The present invention relates to wireless communications. More particularly, the present invention relates to techniques for providing communications security.
Information transferred across short-range wireless communications networks are often susceptible to interception by eavesdropping devices. When transmissions are intercepted, the privacy concerns of individuals may be compromised. Moreover, the interception of transmissions can dilute the value of various forms of content, such as multimedia entertainment, music, and software. Accordingly, there is a need to prevent the interception of wireless transmissions by unintended recipients.
Various techniques for protecting content currently exist. Such techniques involve encrypting content with a mechanism such as an encryption key. Once received, the intended recipient (which also possesses the encryption key or a corresponding decryption key) may decrypt the transmitted content. However, according to these techniques, the employed encryption key is fixed in nature. Thus, if an eavesdropper acquires the employed key, it is possible to decrypt the transmitted data using the key.
Various forms of short-range networks exist. Since gaining approval by the Federal Communications Commission (FCC) in 2002, ultra wideband (UWB) techniques have become an attractive solution for short-range wireless communications because they allow for devices to exchange information at relatively high data rates.
Although UWB systems for short-range networks are relatively new, their transmission techniques have been known for decades. In fact, the first radio transmission was made by a UWB technique when Heinrich Hertz discovered radio waves in 1887. This discovery was made with a spark gap transmitter, which can be viewed as an early UWB radio. Later on, such transmitters were banned because they emitted wide spectrum transmissions.
Current FCC regulations permit UWB transmissions for communications purposes in the frequency band between 3.1 and 10.6 GHz. However, for such transmissions, the spectral density has to be under −41.3 dBm/MHz and the utilized bandwidth has to be higher than 500 MHz.
There are many UWB transmission techniques that can fulfill these requirements. A common and practical UWB technique is called impulse radio (IR). In IR, data is transmitted by employing short baseband pulses that are separated in time by gaps. Thus, IR does not use a carrier signal. These gaps make IR much more immune to multipath propagation problems than conventional continuous wave radios. RF gating is a particular type of IR in which the impulse is a gated RF pulse. This gated pulse is a sine wave masked in the time domain with a certain pulse shape.
IR transmission facilitates a relatively simple transmitter design, which basically requires a pulse generator and an antenna. This design does not necessarily require a power amplifier, because transmission power requirements are low. In addition, this design does not generally require modulation components such as voltage controlled oscillators (VCOs) and mixers, because the impulses are baseband signals.
In general, IR receiver designs are more complex than their corresponding transmitter designs. However, basically, these designs are much simpler than conventional receiver designs because they typically do not employ intermediate frequency (IF) signals or filters. However, to fulfill spectral requirements, IR impulses have to be very short in duration (e.g., a couple of nanoseconds). This requirement places stringent timing demands on receiver timing accuracy. The fulfillment of these demands can also provide IR receivers with accurate time resolution and positioning capabilities.
Other short-range networks exist but do not provide the high data rates offered by UWB. One such network is Bluetooth. Bluetooth defines a short-range radio network, originally intended as a cable replacement. It can be used to create ad hoc networks of up to eight devices, where one device is referred to as a master device. The other devices are referred to as slave devices. The slave devices can communicate with the master device and with each other via the master device. The Bluetooth Special Interest Group, Specification Of The Bluetooth System, Volumes 1 and 2, Core and Profiles: Version 1.1, Feb. 22, 2001, describes the principles of Bluetooth device operation and communication protocols. This document is incorporated herein by reference in its entirety. The devices operate in the 2.4 GHz radio band reserved for general use by Industrial, Scientific, and Medical (ISM) applications. Bluetooth devices are designed to find other Bluetooth devices within their communications range and to discover what services they offer.
Other short-range network standards include IEEE 802.11x, IEEE 802.15, IrDa, and HIPERLAN.
The present invention provides for enhanced security in short-range wireless communications networks. Accordingly, the present invention is directed to methods and devices that generate a protected content stream from a data stream, and transmit the protected content stream across a first short-range communications link. In addition, the methods and devices transmit across a second short-range communications link information for converting the protected content stream into the data stream. The first link may be a UWB link, while the second link may be a Bluetooth link.
The protected content stream may include one or more packets, each having inserted errors, for example, at predetermined positions. Thus, the information for converting the protected content stream into the data stream may include the error positions and the code used to generate the errors. The positions of these errors may be selected at random. A code, such as a polynomial based code, may be used to generate the errors. Additionally, the packets may contain error detection codes and/or error correction codes.
In aspects of the present invention, the protected content stream may be generated by formatting the data stream into multiple data packets, generating at least one additional packet, and arranging the additional packet and the data packets into the protected content stream. Thus the information for converting may include the position of the additional packet. The position of the additional packet may be randomly selected. In these aspects, the data packets and additional packet may each include a field having an error detection code and/or error correction code.
In further aspects of the present invention, the protected content stream is generated by placing the data stream into multiple packets that each have an error correction code, which is set. At this point, errors are injected into the packets, such that the corresponding error correction codes are unable to correct these errors. The values and locations of these errors are included in the information for converting and may be selected at random.
Also, the protected content stream may be generated by encrypting the data stream with an encryption key. In such aspects, the information for converting includes a key for decrypting the protected data stream. This key may be the encryption key or a corresponding decryption key.
The present invention is also directed to methods and devices which receive the protected content stream from the first short-range communications link, and receive from the second short-range communications link information for converting the protected content stream into the data stream. Once this information is received, the data stream may be generated from the protected content stream.
Further features and advantages of the present invention will become apparent from the following description and accompanying drawings.
In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the reference number. The present invention will be described with reference to the accompanying drawings, wherein:
I. Operational Environment
Before describing the invention in detail, it is helpful to describe an environment in which the invention may be used. Accordingly,
Devices 102 and 104 are capable of engaging in wireless communications across at least two different types of short-range wireless links. For example, devices 102 and 104 may support both Bluetooth and UWB links.
Devices 102 and 104 each have a communications range that is defined by a coverage area. As shown in
In the environment of
Various techniques may be employed in establishing these links. For instance, device 102 may communicate across first link 110 to establish second link 112, and to initiate communications across link 112. Examples of this technique are described in the copending U.S. patent application filed on Sep. 12, 2003 entitled “Method and System for Establishing a Wireless Communications Link”, Attorney Docket No. 4208-4144 (application Ser. No. currently unassigned) by inventors Arto Palin, Juha Salokannel, and Jukka Reunamäki. This application is incorporated herein by reference in its entirety.
In the environment of
II. Wireless Communications Device
The device architecture of
As shown in
Link manager 204 performs functions related to Bluetooth link and UWB link set-up, security and control. These functions involve discovering corresponding link managers at remote devices and communicating with them according to the link manager protocol (LMP). More particularly, link manager 204 exchanges LMP PDUs with link managers at remote devices.
Link manager 204 exchanges information with host 201 across HCI 202. This information may include commands received from host 201, and information transmitted to host 201. HCI 202 defines a set of messages, which provide for this exchange of information.
BT link controller 206 operates as an intermediary between link manager 204 and BT transceiver 208. Link controller 206 also performs baseband processing for Bluetooth transmissions, such as error correction encoding and decoding. In addition, link controller 206 exchanges data between corresponding link controllers at remote devices according to physical layer protocols. Examples of physical layer protocols include retransmission protocols such as the automatic repeat request (ARQ) protocol.
BT transceiver 208 is coupled to antenna 210. Transceiver 208 includes electronics to (in conjunction with antenna 210) exchange wireless Bluetooth signals with devices, such as remote device 104. Such electronics include modulators, demodulators, amplifiers, and filters.
UWB link controller 212 operates as an intermediary between link manager 204 and UWB/HR transceiver 214. Link controller 212 also performs baseband processing for UWB transmission, such as error correction encoding and decoding. In addition, link controller 212 exchanges data between corresponding link controllers at remote devices according to physical layer protocols. Examples of such physical layer protocols include retransmission protocols such as the automatic repeat request (ARQ) protocol.
UWB/HR transceiver 214 is coupled to an antenna 216. Transceiver 214 includes electronics to (in conjunction with antenna 216) exchange wireless UWB or HR signals with devices, such as remote device 104. For the transmission of UWB signals, such electronics may include a pulse generator. For the reception of UWB signals, such electronics may include timing circuitry and filters.
The architecture of
As shown in
Memory 312 includes random access memory (RAM), read only memory (ROM), and/or flash memory, and stores information in the form of data and software components (also referred to herein as modules). These software components include instructions that can be executed by processor 310. Various types of software components may be stored in memory 312. For instance, memory 312 may store software components that control the operations of transceivers 214 and 220. Also, memory 312 may store software components that provide for the functionality of host 202, HCI interface 208, link manager 210, link controller 212, and UWB module 218.
In addition, memory 312 may store software components that control the exchange of information through user interface 314. As shown in
The elements shown in
III. Packet Communications
According to the present invention, secure communications are provided by transmitting protected content across a first communications link, and corresponding security messages across a second communications link. The protected content may be in the form of packets. Accordingly,
In addition, overhead portion may also include an error detection and/or error correction code 406, which may be used by the receiver of packet 400 to detect and/or correct errors payload portion 402. During transmission, these errors may be caused by sources such as electromagnetic noise and interfering transmissions.
Further, according to the present invention, errors may be intentionally introduced by the device transmitting the protected content stream. This introduction of errors produces a scrambled transmission. Details regarding these intentionally introduced errors may then be transmitted across the second link in one or more security messages. Upon receipt of the scrambled transmission and the security message(s), the receiving device may use the information in the security message(s) to descramble the transmission. According to such techniques, interception of the protected content stream also requires receipt of the security message(s).
Code 406 may include an error correction code. This error code may be a block code, such as a Hamming code. However, other error correction codes may be used such as Reed-Solomon codes and Viterbi codes. In embodiments, code 406 may involve concatenated codes, such as an inner code (e.g., Reed-Solomon) and an outer codes (e.g., Viterbi). Alternatively, or additionally, code 406 may include an error detection code, such as a cyclical redundancy check (CRC).
IV. Secure Communications
This process begins with a step 502, in which the communications device and a remote device (such as device 104) enter into short-range communications proximity. Next, in a step 504, the communications device establishes first and second communications links with the remote device. These links may be established in succession. For instance, the second link (e.g., a Bluetooth link) may be established and then employed to establish the first link (e.g., a UWB link). Examples of such techniques are described in the copending U.S. patent application filed on Sep. 12, 2003 entitled “Method and System for Establishing a Wireless Communications Link”, Attorney Docket No. 4208-4144 (application Ser. No. currently unassigned).
As described above with reference to
In a step 506, the communications device selects one or more security attributes. As will be described below, examples of such attributes include security technique, error codes, error locations, and/or encryption keys.
In a step 508, a data stream is received from an application. This application may be running on the device, for example in host 201. However, in further aspects, this application may be running on a separate device that is coupled to the communications device. Examples of applications include server applications, video applications, telephony applications, as well as other applications.
In a step 510, the device generates a protected content stream from the data stream. This generation is based on the security attribute(s) selected in step 506. Step 510 may include formatting the data stream into one or more data packets. As described above with reference to
In a step 512, the device generates a security message. This message contains information for converting the protected content stream into the data stream. Examples of such information include as error codes, error locations, and/or encryption keys.
In a step 514, the device transmits the protected content stream across the first communications link to a remote device (such as device 104).
In a step 516, the device transmits the security message across the second communications link to the remote device. Steps 514 and 516 may be performed in parallel.
The steps of
As described above, a protected content stream is generated in step 510. Various techniques may be employed to generate this content stream. Examples of these techniques are described below with reference to
V. Error Insertion
A first technique involves the insertion of errors into locations of packets. An example of this technique is shown in the flowchart of
In a step 604, the communications device generates one or more errors with a code. This code may be based on a polynomial.
In a step 606, the communications device inserts errors generated in step 604 into portions of the packets. These portions of the packets are at the positions selected in step 602.
A step 608 follows step 606. In this step, the communications device sets the error correction code for each of the packets.
As described above with reference to
Location selection module 702 selects one or more locations within data packets for errors to be inserted. These locations may be selected randomly. The selected locations may specify portions of a packet spanning one or more contiguous symbols (e.g., bits).
Error code generator 704 generates a code 722 that is employed to insert errors into the data packets at the locations selected by location selection module 702. This code may be a polynomial to define operation of a shift register.
Packet generator 708 receives a data stream 724 and formats it into a data packet stream 726, which includes a plurality of packets 730. These packets may be in a format, such as the one described above with reference to
Error insertion module 710 includes a memory 712, an insertion controller 714, a routing module 716, and a shift register 718. Memory 712 stores the location(s) indicated by location signal 720. Insertion controller 714 generates an insertion signal 731 based on the location(s) stored in memory 712. This signal is sent to routing module 716 when data packet stream 726 is at one of the selected location(s).
Upon receipt of insertion signal 730, routing module 716 sends symbols in data packet stream 726 to shift register 718. Shift register 718 operates according to a polynomial defined by code 722. Thus, shift register 718 “scrambles” the portions of data packet stream 726 that it receives from routing module 716. This scrambling results in scrambled content stream 727.
As described above, protected content stream 727 includes a plurality of packets 732, each having injected errors indicated in
Encoder 711 receives scrambled content stream 727. Upon receipt of each packet 732, encoder 711 computes a corresponding error detection and/or correction code. Encoder 711 then inserts this code into the error detection/correction field of the packet 732. As a result, encoder 711 generates protected content stream 728.
Security message module 706 receives location signal 720 and code 722. From these inputs, module 706 generates a security message 723 to be sent to a remote device across the second short-range communications link. As described above, this message allows for the remote device to convert protected content stream 728 into packet data stream 726.
The elements of
VI. Additional Packet Generation
A second technique of generating the protected content stream involves the generation of additional packets. An example of this technique is shown in the flowchart of
This technique includes a step 802. In this step, the communications device generates one or more packets in addition to the data packets generated in step 510. Like the data packets generated in step 510, these additional packet(s) also include a field having an error detection code and/or an error correction code.
In a step 804, the communications device selects positions of the at least one additional packet. This position may be randomly selected.
A step 806 follows step 804. In this step, the communications device arranges one or more additional packets and the data packets into the protected content stream.
When the steps of
Packet generator 908 receives a data stream 924 and formats it into a data packet stream 926, which includes a plurality of packets 930.
Location selection module 902 selects one or more location(s) for additional packet(s) to be inserted into data packet stream 926. These locations may be randomly selected. The selected locations may specify contiguous portions of a packet spanning multiple symbols (e.g., bits).
Additional packet generator 904 generates one or more packets 922 for insertion into data packet stream 926 at the location(s) selected by location selection module 902. These additional packets may contain randomly generated symbols.
As shown in
Encoder 911 receives scrambled content stream 927. Upon receipt of each packet 932, encoder 911 computes and inserts a corresponding error detection and/or correction code. Encoder then inserts this code into the error detection/correction field of the packets 930 and 922. As a result, encoder 911 generates protected content stream 928.
Security message module 906 receives location signal 920. From this input, module 906 generates a security message 923 to be sent to a remote device (such as device 104) across the second short-range communications link. As described above, this message allows for the remote device to convert protected content stream 928 into packet data stream 926.
The elements of
VII. Extensive Error Injection
A third technique of generating the protected content stream involves injecting errors into the data packets generated in step 510. An example of this technique is shown in
In a step 1004, the communications device selects one or more error values and locations. This selection may be random.
A step 1006 follows step 1004. In step 1006, the communications device injects the error values into the data packets at the selected locations. These injected errors are injected into the data packets to an extent such that the corresponding error correction codes are unable to correct these errors.
When the steps of
Location selection module 1102 selects one or more locations within data packets for errors to be inserted. These locations may be selected randomly. The selected locations may specify portions of a packet spanning one or more contiguous symbols (e.g., bits). In this case, location selection module 1102 generates a location signal 1120, which indicates a relatively large number of locations selected for error insertion to make error correction unattainable. For example,
Error code generator 1104 generates a code 1122 that is employed to insert errors into the data packets at the locations selected by location selection module 1102. This code may be a polynomial to define operation of a shift register.
Packet generator 1108 receives a data stream 1124 and formats it into a data packet stream 1126, which includes a plurality of packets 1130. As shown in
As shown in
As described above, protected content stream 1128 includes a plurality of packets 1132.
Security message module 1106 receives location signal 1120 and code 1122. From these inputs, module 1106 generates a security message 1123 to be sent to a remote device (such as device 104) across the second short-range communications link. As described above, this message allows for the remote device to convert protected content stream 1128 into packet data stream 1126.
The elements of
VIII. Further Techniques
Further techniques of generating the protected content stream may also be employed. For example, in step 510, the protected content stream may be generated by encrypting the data stream with an encryption key. In this technique, the encryption key and/or corresponding decryption key is included in the security message.
IX. Receiver
In a step 1204, the device receives a security message from a second communications link, such as a Bluetooth link. This message contains information for converting the protected content stream into a data stream. Accordingly, this message may include security attributes, such as security technique, error codes, error locations, and/or encryption keys.
In a step 1206, the device generates the data stream from the protected content stream. This may be based on the security techniques described above with reference to
The receiving device may be implemented in the manner described above with reference to
X. Conclusion
While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not in limitation. For instance, although examples have been described involving Bluetooth and UWB technologies, other short-range and longer range communications technologies are within the scope of the present invention.
Accordingly, it will be apparent to persons skilled in the relevant art that various changes in form and detail can be made therein without departing from the spirit and scope of the invention. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
Number | Name | Date | Kind |
---|---|---|---|
5307370 | Eness | Apr 1994 | A |
5677927 | Fullerton et al. | Oct 1997 | A |
5687169 | Fullerton | Nov 1997 | A |
6144464 | Rupp et al. | Nov 2000 | A |
6172673 | Lehtinen et al. | Jan 2001 | B1 |
6349199 | Armantrout | Feb 2002 | B1 |
6507734 | Berger et al. | Jan 2003 | B1 |
6539503 | Walker | Mar 2003 | B1 |
6549567 | Fullerton | Apr 2003 | B1 |
6571089 | Richards et al. | May 2003 | B1 |
6571212 | Dent | May 2003 | B1 |
6587949 | Steinberg | Jul 2003 | B1 |
6799287 | Sharma et al. | Sep 2004 | B1 |
6961541 | Overy et al. | Nov 2005 | B2 |
6993343 | Yoshii et al. | Jan 2006 | B2 |
7096033 | Bell | Aug 2006 | B1 |
20010049262 | Lehtonen | Dec 2001 | A1 |
20010055356 | Davies | Dec 2001 | A1 |
20020003792 | Schmidt et al. | Jan 2002 | A1 |
20020065099 | Bjorndahl | May 2002 | A1 |
20020073269 | Kawashima et al. | Jun 2002 | A1 |
20020080866 | Bouet et al. | Jun 2002 | A1 |
20020151276 | Ito | Oct 2002 | A1 |
20030032422 | Wynbeek | Feb 2003 | A1 |
20030063196 | Palatov et al. | Apr 2003 | A1 |
20030078037 | Auckland et al. | Apr 2003 | A1 |
20030100288 | Tomlinson, Jr. et al. | May 2003 | A1 |
20030108010 | Kim et al. | Jun 2003 | A1 |
20030137966 | Odman et al. | Jul 2003 | A1 |
20030147453 | Bantra | Aug 2003 | A1 |
20030148767 | Sugaya et al. | Aug 2003 | A1 |
20030174046 | McCorkle | Sep 2003 | A1 |
20030203741 | Matsuo et al. | Oct 2003 | A1 |
20040066762 | Alastalo | Apr 2004 | A1 |
20040204076 | Kotzin | Oct 2004 | A1 |
20040219897 | Choi | Nov 2004 | A1 |
20050037775 | Moeglein et al. | Feb 2005 | A1 |
20050058107 | Salokannel et al. | Mar 2005 | A1 |
20050058116 | Palin et al. | Mar 2005 | A1 |
20050058152 | Salokannel et al. | Mar 2005 | A1 |
20050059345 | Palin et al. | Mar 2005 | A1 |
20050078598 | Batra et al. | Apr 2005 | A1 |
20050193309 | Grilli et al. | Sep 2005 | A1 |
20050283207 | Hochmair et al. | Dec 2005 | A1 |
Number | Date | Country |
---|---|---|
2443871 | Feb 2003 | CA |
10140446 | Mar 2003 | DE |
0999717 | May 2000 | EP |
1 185 033 | Mar 2002 | EP |
1274194 | Jan 2003 | EP |
1515473 | Mar 2005 | EP |
2 287 383 | Sep 1995 | GB |
WO 9938302 | Jul 1999 | WO |
WO 9941876 | Aug 1999 | WO |
WO 0145319 | Jun 2001 | WO |
WO 0221746 | Mar 2002 | WO |
WO 03084146 | Oct 2003 | WO |
Number | Date | Country | |
---|---|---|---|
20050097408 A1 | May 2005 | US |