WO2018109529A1 - Method and system for securely pairing two or more devices - Google Patents

Method and system for securely pairing two or more devices Download PDF

Info

Publication number
WO2018109529A1
WO2018109529A1 PCT/IB2016/057672 IB2016057672W WO2018109529A1 WO 2018109529 A1 WO2018109529 A1 WO 2018109529A1 IB 2016057672 W IB2016057672 W IB 2016057672W WO 2018109529 A1 WO2018109529 A1 WO 2018109529A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
secret
mobile device
communication channel
activation mobile
Prior art date
Application number
PCT/IB2016/057672
Other languages
French (fr)
Inventor
Stefan Meyer
Jean-Paul Sandoz
Original Assignee
Smart Security Systems Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Smart Security Systems Sa filed Critical Smart Security Systems Sa
Priority to PCT/IB2016/057672 priority Critical patent/WO2018109529A1/en
Publication of WO2018109529A1 publication Critical patent/WO2018109529A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention concerns a method and a system for providing secure data exchange between devices using wired and/or wireless connections. Description of related art
  • NFC Near field communication
  • WO2013/016327 describes a payment system including a mobile
  • NFC radio links provide low-speed connection while NFC signals are vulnerable to malicious attack as NFC signals could be intercepted and acquired beyond a distance of a meter.
  • the aim of the invention is to provide a more secure and efficient solution for data exchange between devices with respect to known systems.
  • the communication between the first and the second device as data is coded with the received secret and exchanged on a radio or wired channel capable of high data rate.
  • the secret is communicated to the first device through a wireless non-radio channel that is distinct and
  • the proposed solution provides a pairing operating (peer-to-peer connection) without requiring access to a remote server for generating and checking secrets.
  • the secret is therefore not shared with a third party (i.e. to obtain authentication certificate) which harness the invention into a well- rounded solution for trusted computing problems in the society,
  • Fig. 1 and 2 show exemplary schemes of a pairing between a first device and a second device comprising an activation mobile device
  • Fig. 3 and 4 shows exemplary schemes of a pairing between a first and a second device by means of an activation mobile device.
  • the invention concerns pairing systems and methods for providing secure and efficient data exchange between the devices on a wired or wireless radio data channel.
  • the wireless radio channel is a wireless channel based on propagation of electromagnetic waves having frequencies lying in the range of Radio Frequency (RF) used for communications or radar signals, i.e. in a range from 3 kHz to 300 GHz.
  • RF Radio Frequency
  • the pairing of the devices is operated through an activation mobile device configured to provide a secret to each of the devices through a control communication channel so as to provide data coding of data to be sent through the data communication channel.
  • control communication channel is a distinct and independent channel with respect to the data channel.
  • the control communication channel is a wireless non-radio channel, i.e. a wireless channel not employing electromagnetic waves having frequencies lying in the range of Radio Frequency.
  • a wireless non-radio channel i.e. a wireless channel not employing electromagnetic waves having frequencies lying in the range of Radio Frequency.
  • This permits mobility of devices while limiting the propagation of channel signals to smaller distances and spaces with respect to RF signals, as non- radio signals possess non-optimal propagation and obstacle-overtaking features.
  • the use of non-radio signals ensures that the activation mobile device has to be near and in-line-of-sight with respect to the first device for pairing it, notably near and in line-of-sight with respect to the receiving means of the first device.
  • the control communication channel can thus be based on a transmission medium employing electromagnetic waves not belonging to the Radio Frequency, such as microwaves, infrared radiation (IR), visible light and ultraviolet radiation.
  • the control communication channel can also be based on a transmission medium employing non-electromagnetic waves, such as mechanical waves propagating through the air, such as acoustic waves (i.e. sounds).
  • the control communication channel can be a focalized wireless channel so that channel signals propagate themselves through the air substantially in a single beam or bundle of signals, i.e. in a beam or bundle within an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad.
  • At least one link, preferably all the links, forming the control communication channel are arranged, configured or designed so that emitted signals propagate themselves substantially in a single beam or bundle.
  • This solution permits to furthermore limit the area wherein channel signals are propagated so as to make more difficult secret interception and malicious attack.
  • the use of the focalized channel ensures that signals are received uniquely to devices located in front of the activation mobile device, notably in the direction of the signals emitted by the activation mobile device.
  • the control communication channel can be a unidirectional or a bi-directional channel between the activation mobile device and the first and/or second device.
  • the secret is generated in the activation mobile device.
  • the secret is a single-session secret, i.e. a distinct secret is used each time a pairing procedure is launched.
  • the secret comprises at least a cryptographic key, such as a symmetric cryptographic key or an asymmetric cryptographic key (e.g. an encryption or a decryption key of a keypair), so as to provide encryption of data, notably symmetric-key and/or asymmetric data encryption (e.g. public-key encryption).
  • a cryptographic key such as a symmetric cryptographic key or an asymmetric cryptographic key (e.g. an encryption or a decryption key of a keypair), so as to provide encryption of data, notably symmetric-key and/or asymmetric data encryption (e.g. public-key encryption).
  • the secret comprises a modulation code for spread-spectrum modulation of data on the data communication channel, such as direct-sequence and/or frequency-hoping spread spectrum modulation.
  • the secret can be generated by a secret generator that is comprised in the activation mobile device.
  • the generator can be designed and/or configured to generate the secret based on digital numbers, sequences and/or data stored within the device itself and/or within an accessory operationally connected to the activation device, preferably the accessory being physically connected to the activation device.
  • the generator can be also designed and/or
  • the secret generator can comprise a random generator configured to generate random or pseudorandom numbers and/or digital sequences, from, for example, a user input or a measure of a physical process affecting the activation mobile device itself or of one of its accessories, such as a thermal noise affecting a circuit of the activation mobile device or of an accessory of the activation mobile device.
  • the secret generator is configured to generate a secret in response to an identification and/or recognition of a user through a user interface and/or an ID sensor (e.g. a biometric sensor) of the activation mobile device.
  • the identification and/or recognition of the user can be based on comparing collected data with data and ID data (e.g.
  • biometric data of a database operationally located within the activation mobile device.
  • the identification and/or recognition of the user can be based on comparing collected data with data and biometric data of a database operationally located in a remote server.
  • the identification and/or recognition of the authentication device and/or of the user can be validated by receiving an electronic validation or evidence from a remote server (e.g. in form of a decentralized network of peers) running a blockchain-based application or service.
  • a remote server e.g. in form of a decentralized network of peers
  • a blockchain-based application or service running a blockchain-based application or service.
  • the secret generator is further configured to generate a secret based on an electronic identity of the user and/or data collected by the user interface and/or the biometric sensor of the activation mobile device.
  • the activation mobile device can be configured to permit a running application and/or the user to select a command within a group of commands and to transmit it through the control communication channel so as to prompt the first and/or second device to transmit uniquely a predefined group of data through the data communication channel.
  • the activation mobile device can comprise a control unit providing control of the activation mobile device by means of command or signal received from an external device via a communication channel, preferably via the wireless non-radio channel.
  • the control unit provides thus a user to remotely control operations in the activation mobile device, for example by means of another activation mobile device, a computer or a portable device, eventually in form of a running application.
  • the external device can be paired with the activation mobile device by means of a secret shared via the control communication channel activation mobile device, e.g. according to one of the above-discussed pairing methods.
  • FIG. 1 shows an exemplary scheme of a pairing between a first device 1 and a second device comprising the activation mobile device 3, wherein the first and the second device are linked together with a data communication channel being a wireless radio channel 40.
  • the first device 1 can be an immobile, a temporary immobile, a transportable device or a mobile device.
  • the activation mobile device (itself or by means of the second device) is provided with a wireless communication module 32 providing wireless radio links, notably for the wireless radio channel 40.
  • the activation mobile device is provided with a user interface 38, e.g. a screen, a touch-screen or a physical or virtual keyboard on a screen unit of the device.
  • the activation mobile device is further provided with an ID sensor (e.g. a biometric sensor 39) in order to identify and/or recognize the user of the device.
  • the activation mobile device is further provided with a module 33 providing a wireless non-radio channel with the first device, based for example on microwaves, infrared radiation, visible light, ultraviolet radiation, and/or mechanical waves such as acoustic waves.
  • the activation mobile device is provided by a coding and/or decoding module 30 providing data coding and/decoding, notably based on the secret 7.
  • the activation mobile device can comprise a control unit providing control of the activation mobile device by means of command or signal received from an external device via the data communication channel and/or the wireless non-radio channel, e.g. another activation mobile device or a computer, eventually in form of a running application.
  • the external device can exchange data and commands with the activation mobile device trough a data communication channel, the data and commands being coded with a secret shared between the activation mobile device and the external device, e.g. through the control channel data.
  • the activation mobile device is comprised in a second device being a portable or wearable consumer electronic device, notably intended for everyday use.
  • a portable or wearable consumer electronic device notably intended for everyday use.
  • most of today's portable or wearable devices intended for everyday use are already equipped with wireless radio communication modules, user interfaces, microphones, loudspeakers and even biometric sensors and IR emitters/receivers.
  • consumer electronic devices are typically provided by a programmable processing unit permitting the
  • an activation mobile device 3 configured to operate as an activation mobile device 3 without requiring additional components.
  • Examples of such devices are: a cell phone or smartphone, a smartwatch, audio/video equipment, a digital exercise watch or wristband, a PDA, a tablet, implanted chips, smart glasses, augmented reality glasses, and smart clothes.
  • the activation mobile device 3 is configured to establish a control communication channel 5 with the first device in order to transmit the secret 7 to it for coding data to be transmitted on the wireless radio channel 40.
  • the control communication channel 5 is established with the first device in order to transmit the secret 7 to it for coding data to be transmitted on the wireless radio channel 40.
  • communication channel 5 is based on an acoustic link established between the sound emitter 33 of the activation mobile device 3 and a sound receiver 13 of the first device.
  • the sound emitter 33 can be a dedicated ultrasound module or even a sound loudspeaker of the portable or wearable consumer electronic device 3.
  • the sound receiver 13 of the first device can be thus a cooperating device designed or configured to receive signals from the sound emitter 33, e.g. a dedicated ultrasound receiver or even a microphone.
  • the activation mobile device and the first device can be configured to provide a bi-directional sound control channel, e.g. by means of a loudspeaker of the first device operating within a range of the microphone of the portable or wearable consumer electronic device 3.
  • the secret generator 37 of the activation mobile device 3 is configured to generate the secret, preferably a single session secret.
  • the secret generator 37 generates a single-session secret by means of a random generator configured to generate random or pseudorandom numbers based on thermal noise affecting a circuit of the activation mobile device 3.
  • the secret generator of fig.1 is further configured to generate the secret once the user is identified and/or recognized by means of data collected by the user interface 38 and/or the biometric sensor 39 of the activation mobile device.
  • the activation mobile device 3 and the first device of Fig.1 are configured to code and decode the secret 7 by means of a channel coding key so as to provide a concealment of the secret
  • the activation mobile device transmits the coded secret to the first device through the control communication channel 5, e.g. by means of sound waves.
  • Sound waves can be used as such as medium for transmitting the secret, especially in form of ultrasound, non- audible waves (sounds), i.e. waves having frequencies in a range from 40 kHz to 10MHz).
  • sounds non- audible waves
  • audible acoustic waves i.e. sounds
  • acoustic waves having frequencies in a range from 20 Hz to 20 KHz can be used as medium for the control communication channel.
  • the coding key is then transmitted to the first device through the data communication channel 40.
  • the channel coding key can be chosen so that the acoustic waves transmitting the coded secret will be perceived by the user as noise sounds.
  • the robustness against malicious attack against wireless communication channels is further enhanced by linking the first device and the activation mobile device 3 comprised in the second device by a control communication channel 5 possessing a second link 52 in addition to the first link 51.
  • the second device can be a portable or wearable consumer electronic device 3, a portable or wearable consumer electronic device 3 with additional components or a dedicated device.
  • the second device is thus arranged or configured to establish a control communication channel 5 that comprises two distinct transmission media, each medium providing a wireless non-radio link 51 , 52.
  • the activation mobile device comprises not only an acoustic module 33 but also an IR module 34 configurable to provide a control communication channel 5 with an acoustic link 51 and an IR link 52.
  • the first device 1 of Fig. 2 is further equipped with a
  • the IR module of the activation mobile device can be designed or configured to generate a focalized IR link 52, i.e. IR signals propagating themselves along a bundle of IR signals, i.e. within a bundle having an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad.
  • one or both links 51 , 52 can be generated to operate as focalized link, i.e. link signals propagate themselves along a beam or bundle of signal, i.e. within an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad.
  • a focalized link provides further robustness against malicious attack on the control communication channel.
  • the IR module 34 of the activation mobile device can thus be designed or configured to generate a focalized IR link 52.
  • the acoustic module 33 of activation mobile device can thus be designed or configured to generate a focalized sound (acoustic) link 51.
  • the activation mobile device 3 of Fig.2 has at its disposal two distinct and independent links for transmitting a secret 71. It could thus split the secret 71 into 2 parts or, alternatively, generate a 2-part secret 71 so as to transmit the first piece 71 1 of the secret 71 through one of these non-radio links 51 , 52 and the second piece 722 of the secret 71 through the other of these non-radio links 51 , 52.
  • the activation mobile device 3 of Figs 1 and 2 can be efficiently employed for applications or services running on a first device that require a communication with a second device as well as evidence of an electronic identity of this device and/or of a user of such device.
  • the activation mobile is included in the second device and configured to operate as a security token, i.e. for electronically proving its identity and/or of the identity of its user, by means of the secret and/or data exchanged on the data communication channel.
  • the activation mobile device 3 can be configured to operate as an electronic key for accessing, for example a vehicle, a building or a restricted access area, by means of the first device 1 being a key lock system or terminal.
  • the activation mobile device 3 can be, alternatively or
  • the activation mobile device 3 can be, alternatively or
  • the activation mobile device 3 can be configured to operate as storage for private and/or sensitive data, such as a digital passport, health data, payment authorization codes, smart contracts, electronic documents, access codes for digital and physical vaults, repositories or gateways;
  • the pairing of the first device 1 and the activation mobile device 3 can thus comprise the steps of, on the activation mobile device:
  • the control communication channel comprises two distinct transmission media, e.g. a transmission medium based on a transmission of acoustic waves and a transmission medium based on infrared electromagnetic radiation.
  • the pairing further comprises a step of transmitting the secret to the first device through the control communication channel, advantageously a first piece of the secret through one of the two distinct transmission media and a second piece of the secret through the other of the two transmission media.
  • the first piece of the secret can be the coded secret, while the second piece of the secret can be the channel coding key.
  • the method for pairing comprises data exchange with the activation mobile device on a wireless radio channel, upon a reception of the secret, i.e. a reception of the first and the second pieces of the secret.
  • Data sent to the activation mobile device are coded with the secret and could comprise queries and requests for digital evidence that the activation mobile device has to provide for identifying and/or recognizing itself and/or the user for accessing the service provided by the first device.
  • digital evidence can be thus generated, e.g. by selectively accessing data of a database within the device or by collecting data provided by the user interface and/or biometric sensor of the device. Digital evidence is then coded based on the secret and transmitted to the first device through the wireless radio channel in order to enable the service provided by the first device, e.g. a financial
  • the activation mobile device 3 operates on, or in-between, a first device 1 and a second device 2.
  • the first and/or second device can be an immobile, a temporary immobile or a mobile device.
  • the activation mobile device provides a pairing between the first and the second device being linked together by a wire channel 42 and/or a wireless radio channel 41 for exchanging data.
  • the pairing procedure of this exemplary embodiment further comprises steps of, on the activation mobile device, establishing a control communication channel 6 in form of a wireless non-radio channel with the second device 2, and transmitting a secret 72 to it through this control communication channel 6.
  • the pairing procedure further comprises a step of generating, on the activation mobile device 3, a second secret 72 for coding and/or decoding data on the second device 2.
  • the transmitted secret 72 could be the same secret 71 as this for the first device (e.g. a symmetric cryptographic key, a modulation code), a secret correlated with the secret
  • the first device e.g. the other cryptographic key of a keypair 71 , 72
  • an independent secret e.g. the secret for the first device.
  • the illustrated embodiment of Fig. 3 comprises a plurality of distinct media 33, 34, at least one
  • the actuating mobile device can be further configured to operate as a wireless relay device in-between the first and the second device by providing a relay wireless radio channel 43, e.g. for application- or service-based critical data.
  • the relay radio channel 43 comprises a wireless radio link 431 connecting the first device with the activation mobile device and another wireless radio link 432 connecting the second device with the activation mobile device.
  • the first and the second radio link 431 can operate in non- overlapping frequencies ranges, e.g. in case of a use of the same secret 71 ,
  • the first and the second radio link 431 can operate in the same or in overlapping ranges, e.g. in case of a use of distinct the secrets 71 , 72 for coding data from/to the first and the second device.
  • the activation mobile device can be configured to decode and re-code data on the relay wireless radio channel based on distinct secrets of the first and the second device.
  • the activation mobile device is configured to systematically decode data received from the first device with its secret 71 and to send this data to the second device, this data being re-coded based on the secret 72 of the second device, and vice versa.
  • the activation mobile device is configured to operate in-between the first and the second device.
  • the first and the second device communicate together uniquely through the activation mobile device, i.e. via the relay wireless radio channel 42 provided by the activation mobile device.
  • the activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for pairing others devices according to the above-described pairing methods, so as more devices can be communicated together via the data communication channel and/or the relay wireless radio channel of the activation mobile.
  • the data communication channel can eventually comprise parallel operating radio and wired links.
  • the activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring a communication between devices located in a confined area that is robust against interferences, jamming or malicious attacks.
  • the activation mobile device can be efficaciously employed for successively starting applications or services not destined to continuously operate on the devices.
  • Examples are communications between manufacturing and controlling machines in a densely occupied facility. Communications are thus affected by inter-channel and near-channel interferences.
  • the activation mobile device can thus be used notably to pair (interconnect) groups of machines so as to ensure a reliable communication between them.
  • the relay wireless radio channel of the activation mobile device is used to communicate critical or sensitive commands to the machines, i.e. commands requiring a supervision and/or approval of the designed technician or workshop supervisor (human or automatic system), by equipping the designated technician or workshop supervisor with the activation mobile device.
  • Another example are communications between distinct functional units in a passenger vehicle (e.g. cars, buses, trains, aircrafts and boats), with a driver or self-driving vehicles, both surface and flying vehicles, notably between functional units of a driving or controlling system of a vehicle based on electrical or electro-mechanical technologies (e.g. driven by wire technologies).
  • a passenger vehicle e.g. cars, buses, trains, aircrafts and boats
  • a driver or self-driving vehicles e.g. cars, buses, trains, aircrafts and boats
  • Such communications could be subjected to interference as well as to malicious jamming and attacks (such as eavesdropping, unauthorized access, hostile takeover, command and control or others threats) perpetrated by passengers, technicians or the crew or by a third person who is controlling devices of the parties mentioned, without their awareness or permission.
  • the driver can be equipped with the activation mobile device, e.g. in form of a wearable device such as a watch, wrist device, a badge with smart-card or smartphone.
  • the driving and controlling system and the actuation mobile device can be configured to transmit data uniquely through the relay wireless radio channel provided by the actuation mobile device so as to ensure a physical presence of the driver when the vehicle is moving.
  • the mobile device can also act as an
  • the actuation mobile device also operates as an anti-theft device.
  • the pilot can be advantageously equipped with the activation mobile device, e.g. in form of a wearable device such as a watch, badge with smart-card or smartphone.
  • the pilot could pair functional units of the driving and controlling system within the cockpit of the aircraft.
  • the driving and controlling system and the actuation mobile device can be configured to transmit critical commands and data uniquely through the relay wireless radio channel provided by the actuation mobile device, in order to ensure a physical presence of the head pilot in the aircraft, notably during the takeoff and landing.
  • the activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring a secure transfer between devices, such as devices collecting and/or storing sensitive or valuable data, e.g. in form of images, multimedia file and documents, databases, statistical data, meteorological data, sounds, thermal and infrared visual data, landscape imaging, password, authentication keys, encryption keys, ID documents, electronic keys and other digital data.
  • the activation mobile device 3 can be, alternatively or complementarily, configured to operate as an authorization key for authorizing data transfer, e.g. authorizing data transmission of data collected and/or stored in the first device 1 to the second device and/or to the activation mobile device 3.
  • the first device is a drone collecting capturing a series of images or readings, sounds, electromagnetic radiation, infrared imagery, landscape readings, signal pings that are transferred to a second device being for example a landing base for the drone during the pairing (synchronisation) mediated by the activation mobile device 3.
  • the first and/or second devices can be:
  • the activation mobile device 3 of Figs 1 to 4 can be
  • a remote server e.g. in form of a decentralized or distributed network of peers
  • a blockchain-based application or service e.g. through Ethereum platform
  • the access can thus be used for recording operations, processes, changes, proofs and evidences on the blockchain so as to provide a timestamp of these events and evidences executed by and/or collected in the activation mobile device 3 and/or the first and/or second device.
  • the access can thus be used for provide an evidence and a timestamp of smart contracts, reports or documents, so as:
  • the evidences can further concern inputted data and ID data collected by the in the activation mobile device 3 and/or the first and/or second device.
  • the activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring records of evidences, notably by means of blockchains.
  • Extension of activation mobile device 3 to blockchain application includes controlling sensitive documents through the device 1, splitting them into small encrypted fractions and uploading them to a distributed storage provided by blockchains or blockchain platforms, such as Ethereum for storage of documents, which would be securely distributed in a number of fractions over the blockchain network servers. Retrieves of the document can then be performed through mediated of device 3 using the proper series of keys that can download all the right encrypted fractions, stitch them together and decrypt in device 1.
  • the storage of documents are fully on blockchain, publicly available, therefore hackable, but fraction of document will be individually encrypted through individual encrypted key before stored, making fractions useless elements, should servers
  • the method for pairing a first device (1) and a second device (2) further include steps of:
  • a distributed storage notably provided by blockchains or blockchain platforms, such as Ethereum for storage of documents, so as to securely distributed them in a number of fractions over the blockchain network servers.
  • the method for pairing a first device (1) and a second device (2) can further include steps of:
  • the secret being a series of keys providing a download a plurality of document fractions of a document from the distributed storage
  • the method for pairing a first device (1) and a second device (2) can further include steps of :
  • the other between the first and second device can comprise the activation mobile device.

Abstract

The invention concerns a method for securely pairing a first device (1) and a second device (2) for exchanging secure data through a data communication channel (41, 42, 43) being is a wired or a wireless radio channel. The method comprises comprising, on an activation mobile device (3), generating a first secret (71) for coding data and establishing a first 5control communication channel (5) between the activation mobile device and the first device so as to transmit to it the first secret through said first control communication channel, the control communication channel being a wireless non-radio communication channel. Upon a reception of said first secret on said first device, data are coded 10using the secret and exchanged via the data communication channel.

Description

Method and system for securely pairing two or more devices
Field of the invention
[0001] The present invention concerns a method and a system for providing secure data exchange between devices using wired and/or wireless connections. Description of related art
[0001] There is currently an interest in systems and methods providing secure data exchange between devices, not only for providing financial transactions but also for providing secure accessing to vehicle or building or secure communication between devices of critical systems or system subjected to jamming or malicious attacks.
[0002] Some methods and systems are currently based on proximity wireless communication technologies, such as Near field communication (NFC), so as to limit the operational range of the radio link.
WO2013/016327 describes a payment system including a mobile
communicator and a point of sale that are configured to communicate together via NFC links. However, the NFC radio links provide low-speed connection while NFC signals are vulnerable to malicious attack as NFC signals could be intercepted and acquired beyond a distance of a meter.
Brief summary of the invention [0003] The aim of the invention is to provide a more secure and efficient solution for data exchange between devices with respect to known systems.
[0004] According to the invention, these aims are achieved by means of method of claim 1 and the system of claim 12.
[0005] The proposed solution provides an efficient and secure
communication between the first and the second device as data is coded with the received secret and exchanged on a radio or wired channel capable of high data rate. Moreover, the secret is communicated to the first device through a wireless non-radio channel that is distinct and
independent from the data channel so as to make secret interception more difficult.
[0006] The proposed solution provides a pairing operating (peer-to-peer connection) without requiring access to a remote server for generating and checking secrets.
[0007] The secret is therefore not shared with a third party (i.e. to obtain authentication certificate) which harness the invention into a well- rounded solution for trusted computing problems in the society,
particularly in the loT domain.
Brief Description of the Drawings
[0008] The invention will be better understood with the aid of the description of an embodiment given by way of example and illustrated by the figures, in which:
Fig. 1 and 2 show exemplary schemes of a pairing between a first device and a second device comprising an activation mobile device; Fig. 3 and 4 shows exemplary schemes of a pairing between a first and a second device by means of an activation mobile device.
Detailed Description of possible embodiments of the Invention
[0009] The invention concerns pairing systems and methods for providing secure and efficient data exchange between the devices on a wired or wireless radio data channel. [0010] The wireless radio channel is a wireless channel based on propagation of electromagnetic waves having frequencies lying in the range of Radio Frequency (RF) used for communications or radar signals, i.e. in a range from 3 kHz to 300 GHz. [0011] The pairing of the devices is operated through an activation mobile device configured to provide a secret to each of the devices through a control communication channel so as to provide data coding of data to be sent through the data communication channel.
[0012] In order to increase the robustness of the control communication channel against malicious attack, the control communication channel is a distinct and independent channel with respect to the data channel.
[0013] Advantageously, the control communication channel is a wireless non-radio channel, i.e. a wireless channel not employing electromagnetic waves having frequencies lying in the range of Radio Frequency. This permits mobility of devices while limiting the propagation of channel signals to smaller distances and spaces with respect to RF signals, as non- radio signals possess non-optimal propagation and obstacle-overtaking features. The use of non-radio signals ensures that the activation mobile device has to be near and in-line-of-sight with respect to the first device for pairing it, notably near and in line-of-sight with respect to the receiving means of the first device.
[0014] The proposed solution is unaffected by the slow data rate provided by such non-radio signals with respect to radio signal, as this channel is used to transmit the secret while the (encoded) data is
transmitted through the data radio or wired channel.
[0015] The control communication channel can thus be based on a transmission medium employing electromagnetic waves not belonging to the Radio Frequency, such as microwaves, infrared radiation (IR), visible light and ultraviolet radiation. The control communication channel can also be based on a transmission medium employing non-electromagnetic waves, such as mechanical waves propagating through the air, such as acoustic waves (i.e. sounds).The control communication channel can be a focalized wireless channel so that channel signals propagate themselves through the air substantially in a single beam or bundle of signals, i.e. in a beam or bundle within an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad. In case of a multiple-link channel, at least one link, preferably all the links, forming the control communication channel are arranged, configured or designed so that emitted signals propagate themselves substantially in a single beam or bundle. This solution permits to furthermore limit the area wherein channel signals are propagated so as to make more difficult secret interception and malicious attack. The use of the focalized channel ensures that signals are received uniquely to devices located in front of the activation mobile device, notably in the direction of the signals emitted by the activation mobile device.
[0016] The control communication channel can be a unidirectional or a bi-directional channel between the activation mobile device and the first and/or second device.
[0017] The secret is generated in the activation mobile device.
Preferably the secret is a single-session secret, i.e. a distinct secret is used each time a pairing procedure is launched.
[0018] Advantageously, the secret comprises at least a cryptographic key, such as a symmetric cryptographic key or an asymmetric cryptographic key (e.g. an encryption or a decryption key of a keypair), so as to provide encryption of data, notably symmetric-key and/or asymmetric data encryption (e.g. public-key encryption).
[0019] Alternatively or complementarily, the secret comprises a modulation code for spread-spectrum modulation of data on the data communication channel, such as direct-sequence and/or frequency-hoping spread spectrum modulation. [0020] The secret can be generated by a secret generator that is comprised in the activation mobile device.
[0021] The generator can be designed and/or configured to generate the secret based on digital numbers, sequences and/or data stored within the device itself and/or within an accessory operationally connected to the activation device, preferably the accessory being physically connected to the activation device. The generator can be also designed and/or
configured to generate the secret based on user's action, e.g. inputting sequences, manipulation of device's user interfaces and/or operations on the device conducted by the user.
[0022] In particular, the secret generator can comprise a random generator configured to generate random or pseudorandom numbers and/or digital sequences, from, for example, a user input or a measure of a physical process affecting the activation mobile device itself or of one of its accessories, such as a thermal noise affecting a circuit of the activation mobile device or of an accessory of the activation mobile device.
[0023] Advantageously, the secret generator is configured to generate a secret in response to an identification and/or recognition of a user through a user interface and/or an ID sensor (e.g. a biometric sensor) of the activation mobile device. The identification and/or recognition of the user can be based on comparing collected data with data and ID data (e.g.
biometric data) of a database operationally located within the activation mobile device.
[0024] In case of the activation mobile device being configured to have an access to a computer network, the identification and/or recognition of the user can be based on comparing collected data with data and biometric data of a database operationally located in a remote server.
[0025] Alternatively or complementarily, the identification and/or recognition of the authentication device and/or of the user can be validated by receiving an electronic validation or evidence from a remote server (e.g. in form of a decentralized network of peers) running a blockchain-based application or service.
[0026] Advantageously, the secret generator is further configured to generate a secret based on an electronic identity of the user and/or data collected by the user interface and/or the biometric sensor of the activation mobile device.
[0027] The activation mobile device can be configured to permit a running application and/or the user to select a command within a group of commands and to transmit it through the control communication channel so as to prompt the first and/or second device to transmit uniquely a predefined group of data through the data communication channel.
[0028] Alternatively or complementarily to the user interface, the activation mobile device can comprise a control unit providing control of the activation mobile device by means of command or signal received from an external device via a communication channel, preferably via the wireless non-radio channel. The control unit provides thus a user to remotely control operations in the activation mobile device, for example by means of another activation mobile device, a computer or a portable device, eventually in form of a running application. The external device can be paired with the activation mobile device by means of a secret shared via the control communication channel activation mobile device, e.g. according to one of the above-discussed pairing methods.
[0029] Fig. 1 shows an exemplary scheme of a pairing between a first device 1 and a second device comprising the activation mobile device 3, wherein the first and the second device are linked together with a data communication channel being a wireless radio channel 40.
[0030] Depending on the use case, the first device 1 can be an immobile, a temporary immobile, a transportable device or a mobile device. [0031] The activation mobile device (itself or by means of the second device) is provided with a wireless communication module 32 providing wireless radio links, notably for the wireless radio channel 40. Moreover, the activation mobile device is provided with a user interface 38, e.g. a screen, a touch-screen or a physical or virtual keyboard on a screen unit of the device. Advantageously, the activation mobile device is further provided with an ID sensor (e.g. a biometric sensor 39) in order to identify and/or recognize the user of the device.
[0032] The activation mobile device is further provided with a module 33 providing a wireless non-radio channel with the first device, based for example on microwaves, infrared radiation, visible light, ultraviolet radiation, and/or mechanical waves such as acoustic waves.
[0033] The activation mobile device is provided by a coding and/or decoding module 30 providing data coding and/decoding, notably based on the secret 7.
[0034] Alternatively or complementarily to the user interface 38, the activation mobile device can comprise a control unit providing control of the activation mobile device by means of command or signal received from an external device via the data communication channel and/or the wireless non-radio channel, e.g. another activation mobile device or a computer, eventually in form of a running application. Advantageously, the external device can exchange data and commands with the activation mobile device trough a data communication channel, the data and commands being coded with a secret shared between the activation mobile device and the external device, e.g. through the control channel data.
[0035] In the exemplary embodiment of Fig. 1 , the activation mobile device is comprised in a second device being a portable or wearable consumer electronic device, notably intended for everyday use. Actually, most of today's portable or wearable devices intended for everyday use are already equipped with wireless radio communication modules, user interfaces, microphones, loudspeakers and even biometric sensors and IR emitters/receivers. Moreover, such consumer electronic devices are typically provided by a programmable processing unit permitting the
implementation of data coding/decoding functions, notably in a real- or near-real time basis. [0036] These portable consumer electronic devices can be thus
configured to operate as an activation mobile device 3 without requiring additional components. Examples of such devices are: a cell phone or smartphone, a smartwatch, audio/video equipment, a digital exercise watch or wristband, a PDA, a tablet, implanted chips, smart glasses, augmented reality glasses, and smart clothes.
[0037] The activation mobile device 3 is configured to establish a control communication channel 5 with the first device in order to transmit the secret 7 to it for coding data to be transmitted on the wireless radio channel 40. [0038] In the exemplary embodiment of Fig. 1, the control
communication channel 5 is based on an acoustic link established between the sound emitter 33 of the activation mobile device 3 and a sound receiver 13 of the first device.
[0039] The sound emitter 33 can be a dedicated ultrasound module or even a sound loudspeaker of the portable or wearable consumer electronic device 3. The sound receiver 13 of the first device can be thus a cooperating device designed or configured to receive signals from the sound emitter 33, e.g. a dedicated ultrasound receiver or even a microphone.
[0040] Complementarily, the activation mobile device and the first device can be configured to provide a bi-directional sound control channel, e.g. by means of a loudspeaker of the first device operating within a range of the microphone of the portable or wearable consumer electronic device 3. [0041] The secret generator 37 of the activation mobile device 3 is configured to generate the secret, preferably a single session secret. In the exemplary embodiment of Fig. 1, the secret generator 37 generates a single-session secret by means of a random generator configured to generate random or pseudorandom numbers based on thermal noise affecting a circuit of the activation mobile device 3. The secret generator of fig.1 is further configured to generate the secret once the user is identified and/or recognized by means of data collected by the user interface 38 and/or the biometric sensor 39 of the activation mobile device. [0042] In one embodiment, the activation mobile device 3 and the first device of Fig.1 are configured to code and decode the secret 7 by means of a channel coding key so as to provide a concealment of the secret
transmission and/or a protection against channel error over the control communication channel. Thus the activation mobile device transmits the coded secret to the first device through the control communication channel 5, e.g. by means of sound waves. Sound waves can be used as such as medium for transmitting the secret, especially in form of ultrasound, non- audible waves (sounds), i.e. waves having frequencies in a range from 40 kHz to 10MHz). Alternatively or complementarily, audible acoustic waves (i.e. sounds), i.e. acoustic waves having frequencies in a range from 20 Hz to 20 KHz, can be used as medium for the control communication channel. The coding key is then transmitted to the first device through the data communication channel 40. The channel coding key can be chosen so that the acoustic waves transmitting the coded secret will be perceived by the user as noise sounds.
[0043] In the exemplary embodiment of fig.2, the robustness against malicious attack against wireless communication channels is further enhanced by linking the first device and the activation mobile device 3 comprised in the second device by a control communication channel 5 possessing a second link 52 in addition to the first link 51. [0044] In this embodiment, the second device can be a portable or wearable consumer electronic device 3, a portable or wearable consumer electronic device 3 with additional components or a dedicated device.
[0045] The second device is thus arranged or configured to establish a control communication channel 5 that comprises two distinct transmission media, each medium providing a wireless non-radio link 51 , 52.
[0046] In the embodiment of Fig. 2, the activation mobile device comprises not only an acoustic module 33 but also an IR module 34 configurable to provide a control communication channel 5 with an acoustic link 51 and an IR link 52.
[0047] The first device 1 of Fig. 2 is further equipped with a
corresponding IR module 14 configurable to cooperate with the module 34 of the activation mobile device so as to provide a communication on the IR link 52. [0048] Advantageously, the IR module of the activation mobile device can be designed or configured to generate a focalized IR link 52, i.e. IR signals propagating themselves along a bundle of IR signals, i.e. within a bundle having an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad. [0049] Advantageously, one or both links 51 , 52 can be generated to operate as focalized link, i.e. link signals propagate themselves along a beam or bundle of signal, i.e. within an angle of +/-0.5 rad centered on the signal source, preferably within an angle of +/- 0.17 rad. A focalized link provides further robustness against malicious attack on the control communication channel.
[0050] The IR module 34 of the activation mobile device can thus be designed or configured to generate a focalized IR link 52. Alternatively or complementarily, the acoustic module 33 of activation mobile device can thus be designed or configured to generate a focalized sound (acoustic) link 51.
[0051] Thus the activation mobile device 3 of Fig.2 has at its disposal two distinct and independent links for transmitting a secret 71. It could thus split the secret 71 into 2 parts or, alternatively, generate a 2-part secret 71 so as to transmit the first piece 71 1 of the secret 71 through one of these non-radio links 51 , 52 and the second piece 722 of the secret 71 through the other of these non-radio links 51 , 52.
[0052] The activation mobile device 3 of Figs 1 and 2 can be efficiently employed for applications or services running on a first device that require a communication with a second device as well as evidence of an electronic identity of this device and/or of a user of such device. In this case, the activation mobile is included in the second device and configured to operate as a security token, i.e. for electronically proving its identity and/or of the identity of its user, by means of the secret and/or data exchanged on the data communication channel.
[0053] The activation mobile device 3 can be configured to operate as an electronic key for accessing, for example a vehicle, a building or a restricted access area, by means of the first device 1 being a key lock system or terminal.
[0054] The activation mobile device 3 can be, alternatively or
complementarily, configured to operate as an authorization key for providing financial transactions by means of the first device 1 being a financial system or terminal. [0055] The activation mobile device 3 can be, alternatively or
complementarily, configured to operate as an authorization key, authentication key, or security token for authorizing data transfer, e.g. authorizing data transmission from the first device 1 to the activation mobile device 3, e.g. the first device being a device offering a download service for sensitive images, multimedia files or data, such as surveillance and mapping drones, smart electricity meters, meteorological drones, satellites, security cameras, security loggers, GPS tracker devices and other autonomous devices that collect visual, sound or statistical data, while in stationary, mobile (in air or on surface) or semi-mobile modes. [0056] The activation mobile device 3 can be configured to operate as storage for private and/or sensitive data, such as a digital passport, health data, payment authorization codes, smart contracts, electronic documents, access codes for digital and physical vaults, repositories or gateways;
including for example access to buildings, rooms, vehicles (including autonomous and driverless vehicles), compartments as well as individual data storage facilities, databases or memory chips and hard drives, or individual compartments thereof.
[0057] The pairing of the first device 1 and the activation mobile device 3 can thus comprise the steps of, on the activation mobile device:
generating a first secret for coding data and establishing a wireless non- radio communication channel with the first device. Advantageously, the control communication channel comprises two distinct transmission media, e.g. a transmission medium based on a transmission of acoustic waves and a transmission medium based on infrared electromagnetic radiation. The pairing further comprises a step of transmitting the secret to the first device through the control communication channel, advantageously a first piece of the secret through one of the two distinct transmission media and a second piece of the secret through the other of the two transmission media. [0058] In case of a concealment of the secret transmission and/or a protection against channel error over the control communication channel by coding the secret, the first piece of the secret can be the coded secret, while the second piece of the secret can be the channel coding key.
[0059] On the first device, the method for pairing comprises data exchange with the activation mobile device on a wireless radio channel, upon a reception of the secret, i.e. a reception of the first and the second pieces of the secret.
[0060] Data sent to the activation mobile device are coded with the secret and could comprise queries and requests for digital evidence that the activation mobile device has to provide for identifying and/or recognizing itself and/or the user for accessing the service provided by the first device.
[0061] On the activation mobile device, digital evidence can be thus generated, e.g. by selectively accessing data of a database within the device or by collecting data provided by the user interface and/or biometric sensor of the device. Digital evidence is then coded based on the secret and transmitted to the first device through the wireless radio channel in order to enable the service provided by the first device, e.g. a financial
transaction, a health management or a physical access.
[0062] In the exemplary embodiments of Figs. 3 and 4, the activation mobile device 3 operates on, or in-between, a first device 1 and a second device 2.
[0063] Depending on the use case, the first and/or second device can be an immobile, a temporary immobile or a mobile device.
[0064] In the exemplary embodiments of Figs. 3, the activation mobile device provides a pairing between the first and the second device being linked together by a wire channel 42 and/or a wireless radio channel 41 for exchanging data.
[0065] The pairing procedure of this exemplary embodiment further comprises steps of, on the activation mobile device, establishing a control communication channel 6 in form of a wireless non-radio channel with the second device 2, and transmitting a secret 72 to it through this control communication channel 6. [0066] The pairing procedure further comprises a step of generating, on the activation mobile device 3, a second secret 72 for coding and/or decoding data on the second device 2. Depending on the application running on the first and/or on the second device, the transmitted secret 72 could be the same secret 71 as this for the first device (e.g. a symmetric cryptographic key, a modulation code), a secret correlated with the secret
71 for the first device (e.g. the other cryptographic key of a keypair 71 , 72) or an independent secret.
[0067] Similarly to the embodiment of Fig.2, the illustrated embodiment of Fig. 3 comprises a plurality of distinct media 33, 34, at least one
providing a wireless non-radio channel. The secret 72 could thus be generated or digitally split into a plurality of pieces 721 , 722 so as to configure each medium to transmit at least one distinct piece to the second device. [0068] The actuating mobile device can be further configured to operate as a wireless relay device in-between the first and the second device by providing a relay wireless radio channel 43, e.g. for application- or service-based critical data. The relay radio channel 43 comprises a wireless radio link 431 connecting the first device with the activation mobile device and another wireless radio link 432 connecting the second device with the activation mobile device.
[0069] The first and the second radio link 431 can operate in non- overlapping frequencies ranges, e.g. in case of a use of the same secret 71 ,
72 for coding data from/to the first and the second device. [0070] The first and the second radio link 431 can operate in the same or in overlapping ranges, e.g. in case of a use of distinct the secrets 71 , 72 for coding data from/to the first and the second device.
[0071] Depending on the used secrets, the activation mobile device can be configured to decode and re-code data on the relay wireless radio channel based on distinct secrets of the first and the second device. In this case, the activation mobile device is configured to systematically decode data received from the first device with its secret 71 and to send this data to the second device, this data being re-coded based on the secret 72 of the second device, and vice versa. [0072] In the exemplary embodiment of Fig. 4, the activation mobile device is configured to operate in-between the first and the second device.
[0073] In this embodiment, the first and the second device communicate together uniquely through the activation mobile device, i.e. via the relay wireless radio channel 42 provided by the activation mobile device. [0074] The activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for pairing others devices according to the above-described pairing methods, so as more devices can be communicated together via the data communication channel and/or the relay wireless radio channel of the activation mobile. In this configuration, the data communication channel can eventually comprise parallel operating radio and wired links.
[0075] The activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring a communication between devices located in a confined area that is robust against interferences, jamming or malicious attacks. In particular, the activation mobile device can be efficaciously employed for successively starting applications or services not destined to continuously operate on the devices.
[0076] Examples are communications between manufacturing and controlling machines in a densely occupied facility. Communications are thus affected by inter-channel and near-channel interferences. The activation mobile device can thus be used notably to pair (interconnect) groups of machines so as to ensure a reliable communication between them. Advantageously, the relay wireless radio channel of the activation mobile device is used to communicate critical or sensitive commands to the machines, i.e. commands requiring a supervision and/or approval of the designed technician or workshop supervisor (human or automatic system), by equipping the designated technician or workshop supervisor with the activation mobile device.
[0077] Another example are communications between distinct functional units in a passenger vehicle (e.g. cars, buses, trains, aircrafts and boats), with a driver or self-driving vehicles, both surface and flying vehicles, notably between functional units of a driving or controlling system of a vehicle based on electrical or electro-mechanical technologies (e.g. driven by wire technologies). Such communications could be subjected to interference as well as to malicious jamming and attacks (such as eavesdropping, unauthorized access, hostile takeover, command and control or others threats) perpetrated by passengers, technicians or the crew or by a third person who is controlling devices of the parties mentioned, without their awareness or permission.
[0078] In case of a driving system of a land or surface vehicle, such as a wheeled or a railed vehicle, the driver can be equipped with the activation mobile device, e.g. in form of a wearable device such as a watch, wrist device, a badge with smart-card or smartphone. The driving and controlling system and the actuation mobile device can be configured to transmit data uniquely through the relay wireless radio channel provided by the actuation mobile device so as to ensure a physical presence of the driver when the vehicle is moving. The mobile device can also act as an
authorization system for driverless transportation. The actuation mobile device also operates as an anti-theft device.
[0079] In case of a driving system of a passenger aircraft having a pilot and copilots, the pilot can be advantageously equipped with the activation mobile device, e.g. in form of a wearable device such as a watch, badge with smart-card or smartphone. During the checking procedures before take-off, the pilot could pair functional units of the driving and controlling system within the cockpit of the aircraft. Advantageously, the driving and controlling system and the actuation mobile device can be configured to transmit critical commands and data uniquely through the relay wireless radio channel provided by the actuation mobile device, in order to ensure a physical presence of the head pilot in the aircraft, notably during the takeoff and landing.
[0080] The activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring a secure transfer between devices, such as devices collecting and/or storing sensitive or valuable data, e.g. in form of images, multimedia file and documents, databases, statistical data, meteorological data, sounds, thermal and infrared visual data, landscape imaging, password, authentication keys, encryption keys, ID documents, electronic keys and other digital data. In this case, the activation mobile device 3 can be, alternatively or complementarily, configured to operate as an authorization key for authorizing data transfer, e.g. authorizing data transmission of data collected and/or stored in the first device 1 to the second device and/or to the activation mobile device 3. In one embodiment, the first device is a drone collecting capturing a series of images or readings, sounds, electromagnetic radiation, infrared imagery, landscape readings, signal pings that are transferred to a second device being for example a landing base for the drone during the pairing (synchronisation) mediated by the activation mobile device 3. In other embodiments, the first and/or second devices can be:
-smart meters collecting data about domestic consumption of electricity;
- smart thermostats collecting data about temperature changes at home;
- security cameras feeding data into the central node of smart home and/or alarm system; or
- locking/unlocking vehicle systems. [0081] The activation mobile device 3 of Figs 1 to 4 can be
advantageously configured to access a remote server (e.g. in form of a decentralized or distributed network of peers) running a blockchain-based application or service (e.g. through Ethereum platform), advantageously through the same data communication channel. The access can thus be used for recording operations, processes, changes, proofs and evidences on the blockchain so as to provide a timestamp of these events and evidences executed by and/or collected in the activation mobile device 3 and/or the first and/or second device. In particular, the access can thus be used for provide an evidence and a timestamp of smart contracts, reports or documents, so as:
-contents can be verified and digitally sealed;
-making the document in its form at a particular time being the sole legally binding;
-preventing future changes to the contents of the document;
-preventing corruption of data;
- permitting automatic execution of operations and algorithms in case they are included in the smart contract.
The evidences can further concern inputted data and ID data collected by the in the activation mobile device 3 and/or the first and/or second device.
[0082] The activation mobile device 3 of Figs 3 and 4 can be efficaciously employed for applications or services requiring records of evidences, notably by means of blockchains. [0083] Extension of activation mobile device 3 to blockchain application includes controlling sensitive documents through the device 1, splitting them into small encrypted fractions and uploading them to a distributed storage provided by blockchains or blockchain platforms, such as Ethereum for storage of documents, which would be securely distributed in a number of fractions over the blockchain network servers. Retrieves of the document can then be performed through mediated of device 3 using the proper series of keys that can download all the right encrypted fractions, stitch them together and decrypt in device 1. The storage of documents are fully on blockchain, publicly available, therefore hackable, but fraction of document will be individually encrypted through individual encrypted key before stored, making fractions useless elements, should servers
individually be hacked and data from them compromised and downloaded.
[0084] In this advantageous use of the activation mobile device 3, the method for pairing a first device (1) and a second device (2) further include steps of:
- splitting a sensitive document operationally located or stored in the first and/or second device into a plurality of portions; - encrypting them with a secret provided by the activation mobile device;
- uploading said plurality of portions into a distributed storage, notably provided by blockchains or blockchain platforms, such as Ethereum for storage of documents, so as to securely distributed them in a number of fractions over the blockchain network servers.
[0085] In this advantageous use of the activation mobile device 3, the method for pairing a first device (1) and a second device (2) can further include steps of:
- downloading a plurality of encoded document portions from a distributed storage into the first and/or second device trough the data communication channel; the secret being a series of keys providing a download a plurality of document fractions of a document from the distributed storage;
- reconstructing and decoding the document by means of said plurality of encoded document portions inside the first and/or second device. [0086] the method for pairing a first device (1) and a second device (2) can further include steps of :
- pairing the distributed storage being one of the first and the second device being the;
- receiving said secret for downloading and/or decoding said plurality of encoded document portions from the first or second device being the distributed storage trough the data communication channel.
The other between the first and second device can comprise the activation mobile device.
List of reference numerals
1 First device
10 Data coding/decoding module
1 1 Wired communication module
12 Wireless communication module
13 Sound emitter and receiving module
14 IR module
2 Second device
20 Data coding/decoding module
21 Wired communication module
22 Wireless communication module
23 Sound emitter and receiving module
24 IR module
3 Activation mobile device
30 Data coding/decoding module
32 Wireless communication module
33 Sound emitter and receiving module
34 IR module
37 Secret generator
38 User interface
39 Biometric sensor
40,41 Wireless Data channel
42 Wired Data channel
43 Wireless secured relay channel
431 ,432 Radio link
5,5' 1st control Channel
51 ,52 Channel link of the 1st control Channel
6,6" 2nd control channel
61 , 62 Channel link of the 2nd control channel
7, 71 , 72 Secret
71 1 1st piece of secret 71
712 2nd piece of secret 71
721 1st piece of secret 72
722 2nd piece of secret 72

Claims

Claims
1. A method for pairing a first device (1) and a second device (2) for exchanging secure data through a data communication channel (4, 41 , 42, 43), comprising steps of:
- generating, on an activation mobile device (3), a first secret (7, 71, 72) for coding data;
-establishing a first control communication channel (5) between the activation mobile device (3) and the first device (1);
- transmitting said first secret to the first device (1) through said first control communication channel (5);
-upon a reception of said first secret on said first device (1), exchange data through the data communication channel (40-43), wherein exchanged data are coded using said first secret (7, 71);
wherein said data communication channel is a wired channel (42) or a wireless radio channel (40, 41 , 43), and wherein
said first control communication channel (5) is a wireless non- radio communication channel (5).
2. The method according to claim 1 , wherein the activation mobile device is comprised in said second device.
3. The method according to claim 1 , further comprising steps of:
- generating, on the activation mobile device (3), a second secret (72) for coding data;
-establishing a second control communication channel (6) between said activation mobile device (3) and the second device (2), said second control communication channel being a wireless non-radio communication channel (6); - transmitting the second secret (72) to the second device (2) through said second control communication channel (6);
- upon a reception of said second secret, activating, on said second device (2), exchange data with the first device (1) through said data communication channel (40-43), wherein exchanged data are coded using said first and second secrets (71 , 72).
4. The method according to claim 3, wherein
said data communication channel comprises a first radio link (40, 431) between said activation mobile device (3) and the first device (1) and/or a second radio link (432) between said activation mobile device (3) and the second device (2).
5. The method according to any one of claims 1 to 4, further comprising steps of:
selecting, on said activation mobile device (3), a command within a group of commands for selecting data to be exchanged through said data communication channel (40-43);
transmitting said command to the first device (1) and/or second device (2), through said first and/or second control communication channel (5, 6); and
- on the first device (1) and/or on the second device (2), selecting or restricting data to be exchanged as a function of the received command.
6. The method according to any one of claims 1 to 5, wherein each of said first and/or second control channels (5, 6) comprises two distinct transmission media (51 , 52, 61, 62); preferably a transmission medium based on a transmission of acoustic waves and a transmission medium based on infrared electromagnetic radiation.
7. The method according to claim 6, wherein
said step of transmitting the first secret (71) and/or second secret (72) comprises steps of: transmitting a first piece (71 1 , 721) of said first and/or second secret through one of said two distinct transmission media and
transmitting a second piece (712, 722) of said first and/or second secret through the other of said two distinct transmission media.
8. The method of any one of claims 1 to 7, wherein said first and/or second control channel (5, 6) is a focalized wireless communication channel.
9. The method according to any one of claims 1 to 8, wherein said step of generating the first and/or second secret comprises a step of recognizing or identifying a user through a user interface (38) and/or a biometric sensor (39) of the activation mobile device.
10. The method according to claim 9, wherein
said step of generating the first and/or second secret further comprises a step of connecting a remote server for recognizing or identifying said user based on data collected by said user interface (38) and/or biometric sensor (39).
1 1. The method according to any one of claims 1 to 10, wherein the first and/or the second secret is a symmetric cryptographic key or a key of a cryptographic keypair.
12. A system for carrying out the method of any one of claims 1 to
1 1.
13. The system of claim 12, wherein
said activation mobile device is configured to operate as a security token.
The system of claim 12 or 13, wherein said activation mobile device is a smartphone (3); preferably configured to transmit data through a loudspeaker of the smartphone, and provided with a communication module with capabilities to transmit data through infrared electromagnetic radiation.
15. The system of any one of claims 12 to 14, wherein
said first and/or second device is a key locking system, such as a vehicle or building key locking system; preferably the data communication channel being a wireless channel connecting said first and/or second device and the activation mobile device.
16. The system of any one of claims 12 to 14, wherein
said first device and/or second device is a payment terminal; preferably the data communication channel being a wireless channel connecting the first and/or second device and the activation mobile device.
17. The system of any one of claims 12 to 14, wherein
said first device and/or second device is a device collecting data and/or providing data downloading, and wherein said activation mobile device is configured to operate as a security token for authorizing data transfer between the first and the second device; preferably one of said first and second device being a drone and the other a drone station.
18. The system of any one of claims 12 to 14, wherein
said first and second device being a distinct functional unit of a driving system of a vehicle, in particular of an aircraft.
PCT/IB2016/057672 2016-12-15 2016-12-15 Method and system for securely pairing two or more devices WO2018109529A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2016/057672 WO2018109529A1 (en) 2016-12-15 2016-12-15 Method and system for securely pairing two or more devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2016/057672 WO2018109529A1 (en) 2016-12-15 2016-12-15 Method and system for securely pairing two or more devices

Publications (1)

Publication Number Publication Date
WO2018109529A1 true WO2018109529A1 (en) 2018-06-21

Family

ID=57614416

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2016/057672 WO2018109529A1 (en) 2016-12-15 2016-12-15 Method and system for securely pairing two or more devices

Country Status (1)

Country Link
WO (1) WO2018109529A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210325508A1 (en) * 2021-06-24 2021-10-21 Intel Corporation Signal-to-Noise Ratio Range Consistency Check for Radar Ghost Target Detection

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001078491A2 (en) * 2000-04-14 2001-10-25 Postx Corporation Systems and methods for encrypting/decrypting data using a broker agent
WO2001099369A2 (en) * 2000-06-20 2001-12-27 Koninklijke Philips Electronics N.V. Method and system for electronic device authentication
EP1274194A1 (en) * 2001-07-05 2003-01-08 Kabushiki Kaisha Toshiba Method and apparatus for wireless data communication, using an encryption unit
WO2009066212A1 (en) * 2007-11-21 2009-05-28 Nxp B.V. Device and method for near field communications using audio transducers
WO2013016327A2 (en) 2011-07-27 2013-01-31 Verifone, Inc. Payment facilitating system for use with a mobile communicator utilizing a near field communication (nfc) link
US20140072119A1 (en) * 2011-05-31 2014-03-13 BlackBarry Limited System and Method for Authentication and Key Exchange for a Mobile Device via Spectrally Confined Wireless Communications
US20160352691A1 (en) * 2002-01-08 2016-12-01 Seven Networks, Llc Secure end-to-end transport through intermediary nodes

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001078491A2 (en) * 2000-04-14 2001-10-25 Postx Corporation Systems and methods for encrypting/decrypting data using a broker agent
WO2001099369A2 (en) * 2000-06-20 2001-12-27 Koninklijke Philips Electronics N.V. Method and system for electronic device authentication
EP1274194A1 (en) * 2001-07-05 2003-01-08 Kabushiki Kaisha Toshiba Method and apparatus for wireless data communication, using an encryption unit
US20160352691A1 (en) * 2002-01-08 2016-12-01 Seven Networks, Llc Secure end-to-end transport through intermediary nodes
WO2009066212A1 (en) * 2007-11-21 2009-05-28 Nxp B.V. Device and method for near field communications using audio transducers
US20140072119A1 (en) * 2011-05-31 2014-03-13 BlackBarry Limited System and Method for Authentication and Key Exchange for a Mobile Device via Spectrally Confined Wireless Communications
WO2013016327A2 (en) 2011-07-27 2013-01-31 Verifone, Inc. Payment facilitating system for use with a mobile communicator utilizing a near field communication (nfc) link

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210325508A1 (en) * 2021-06-24 2021-10-21 Intel Corporation Signal-to-Noise Ratio Range Consistency Check for Radar Ghost Target Detection

Similar Documents

Publication Publication Date Title
CN102461118B (en) For providing the system and method for safety on a mobile platform
US9959413B2 (en) Security and data privacy for lighting sensory networks
EP3257194B1 (en) Systems and methods for securely managing biometric data
EP3487195B1 (en) Systems and methods for securely pairing a transmitting device with a receiving device
WO2018231697A1 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
CN111324672A (en) Block chain safety processing system and method
CN104468113A (en) Distribution of user credentials
CN103119969A (en) Indirect device communication
EP3662430B1 (en) System and method for authenticating a transaction
CN102577454A (en) A method for communicating data between a secure element and a network access point and a corresponding secure element
US8990887B2 (en) Secure mechanisms to enable mobile device communication with a security panel
WO2013123453A1 (en) Data storage devices, systems, and methods
US20120166801A1 (en) Mutual authentication system and method for mobile terminals
CN105235642B (en) Control instruction executes safely method and main machine for car theft-proof device
WO2012026189A1 (en) Digital certificate issuing system and method
US7808399B2 (en) Electronic device enabling hardware and methods
US11416698B2 (en) Method for providing proof of presence
WO2018109529A1 (en) Method and system for securely pairing two or more devices
MY138993A (en) Multiple pairing control method
KR20170051459A (en) Authentication stick
CN105187419B (en) A kind of authorization method, device, terminal and system
KR102332437B1 (en) Enabling access to data
CN111709538B (en) System and method for authenticating ground maintenance equipment of an aircraft
CN105187511B (en) It is a kind of to apply the method and apparatus logged in over multiple terminals
CN111698263B (en) Beidou satellite navigation data transmission method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16819186

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27.09.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16819186

Country of ref document: EP

Kind code of ref document: A1