WO2007072388A1 - Method and apparatus for generating proximity estimate - Google Patents

Method and apparatus for generating proximity estimate Download PDF

Info

Publication number
WO2007072388A1
WO2007072388A1 PCT/IB2006/054907 IB2006054907W WO2007072388A1 WO 2007072388 A1 WO2007072388 A1 WO 2007072388A1 IB 2006054907 W IB2006054907 W IB 2006054907W WO 2007072388 A1 WO2007072388 A1 WO 2007072388A1
Authority
WO
WIPO (PCT)
Prior art keywords
proximity
node
estimate
challenging
receiving
Prior art date
Application number
PCT/IB2006/054907
Other languages
French (fr)
Inventor
Henricus X. Willems
Wouter Baks
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007072388A1 publication Critical patent/WO2007072388A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to a method and apparatus for generating a first proximity estimate based on path latency indicative of the proximity of a first node to a second node in a network, as well as to a system that uses such a proximity estimate in order to determine the level of allowed communication between the two nodes.
  • the invention further relates to a computer program product for enabling the generation of a proximity estimate for the proximity of two nodes in a network.
  • DRM Digital Rights Management
  • One way of protecting content in the form of digital data is to ensure that content will only be transferred from a transmitting device (source device, e.g. a digital video recorder, DVR) to a receiving device (sink device, e.g. a television display device) if the receiving device has been authenticated as being a compliant device and if the user of the content has the right to transfer (move, copy) that content to another device. If transfer of content is allowed, this will typically be performed in an encrypted way to make sure that the content cannot be captured in an unprotected, digital format.
  • source device e.g. a digital video recorder, DVR
  • sink device e.g. a television display device
  • SAC secure authenticated channel
  • a SAC is set up using an Authentication and Key Exchange (AKE) protocol that is based on public key cryptography.
  • AKE Authentication and Key Exchange
  • Standards such as International Standard ISO/IEC 11770-3 and ISO/IEC 9796-2, and public key algorithms such as RSA and hash algorithms like SHA-I are often used.
  • each device typically contains a unique encryption key that is used in a challenge/response protocol with another device to calculate a temporary, mutually shared key. The two devices subsequently use this shared key to protect the exchanged content and/or usage rights information.
  • a remaining issue is that a SAC may be set up between devices that are, physically or network- wise, far away from each other.
  • Various proposals have been made for some form of proximity measurement or estimate that is to be performed when the SAC is set up. By a priori determining an estimate of the proximity of the network nodes involved, it is possible to differentiate between local and remote nodes in the network. If the source and sink devices are too far away from each other, the SAC should not be set up and/or the content exchange should be refused or limited.
  • the proximity estimate may be used to establish whether and/or what type of content may be exchanged, thereby e.g. allowing a more liberal local content usage for personal content on a local network.
  • Such distance measurement involves a challenge-response protocol where the time between sending the challenge and receiving the response are measured.
  • the path latency in turn may be used as an estimate of the proximity of source and sink devices.
  • Proximity may be interpreted as the perceived proximity in the network based on path latency.
  • the path latency may however also be interpreted as a first order approximation of physical proximity.
  • Proximity measurement can be combined with the authentication protocol of the SAC setup, as is taught for example in international patent application WO 2004/014037 (attorney docket PHNL020681), herein included by reference.
  • the path latency between two nodes may be established using a challenge/response protocol executed between the two nodes.
  • a path latency measurement requires a secure notion of time at the measuring network node. In closed systems, such as CE devices this is usually not a problem. However in open systems this generally is much harder to achieve, even when using trusted applications. In open systems trusted applications generally do not have access to a secure, tamper-free clock. Trusted applications in an open system often rely on the operating system, or hardware clock driver software for reporting the actual time. A malicious party could, for example by providing a clock-spoofing driver or tampering with the hardware clock, frustrate reliable proximity determination.
  • This object is achieved by a method of generating a first proximity estimate based on a path latency indicative of the proximity of a first node to a second node in a network, the method comprising the following steps: a) challenging the first node to send a first challenge to the second node, b receiving a first response from the second node, the first response having been sent in response to the first challenge, and c) generating the first proximity estimate, based at least in part on the challenging a), and the receiving b).
  • the path latency may be calculated.
  • the path latency corresponds to the elapsed time between the challenging a) and the receiving b).
  • the first node nor the second node requires a (secure) notion of time.
  • the present method is not affected by tampering to e.g. the clock driver, and/or hardware clock of that node.
  • the path latency established in this manner can be used as a first proximity estimate indicative of the proximity of the first node to the second node.
  • the first proximity estimate may not be an accurate estimate of the proximity of the first node to the second node, as it incorporates the path latencies of the respective paths i), ii), and iii). Nevertheless this first order first proximity estimate generated in this manner may be used advantageously in a method of determining a level of allowed communication between the first node and the second node.
  • the above method may be used to establish whether the two nodes have moved out of proximity of one another by performing multiple proximity estimations and comparing the results.
  • the latter may be particularly useful when one of the devices is a stationary home network content server, and the other is a mobile client terminal.
  • Neither of the two nodes requires a notion of time, and in case at least one of the nodes has a notion of time, it need not be secure, as it is not used in the above method.
  • the challenging a) and the receiving b) are conducted by a challenging proximity check server and a receiving proximity check server.
  • a proximity check server hereafter called PCS
  • PCS may be a dedicated node in the network, or may be advantageously combined with other nodes, e.g. access control nodes, or content server nodes.
  • access control nodes e.g. access control nodes
  • content server nodes e.g. access control nodes, or content server nodes.
  • PCS is arranged to establish proximity estimates.
  • the PCS In order for a PCS to establish the time of challenging a), or the time of receiving b) the PCS itself will have to have a (secure) notion of time.
  • the generation of the first proximity estimate further involves improving the path latency estimate by accounting for the paths i) and iii) during the first proximity estimate generation.
  • Two further proximity estimates may be used in order to account for these paths. These two further proximity estimates are: a second proximity estimate indicative of the proximity of the challenging PCS to the first node, and a third proximity estimate indicative of the proximity of the receiving PCS to the second node.
  • the second and third proximity estimates may be established using a method as disclosed in WO2003/079638 (Attorney Docket PHUS020096) herein included by reference.
  • RTT Round Trip Time
  • a PCS When applied to establish the second and third proximity measure in an embodiment according to the present invention, a PCS conducts an RTT by sending a challenge to a node and receiving a response there from.
  • the RTT measurement equals twice the proximity measure.
  • RTT measurements may show a substantial variation over time, for example resulting from network load and message routing, it may be beneficial to perform a plurality of such measurements and determine an average RTT.
  • the RTT measurement between the challenging PCS, and the first node may be combined with the challenging a).
  • the second and third proximity estimates may be used to establish a more accurate first proximity estimate using Equation 1.
  • This more accurate first proximity estimate may be used for comparing the first proximity measure with actual path latency threshold values for the path latency between the first and the second node.
  • T b - T a second proximity estimate + Eq. 1 first proximity estimate + third proximity estimate
  • This first proximity estimate may be used in a method for determining the level of allowed processing of content in a network based on "physical" proximity of two nodes.
  • An example of such a constraint may be that only client nodes within 6 ms of a content server node may be allowed to render content stored on the content server node. In this embodiment the content server node and the client nodes do not require a (secure) notion of time.
  • the challenging a) may further comprise information that is used for authentication of the first and the second node.
  • This authentication allows a more secure first proximity estimate, as the authenticity of the nodes involved is established in the process.
  • the present method may be used advantageously in setting up a SAC between two nodes that do not have a (secure) notion of time.
  • a method according to the present invention may further involve cryptographic operations such as encryption, decryption, generating digital signatures, verifying digital signatures, and or the creation and verification of certificates.
  • cryptographic operations may be time consuming, and as a result affect the accuracy of the generation of the first proximity estimate.
  • a further set of embodiments establishes a first processing time estimate indicative of the time between receipt of the second challenge by the first node and dispatching the first challenge, as well as a second processing time estimate indicative of the time between the receipt of the first challenge by the second node and dispatching the first response.
  • the challenging a) and the receiving b) are conducted by a single PCS that functions as both the challenging PCS and the receiving PCS.
  • a fourth proximity estimate indicative of the proximity of the challenging PCS, and the receiving PCS is used.
  • the fourth proximity estimate may be used by the challenging PCS, to help establish the time of receiving b) at the receiving PCS, further based on a message sent by the receiving PCS to the challenging PCS on the receiving b).
  • the fourth proximity estimate may also be used by the receiving PCS, to help establish the time of challenging a), further based on a message sent by the challenging
  • the second, the third, and/or fourth proximity estimates may be digitally signed, or incorporated in a digital certificates.
  • a first proximity estimate needs to be generated such certificates may be used instead of generating the respective proximity estimates from scratch. In doing so the network load, and efficiency of the present method may be further improved.
  • the method further comprises a step of generating a digital certificate comprising the first proximity estimate, thereby allowing further improvements in network efficiency.
  • a proximity check server for generating a first proximity estimate based on path latency indicative of the proximity of a first node to a second node in a network
  • the proximity check server comprising: a transmitting means arranged to transmit data over the network, a receiving means arranged to receive data from the network, an obtaining means arranged to obtain timestamps, the receiving means further arranged to at least receive a first response from the second node in response to a first challenge, the first challenge generated in response to a second challenge from a proximity check server challenging the first node, and a processing means arranged to generate a first proximity estimate indicative of the proximity of the first node to the second node, the first proximity estimate based at least in part on the challenging and the receipt of the first response.
  • a PCS according to the invention may be integrated in a wide-variety of devices; server PCs, internet hubs, wireless LAN hubs, ADSL modems, or set-top boxes.
  • the PCS can be a stand-alone device, such as a USB stick, or a wireless RF token that connects with a network by itself, or through another device to establish proximity estimates for the proximity of nodes in the network.
  • the PCS may be incorporated in end-user mobile devices such a mobile phones, hand- held game consoles, or mobile video rendering devices, provided they have a notion of time, preferably a secure notion of time.
  • This goal is accomplished in that a system is provided for determining a level of allowed communication between a first node and a second node in a network 700, the system comprising a proximity check server according to claim 15, the system further characterized in that the proximity check server is arranged to establish a first proximity estimate for use in the determining.
  • Fig. 1 presents a schematic representation of the generation of a first proximity estimate in a dynamic network topology.
  • Fig. 2A presents a schematic representation of the generation of a first proximity estimate for a situation involving one PCS.
  • Fig. 2B presents a schematic representation of the generation of a first proximity estimate for a situation involving two PCSes.
  • Fig. 3 A presents a timeline indicating the use of the fourth proximity estimate to establish the timestamp of the challenging a).
  • Fig. 3B presents a timeline indicating the use of the fourth proximity estimate to establish the timestamp of the receiving b).
  • Fig. 4 presents a communication diagram for a scenario involving two PCSes conducting two iterations according to the present invention.
  • Fig. 5 presents a communication diagram for a scenario involving a single
  • Fig. 6 presents a block diagram of a PCS according to the present invention.
  • Fig. 7 presents a schematic representation of a system for determining a level of allowed communication between a first node and a second node in a network.
  • Fig. 1 presents a schematic representation of the generation of a proximity estimate in a dynamic network topology.
  • a first node Nl, and a second node N2 are part of a network.
  • Node Nl represents a mobile client node
  • node N2 represents a stationary content server in a home network.
  • the present invention may be used to generate a first proximity estimate IPX indicative of the distance between the first node Nl, and the second node N2.
  • This proximity estimate in turn may be used in a method for determining the level of communication allowed between the stationary content server, node N2, and the mobile client node, node Nl .
  • the first proximity estimate IPX here is used to grant a node Nl access to content stored on node N2, provided that node Nl is within a pre-determined proximity threshold of node N2.
  • content access can be localized to e.g. the home network environment 100.
  • a proximity estimate is generated in accordance with the present invention.
  • a series of messages are sent over the network.
  • the first node Nl is challenged, by means of the challenging a) in the form of a second challenge 2C.
  • the first node Nl sends a first challenge 1C to the second node N2.
  • the node N2 produces a first response IR.
  • the first response IR is subsequently received: the receiving b).
  • the first proximity estimate IPX can be established.
  • a further first proximity estimate IPX' is established, in an analogous manner.
  • the DRM system may when the further first proximity estimate IPX' exceed the pre-determined proximity threshold, deny the node Nl ' further access to the content stored on the node N2.
  • proximity estimates as generated using the present invention may be used in an advantageous manner to differentiate between situations wherein the client node is inside or alternatively outside of the home environment by careful selection of the threshold, or by introducing a threshold range, or by combining the proximity estimate with further inputs.
  • the proximity estimates may be generated without the nodes Nl , and N2 having a notion of (secure) time. Nevertheless the present invention may also be used when either node has a notion of time.
  • the first proximity estimate IPX generated in the above manner also includes the path latency to the first node Nl, and the path latency from the second node N2. The latter is not an issue as long as relative proximity estimates are used, but if more accurate proximity estimates is required further steps are in order.
  • a PCS may be a separate node, or may be incorporated in another node.
  • a PCS typically requires a notion of time.
  • Fig. 2A and 2B present a schematic representations of the generation of a more accurate first proximity estimate IPX according to the present invention.
  • the first scenario depicted in Fig. 2A presents a second scenario involving a single PCS that functions as both the challenging and the receiving PCS, hereafter called CRPCS.
  • the challenging a) corresponds to dispatching a second challenge 2C by the CRPCS
  • the receiving b) corresponds to the receipt of a first response IR by the CRPCS.
  • the CRPCS sends the second challenge 2C to a first node Nl.
  • the first node on receipt of the second challenge 2C will dispatch a first challenge 1C to a second node N2.
  • the second node N2 responds with the first response IR that is sent to the CRPCS.
  • the CPRCS conducts a path latency measurement from the CPRCS through the first node, the second node, and back to the CPRCS.
  • the CRPCS furthermore obtains: - a second proximity estimate 2PX indicative of the proximity of the challenging PCS (CPRCS) to the first node, and a third proximity estimate 3PX indicative of the proximity of the receiving PCS (CPRCS) to the second node.
  • the path latencies corresponding to the path from the CRPCS to either node individually may be established by the CRPCS using the method disclosed in WO2003/079638 (Attorney Docket PHUS020096) as indicated earlier.
  • the generation of the second proximity estimate requires the CRPCS to conduct a RTT measurement to node Nl . Based on this RTT measurement the CRPCS can establish the second proximity estimate that corresponds to half the measured RTT. In an analogous manner the CRPCS may further establish the third proximity measure.
  • the second and/or the third proximity estimate may be used for generating the first proximity estimate, or alternatively may be stored locally for future use. Alternatively they may be digitally signed by the CRPCS and communicated to other PCSes. Even more alternatively the PCS may generate a digital certificate comprising the second and/or the third proximity estimate that can be transported over the network, and may be used by other PCSes, or other nodes that require knowledge of such a proximity estimate without the need for further RTT measurements.
  • the first proximity can be generated.
  • this involves calculating the time between the challenging a) T a and the receiving b) T b , and subsequently subtracting the second and the third proximity estimates.
  • Fig. 2B presents a schematic representation of the generation of a first proximity estimate IPX in case of a scenario involving two PCSes: a challenging PCS, hereafter CPCS, and a receiving PCS, hereafter RPCS.
  • - the RPCS has access to a fourth proximity estimate 4PX indicative of the proximity between the CPCS and the RPCS, and - the CPCS, on challenging a) sends a notification thereof to the RPCS.
  • the CPCS has access to the fourth proximity estimate PX
  • the CPRCS and the RPCS may register the timestamp of the challenging a) and the receiving b). As both timestamps relate to the same notion of time, they can be used directly for computing the first proximity estimate IPX.
  • the second and third proximity estimates are established. In this case the CPCS establishes the second proximity estimate and the RPCS establishes the third proximity estimate.
  • the timestamps and the proximity estimates can be collected at either PCS, or an alternate trusted party, and can subsequently be used to generate the first proximity estimate, by application of Equation 1.
  • the fourth proximity estimate 4PX provides additional information with respect to the proximity between the CPCS and the RPCS.
  • the fourth proximity estimate 4PX is either used to establish the moment of the challenging a) T a or the moment of the receiving b) T b .
  • Fig. 3 A presents a timeline that shows the use of the fourth proximity estimate 4PX in establishing the timestamp of the challenging a) T a by the RPCS.
  • the CPCS sends a second challenge 2C to the first node Nl on T a .
  • the CPCS also sends a first message FM to the RPCS.
  • the RPCS receives the first message FM from the CPCS.
  • the first node Nl sends a first challenge 1C to the second node N2.
  • the second node N2 sends a first response IR to the RPCS.
  • the RPCS receives the first response at Tb. Tb corresponds to the time of receiving b).
  • the RPCS can now calculate the approximate time of challenging a) T a by the CPCS using both T FM and the fourth proximity estimate 4PX using Equation 3.
  • Equation 1 may be used to compute the first proximity estimate.
  • the fourth proximity estimate 4PX is used in combination with a notification from the RPCS to the CPCS to allow the CPCS to establish the time of the receiving b).
  • Fig. 3B presents a timeline that depicts the use of the fourth proximity estimate 4PX as used for establishing the timestamp of the receiving b) T b .
  • the CPCS sends a second challenge 2C to the first node Nl on T a .
  • the first node Nl in response sends a first challenge 1C to the second node N2.
  • the second node N2 in response sends a first response IR to the RPCS.
  • the RPCS forwards the first response IR to the CPCS.
  • the CPCS receives the forwarded response on T FR .
  • the CPCS can now calculate the approximate time of the receiving b) T b by the RPCS. To this end the CPCS uses both T FR and the fourth proximity estimate 4PX in combination with Equation 4.
  • Equation 1 may be used to compute the first proximity estimate.
  • the RPCS only has a minor role.
  • the RPCS merely forwards the first response IR to the CPCS. This resembles the role of a regular node or a PCS node in the path between the second node and the CRPCS in a single PCS solution. It is important to note however that the receiving b) here is performed by the RPCS, and therefore is different from single PCS solution.
  • the fourth proximity estimate is used to relate the timestamps of the challenging a) at the CPCS and the receiving b) at the RPCS respectively. It may be argued that in embodiments according to the first subset of embodiments the fourth proximity estimate 4PX has been accounted for in the clock distribution, or clock synchronization, of the CPCS and the RPCS.
  • a single PCS solution if possible is preferable it does not involve the use of a fourth proximity estimate 4PX as an approximation of the time of path latency between the CPCS, and the RPCS. Moreover it does not require sharing of information between the CPCS and the RPCS. Timing information regarding the challenging a) and the receiving b) need not pass over the network and may be kept in a tamper-resilient environment, within the realm of control of the single PCS.
  • the arrival of challenges and responses in a network environment, and particularly in best effort networks such as the Internet may be dependent on the network topology, the network traffic-load, as well as the message routing.
  • first proximity estimates generated according to the method of the present invention may show a substantial statistical variation.
  • multiple iterations may be conducted when determining the first, the second, the third, and the fourth proximity estimates.
  • the roles of CPCS and RPCS may be reversed in the process together with the roles of the first node Nl, and the second node N2. In a single PCS scenario this results in reversing the roles of the first node Nl and the second node N2 only.
  • Fig. 4 presents a communication diagram depicting the communications in a method according to the present invention involving two PCSes, PCSl and PCS2.
  • PCSl functions as the challenging PCS
  • PCS2 functions as the receiving PCS in the first, and as the challenging PCS in the second phase.
  • both PCSl and PCS2 have the same notion of time.
  • PCSl sends a second challenge 2C to a first node Nl
  • the first node Nl immediately responds with a second response 2R to PCSl.
  • PCSl may, based on the second response 2R, establish a second proximity estimate 2PX indicative of the proximity of PCSl to the first node Nl .
  • the first node also sends a first challenge 1C to a second node N2.
  • PCS2 can establish a third proximity estimate 3PX indicative of the proximity of PCS2 to the second node N2.
  • the communication diagram further depicts a second message 2M from PCSl to PCS2.
  • This message comprises the second proximity estimate 2PX established during the first phase as well as the time of the dispatch time of the second challenge 2C and the arrival time of a sixth response 6R.
  • the second and the third proximity estimate, as well as the time-stamps to calculate two separate proximity estimates indicative of the proximity between the first node and the second node.
  • first and second phase separate proximity estimates are established in the first and second phase and relate to the proximity measured in two different directions.
  • One proximity estimate based on the proximity from the first node Nl to the second node N2 and one proximity estimate based on the proximity from the second node N2 to the first node Nl.
  • IPX In order to establish a directionally independent first proximity estimate IPX, an optionally weighted, average of both proximity estimates may be computed.
  • a more accurate (first) proximity estimate it is advisable to minimize the influence of processing time on the path latency measurements, or account for the processing time(s) in the generating process.
  • the CRPCS generates a first proximity estimate IPX indicative of the time between receipt of the second challenge 2C by the first node Nl and dispatching the first challenge 1C.
  • a first and second processing time estimate is established and used in the generation of the first proximity estimate IPX.
  • the CRPCS initiates the first proximity estimate IPX generation by sending a second challenge 2C to the first node Nl.
  • the first node Nl dispatches a second response 2R to the CRPCS.
  • the CRPCS may use this response to determine a second proximity estimate 2PX.
  • the second response 2R is used as an indication of the start of the processing at the first node Nl.
  • the first node Nl will send a first challenge 1C to the second node N2.
  • the first node Nl also sends a further response 2R' to the CRPCS.
  • the CRPCS may establish the first processing time estimate IPR indicative of the time between the receipt of the second challenge 2C by the first node Nl and dispatching the first challenge 1C.
  • the processing time may constitute a substantial part of the measured path latency.
  • this in conjunction with the first response IR enables the CRPCS to establish the second processing time estimate 2PR indicative of the time between the receipt of the first challenge 1C by the second node N2 and dispatching the first response IR.
  • the CRPCS will establish a third proximity estimate 3PX indicative of the distance between the CRPCS and the second node N2 using a third challenge 3C and a third response 3R, or alternatively by obtaining a proximity certificate comprising the third proximity estimate 3PX and verifying its authenticity and validity.
  • the CRPCS may now use the acquired information, together with the following equation to establish the first proximity estimate IPX using Equation 5.
  • T b - T a 2PX + IPR + IPX + 2PR + 3PX Eq. 5
  • the accuracy of the first proximity estimate IPX is subject to variations in both message routing and network load.
  • the method may be advantageously combined with authentication techniques.
  • authentication techniques may be fully integrated in the messages that are passed between nodes, but it may also require further messages.
  • the nodes may be challenged to provide proof of authenticity during the challenging and responding.
  • the proof of authenticity may comprise signing a new random number (nonce) generated by the challenging PCS encrypted with the private key of a private/public key of the challenging PCS.
  • the nodes on receipt of this information may decrypt the information using the public key of the challenging PCS. Subsequently each node encrypts the nonce using their private key of their private/public key pair and appends this to the message. The receiving PCS may subsequently verify whether both nodes have signed the nonce using the appropriate key.
  • nodes may perform the actual generation of the first proximity estimate IPX, provided they receive all required information from the challenging and/or the receiving PCS.
  • a certificate can be generated that comprises the first proximity estimate IPX, and that is signed by a trusted party.
  • a wide variety of alternative authentication schemes may be conceived that can be incorporated with the present invention. Apart from appending messages the nodes may also communicate the encrypted nonces directly. Instead of public key cryptography symmetric cryptography may be applied.
  • nodes may append additional timestamp in the process.
  • the nodes may also append certificates comprising their public keys signed by a certifying authority. Instead of appending public key information Uniform Resource Locators (URLs) may be applied, indicative of where such information may be obtained.
  • URLs Uniform Resource Locators
  • the proximity estimates generated in the process are subsequently used to create proximity certificates.
  • a certificate comprises one or more the proximity estimate, and is preferably signed by a certifying authority. The latter enables third parties intent to use the proximity estimate comprised in the certificate to ascertain the authenticity of the certificate, using the public key of the certifying authority.
  • Such certificates may be generated for any proximity estimate.
  • Proximity certificates comprising the second, third, and/or fourth proximity estimate may be used during the generation of the first proximity estimates.
  • a certificate comprising the first proximity estimate IPX in turn may be used instead of generating the first proximity estimate.
  • the main advantage of using such proximity certificates is that it reduces the load to both the network and the PCSes. Proximity certificates are particularly useful in networks with fixed network topology.
  • proximity certificates may comprise an indication as to their period of validity. The latter is particularly useful in situations where the network topology is more dynamic, or when temporary renewal is in order.
  • the first proximity estimate can be applied in a method of determining a level of allowed communication between the first device and the second device.
  • the first proximity estimate may be used to differentiate between local devices, or remote devices.
  • the first proximity estimate is based on path latency, there typically is a correlation between the physical distance and the path latency. It is however very difficult to quantify such correlation, as it not only depends on network topology, but also on the dynamics of message routing in the network, and the network load. Nevertheless the first proximity estimate may however be used as a proximity estimate to localize communication, in particularly of data under control of a DRM system.
  • Fig. 6 presents a block diagram of a PCS 600 according to the present invention.
  • the PCS 600 comprises transmitting means 620, arranged to transmit data 670 over a network, and receiving means 630 arranged to receive data 680 from the network.
  • a PCS 600 may be used for generating a proximity estimate indicative of the proximity of two nodes on a network.
  • the PCS 600 further comprises a processing means 610, a memory 640, and a storage means 650, optionally an external storage 660, such as a network storage may be provided.
  • the PCS 600 depicted in Fig. 6 further comprises an obtaining means 690 arranged to obtain time-stamps.
  • the obtaining means is an internal clock that provides the PCS with a notion of time.
  • the depicted obtaining means 690 is arranged to periodically synchronize with a PCS network clock 695.
  • the PCS 600 may be used as challenging or receiving PCS in methods according to the present invention.
  • the transmission, receiving and processing means can be implemented in completely in hardware or primarily in software.
  • Fig. 7 presents a schematic representation of a system for determining a level of allowed communication between a first node Nl and a second node N2 in a network 700.
  • the present invention may be used as an enabling technology for a DRM system.
  • a DRM system typically controls the distribution, the copying and the use of digital content such as, but not limited to, audio or video content.
  • the present invention could be used in such a DRM system in order to "localize" sharing, or use of content.
  • Fig. 7 depicts a system (710) for determining a level of allowed communication between a first node (Nl) and a second node (N2) in a network 700.
  • the network (700) comprising a central content repository, here node Nl, and a rendering node, here node N2.
  • the present invention can be used to provide a localization mechanism based on path latency, by controlling distribution of content from the central content repository Nl , to the rendering node N2.
  • content may be distributed from node Nl to the rendering node N2.
  • the system does not control the actual distribution of the content but provides decryption information in dependence of the first proximity estimate IPX to the rendering node N2.
  • the central content repository Nl and the rendering node N2 do not require a (secure) notion of time, only system (710) does.
  • the present invention is different from the above application, in that it addresses the generation of an alternate proximity estimate in an alternate manner that involves a first challenge by the first device to the second device.
  • a proximity estimate is formed for the actual proximity of the two devices rather than an upper bound of the proximity of the two devices in the network.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word "a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Abstract

The present invention relates to a method of generating a first proximity estimate based on a path latency indicative of the proximity of a first node to a second node in a network, the method comprising the following steps: challenging the first node to send a first challenge to the second node, receiving a first response from the second node, the first response having been sent in response to the first challenge, and generating the first proximity estimate, based at least in part on the challenging a), and the receiving b). It further relates to the use of such a method in determining a level of allowed communication as well as a proximity check server for establishing a first proximity estimate, and a system for determining a level of allowed communication in a network using a proximity check server.

Description

Method and apparatus for generating proximity estimate
The present invention relates to a method and apparatus for generating a first proximity estimate based on path latency indicative of the proximity of a first node to a second node in a network, as well as to a system that uses such a proximity estimate in order to determine the level of allowed communication between the two nodes. The invention further relates to a computer program product for enabling the generation of a proximity estimate for the proximity of two nodes in a network.
In recent years, the number of content protection systems available has been growing rapidly. Some of these systems only protect the content against unauthorized copying. Other systems restrict the user's ability to access the content. These systems are often referred to as Digital Rights Management (DRM) systems.
Consumers want to enjoy content without hassle and with as few limitations as possible. They want to network their devices to enable all kinds of different applications. They want to access any type of content in a straightforward manner. They also want to be able to share/transfer content in their home environment without limitations. One way of protecting content in the form of digital data is to ensure that content will only be transferred from a transmitting device (source device, e.g. a digital video recorder, DVR) to a receiving device (sink device, e.g. a television display device) if the receiving device has been authenticated as being a compliant device and if the user of the content has the right to transfer (move, copy) that content to another device. If transfer of content is allowed, this will typically be performed in an encrypted way to make sure that the content cannot be captured in an unprotected, digital format.
Technology that enables device authentication and conduct encrypted content transfer between devices exists in the form of what is called a secure authenticated channel (SAC). In many cases, a SAC is set up using an Authentication and Key Exchange (AKE) protocol that is based on public key cryptography. Standards such as International Standard ISO/IEC 11770-3 and ISO/IEC 9796-2, and public key algorithms such as RSA and hash algorithms like SHA-I are often used.
To set up a SAC, each device typically contains a unique encryption key that is used in a challenge/response protocol with another device to calculate a temporary, mutually shared key. The two devices subsequently use this shared key to protect the exchanged content and/or usage rights information.
A remaining issue is that a SAC may be set up between devices that are, physically or network- wise, far away from each other. Various proposals have been made for some form of proximity measurement or estimate that is to be performed when the SAC is set up. By a priori determining an estimate of the proximity of the network nodes involved, it is possible to differentiate between local and remote nodes in the network. If the source and sink devices are too far away from each other, the SAC should not be set up and/or the content exchange should be refused or limited. The proximity estimate may be used to establish whether and/or what type of content may be exchanged, thereby e.g. allowing a more liberal local content usage for personal content on a local network.
Typically such distance measurement involves a challenge-response protocol where the time between sending the challenge and receiving the response are measured. Such measurements establish the path latency between the challenging and the receiving. The path latency in turn may be used as an estimate of the proximity of source and sink devices. Proximity may be interpreted as the perceived proximity in the network based on path latency. The path latency may however also be interpreted as a first order approximation of physical proximity. Proximity measurement can be combined with the authentication protocol of the SAC setup, as is taught for example in international patent application WO 2004/014037 (attorney docket PHNL020681), herein included by reference.
The path latency between two nodes may be established using a challenge/response protocol executed between the two nodes. A path latency measurement requires a secure notion of time at the measuring network node. In closed systems, such as CE devices this is usually not a problem. However in open systems this generally is much harder to achieve, even when using trusted applications. In open systems trusted applications generally do not have access to a secure, tamper-free clock. Trusted applications in an open system often rely on the operating system, or hardware clock driver software for reporting the actual time. A malicious party could, for example by providing a clock-spoofing driver or tampering with the hardware clock, frustrate reliable proximity determination.
It is an object of the present invention to provide a method of generating a proximity estimate indicative of the proximity between two nodes in a network, in particular when the two nodes do not have a (secure) notion of time. This object is achieved by a method of generating a first proximity estimate based on a path latency indicative of the proximity of a first node to a second node in a network, the method comprising the following steps: a) challenging the first node to send a first challenge to the second node, b receiving a first response from the second node, the first response having been sent in response to the first challenge, and c) generating the first proximity estimate, based at least in part on the challenging a), and the receiving b).
When conducting the above method information is collected with respect to the path latency of the path: i. towards the first node, ii. from the first node to the second node, and iii. from the second node.
By using the time of challenging a) Ta and the time of the receiving b) Tb the path latency may be calculated. The path latency corresponds to the elapsed time between the challenging a) and the receiving b). Neither the first node nor the second node requires a (secure) notion of time. Provided that at least one of the first node and the second node has a notion of time, the present method is not affected by tampering to e.g. the clock driver, and/or hardware clock of that node. The path latency established in this manner can be used as a first proximity estimate indicative of the proximity of the first node to the second node.
The first proximity estimate may not be an accurate estimate of the proximity of the first node to the second node, as it incorporates the path latencies of the respective paths i), ii), and iii). Nevertheless this first order first proximity estimate generated in this manner may be used advantageously in a method of determining a level of allowed communication between the first node and the second node.
In particular in situations wherein network topology is dynamic the above method may be used to establish whether the two nodes have moved out of proximity of one another by performing multiple proximity estimations and comparing the results. The latter may be particularly useful when one of the devices is a stationary home network content server, and the other is a mobile client terminal. Neither of the two nodes requires a notion of time, and in case at least one of the nodes has a notion of time, it need not be secure, as it is not used in the above method. In one set of embodiments the challenging a) and the receiving b) are conducted by a challenging proximity check server and a receiving proximity check server. A proximity check server, hereafter called PCS, may be a dedicated node in the network, or may be advantageously combined with other nodes, e.g. access control nodes, or content server nodes. As the name suggests a PCS is arranged to establish proximity estimates. In order for a PCS to establish the time of challenging a), or the time of receiving b) the PCS itself will have to have a (secure) notion of time.
In a further set of embodiments the generation of the first proximity estimate further involves improving the path latency estimate by accounting for the paths i) and iii) during the first proximity estimate generation. Two further proximity estimates may be used in order to account for these paths. These two further proximity estimates are: a second proximity estimate indicative of the proximity of the challenging PCS to the first node, and a third proximity estimate indicative of the proximity of the receiving PCS to the second node. The second and third proximity estimates may be established using a method as disclosed in WO2003/079638 (Attorney Docket PHUS020096) herein included by reference. In a method according to this application a node with a notion of time, applies a Round Trip Time (RTT) measurement to a node in a network, in order to establish the proximity to that node.
When applied to establish the second and third proximity measure in an embodiment according to the present invention, a PCS conducts an RTT by sending a challenge to a node and receiving a response there from. The RTT measurement equals twice the proximity measure. As such RTT measurements may show a substantial variation over time, for example resulting from network load and message routing, it may be beneficial to perform a plurality of such measurements and determine an average RTT. In an embodiment according to the present invention the RTT measurement between the challenging PCS, and the first node, may be combined with the challenging a).
Once the second and third proximity estimates are established they may be used to establish a more accurate first proximity estimate using Equation 1. This more accurate first proximity estimate may be used for comparing the first proximity measure with actual path latency threshold values for the path latency between the first and the second node.
Tb- Ta = second proximity estimate + Eq. 1 first proximity estimate + third proximity estimate This first proximity estimate may be used in a method for determining the level of allowed processing of content in a network based on "physical" proximity of two nodes. An example of such a constraint may be that only client nodes within 6 ms of a content server node may be allowed to render content stored on the content server node. In this embodiment the content server node and the client nodes do not require a (secure) notion of time.
In a further set of embodiments the challenging a), the first challenge, and the first response may further comprise information that is used for authentication of the first and the second node. This authentication allows a more secure first proximity estimate, as the authenticity of the nodes involved is established in the process. As a result the present method may be used advantageously in setting up a SAC between two nodes that do not have a (secure) notion of time.
In order to authenticate the first and the second node a method according to the present invention may further involve cryptographic operations such as encryption, decryption, generating digital signatures, verifying digital signatures, and or the creation and verification of certificates. Such cryptographic operations may be time consuming, and as a result affect the accuracy of the generation of the first proximity estimate.
In order to account for such processing delays a further set of embodiments establishes a first processing time estimate indicative of the time between receipt of the second challenge by the first node and dispatching the first challenge, as well as a second processing time estimate indicative of the time between the receipt of the first challenge by the second node and dispatching the first response. By establishing the processing time estimates, it is possible to factor out the processing time, and as a result obtain a more accurate first proximity estimate.
In a further set of advantageous embodiments the challenging a) and the receiving b) are conducted by a single PCS that functions as both the challenging PCS and the receiving PCS.
In yet a further set of embodiments a fourth proximity estimate, indicative of the proximity of the challenging PCS, and the receiving PCS is used. The fourth proximity estimate may be used by the challenging PCS, to help establish the time of receiving b) at the receiving PCS, further based on a message sent by the receiving PCS to the challenging PCS on the receiving b). The fourth proximity estimate may also be used by the receiving PCS, to help establish the time of challenging a), further based on a message sent by the challenging
PCS to the receiving PCS on the challenging a).
In a further set of embodiments the second, the third, and/or fourth proximity estimates may be digitally signed, or incorporated in a digital certificates. When subsequently a first proximity estimate needs to be generated such certificates may be used instead of generating the respective proximity estimates from scratch. In doing so the network load, and efficiency of the present method may be further improved.
In a further advantageous method according to the present invention the method further comprises a step of generating a digital certificate comprising the first proximity estimate, thereby allowing further improvements in network efficiency.
It is a further goal of the present invention to provide a proximity check server for generating a first proximity estimate indicative of the proximity of a first node to a second node in a network.
This goal is accomplished in that a proximity check server is provided for generating a first proximity estimate based on path latency indicative of the proximity of a first node to a second node in a network, the proximity check server comprising: a transmitting means arranged to transmit data over the network, a receiving means arranged to receive data from the network, an obtaining means arranged to obtain timestamps, the receiving means further arranged to at least receive a first response from the second node in response to a first challenge, the first challenge generated in response to a second challenge from a proximity check server challenging the first node, and a processing means arranged to generate a first proximity estimate indicative of the proximity of the first node to the second node, the first proximity estimate based at least in part on the challenging and the receipt of the first response. A PCS according to the invention may be integrated in a wide-variety of devices; server PCs, internet hubs, wireless LAN hubs, ADSL modems, or set-top boxes.
Alternatively the PCS can be a stand-alone device, such as a USB stick, or a wireless RF token that connects with a network by itself, or through another device to establish proximity estimates for the proximity of nodes in the network. Alternatively the PCS may be incorporated in end-user mobile devices such a mobile phones, hand- held game consoles, or mobile video rendering devices, provided they have a notion of time, preferably a secure notion of time.
It is a further goal of the present invention to provide a system for determining the level of allowed communication between a first device, and a second device in a network. This goal is accomplished in that a system is provided for determining a level of allowed communication between a first node and a second node in a network 700, the system comprising a proximity check server according to claim 15, the system further characterized in that the proximity check server is arranged to establish a first proximity estimate for use in the determining.
These and other aspects of the invention will be further elucidated and described by way of example and with reference to the drawings, in which: Fig. 1, presents a schematic representation of the generation of a first proximity estimate in a dynamic network topology.
Fig. 2A, presents a schematic representation of the generation of a first proximity estimate for a situation involving one PCS.
Fig. 2B, presents a schematic representation of the generation of a first proximity estimate for a situation involving two PCSes.
Fig. 3 A, presents a timeline indicating the use of the fourth proximity estimate to establish the timestamp of the challenging a).
Fig. 3B, presents a timeline indicating the use of the fourth proximity estimate to establish the timestamp of the receiving b). Fig. 4, presents a communication diagram for a scenario involving two PCSes conducting two iterations according to the present invention.
Fig. 5, presents a communication diagram for a scenario involving a single
PCS.
Fig. 6, presents a block diagram of a PCS according to the present invention.
Fig. 7, presents a schematic representation of a system for determining a level of allowed communication between a first node and a second node in a network.
Throughout the drawings, the same reference numeral refers to the same element, or an element that performs the same function.
Fig. 1 presents a schematic representation of the generation of a proximity estimate in a dynamic network topology. A first node Nl, and a second node N2 are part of a network. Node Nl represents a mobile client node, and node N2 represents a stationary content server in a home network. The present invention may be used to generate a first proximity estimate IPX indicative of the distance between the first node Nl, and the second node N2.
This proximity estimate in turn may be used in a method for determining the level of communication allowed between the stationary content server, node N2, and the mobile client node, node Nl . The first proximity estimate IPX here is used to grant a node Nl access to content stored on node N2, provided that node Nl is within a pre-determined proximity threshold of node N2. By periodically establishing the proximity of the node Nl to the node N2, content access can be localized to e.g. the home network environment 100.
At a first moment in time, when node Nl is within the home environment, a proximity estimate is generated in accordance with the present invention. To this end a series of messages are sent over the network. First the first node Nl is challenged, by means of the challenging a) in the form of a second challenge 2C. In response the first node Nl sends a first challenge 1C to the second node N2. As a result of the first challenge 1C the node N2 produces a first response IR. The first response IR is subsequently received: the receiving b). Based on the timestamps of the challenging a) Ta and that of the receiving b) T b the first proximity estimate IPX can be established.
Tb- Ta = IPX Eq. 2
At a later moment in time, when the client node has moved outside of the home network environment 100, in Fig. 1 represented by node Nl ', a further first proximity estimate IPX' is established, in an analogous manner. Subsequently the DRM system may when the further first proximity estimate IPX' exceed the pre-determined proximity threshold, deny the node Nl ' further access to the content stored on the node N2. It will be clear to those skilled in the art that proximity estimates as generated using the present invention may be used in an advantageous manner to differentiate between situations wherein the client node is inside or alternatively outside of the home environment by careful selection of the threshold, or by introducing a threshold range, or by combining the proximity estimate with further inputs. The proximity estimates may be generated without the nodes Nl , and N2 having a notion of (secure) time. Nevertheless the present invention may also be used when either node has a notion of time.
The first proximity estimate IPX generated in the above manner also includes the path latency to the first node Nl, and the path latency from the second node N2. The latter is not an issue as long as relative proximity estimates are used, but if more accurate proximity estimates is required further steps are in order.
In practical situations the challenging a), and the receiving b) are conducted by PCSes. A PCS may be a separate node, or may be incorporated in another node. In order to perform time measurements a PCS typically requires a notion of time.
Fig. 2A and 2B present a schematic representations of the generation of a more accurate first proximity estimate IPX according to the present invention.
The first scenario depicted in Fig. 2A presents a second scenario involving a single PCS that functions as both the challenging and the receiving PCS, hereafter called CRPCS. In Fig. 2A the challenging a) corresponds to dispatching a second challenge 2C by the CRPCS, and the receiving b) corresponds to the receipt of a first response IR by the CRPCS.
The CRPCS sends the second challenge 2C to a first node Nl. The first node on receipt of the second challenge 2C will dispatch a first challenge 1C to a second node N2. The second node N2 responds with the first response IR that is sent to the CRPCS.
In order to generate a more accurate first proximity estimate the CPRCS conducts a path latency measurement from the CPRCS through the first node, the second node, and back to the CPRCS. Apart from the challenging a) and the receiving b) the CRPCS furthermore obtains: - a second proximity estimate 2PX indicative of the proximity of the challenging PCS (CPRCS) to the first node, and a third proximity estimate 3PX indicative of the proximity of the receiving PCS (CPRCS) to the second node.
The path latencies corresponding to the path from the CRPCS to either node individually may be established by the CRPCS using the method disclosed in WO2003/079638 (Attorney Docket PHUS020096) as indicated earlier.
In the situation depicted in Fig. 2A the generation of the second proximity estimate requires the CRPCS to conduct a RTT measurement to node Nl . Based on this RTT measurement the CRPCS can establish the second proximity estimate that corresponds to half the measured RTT. In an analogous manner the CRPCS may further establish the third proximity measure.
Once the second and/or the third proximity estimate have been established, they may be used for generating the first proximity estimate, or alternatively may be stored locally for future use. Alternatively they may be digitally signed by the CRPCS and communicated to other PCSes. Even more alternatively the PCS may generate a digital certificate comprising the second and/or the third proximity estimate that can be transported over the network, and may be used by other PCSes, or other nodes that require knowledge of such a proximity estimate without the need for further RTT measurements. By combining the second and third proximity estimates with the time of challenging a) Ta and the time of receiving b) Tb using Equation 1, the first proximity can be generated. In one embodiment this involves calculating the time between the challenging a) Ta and the receiving b) Tb, and subsequently subtracting the second and the third proximity estimates. Fig. 2B presents a schematic representation of the generation of a first proximity estimate IPX in case of a scenario involving two PCSes: a challenging PCS, hereafter CPCS, and a receiving PCS, hereafter RPCS.
Within this scenario three different subsets of embodiments may be distinguished: - A first subset wherein both the CPCS and RPCS have the same notion of time.
A second subset wherein:
- at least the RPCS has a notion of time,
- the RPCS has access to a fourth proximity estimate 4PX indicative of the proximity between the CPCS and the RPCS, and - the CPCS, on challenging a) sends a notification thereof to the RPCS.
A third subset wherein:
- at least the CPCS has a notion of time,
- the CPCS has access to the fourth proximity estimate PX, and
- the RPCS, on receiving b) sends a notification thereof to the CPCS.
In embodiments according to the first subset of embodiments the CPRCS and the RPCS may register the timestamp of the challenging a) and the receiving b). As both timestamps relate to the same notion of time, they can be used directly for computing the first proximity estimate IPX. In addition the second and third proximity estimates are established. In this case the CPCS establishes the second proximity estimate and the RPCS establishes the third proximity estimate. The timestamps and the proximity estimates can be collected at either PCS, or an alternate trusted party, and can subsequently be used to generate the first proximity estimate, by application of Equation 1. Techniques for clock distribution, and network node synchronization are known to those skilled in the art, reference is made to "Using NTP to Control and Synchronize System Clocks - Part I: Introduction to NTP", available at http ://www.sun. com/blueprints/0701 /NTP .pdf. Various alternatives may be envisaged for communicating timestamps and or further information from one PCS to another. In one embodiment all information is communicated directly from one PCS to the other PCS. In an alternate embodiment a timestamp representative for the moment of challenging a), is signed by the CPCS, and is incorporated in the second challenge 2C presented to the first node Nl by the CPCS. This signed timestamp may be further communicated by means of the first challenge 1C and the first response IR to the RPCS. In doing so the number of messages passed over the network may be kept to a minimum.
In embodiments according to the second and the third subset, the fourth proximity estimate 4PX provides additional information with respect to the proximity between the CPCS and the RPCS. The fourth proximity estimate 4PX is either used to establish the moment of the challenging a) Ta or the moment of the receiving b) Tb.
In embodiments according to the second subset the fourth proximity estimate 4PX, in combination with an additional notification from the CPCS to the RPCS allows the RPCS to establish the time of the challenging a). Fig. 3 A presents a timeline that shows the use of the fourth proximity estimate 4PX in establishing the timestamp of the challenging a) Ta by the RPCS.
In this scenario the CPCS sends a second challenge 2C to the first node Nl on T a. In addition the CPCS also sends a first message FM to the RPCS. At TFM the RPCS receives the first message FM from the CPCS. In response to the second challenge 2C, the first node Nl sends a first challenge 1C to the second node N2. On arrival the second node N2 sends a first response IR to the RPCS. The RPCS receives the first response at Tb. Tb corresponds to the time of receiving b).
Using the fourth proximity estimate 4PX the RPCS can now calculate the approximate time of challenging a) T a by the CPCS using both TFM and the fourth proximity estimate 4PX using Equation 3.
Figure imgf000013_0001
Subsequently Equation 1 may be used to compute the first proximity estimate. In embodiments according to the third subset the fourth proximity estimate 4PX, is used in combination with a notification from the RPCS to the CPCS to allow the CPCS to establish the time of the receiving b). Fig. 3B presents a timeline that depicts the use of the fourth proximity estimate 4PX as used for establishing the timestamp of the receiving b) Tb.
In this scenario the CPCS sends a second challenge 2C to the first node Nl on T a. The first node Nl in response sends a first challenge 1C to the second node N2. The second node N2 in response sends a first response IR to the RPCS. Upon the receiving b), at Tb, the RPCS forwards the first response IR to the CPCS. The CPCS receives the forwarded response on T FR.
Using the fourth proximity estimate 4PX the CPCS can now calculate the approximate time of the receiving b) T b by the RPCS. To this end the CPCS uses both T FR and the fourth proximity estimate 4PX in combination with Equation 4.
Tb = TFR - 4PX Eq. 4
Subsequently Equation 1 may be used to compute the first proximity estimate.
It will be clear to those skilled in the art that in embodiments according to the third subset the RPCS only has a minor role. The RPCS merely forwards the first response IR to the CPCS. This resembles the role of a regular node or a PCS node in the path between the second node and the CRPCS in a single PCS solution. It is important to note however that the receiving b) here is performed by the RPCS, and therefore is different from single PCS solution.
In case of embodiments from the second and the third subset of embodiments, the fourth proximity estimate is used to relate the timestamps of the challenging a) at the CPCS and the receiving b) at the RPCS respectively. It may be argued that in embodiments according to the first subset of embodiments the fourth proximity estimate 4PX has been accounted for in the clock distribution, or clock synchronization, of the CPCS and the RPCS.
Further extending this argumentation it is possible to consider the combination of the CPCS and the RPCS as a single "super"-PCS. The "super"-PCS conducts a RTT measurement from the "super" PCS to the first node, to the second node, and back to the "super" PCS.
From the above analysis it will be clear that a single PCS solution if possible is preferable it does not involve the use of a fourth proximity estimate 4PX as an approximation of the time of path latency between the CPCS, and the RPCS. Moreover it does not require sharing of information between the CPCS and the RPCS. Timing information regarding the challenging a) and the receiving b) need not pass over the network and may be kept in a tamper-resilient environment, within the realm of control of the single PCS. The arrival of challenges and responses in a network environment, and particularly in best effort networks such as the Internet, may be dependent on the network topology, the network traffic-load, as well as the message routing. As a result of message routing and/or variations in network load, first proximity estimates generated according to the method of the present invention may show a substantial statistical variation. In order to obtain a more reliable first proximity estimate multiple iterations may be conducted when determining the first, the second, the third, and the fourth proximity estimates. In order to eliminate directional dependencies, the roles of CPCS and RPCS may be reversed in the process together with the roles of the first node Nl, and the second node N2. In a single PCS scenario this results in reversing the roles of the first node Nl and the second node N2 only.
Fig. 4 presents a communication diagram depicting the communications in a method according to the present invention involving two PCSes, PCSl and PCS2. In a first phase PCSl functions as the challenging PCS, and in the second phase it functions as the receiving PCS. In contrast PCS2 functions as the receiving PCS in the first, and as the challenging PCS in the second phase. We further assume that both PCSl and PCS2 have the same notion of time.
During the first phase, PCSl sends a second challenge 2C to a first node Nl, the first node Nl immediately responds with a second response 2R to PCSl. PCSl may, based on the second response 2R, establish a second proximity estimate 2PX indicative of the proximity of PCSl to the first node Nl . In addition the first node also sends a first challenge 1C to a second node N2.
In the second phase a similar protocol is followed wherein the roles of PCSl and PCS2 are reversed, as well as the roles of the first node Nl and the second node N2. In the second phase PCS2 can establish a third proximity estimate 3PX indicative of the proximity of PCS2 to the second node N2.
The communication diagram further depicts a second message 2M from PCSl to PCS2. This message comprises the second proximity estimate 2PX established during the first phase as well as the time of the dispatch time of the second challenge 2C and the arrival time of a sixth response 6R. On receipt of the second message 2M PCS2 has at its disposal, the second and the third proximity estimate, as well as the time-stamps to calculate two separate proximity estimates indicative of the proximity between the first node and the second node.
These separate proximity estimates are established in the first and second phase and relate to the proximity measured in two different directions. One proximity estimate based on the proximity from the first node Nl to the second node N2, and one proximity estimate based on the proximity from the second node N2 to the first node Nl. In order to establish a directionally independent first proximity estimate IPX, an optionally weighted, average of both proximity estimates may be computed. In order to establish a more accurate (first) proximity estimate it is advisable to minimize the influence of processing time on the path latency measurements, or account for the processing time(s) in the generating process. International application WO 2004/030312 (Attorney Docket PHUS020358), herein included by reference, discloses a method of accounting for processing time in proximity estimations. However the method presented therein requires a notion of time at the first and the second node. In case the first node and the second node have a (secure) notion of time the above may be combined advantageously with the present invention.
Alternatively, international application WO 2004/030311 (Attorney Docket PHUS020357), herein included by reference, discloses how to account for processing time when at least one of the nodes does not have a notion of time. This application discloses the possibility to provide two responses resulting from a challenge. A first response confirming the receipt of the challenge, and a further response being the actual response to the challenge after processing the challenge. In particular the latter method may be combined in an advantageous way with a method according to the present invention. Fig. 5 presents a communication diagram for a scenario wherein a single PCS
CRPCS generates a first proximity estimate IPX indicative of the time between receipt of the second challenge 2C by the first node Nl and dispatching the first challenge 1C. In the process a first and second processing time estimate is established and used in the generation of the first proximity estimate IPX. The CRPCS initiates the first proximity estimate IPX generation by sending a second challenge 2C to the first node Nl. Upon receipt of the second challenge 2C, the first node Nl dispatches a second response 2R to the CRPCS. The CRPCS may use this response to determine a second proximity estimate 2PX. In addition the second response 2R is used as an indication of the start of the processing at the first node Nl. Once node Nl has completed processing the second challenge 2C, the first node Nl will send a first challenge 1C to the second node N2. In addition the first node Nl also sends a further response 2R' to the CRPCS.
Based on the second response 2R and the further response 2R', the CRPCS may establish the first processing time estimate IPR indicative of the time between the receipt of the second challenge 2C by the first node Nl and dispatching the first challenge 1C. As the operations performed at the first node Nl may involve cryptographic operations, in particular when also performing authentication, the processing time may constitute a substantial part of the measured path latency. Upon receipt of the first challenge 1C the second node N2 sends a response
IR' to the CRPCS, this in conjunction with the first response IR enables the CRPCS to establish the second processing time estimate 2PR indicative of the time between the receipt of the first challenge 1C by the second node N2 and dispatching the first response IR.
Finally the CRPCS will establish a third proximity estimate 3PX indicative of the distance between the CRPCS and the second node N2 using a third challenge 3C and a third response 3R, or alternatively by obtaining a proximity certificate comprising the third proximity estimate 3PX and verifying its authenticity and validity.
The CRPCS may now use the acquired information, together with the following equation to establish the first proximity estimate IPX using Equation 5.
Tb- Ta = 2PX + IPR + IPX + 2PR + 3PX Eq. 5
The accuracy of the first proximity estimate IPX is subject to variations in both message routing and network load. In order to further prevent attacks by third parties, when generating the first proximity estimate IPX, the method may be advantageously combined with authentication techniques. Such authentication techniques may be fully integrated in the messages that are passed between nodes, but it may also require further messages. By authenticating the nodes involved, and in particularly by authenticating the first node Nl and the second node N2, a more reliable first proximity estimate may be generated.
To authenticate the first node and the second node, the nodes may be challenged to provide proof of authenticity during the challenging and responding. In one embodiment the proof of authenticity may comprise signing a new random number (nonce) generated by the challenging PCS encrypted with the private key of a private/public key of the challenging PCS.
The nodes on receipt of this information may decrypt the information using the public key of the challenging PCS. Subsequently each node encrypts the nonce using their private key of their private/public key pair and appends this to the message. The receiving PCS may subsequently verify whether both nodes have signed the nonce using the appropriate key.
As indicated earlier other nodes may perform the actual generation of the first proximity estimate IPX, provided they receive all required information from the challenging and/or the receiving PCS.
Once the first proximity estimate IPX is generated a certificate can be generated that comprises the first proximity estimate IPX, and that is signed by a trusted party.
A wide variety of alternative authentication schemes may be conceived that can be incorporated with the present invention. Apart from appending messages the nodes may also communicate the encrypted nonces directly. Instead of public key cryptography symmetric cryptography may be applied.
To obtain more detailed timing information intermediate nodes that relay challenges and responses, in particular other PCSes, may append additional timestamp in the process. Apart from providing the encrypted nonces, the nodes may also append certificates comprising their public keys signed by a certifying authority. Instead of appending public key information Uniform Resource Locators (URLs) may be applied, indicative of where such information may be obtained.
In further advantageous embodiments the proximity estimates generated in the process are subsequently used to create proximity certificates. Such a certificate comprises one or more the proximity estimate, and is preferably signed by a certifying authority. The latter enables third parties intent to use the proximity estimate comprised in the certificate to ascertain the authenticity of the certificate, using the public key of the certifying authority. Such certificates may be generated for any proximity estimate. Proximity certificates comprising the second, third, and/or fourth proximity estimate may be used during the generation of the first proximity estimates. A certificate comprising the first proximity estimate IPX in turn may be used instead of generating the first proximity estimate. The main advantage of using such proximity certificates is that it reduces the load to both the network and the PCSes. Proximity certificates are particularly useful in networks with fixed network topology.
Optionally proximity certificates may comprise an indication as to their period of validity. The latter is particularly useful in situations where the network topology is more dynamic, or when temporary renewal is in order.
Once the first proximity estimate is generated it can be applied in a method of determining a level of allowed communication between the first device and the second device. The first proximity estimate may be used to differentiate between local devices, or remote devices. As the first proximity estimate is based on path latency, there typically is a correlation between the physical distance and the path latency. It is however very difficult to quantify such correlation, as it not only depends on network topology, but also on the dynamics of message routing in the network, and the network load. Nevertheless the first proximity estimate may however be used as a proximity estimate to localize communication, in particularly of data under control of a DRM system.
Fig. 6 presents a block diagram of a PCS 600 according to the present invention. The PCS 600 comprises transmitting means 620, arranged to transmit data 670 over a network, and receiving means 630 arranged to receive data 680 from the network. A PCS 600 may be used for generating a proximity estimate indicative of the proximity of two nodes on a network.
To generate the proximity estimate the PCS 600 further comprises a processing means 610, a memory 640, and a storage means 650, optionally an external storage 660, such as a network storage may be provided. The PCS 600 depicted in Fig. 6 further comprises an obtaining means 690 arranged to obtain time-stamps. Here the obtaining means is an internal clock that provides the PCS with a notion of time. The depicted obtaining means 690 is arranged to periodically synchronize with a PCS network clock 695.
The PCS 600 may be used as challenging or receiving PCS in methods according to the present invention. The transmission, receiving and processing means can be implemented in completely in hardware or primarily in software. Fig. 7 presents a schematic representation of a system for determining a level of allowed communication between a first node Nl and a second node N2 in a network 700. The present invention may be used as an enabling technology for a DRM system. A DRM system typically controls the distribution, the copying and the use of digital content such as, but not limited to, audio or video content. The present invention could be used in such a DRM system in order to "localize" sharing, or use of content. Before content is sent for example from a central repository node Nl in an in- ho me network to a rendering node N2 in the in- ho me network, the DRM system will determine the allowed level of communication between the nodes. Fig. 7 depicts a system (710) for determining a level of allowed communication between a first node (Nl) and a second node (N2) in a network 700. The network (700) comprising a central content repository, here node Nl, and a rendering node, here node N2. The present invention can be used to provide a localization mechanism based on path latency, by controlling distribution of content from the central content repository Nl , to the rendering node N2.
Based on a first proximity estimate IPX generated by the DRM system (710) content may be distributed from node Nl to the rendering node N2. In an alternate embodiment the system does not control the actual distribution of the content but provides decryption information in dependence of the first proximity estimate IPX to the rendering node N2. In Fig. 7 the central content repository Nl and the rendering node N2 do not require a (secure) notion of time, only system (710) does.
In co-pending application IB2005/052890 (Attorney Dockets PHNL041045, PFINL040992) an alternate method for establishing proximity between two network nodes that do not have a secure notion of time is described. This application provides a method, a proximity check server, a system, and a computer program product, for determining the level of allowed communication between a first and a second device in a home network. The level of communication is based upon Round Trip Time measurements between a first proximity check server and the first device and a second proximity check server and the second device. The above application among others establishes an upper bound for the proximity of two nodes in a network. Consider a scenario involving a single PCS. In the above application estimates are generated for both the proximity of the first node to the PCS as well as the proximity of the second node to the PCS. The application proposes to use the sum of these proximity estimates as an upper bound for the proximity of the first and the second node. This scenario resembles the use of the sum of the length of two sides of a triangle as an upper bound for the length of the third side.
The present invention is different from the above application, in that it addresses the generation of an alternate proximity estimate in an alternate manner that involves a first challenge by the first device to the second device. As a result of this first challenge, in one method according to the present invention, a proximity estimate is formed for the actual proximity of the two devices rather than an upper bound of the proximity of the two devices in the network.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

CLAIMS:
1. Method of generating a first proximity estimate (IPX) based on a path latency indicative of the proximity of a first node (Nl) to a second node (N2) in a network, the method comprising the following steps: a) challenging the first node (Nl) to send a first challenge (1C) to the second node (N2), b) receiving a first response (IR) from the second node (Nl), the first response (IR) having been sent in response to the first challenge (1C), and c) generating the first proximity estimate (IPX), based at least in part on the challenging a), and the receiving b).
2. Method of claim 1, wherein: the challenging a) is performed by a challenging proximity check server (CPCS, CRPCS) by sending a second challenge (2C) to the first node (Nl), the receiving b) is performed by a receiving proximity check server (RCPS, CRPCS), by receiving the first response (IR) from the second node (N2).
3. Method of claim 2, wherein the first proximity estimate (IPX) is further based at least in part on: a second proximity estimate (2PX) indicative of the proximity of the challenging proximity check server (CPCS, CRPCS) to the first node (Nl), and a third proximity estimate (3PX) indicative of the proximity of the receiving proximity check server (RPCS, CRPCS) to the second node (N2).
4. Method of claim 1, wherein the challenging a), the first challenge (1C) and the first response (IR), are further used for authentication of the first node (Nl) and the second node (N2).
5. Method of claim 1, wherein the first response (IR) comprises at least part of a first data provided in the challenging a), signed by the first node (Nl), at least part of the first data provided in the challenging a), forwarded by the first node (Nl), and signed by the second node (N2).
6. Method of claim 1 , wherein the first proximity estimate (IPX) is further at least in part based on: a first processing time estimate (IPR) indicative of the time between the receiving of the challenging a) and dispatching the first challenge (1C), and a second processing time estimate (2PR) indicative of the time between the receiving of the first challenge (1C) and dispatching the first response (IR).
7. Method of claim 3, wherein generating at least one of the second (2PX) and the third (3PX) proximity estimate involves conducting a Round-Trip Time measurement by one of the challenging (CPCS, CRPCS) and receiving (RPCS, CRPCS) proximity check server.
8. Method of claim 3, wherein generating at least one of the second (2PX) and third proximity (3PX) estimate involves respectively authenticating at least one of the first node (Nl) and the second node (N2) to at least one of the challenging proximity check server (CPCS, CRPCS) and the receiving proximity check server (RPCS, CRPCS).
9. Method of claim 3, the method further comprising receiving a second response (2R) by the challenging proximity check server (CPCS, CRPCS), the second response (2R) in response to the second challenge (2C) from the challenging proximity server (CPCS, CRPCS), and generating the second proximity estimate (2PX) based on the second challenge (2C) and the second response (2R).
10. Method of claim 3, the method further comprising receiving a certificate comprising at least one of the second proximity estimate (2PX) and the third proximity estimate (3PX) and verifying authenticity of the certificate.
11. Method of claim 3, wherein both the challenging (CRPCS) and receiving proximity check server (CRPCS) is the same proximity check server (CRPCS).
12. Method of claim 3, wherein the first proximity estimate (IPX) is further based at least in part on a fourth proximity estimate (4PX) indicative of the proximity of the challenging proximity check server (CRPCS) to the receiving proximity check server (RPCS).
13. Method of claim 1, the method further comprising generating a first certificate comprising the first proximity estimate (IPX).
14. Use of the method of claim 1, in a method of determining a level of allowed communication between the first device (Nl) and the second device (N2).
15. Proximity check server (600) for generating a first proximity estimate (IPX) based on path latency indicative of the proximity of a first node (Nl) to a second node (N2) in a network 700, the proximity check server (600) comprising: - a transmitting means (620) arranged to transmit data (670) over the network
700, a receiving means (630) arranged to receive data (680) from the network (700), an obtaining means (690) arranged to obtain timestamps, - the receiving means (630) further arranged to at least receive a first response
(IR) from the second node (N2) in response to a first challenge (1C), the first challenge (1C) generated in response to a second challenge (2C) from a proximity check server (CPCS, CRPCS) challenging the first node (Nl), and a processing means (610) arranged to generate a first proximity estimate (IPX) indicative of the proximity of the first node (Nl) to the second node (N2), the first proximity estimate (IPX) based at least in part on the sending of the second challenge (2C) and the receipt of the first response (IR).
16. Proximity check server (600) of claim 15, the processing means (610) further arranged to at least: obtain a second proximity estimate (2PX), indicative of the proximity of the first node (Nl) to the challenging proximity check server (CPCS, CRPCS), obtain a third proximity estimate (3PX), indicative of the proximity of the second node (N2) to the proximity check server (RCPS, CRPCS), and to generate the first proximity estimate (IPX) based further at least on the second proximity estimate (2PX) and the third proximity estimate (3PX).
17. Proximity check server (600) of claim 15, wherein the proximity check server (CRPCS) conducts both the challenging and the receiving, the transmitting means (620) further arranged to transmit the second challenge (2C) to the first node (Nl), thereby challenging the first node (Nl) to send the first challenge (1C) to the second node (N2).
18. System (710) for determining a level of allowed communication between a first node (Nl) and a second node (N2) in a network 700, the system comprising a proximity check server (600) according to claim 15, the system (710) further characterized in that the proximity check server (600) is arranged to establish a first proximity estimate (IPX) for use in the determining.
19. A computer program product comprising program code means stored on a computer readable medium for performing the method of any of the claims 1 to 13 when said program product is run on a computer.
PCT/IB2006/054907 2005-12-22 2006-12-18 Method and apparatus for generating proximity estimate WO2007072388A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05112750 2005-12-22
EP05112750.4 2005-12-22

Publications (1)

Publication Number Publication Date
WO2007072388A1 true WO2007072388A1 (en) 2007-06-28

Family

ID=38051733

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/054907 WO2007072388A1 (en) 2005-12-22 2006-12-18 Method and apparatus for generating proximity estimate

Country Status (1)

Country Link
WO (1) WO2007072388A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004012424A2 (en) * 2002-07-29 2004-02-05 Meshnetworks, Inc. A system and method for determining physical location of a node in a wireless network during an authentication check of the node
FR2851866A1 (en) * 2003-02-27 2004-09-03 Canon Kk Peer/peer communications network digital image file allocation having pair groups separating digital words with service allocation selection following function connection value

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004012424A2 (en) * 2002-07-29 2004-02-05 Meshnetworks, Inc. A system and method for determining physical location of a node in a wireless network during an authentication check of the node
FR2851866A1 (en) * 2003-02-27 2004-09-03 Canon Kk Peer/peer communications network digital image file allocation having pair groups separating digital words with service allocation selection following function connection value

Similar Documents

Publication Publication Date Title
JP4861327B2 (en) Proximity check server
Cui et al. HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs
He et al. A strong user authentication scheme with smart cards for wireless communications
EP2090998B1 (en) Method and system for determining proximity between two entities
US7653713B2 (en) Method of measuring round trip time and proximity checking method using the same
US20130312072A1 (en) Method for establishing secure communication between nodes in a network, network node, key manager, installation device and computer program product
US20080148043A1 (en) Establishing a secured communication session
CN102577301A (en) Method and apparatus for trusted authentication and logon
CN113824570B (en) Block chain-based security terminal authentication method and system
JP4464918B2 (en) How to verify a node on the network
Yadav et al. An EAP-based mutual authentication protocol for WLAN-connected IoT devices
Madhusudhan A secure and lightweight authentication scheme for roaming service in global mobile networks
Madhusudhan Mobile user authentication protocol with privacy preserving for roaming service in GLOMONET
CN111654481B (en) Identity authentication method, identity authentication device and storage medium
Chang et al. A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment
EP2028820A2 (en) Method and apparatus for checking round trip based on challenge response as well as computer readable medium having recorded thereon program for the method
Nikooghadam et al. A provably secure ECC-based roaming authentication scheme for global mobility networks
KR101162333B1 (en) Method and apparatus for checking RTT based on challenge response, and computer readable medium thereof
JP4571117B2 (en) Authentication method and apparatus
Tseng et al. A robust user authentication scheme with self‐certificates for wireless sensor networks
Alharbi et al. {CSProp}: ciphertext and signature propagation {Low-Overhead}{Public-Key} cryptosystem for {IoT} environments
Bittl Privacy conserving low volume information retrieval from backbone services in VANETs
KR101165350B1 (en) An Authentication Method of Device Member In Ubiquitous Computing Network
KR20100002424A (en) Method for generating secure key using certificateless public key
WO2007072388A1 (en) Method and apparatus for generating proximity estimate

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06842569

Country of ref document: EP

Kind code of ref document: A1