | May 2003 | A1 |
| 20030163701 | Ochi et al. | Aug 2003 | A1 |
| 20040059924 | Soto et al. | Mar 2004 | A1 |
| 20040125402 | Kanai et al. | Jul 2004 | A1 |
| 20040205172 | Kim | Oct 2004 | A1 |
| 20040242209 | Kruis et al. | Dec 2004 | A1 |
| 20040249768 | Kontio et al. | Dec 2004 | A1 |
| 20050033994 | Suzuki | Feb 2005 | A1 |
| 20050055567 | Libin et al. | Mar 2005 | A1 |
| 20050066024 | Crocitti et al. | Mar 2005 | A1 |
| 20050086532 | Lotspiech et al. | Apr 2005 | A1 |
| 20050099982 | Sohn et al. | May 2005 | A1 |
| 20050108556 | DeMello et al. | May 2005 | A1 |
| 20050120215 | Lehew et al. | Jun 2005 | A1 |
| 20050144481 | Hopen et al. | Jun 2005 | A1 |
| 20050172116 | Burch et al. | Aug 2005 | A1 |
| 20050245233 | Anderson | Nov 2005 | A1 |
| 20050246533 | Gentry | Nov 2005 | A1 |
| 20050257055 | Anderson | Nov 2005 | A1 |
| 20050273399 | Soma et al. | Dec 2005 | A1 |
| 20050277412 | Anderson et al. | Dec 2005 | A1 |
| 20050286722 | Aboba et al. | Dec 2005 | A1 |
| 20060014520 | Anderson et al. | Jan 2006 | A1 |
| 20060026421 | Gasparini et al. | Feb 2006 | A1 |
| 20060045267 | Moore et al. | Mar 2006 | A1 |
| 20060080534 | Yeap et al. | Apr 2006 | A1 |
| 20060085634 | Jain et al. | Apr 2006 | A1 |
| 20060129818 | Kim et al. | Jun 2006 | A1 |
| 20060143295 | Costa-Requena et al. | Jun 2006 | A1 |
| 20060153072 | Bushmitch et al. | Jul 2006 | A1 |
| 20060165060 | Dua | Jul 2006 | A1 |
| 20060167820 | Jeong et al. | Jul 2006 | A1 |
| 20060177066 | Han et al. | Aug 2006 | A1 |
| 20060182045 | Anderson | Aug 2006 | A1 |
| 20060184530 | Song et al. | Aug 2006 | A1 |
| 20060185004 | Song et al. | Aug 2006 | A1 |
| 20060190621 | Kamperman et al. | Aug 2006 | A1 |
| 20060190991 | Iyer | Aug 2006 | A1 |
| 20060195893 | Caceres et al. | Aug 2006 | A1 |
| 20060200480 | Harris et al. | Sep 2006 | A1 |
| 20060253584 | Dixon et al. | Nov 2006 | A1 |
| 20070005955 | Pyle et al. | Jan 2007 | A1 |
| 20070022479 | Sikdar et al. | Jan 2007 | A1 |
| 20070112676 | Kontio et al. | May 2007 | A1 |
| 20070130617 | Durfee et al. | Jun 2007 | A1 |
| 20070168293 | Medvinsky | Jul 2007 | A1 |
| 20070214241 | Song et al. | Sep 2007 | A1 |
| 20070288487 | Song et al. | Dec 2007 | A1 |
| 20070288632 | Kanaparti et al. | Dec 2007 | A1 |
| 20080294559 | Wield et al. | Nov 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 2004079594 | Sep 2004 | WO |
| Entry |
|---|
| U.S. Non-Final Office Action for U.S. Appl. No. 11/056,221 mailed Dec. 8, 2008. |
| U.S. Non-Final Office Action for U.S. Appl. No. 11/810,009 mailed Jul. 8, 2009. |
| “Open Digital Rights Language (ODRL) Version 1.1,” W3C Note, Sep. 19, 2002, http://www.w3.org/TR/2002/NOTE-odrl-20020919/, United States. |
| SyncML—“Sync Protocol, Version 1.0,” http://www.syncml.org/docs/syncml—protocol—v10—20001207.pdf, pp. 1-60, Dec. 7, 2000, United States. |
| Jeong, J. et al., “An XML-Based Single Sign-on Scheme Supporting OSGi Framework,” Consumer Electronics, 2005, pp. 31-32, 2005 Digest of Technical Papers, United States. |
| Arnold, J. et al., “Single Sign On-Funktionalitat in dezentralen Umgebungen,” IP.com Journal, Jul. 23, 2003, p. 97, West Henrietta, NY, United States. |
| Jeong, J. et al., “A XML-Based Single Sign-on Scheme Supporting Mobile and Home Network Service Environments,” IEEE Transactions on Consumer Electronics, Nov. 2004, pp. 1081-1086, vol. 50, No. 4, IEEE Service Center, New York, NY, United States. |
| Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority; PCT/KR2007/002766, dated Sep. 12, 2007, Korean Intellectual Property Institute, Republic of Korea. |
| Notification of Transmittal of the Intenational Search Report and the Written Opinion of the International Searching Authority; PCT/KR2007/002772, dated Sep. 18, 2007, Korean Intellectual Property Institute, Republic of Korea. |
| Wang, O. et al., “An Inter-application and Inter-client Priority-based OoS Proxy Architecture for Heterogeneous Networks,” Proceedings of the 10th IEEE Symposium on Computer and Communications ISCC, Jun. 2005, pp. 819-824, IEEE Publishing, New York, NY, United States. |
| Greenwald, S.J. et al., “A New Security Policy for Distributed Resource Management and Access Control,” ACM Special Interest Group on Security, Audit, and Control, 1996, pp. 74-86, ACM, New York, NY. |
| U.S. Non-Final Office Action for U.S. Appl. No. 11/809,016 mailed Jun. 25, 2009. |
| Number | Date | Country | |
|---|---|---|---|
| 20070214356 A1 | Sep 2007 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60780397 | Mar 2006 | US |
